Netgear Prosafe Gsm7228Ps Gigabit Stackable Ethernet Switch 100Nas Users Manual Managed Command Line Interface (CLI) User

ProSafe GSM7328Sv2 cli

GSM7228PS-100NAS to the manual ab8a6cc8-01e3-4e0f-ba08-c134f5f17be2

2015-01-24

: Netgear Netgear-Prosafe-Gsm7228Ps-Gigabit-Stackable-Ethernet-Switch-Gsm7228Ps-100Nas-Users-Manual-332363 netgear-prosafe-gsm7228ps-gigabit-stackable-ethernet-switch-gsm7228ps-100nas-users-manual-332363 netgear pdf

Open the PDF directly: View PDF PDF.
Page Count: 799

DownloadNetgear Netgear-Prosafe-Gsm7228Ps-Gigabit-Stackable-Ethernet-Switch-Gsm7228Ps-100Nas-Users-Manual- ProSafe Managed Switch Command Line Interface (CLI) User Manual  Netgear-prosafe-gsm7228ps-gigabit-stackable-ethernet-switch-gsm7228ps-100nas-users-manual
Open PDF In BrowserView PDF
ProSafe Managed Switch
Command Line Interface (CLI)
User Manual

10.0
GSM7328Sv2
GSM7352Sv2
GSM7228PS
GSM7252PS
M5300-28G3
M5300-52G3
M5300-28G-POE+
M5300-52G-POE+
M5300-28GF3
M5300-28G
M5300-52G

350 East Plumeria Drive
San Jose, CA 95134
USA
November 2012
202-11054-02
1.0

ProSafe Managed Switch

© 2012 NETGEAR, Inc. All rights reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated
into any language in any form or by any means without the written permission of NETGEAR, Inc.

Technical Support
Thank you for choosing NETGEAR. To register your product, get the latest product updates, or get support online,
visit us at http://support.netgear.com.
Phone (US & Canada only): 1-888-NETGEAR
Phone (Other Countries): See Support information card.

Trademarks
NETGEAR, the NETGEAR logo, ReadyNAS, ProSafe, Smart Wizard, Auto Uplink, X-RAID2, and NeoTV are
trademarks or registered trademarks of NETGEAR, Inc. Microsoft, Windows, Windows NT, and Vista are
registered trademarks of Microsoft Corporation. Other brand and product names are registered trademarks or
trademarks of their respective holders.

Statement of Conditions
To improve internal design, operational function, and/or reliability, NETGEAR reserves the right to make changes
to the products described in this document without notice. NETGEAR does not assume any liability that may occur
due to the use, or application of, the product(s) or circuit layout(s) described herein.

Revision History
Publication Part
Number

Version

Publish Date

Comments

202-11054-02

1.0

November 2012

Added mixed stacking commands.

202-11054-01

1.0

August 2012

Replaced the private group commands with
private VLAN commands, replaced the
Auto-Voice over IP Commands chapter, and
added iSCSI commands.

202-10936-02

1.0

January 2012

Added clear event log, ip local-proxy-arp, and
spanning-tree auto-edge. Removed poe reset
auto.

202-10936-01

1.0

November 2011

Added PoE and MVR mode features.

202-10515-05

1.1

June 2011

Added DHCPv6 and DHCPv6 mode features.

202-10515-04

1.0

November 2010

New document template.

202-10515-03

v 1.0

June 2010

Move some content to the Software Setup
Guide.

202-10515-02

Software release 8.0.2: new firmware with
DHCP L3 Relay, color conform policy, DHCP
server in dynamic mode, and configuring a
stacking port as an Ethernet port.

202-10515-01

Original publication.

2

Contents
Chapter 1

Using the Command-Line Interface

Licensing and Command Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Command Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Command Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Common Parameter Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Unit/Slot/Port Naming Convention . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Using a Command’s “No” Form . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Managed Switch Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Command Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Command Completion and Abbreviation . . . . . . . . . . . . . . . . . . . . . . . . . . 17
CLI Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
CLI Line-Editing Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Using CLI Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Accessing the CLI. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

Chapter 2

Stacking Commands

Dedicated Port Stacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Stacking Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Non-Stop Forwarding Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Stack Firmware Synchronization Commands. . . . . . . . . . . . . . . . . . . . . . . 35

Chapter 3

Switching Commands

Port Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Loopback Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Spanning Tree Protocol (STP) Commands . . . . . . . . . . . . . . . . . . . . . . . . 47
VLAN Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Double VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Voice VLAN Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Provisioning (IEEE 802.1p) Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Protected Ports Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Private Group Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Private VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
GARP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
GVRP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
GMRP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Port-Based Network Access Control Commands. . . . . . . . . . . . . . . . . . . . 96
802.1X Supplicant Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Storm-Control Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Flow Control Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

3

ProSafe Managed Switch

Port-Channel/LAG (802.3ad) Commands . . . . . . . . . . . . . . . . . . . . . . . . 123
Port Mirroring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Static MAC Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
DHCP L2 Relay Agent Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
DHCP Client Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
DHCP Snooping Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . 150
Dynamic ARP Inspection Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
IGMP Snooping Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . 166
IGMP Snooping Querier Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
MLD Snooping Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
MLD Snooping Querier Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
set mld querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
set mld querier query_interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
set mld querier timer expiry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
set mld querier election participate. . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
show mldsnooping querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Port Security Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
LLDP (802.1AB) Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
LLDP-MED Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Denial of Service Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212
MAC Database Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
ISDP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
Priority-Based Flow Control Commands . . . . . . . . . . . . . . . . . . . . . . . . . 229

Chapter 4 Multicast VLAN Registration (MVR)
About MVR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
MVR Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232

Chapter 5 Routing Commands
Address Resolution Protocol (ARP) Commands . . . . . . . . . . . . . . . . . . . 240
IP Routing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Router Discovery Protocol Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 263
Virtual LAN Routing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266
Virtual Router Redundancy Protocol Commands. . . . . . . . . . . . . . . . . . . 267
DHCP and BOOTP Relay Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
IP Helper Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Open Shortest Path First (OSPF) Commands . . . . . . . . . . . . . . . . . . . . . 282
OSPF Graceful Restart Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 322
nsf. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
nsf restart-interval. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
nsf helper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
nsf helper disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
nsf [ietf] helper strict-lsa-checking . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
OSPF Interface Flap Dampening Commands . . . . . . . . . . . . . . . . . . . . . 327
Routing Information Protocol (RIP) Commands . . . . . . . . . . . . . . . . . . . . 329
ICMP Throttling Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336

4

ProSafe Managed Switch

Chapter 6

IP Multicast Commands

Multicast Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .339
DVMRP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .344
PIM Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
Internet Group Message Protocol (IGMP) Commands. . . . . . . . . . . . . . .360
IGMP Proxy Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .367

Chapter 7

IPv6 Commands

Tunnel Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .373
IPv6 Routing Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .375
OSPFv3 Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .398
OSPFv3 Graceful Restart Commands . . . . . . . . . . . . . . . . . . . . . . . . . . .429
DHCPv6 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .431

Chapter 8

IPv6 Multicast Commands

IPv6 Multicast Forwarder Commands . . . . . . . . . . . . . . . . . . . . . . . . . . .439
IPv6 PIM Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .442
IPv6 MLD Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .449
IPv6 MLD-Proxy Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .455

Chapter 9

Quality of Service (QoS) Commands

Class of Service (CoS) Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . .461
Differentiated Services (DiffServ) Commands . . . . . . . . . . . . . . . . . . . . .469
DiffServ Class Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .470
DiffServ Policy Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .479
DiffServ Service Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .484
DiffServ Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .485
MAC Access Control List (ACL) Commands . . . . . . . . . . . . . . . . . . . . . .491
IP Access Control List (ACL) Commands. . . . . . . . . . . . . . . . . . . . . . . . .495
IPv6 Access Control List (ACL) Commands. . . . . . . . . . . . . . . . . . . . . . .502
Time Range Commands for Time-Based ACLs . . . . . . . . . . . . . . . . . . . .506
AutoVOIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 508
iSCSI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512

Chapter 10

Power over Ethernet (PoE) Commands

About PoE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 518
PoE Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 519

Chapter 11

Utility Commands

Auto Install Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .530
Dual Image Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .532
System Information and Statistics Commands. . . . . . . . . . . . . . . . . . . . .534
Logging Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .550
Email Alerting and Mail Server Commands . . . . . . . . . . . . . . . . . . . . . . .556

5

ProSafe Managed Switch

System Utility and Clear Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . 562
Simple Network Time Protocol (SNTP) Commands. . . . . . . . . . . . . . . . . 572
DHCP Server Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 579
DNS Client Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 591
Packet Capture Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 595
Serviceability Packet Tracing Commands . . . . . . . . . . . . . . . . . . . . . . . . 598
Cable Test Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 617
sFlow Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 617
Software License Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 622
IP Address Conflict Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 623
Link Local Protocol Filtering Commands . . . . . . . . . . . . . . . . . . . . . . . . . 624
RMON Stats and History Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . 625
UDLD Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 631

Chapter 12

Management Commands

Configuring the Switch Management CPU. . . . . . . . . . . . . . . . . . . . . . . . 636
Network Interface Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 638
Console Port Access Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 641
Telnet Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 643
Secure Shell (SSH) Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 648
Management Security Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 651
Hypertext Transfer Protocol (HTTP) Commands . . . . . . . . . . . . . . . . . . . 652
Access Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 659
User Account Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 659
SNMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 683
RADIUS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 694
TACACS+ Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 706
Configuration Scripting Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 711
Pre-Login Banner and System Prompt Commands . . . . . . . . . . . . . . . . . 713
Switch Database Management (SDM) Templates . . . . . . . . . . . . . . . . . . 714
IPv6 Management Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 716

Chapter 13

Log Messages

Core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 722
Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 724
Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 726
Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 730
QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 736
Routing/IPv6 Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 737
Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 740
Stacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 742
Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 743
O/S Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 745

Chapter 14

Captive Portal Commands

Captive Portal Global Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 747

6

ProSafe Managed Switch

Captive Portal Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . .751
Captive Portal Status Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .757
Captive Portal Client Connection Commands . . . . . . . . . . . . . . . . . . . . .761
Captive Portal Interface Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . .765
Captive Portal Local User Commands . . . . . . . . . . . . . . . . . . . . . . . . . . .766
Captive Portal User Group Commands . . . . . . . . . . . . . . . . . . . . . . . . . .772

Chapter 15

Command List

Index

7

1.

Using the Command-Line Interface

1

The command-line interface (CLI) is a text-based way to manage and monitor the system.
You can access the CLI by using a direct serial connection or by using a remote logical
connection with telnet or SSH.
This chapter describes the CLI syntax, conventions, and modes. It contains the following
sections:
•

Licensing and Command Support

•

Command Syntax

•

Command Conventions

•

Common Parameter Values

•

Unit/Slot/Port Naming Convention

•

Using a Command’s “No” Form

•

Managed Switch Modules

•

Command Modes

•

Command Completion and Abbreviation

•

CLI Error Messages

•

CLI Line-Editing Conventions

•

Using CLI Help

•

Accessing the CLI

Licensing and Command Support
As shown in the following table, some command groups or commands require a license and
some are supported on particular switch models. For those requiring a license, license keys
are available from your VAR or NETGEAR authorized e-commerce portal. License activation
is described in the Software Setup Manual.

8

ProSafe Managed Switch

Command Group or
Command

M5300-28G-POE+ M5300-28G
M5300-52G-POE+ M5300-52G

M5300-28G3
M5300-52G3
M5300-28GF3

GSM7328Sv2
GSM7352Sv2

GSM7228PS
GSM7252PS

Stacking Commands

Supported

Supported

Supported

Supported

Supported

Non-Stop Forwarding
Commands

Supported

Supported

Supported

Supported

Supported

Stack Firmware
Synchronization
Commands

Supported

Supported

Supported

Supported

Supported

Router Discovery Protocol
Commands

Require license

Require license

Supported

Supported

Require license

Virtual Router Redundancy
Protocol Commands

Require license

Require license

Supported

Supported

Require license

Open Shortest Path First
(OSPF) Commands

Require license

Require license

Supported

Supported

Require license

OSPF Graceful Restart
Commands

Require license

Require license

Supported

Supported

Require license

Routing Information
Protocol (RIP) Commands

Require license

Require license

Supported

Supported

Require license

Tunnel Interface
Commands

Require license

Require license

Supported

Supported

Require license

IPv6 Routing Commands

Require license

Require license

Supported

Supported

Require license

OSPFv3 Commands

Require license

Require license

Supported

Supported

Require license

OSPFv3 Graceful Restart
Commands

Require license

Require license

Supported

Supported

Require license

DHCPv6 Commands

Require license

Require license

Supported

Supported

Require license

Multicast Commands

Require license

Require license

Supported

Supported

Require license

DVMRP Commands

Require license

Require license

Supported

Supported

Require license

PIM Commands

Require license

Require license

Supported

Supported

Require license

Internet Group Message
Protocol (IGMP)
Commands

Require license

Require license

Supported

Supported

Require license

IGMP Proxy Commands

Require license

Require license

Supported

Supported

Require license

IPv6 Multicast Forwarder
Commands

Require license

Require license

Supported

Supported

Require license

IPv6 PIM Commands

Require license

Require license

Supported

Supported

Require license

IPv6 MLD Commands

Require license

Require license

Supported

Supported

Require license

Using the Command-Line Interface
9

ProSafe Managed Switch

Command Group or
Command

M5300-28G-POE+ M5300-28G
M5300-52G-POE+ M5300-52G

M5300-28G3
M5300-52G3
M5300-28GF3

GSM7328Sv2
GSM7352Sv2

GSM7228PS
GSM7252PS

IPv6 MLD-Proxy
Commands

Require license

Require license

Supported

Supported

Require license

PoE Commands

Supported

Not Supported

Not Supported

Not Supported

Supported

MVR Commands

Supported

Supported

Supported

Not Supported

Not Supported

Link Local Protocol Filtering Supported
Commands

Supported

Supported

Supported

Supported

Priority-Based Flow Control Not Supported
Commands

Not Supported

Not Supported

Not Supported

Not Supported

Captive Portal Commands

Supported

Supported

Supported

Supported

Supported

cos-queue random-detect

Supported

Supported

Supported

Supported

Supported

no cos-queue
random-detect

Supported

Supported

Supported

Supported

Supported

random-detect exponential
weighting-constant

Supported

Supported

Supported

Supported

Supported

no random-detect
exponential
weighting-constant

Supported

Supported

Supported

Supported

Supported

random-detect
queue-parms

Supported

Supported

Supported

Supported

Supported

no random-detect
queue-parms

Supported

Supported

Supported

Supported

Supported

Command Syntax
A command is one or more words that might be followed by one or more parameters.
Parameters can be required or optional values.
Some commands, such as show network or clear vlan, do not require parameters.
Other commands, such as network parms, require that you supply a value after the
command. You must type the parameter values in a specific order, and optional parameters
follow required parameters. The following example describes the network parms
command syntax:
Format

network parms   [gateway]

•

network parms is the command name.

•

 and  are parameters and represent required values that you must
enter after you type the command keywords.

Using the Command-Line Interface
10

ProSafe Managed Switch

•

[gateway] is an optional parameter, so you are not required to enter a value in place of
the parameter.

The New Template User Manual lists each command by the command name and provides a
brief description of the command. Each command reference also contains the following
information:
•

Format shows the command keywords and the required and optional parameters.

•

Mode identifies the command mode you must be in to access the command.

•

Default shows the default value, if any, of a configurable setting on the device.

The show commands also contain a description of the information that the command shows.

Command Conventions
In this document, the command name is in bold font. Parameters are in italic font. You
must replace the parameter name with an appropriate value, which might be a name or
number. Parameters are order dependent.
The parameters for a command might include mandatory values, optional values, or keyword
choices. Table 1 describes the conventions this document uses to distinguish between value
types.
Table 1. Parameter Conventions
Symbol

Example

Description

<> angle brackets



Indicates that you must enter a value in place of the
brackets and text inside them.

[] square brackets

[value]

Indicates an optional parameter that you can enter in
place of the brackets and text inside them.

{} curly braces

{choice1 |
choice2}

Indicates that you must select a parameter from the list of
choices.

| Vertical bars

choice1 | choice2

Separates the mutually exclusive choices.

[{}] Braces within
square brackets

[{choice1 |
choice2}]

Indicates a choice within an optional element.

Common Parameter Values
Parameter values might be names (strings) or numbers. To use spaces as part of a name
parameter, enclose the name value in double quotes. For example, the expression “System

Using the Command-Line Interface
11

ProSafe Managed Switch

Name with Spaces” forces the system to accept the spaces. Empty strings (““) are not valid
user-defined strings. Table 2 describes common parameter values and value formatting.
Table 2. Parameter Descriptions
Parameter

Description

ipaddr

This parameter is a valid IP address. You can enter the IP address in the following formats:
a (32 bits)
a.b (8.24 bits)
a.b.c (8.8.16 bits)
a.b.c.d (8.8.8.8)
In addition to these formats, the CLI accepts decimal, hexadecimal and octal formats
through the following input formats (where n is any valid hexadecimal, octal or decimal
number):
0xn (CLI assumes hexadecimal format)
0n (CLI assumes octal format with leading zeros)
n (CLI assumes decimal format)

ipv6-address

FE80:0000:0000:0000:020F:24FF:FEBF:DBCB, or
FE80:0:0:0:20F:24FF:FEBF:DBCB, or
FE80::20F24FF:FEBF:DBCB, or
FE80:0:0:0:20F:24FF:128:141:49:32
For additional information, refer to RFC 3513.

Interface or
unit/slot/port

Valid slot and port number separated by forward slashes. For example, 0/1 represents slot
number 0 and port number 1.

Logical Interface

Represents a logical slot and port number. This is applicable in the case of a port-channel
(LAG). You can use the logical unit/slot/port to configure the port-channel.

Character strings

Use double quotation marks to identify character strings, for example, “System Name with
Spaces”. An empty string (“”) is not valid.

Unit/Slot/Port Naming Convention
Managed switch software references physical entities such as cards and ports by using a
unit/slot/port naming convention. The software also uses this convention to identify certain
logical entities, such as Port-Channel interfaces.
The slot number has two uses. In the case of physical ports, it identifies the card containing
the ports. In the case of logical and CPU ports it also identifies the type of interface or port.
Table 3. Type of Slots
Slot Type

Description

Physical slot numbers

Physical slot numbers begin with zero, and are allocated up to the maximum
number of physical slots.

Logical slot numbers

Logical slots immediately follow physical slots and identify port-channel (LAG) or
router interfaces.

CPU slot numbers

The CPU slots immediately follow the logical slots.

Using the Command-Line Interface
12

ProSafe Managed Switch

The port identifies the specific physical port or logical interface being managed on a given
slot.
Table 4. Type of Ports
Port Type

Description

Physical Ports

The physical ports for each slot are numbered sequentially starting from zero.

Logical Interfaces

Port-channel or Link Aggregation Group (LAG) interfaces are logical interfaces
that are only used for bridging functions.
VLAN routing interfaces are only used for routing functions.
Loopback interfaces are logical interfaces that are always up.
Tunnel interfaces are logical point-to-point links that carry encapsulated packets.

CPU ports

CPU ports are handled by the driver as one or more physical entities located on
physical slots.

Note: In the CLI, loopback and tunnel interfaces do not use the
unit/slot/port format. To specify a loopback interface, you use the
loopback ID. To specify a tunnel interface, you use the tunnel ID.

Using a Command’s “No” Form
The no keyword is a specific form of an existing command and does not represent a new or
distinct command. Almost every configuration command has a no form. In general, use the
no form to reverse the action of a command or reset a value back to the default. For
example, the no shutdown configuration command reverses the shutdown of an interface.
Use the command without the keyword no to re-enable a disabled feature or to enable a
feature that is disabled by default. Only the configuration commands are available in the no
form.

Managed Switch Modules
Managed switch software consists of flexible modules that can be applied in various
combinations to develop advanced Layer 2/3/4+ products. The commands and command
modes available on your switch depend on the installed modules. Additionally, for some
show commands, the output fields might change based on the modules included in the
software.
The software suite includes the following modules:
•

Switching (Layer 2)

•

Routing (Layer 3)

•

IPv6—IPv6 routing

•

Multicast

Using the Command-Line Interface
13

ProSafe Managed Switch

•

Quality of Service

•

Management (CLI, Web UI, and SNMP)

•

IPv6 Management—Allows management of the device through an IPv6 through an IPv6
address without requiring the IPv6 Routing package in the system. The management
address can be associated with the network port (front-panel switch ports) and a routine
interface (port or VLAN).

•

Stacking

Not all modules are available for all platforms or software releases.

Command Modes
The CLI groups commands into modes according to the command function. Each of the
command modes supports specific software commands. The commands in one mode are not
available until you switch to that particular mode, with the exception of the User EXEC mode
commands. You can execute the User EXEC mode commands in the Privileged EXEC mode.
The command prompt changes in each command mode to help you identify the current
mode. Table 5 describes the command modes and the prompts visible in that mode.

Note: The command modes available on your switch depend on the
software modules that are installed. For example, a switch that does
not support BGPv4 does not have the Router BGPv4 Command
Mode.

Table 5. CLI Command Modes
Command Mode

Prompt

Mode Description

User EXEC

Switch>

Contains a limited set of commands to view
basic system information.

Privileged EXEC

Switch#

Allows you to issue any EXEC command, enter
the VLAN mode, or enter the Global
Configuration mode.

Global Config

Switch (Config)#

Groups general setup commands and permits
you to make modifications to the running
configuration.

VLAN Config

Switch (Vlan)#

Groups all the VLAN commands.

Using the Command-Line Interface
14

ProSafe Managed Switch

Table 5. CLI Command Modes (Continued)
Command Mode

Prompt

Mode Description

Interface Config

Switch (Interface )#

Manages the operation of an interface and
provides access to the router interface
configuration commands.
Use this mode to set up a physical port for a
specific logical connection operation.

Switch (Interface Loopback )#
Switch (Interface Tunnel )#
Line Config

Switch (line)#

Contains commands to configure outbound
telnet settings and console interface settings.

Policy Map
Config

Switch (Config-policy-map)#

Contains the QoS Policy-Map configuration
commands.

Policy Class
Config

Switch (Config-policy-class-map)#

Consists of class creation, deletion, and
matching commands. The class match
commands specify Layer 2, Layer 3, and
general match criteria.

Class Map Config

Switch (Config-class-map)#

Contains the QoS class map configuration
commands for IPv4.

Ipv6_Class-Map
Config

Switch (Config-class-map)#

Contains the QoS class map configuration
commands for IPv6.

Router OSPF
Config

Switch (Config-router)#

Contains the OSPF configuration commands.

Router OSPFv3
Config

Switch (Config rtr)#

Contains the OSPFv3 configuration commands.

Router RIP Config Switch (Config-router)#

Contains the RIP configuration commands.

MAC Access-list
Config

Switch (Config-mac-access-list)#

Allows you to create a MAC Access-List and to
enter the mode containing MAC Access-List
configuration commands.

TACACS Config

Switch (Tacacs)#

Contains commands to configure properties for
the TACACS servers.

DHCP Pool
Config

Switch (Config dhcp-pool)#

Contains the DHCP server IP address pool
configuration commands.

DHCPv6 Pool
Config

Switch (Config dhcp6-pool)#

Contains the DHCPv6 server IPv6 address pool
configuration commands.

Stack Global
Config Mode

Switch (Config stack)#

Allows you to access the Stack Global Config
Mode.

ARP Access-List
Config Mode

Switch (Config-arp-access-list)#

Contains commands to add ARP ACL rules in
an ARP Access List.

Using the Command-Line Interface
15

ProSafe Managed Switch

Table 6 explains how to enter or exit each mode.
Table 6. CLI Mode Access and Exit
Command Mode

Access Method

Exit or Access Previous Mode

User EXEC

This is the first level of access.

To exit, enter logout.

Privileged EXEC

From the User EXEC mode, enter
enable.

To exit to the User EXEC mode, enter exit or
press Ctrl-Z.

Global Config

From the Privileged EXEC mode,
enter configure.

To exit to the Privileged EXEC mode, enter exit,
or press Ctrl-Z.

VLAN Config

From the Privileged EXEC mode,
enter vlan database.

To exit to the Privileged EXEC mode, enter exit,
or press Ctrl-Z.

Interface Config

To exit to the Global Config mode, enter exit. To
From the Global Config mode,
return to the Privileged EXEC mode, enter
enter
interface  Ctrl-Z.
or interface loopback 
or interface tunnel 

Line Config

From the Global Config mode,
enter
lineconfig.

To exit to the Global Config mode, enter exit. To
return to the Privileged EXEC mode, enter
Ctrl-Z.

Policy-Map
Config

From the Global Config mode,
enter
policy-map  in.

To exit to the Global Config mode, enter exit. To
return to the Privileged EXEC mode, enter
Ctrl-Z.

Policy-Class-Map
Config

From the Policy Map mode enter
class.

To exit to the Policy Map mode, enter exit. To
return to the Privileged EXEC mode, enter
Ctrl-Z.

Class-Map
Config

From the Global Config mode,
enter
class-map, and specify the
optional keyword ipv4 to specify
the Layer 3 protocol for this class.
See class-map on page 470 for
more information.

To exit to the Global Config mode, enter exit. To
return to the Privileged EXEC mode, enter
Ctrl-Z.

Ipv6-Class-Map
Config

From the Global Config mode,
enter
class-map and specify the
optional keyword ipv6 to specify
the Layer 3 protocol for this class.
See class-map on page 470 for
more information.

To exit to the Global Config mode, enter exit. To
return to the Privileged EXEC mode, enter
Ctrl-Z.

Router OSPF
Config

From the Global Config mode,
enter
router ospf.

To exit to the Global Config mode, enter exit. To
return to the Privileged EXEC mode, enter
Ctrl-Z.

Router OSPFv3
Config

From the Global Config mode,
enter
ipv6 router ospf.

To exit to the Global Config mode, enter exit. To
return to the Privileged EXEC mode, enter
Ctrl-Z.

Using the Command-Line Interface
16

ProSafe Managed Switch

Table 6. CLI Mode Access and Exit (Continued)
Command Mode

Access Method

Exit or Access Previous Mode

Router RIP
Config

From the Global Config mode,
enter
router rip.

To exit to the Global Config mode, enter exit. To
return to the Privileged EXEC mode, enter
Ctrl-Z.

MAC Access-list
Config

From the Global Config mode,
enter
mac access-list extended
.

To exit to the Global Config mode, enter exit. To
return to the Privileged EXEC mode, enter
Ctrl-Z.

TACACS Config

To exit to the Global Config mode, enter exit. To
From the Global Config mode,
return to the Privileged EXEC mode, enter
enter tacacs-server host
, where  is Ctrl-Z.
the IP address of the TACACS
server on your network.

DHCP Pool
Config

From the Global Config mode,
enter
ip dhcp pool .

DHCPv6 Pool
Config

To exit to the Global Config mode, enter exit. To
From the Global Config mode,
return to the Privileged EXEC mode, enter
enter
ip dhcpv6 pool . Ctrl-Z.

Stack Global
Config Mode

From the Global Config mode,
enter the stack command.

To exit to the Global Config mode, enter the exit
command. To return to the Privileged EXEC
mode, enter Ctrl-Z.

ARP Access-List
Config Mode

From the Global Config mode,
enter the arp access-list
command.

To exit to the Global Config mode, enter the
exit command. To return to the Privileged
EXEC mode, enter Ctrl-Z.

To exit to the Global Config mode, enter exit. To
return to the Privileged EXEC mode, enter
Ctrl-Z.

Command Completion and Abbreviation
Command completion finishes spelling the command when you type enough letters of a
command to uniquely identify the command keyword. Once you have entered enough letters,
press the SPACEBAR or TAB key to complete the word.
Command abbreviation allows you to execute a command when you have entered there are
enough letters to uniquely identify the command. You must enter all of the required keywords
and parameters before you enter the command.

Using the Command-Line Interface
17

ProSafe Managed Switch

CLI Error Messages
If you enter a command and the system is unable to execute it, an error message appears.
Table 7 describes the most common CLI error messages.
Table 7. CLI Error Messages
Message Text

Description

% Invalid input detected at '^' marker.

Indicates that you entered an incorrect or unavailable command.
The carat (^) shows where the invalid text is detected. This
message also appears if any of the parameters or values are not
recognized.

Command not found / Incomplete
command. Use ? to list commands.

Indicates that you did not enter the required keywords or values.

Ambiguous command

Indicates that you did not enter enough letters to uniquely identify
the command.

CLI Line-Editing Conventions
Table 8 describes the key combinations you can use to edit commands or increase the speed
of command entry. You can access this list from the CLI by entering help from the User or
Privileged EXEC modes.
Table 8. CLI Editing Conventions
Key Sequence

Description

DEL or Backspace

Delete previous character

Ctrl-A

Go to beginning of line

Ctrl-E

Go to end of line

Ctrl-F

Go forward one character

Ctrl-B

Go backward one character

Ctrl-D

Delete current character

Ctrl-U, X

Delete to beginning of line

Ctrl-K

Delete to end of line

Ctrl-W

Delete previous word

Ctrl-T

Transpose previous character

Ctrl-P

Go to previous line in history buffer

Ctrl-R

Rewrites or pastes the line

Ctrl-N

Go to next line in history buffer

Using the Command-Line Interface
18

ProSafe Managed Switch

Table 8. CLI Editing Conventions (Continued)
Key Sequence

Description

Ctrl-Y

Prints last deleted character

Ctrl-Q

Enables serial flow

Ctrl-S

Disables serial flow

Ctrl-Z

Return to root command prompt

Tab, 

Command-line completion

Exit

Go to next lower command prompt

?

List available commands, keywords, or parameters

Using CLI Help
Enter a question mark (?) at the command prompt to display the commands available in the
current mode.
(switch) >?
enable
help
logout
ping
quit
show
telnet

Enter into user privilege mode.
Display help for various special keys.
Exit this session. Any unsaved changes are lost.
Send ICMP echo packets to a specified IP address.
Exit this session. Any unsaved changes are lost.
Display Switch Options and Settings.
Telnet to a remote host.

Enter a question mark (?) after each word you enter to display available command keywords
or parameters.
(switch) #network ?
javamode
mgmt_vlan
parms
protocol

Enable/Disable.
Configure the Management VLAN ID of the switch.
Configure Network Parameters of the router.
Select DHCP, BootP, or None as the network config
protocol.

If the help output shows a parameter in angle brackets, you must replace the parameter with
a value.
(switch) #network parms ?


Enter the IP address.

If there are no additional command keywords or parameters, or if additional parameters are
optional, the following message appears in the output:


Press Enter to execute the command

Using the Command-Line Interface
19

ProSafe Managed Switch

You can also enter a question mark (?) after typing one or more characters of a word to list
the available command or parameters that begin with the letters, as shown in the following
example:
(switch) #show m?
mac-addr-table

mac-address-table

monitor

Accessing the CLI
You can access the CLI by using a direct console connection or by using a telnet or SSH
connection from a remote management host.
For the initial connection, you must use a direct connection to the console port. You cannot
access the system remotely until the system has an IP address, subnet mask, and default
gateway. You can set the network configuration information manually, or you can configure
the system to accept these settings from a BOOTP or DHCP server on your network. For
more information, see Network Interface Commands on page 638.

Using the Command-Line Interface
20

2.

Stacking Commands

2

This chapter contains the following sections:
•

Dedicated Port Stacking

•

Stacking Commands

•

Non-Stop Forwarding Commands

•

Stack Firmware Synchronization Commands

The commands in this chapter are in two functional groups:
•

Show commands display switch settings, statistics, and other information.

•

Configuration commands configure features and options of the switch. For every
configuration command, there is a show command that displays the configuration setting.
The Primary Management Unit is the unit that controls the stack.
Note: When configuring a stack using M5300 Series switches and
GSM7328S V2H1, GSM7352S V2H1, GSM7228PS V1H1, or
GSM7228PS V1H1switches, refer to sdm prefer (Mixed Stacking)
on page 715.

Dedicated Port Stacking
This section describes the commands you use to configure dedicated port stacking.

stack
This command sets the mode to Stack Global Config.
Format

stack

Mode

Global Config

member
This command configures a switch. The  is the switch identifier of the switch to be
added/removed from the stack. The  is the index into the database of the

21

ProSafe Managed Switch

supported switch types, indicating the type of the switch being preconfigured. The switch
index is a 32-bit integer. This command is executed on the Primary Management Unit.
Format

member  

Mode

Stack Global Config

Note: Switch index can be obtained by executing the show supported
switchtype command in User EXEC mode.

no member
This command removes a switch from the stack. The  is the switch identifier of the
switch to be removed from the stack. This command is executed on the Primary Management
Unit.
Format

no member 

Mode

Stack Global Config

switch priority
This command configures the ability of a switch to become the Primary Management Unit.
The  is the switch identifier. The  is the preference parameter that allows
the user to specify, priority of one backup switch over another. The range for priority is 1 to
15. The switch with the highest priority value will be chosen to become the Primary
Management Unit if the active Primary Management Unit fails. The switch priority defaults to
the hardware management preference value 1. Switches that do not have the hardware
capability to become the Primary Management Unit are not eligible for management.
Default

enabled

Format

switch  priority 

Mode

Global Config

switch renumber
This command changes the switch identifier for a switch in the stack. The  is the
current switch identifier on the switch whose identifier is to be changed. The  is
the updated value of the switch identifier. Upon execution, the switch will be configured with
the configuration information for the new switch, if any. The old switch configuration
information will be retained, however the old switch will be operationally unplugged. This
command is executed on the Primary Management Unit.

Stacking Commands
22

ProSafe Managed Switch

Note: If the management unit is renumbered, then the running
configuration is no longer applied (that is, the stack acts as if the
configuration had been cleared).

Format

switch  renumber 

Mode

Global Config

movemanagement
This command moves the Primary Management Unit functionality from one switch to another.
The  is the switch identifier on the current Primary Management Unit. The
 is the switch identifier on the new Primary Management Unit. Upon execution,
the entire stack (including all interfaces in the stack) is unconfigured and reconfigured with
the configuration on the new Primary Management Unit. After the reload is complete, all
stack management capability must be performed on the new Primary Management Unit. To
preserve the current configuration across a stack move, execute the copy
system:running-config nvram:startup-config (in Privileged EXEC) command
before performing the stack move. A stack move causes all routes and layer 2 addresses to
be lost. This command is executed on the Primary Management Unit. The system prompts
you to confirm the management move.

Note: The movemanagement command does not NSF (non-stop
forwarding). To move the management unit to the backup unit, use
initiate failover instead. For more information, see initiate
failover on page 33.

Format

movemanagement  

Mode

Stack Global Config

standby
Use this command to configure a unit as a Standby Management Unit (STBY).
Format

standby 

Mode

Stack Global Config

Stacking Commands
23

ProSafe Managed Switch

Note: The Standby Management Unit cannot be the current Management
Unit. The Standby unit should be a management-capable unit.

slot
This command configures a slot in the system. The  is the slot identifier of the
slot. The  is the index into the database of the supported card types,
indicating the type of the card being preconfigured in the specified slot. The card index is a
32-bit integer. If a card is currently present in the slot that is unconfigured, the configured
information will be deleted and the slot will be re-configured with default information for the
card.
Format

slot  

Mode

Global Config

Note: Card index can be obtained by executing show supported cardtype
command in User EXEC mode.

no slot
This command removes configured information from an existing slot in the system.
Format

no slot  

Mode

Global Config

Note: Card index can be obtained by executing show supported cardtype
command in User EXEC mode.

set slot disable
This command configures the administrative mode of the slot(s). If you specify [all], the
command is applied to all slots, otherwise the command is applied to the slot identified by
.
If a card or other module is present in the slot, this administrative mode will effectively be
applied to the contents of the slot. If the slot is empty, this administrative mode will be applied

Stacking Commands
24

ProSafe Managed Switch

to any module that is inserted into the slot. If a card is disabled, all the ports on the device are
operationally disabled and shown as “unplugged” on management screens.
Format

set slot disable [ | all]

Mode

Global Config

no set slot disable
This command unconfigures the administrative mode of the slot(s). If you specify [all], the
command removes the configuration from all slots, otherwise the configuration is removed
from the slot identified by .
If a card or other module is present in the slot, this administrative mode removes the
configuration from the contents of the slot. If the slot is empty, this administrative mode
removes the configuration from any module inserted into the slot. If a card is disabled, all the
ports on the device are operationally disabled and shown as “unplugged” on management
screens.
Format

no set slot disable [ | all]

Mode

Global Config

set slot power
This command configures the power mode of the slot(s) and allows power to be supplied to a
card located in the slot. If you specify [all], the command is applied to all slots, otherwise
the command is applied to the slot identified by .
Use this command when installing or removing cards. If a card or other module is present in
this slot, the power mode is applied to the contents of the slot. If the slot is empty, the power
mode is applied to any card inserted into the slot.
Format

set slot power [ | all]

Mode

Global Config

no set slot power
This command unconfigures the power mode of the slot(s) and prohibits power from being
supplied to a card located in the slot. If you specify [all], the command prohibits power to
all slots, otherwise the command prohibits power to the slot identified by .
Use this command when installing or removing cards. If a card or other module is present in
this slot, power is prohibited to the contents of the slot. If the slot is empty, power is prohibited
to any card inserted into the slot.
Format

no set slot power [ | all]

Mode

Global Config

Stacking Commands
25

ProSafe Managed Switch

reload (Stack)
This command resets the entire stack or the identified . The  is the switch
identifier. The system prompts you to confirm that you want to reset the switch.
Format

reload []

Mode

User EXEC

show slot
This command displays information about all the slots in the system or for a specific slot.
Format

show slot []

Mode

User EXEC

Term

Definition

Slot

The slot identifier in a  format.

Slot Status

The slot is empty, full, or has encountered an error

Admin State

The slot administrative mode is enabled or disabled.

Power State

The slot power mode is enabled or disabled.

Configured Card
Model Identifier

The model identifier of the card preconfigured in the slot. Model Identifier is a
32-character field used to identify a card.

Pluggable

Cards are pluggable or non-pluggable in the slot.

Power Down

Indicates whether the slot can be powered down.

If you supply a value for , the following additional information appears:
Term

Definition

Inserted Card
Model Identifier

The model identifier of the card inserted in the slot. Model Identifier is a 32-character
field used to identify a card. This field is displayed only if the slot is full.

Inserted Card
Description

The card description. This field is displayed only if the slot is full.

Configured Card
Description

The card description of the card preconfigured in the slot.

Stacking Commands
26

ProSafe Managed Switch

show supported cardtype
This commands displays information about all card types or specific card types supported in
the system.
Format

show supported cardtype []

Mode

User EXEC

If you do not supply a value for , the following output appears:
Term

Definition

Card Index (CID)

The index into the database of the supported card types. This index is used when
preconfiguring a slot.

Card Model
Identifier

The model identifier for the supported card type.

If you supply a value for , the following output appears:
Term

Definition

Card Type

The 32-bit numeric card type for the supported card.

Model Identifier

The model identifier for the supported card type.

Card Description

The description for the supported card type.

show switch
This command displays information about all units in the stack or a single unit when you
specify the unit value. For units that would normally be allowed to join the stack but do not
have a matching stack template ID, their switch status is shown as “STM Mismatch.”
Format

show switch []

Mode

Privileged EXEC

Term

Definition

Switch

The unit identifier assigned to the switch.

When you do not specify a value for , the following information appears:
Term

Definition

Management
Status

Indicates whether the switch is the Primary Management Unit, a stack member, or the
status is unassigned.

Preconfigured
Model Identifier

The model identifier of a preconfigured switch ready to join the stack. The Model
Identifier is a 32-character field assigned by the device manufacturer to identify the
device.

Stacking Commands
27

ProSafe Managed Switch

Term

Definition

Plugged-In Model
Identifier

The model identifier of the switch in the stack. Model Identifier is a 32-character field
assigned by the device manufacturer to identify the device.

Switch Status

The switch status. Possible values for this state are: OK, Unsup ported, Code
Mismatch, Config Mismatch, or Not Present.

Code Version

The detected version of code on this switch.

When you specify a value for , the following information appears:
Term

Definition

Management
Status

Indicates whether the switch is the Primary Management Unit, a stack member, or the
status is unassigned.

Hardware
Management
Preference

The hardware management preference of the switch. The hardware management
preference can be disabled or unassigned.

Admin
Management
Preference

The administrative management preference value assigned to the switch. This
preference value indicates how likely the switch is to be chosen as the Primary
Management Unit.

Switch Type

The 32-bit numeric switch type.

Model Identifier

The model identifier for this switch. Model Identifier is a 32-character field assigned by
the device manufacturer to identify the device.

Switch Status

The switch status. Possible values are OK, Unsupported, Code Mismatch, Config
Mismatch, or Not Present.

Switch
Description

The switch description.

Expected Code
Version

The expected code version.

Detected Code
Version

The version of code running on this switch. If the switch is not present and the data is
from pre-configuration, then the code version is “None”.

Detected Code in
Flash

The version of code that is currently stored in FLASH memory on the switch. This code
executes after the switch is reset. If the switch is not present and the data is from
pre-configuration, then the code version is “None”.

Stack Template ID The ID of the stack template currently in use. For example: 3.
Stack Template
Description

The stack template description. For example: v1 and v2 Mix.

Up Time

The system up time.

Stacking Commands
28

ProSafe Managed Switch

show supported switchtype
This commands displays information about all supported switch types or a specific switch
type.
Format

show supported switchtype []

Modes

• User EXEC
• Privileged EXEC

If you do not supply a value for , the following output appears:
Term

Definition

Switch Index (SID) The index into the database of supported switch types. This index is used when
preconfiguring a member to be added to the stack.
Model Identifier

The model identifier for the supported switch type.

Management
Preference

The management preference value of the switch type.

Code Version

The code load target identifier of the switch type.

If you supply a value for , the following output appears:
Term

Definition

Switch Type

The 32-bit numeric switch type for the supported switch.

Model Identifier

The model identifier for the supported switch type.

Switch
Description

The description for the supported switch type.

Stacking Commands
This section describes the commands you use to view and configure stacking information.

stack-port
This command sets stacking per port to either stack or ethernet mode.
Default

stack

Format

stack-port  [{ethernet | stack}]

Mode

Stack Global Config

Stacking Commands
29

ProSafe Managed Switch

show stack-port
This command displays summary stack-port information for all interfaces.
Format

show stack-port

Mode

Privileged EXEC

Term

Definition

QOS Mode

Stacking QOS Mode for all Interfaces.

For Each Interface:
Term

Definition

Unit

The unit number.

Interface

The slot and port numbers.

Configured Stack
Mode

Stack or Ethernet.

Running Stack
Mode

Stack or Ethernet.

Link Status

Status of the link.

Link Speed

Speed (Gbps) of the stack port link.

show stack-port counters
This command displays summary data counter information for all interfaces.
Format

show stack-port counters

Mode

Privileged EXEC

Term

Definition

Unit

The unit number.

Interface

The slot and port numbers.

Tx Data Rate

Trashing data rate in megabits per second on the stacking port.

Tx Error Rate

Platform-specific number of transmit errors per second.

Tx Total Error

Platform-specific number of total transmit errors since power-up.

Rx Data Rate

Receive data rate in megabits per second on the stacking port.

Stacking Commands
30

ProSafe Managed Switch

Term

Definition

Rx Error Rate

Platform-specific number of receive errors per second.

Rx Total Errors

Platform-specific number of total receive errors since power-up.

show stack-port diag
This command shows stacking diagnostics for each port and is only intended for Field
Application Engineers (FAEs) and developers. An FAE will advise on the necessity to run this
command and capture this information.
Format

show stack-port diag

Mode

Privileged EXEC

Term

Definition

Unit

The unit number.

Interface

The slot and port numbers.

Diagnostic Entry1

80 character string used for diagnostics.

Diagnostic Entry2

80 character string used for diagnostics.

Diagnostic Entry3

80 character string used for diagnostics.

Non-Stop Forwarding Commands
Non-stop forwarding allows the stack units to continue to forward packets if the stack
management unit restarts because of a power failure, hardware failure, or software fault.

nsf
Use this command to enable nonstop forwarding feature on the stack. When nonstop
forwarding is enabled, if the management unit of a stack fails, the backup unit takes over as
the master without clearing the hardware tables of any of the surviving units. Data traffic
continues to be forwarded in hardware while the management functions initialize on the
backup unit. NSF is enabled by default on platforms that support it. The administrator can
disable NSF to redirect the CPU resources consumed by data checkpointing. If a unit that
does not support NSF is connected to the stack, then NSF is disabled on all stack members.
If a unit that does not support NSF is disconnected from the stack and all other units support
NSF, and NSF is administratively enabled, then NSF operation resumes.
Default

Enabled

Stacking Commands
31

ProSafe Managed Switch

Format

nsf

Mode

Stack Global Config

no nsf
This command disables non-stop forwarding on the stack.
Format

no nsf

Mode

Stack Global Config

show nsf
This command displays global and per-unit information on NSF configuration on the stack.
Format

show nsf

Mode

Privileged EXEC

Term

Definition

NSF Administrative
Status

Whether nonstop forwarding is administratively enabled or disabled. Default:
Enabled

NSF Operational
Status

Indicates whether NSF is enabled on the stack.

Last Startup Reason

The type of activation that caused the software to start the last time:
• “Power-On” means that the switch rebooted. This could have been caused by a
power cycle or an administrative “Reload” command.
• “Administrative Move” means that the administrator issued the
movemanagement command for the stand-by manager to take over.
• “Warm-Auto-Restart” means that the primary management card restarted due to
a failure, and the system executed a nonstop forwarding failover.
• “Cold-Auto-Restart” means that the system switched from the active manager to
the backup manager and was unable to maintain user data traffic. This is usually
caused by multiple failures occurring close together.

Time Since Last
Restart Time

The time since the current management unit became the active management unit.

Restart in progress

Whether a restart is in progress.

Warm Restart Ready

Whether the system is ready to perform a nonstop forwarding failover from the
management unit to the backup unit.

Copy of Running
Configuration to
Backup Unit: Status

Whether the running configuration on the backup unit includes all changes made
on the management unit. Displays as Current or Stale.

Stacking Commands
32

ProSafe Managed Switch

Term

Definition

Time Since Last Copy When the running configuration was last copied from the management unit to the
backup unit.
Time Until Next Copy

The number of seconds until the running configuration will be copied to the backup
unit. This line only appears when the running configuration on the backup unit is
Stale.

NSF Support (Per Unit Whether a unit supports NSF.
Status Parameters)

Example:
(Switch)#show nsf
Administrative Status.......................... Enable
Operational Status............................. Enable
Last Startup Reason............................ Warm Auto-Restart
Time Since Last Restart........................ 0 days 16 hrs 52 mins 55 secs
Restart In Progress............................ No
Warm Restart Ready............................. Yes
Copy of Running Configuration to Backup Unit:
Status...................................... Stale
Time Since Last Copy........................ 0 days 4 hrs 53 mins 22 secs
Time Until Next Copy........................ 28 seconds
Unit NSF Support
---- ----------1 Yes
2 Yes
3 Yes

initiate failover
Use this command to force the backup unit to take over as the management unit and perform
a “warm restart” of the stack. On a warm restart, the backup unit becomes the management
unit without clearing its hardware tables (on a cold restart, hardware tables are cleared).
Applications apply checkpointed data from the former management unit. The original
management unit reboots. If the system is not ready for a warm restart, for example because
no backup unit has been elected or one or more members of the stack do not support
nonstop forwarding, the command fails with a warning message. The movemanagement
command also transfers control from the current management unit; however, the hardware is
cleared and all units reinitialize.

Note: Use this command instead of movemanagement if you expect nsf
during management unit changes.

Format

initiate failover

Mode

Stack Global Config Mode

Stacking Commands
33

ProSafe Managed Switch

show checkpoint statistics
Use this command to display general information about the checkpoint service operation.
Format

show checkpoint statistics

Mode

Privileged EXEC

Term

Description

Messages
Checkpointed

Number of checkpoint messages transmitted to the backup unit. Range: Integer. Def
ault:0

Bytes
Checkpointed

Number of bytes transmitted to the backup unit. Range: Integer. Default:0

Time Since
Counters Cleared

Number of days, hours, minutes and seconds since the counters were reset to zero.
The counters are cleared when a unit becomes manager and with a support command.
Range: Time Stamp. Default: 0d00:00:00

Checkpoint
Message Rate
Average

Number of checkpoint messages per second. The average is computed over the time
period since the counters were cleared. Range: Integer. Default:0

Last 10-second
Message Rate
Average

Number of checkpoint messages per second in the last 10-second interval. This
average is updated once every 10 seconds. Range: Integer. Default:0

Highest
10-second
Message Rate

The highest rate recorded over a 10-second interval since the counters were cleared.
Range: Integer. Default:0

Example:
(Switch)#show checkpoint statistics
Messages Checkpointed.....................6708
Bytes Checkpointed........................894305
Time Since Counters Cleared...............3d 01:05:09
Checkpoint Message Rate...................0.025 msg/sec
Last 10-second Message Rate...............0 msg/sec
Highest 10-second Message Rate............8 msg/sec

clear checkpoint statistics
This command clears the statistics for the checkpointing process.
Format

clear checkpoint statistics

Mode

Privileged EXEC

Stacking Commands
34

ProSafe Managed Switch

Stack Firmware Synchronization Commands
Stack firmware synchronization provides an automatic mechanism to synchronize the
firmware on stack members whose firmware version differs from the version running on the
stack manager. This operation can result in either an upgrade or downgrade of firmware on
the mismatched stack member. However, this operation does not attempt to synchronize the
stack to the latest firmware in the stack.
During firmware transfer and upgrade, operations such as code download and move
management can result in undesirable behavior, such as firmware corruption on a code
mismatched stack member. As a result, you receive an error if you try to access the following
operations from the user interface during stack firmware synchronization:
•

Move management

•

Unit renumbering

•

Code download

•

Delete image

•

Update bootcode

•

Clear config

A reboot operation is allowed during stack firmware synchronization.
If the firmware is corrupted during stack firmware synchronization, manual intervention by the
administrator is required to restore the switch to working condition.
During stack firmware synchronization, traps are generated on start, completion, or failure.
•

Non-deterministic upgrade behavior
On bootup, the image that gets synchronized depends on the one that becomes the
manager. Which code version the new stack synchronizes to is fully deterministic, but
might not be obvious to the user as it depends entirely on which unit becomes the
manager. This might be decided by a MAC address comparison. If the administrator
wants a particular version to be used by the stack, he should first ensure that this
particular unit becomes stack manager.

•

Bootcode Upgrades
Bootcode upgrades are not initiated by the stack firmware synchronization.

boot auto-copy-sw
This command enables or disables stack firmware synchronization.
Default

Disabled

Format

boot auto-copy-sw

Mode

Privileged EXEC

Stacking Commands
35

ProSafe Managed Switch

no boot auto-copy-sw
This command disables stack firmware synchronization.
Format

no boot auto-copy-sw

Mode

Privileged EXEC

boot auto-copy-sw trap
This command sends SNMP traps related to stack firmware synchronization.
Default

Enabled

Format

boot auto-copy-sw trap

Mode

Privileged EXEC

no boot auto-copy-sw trap
This command disables sending SNMP traps related to stack firmware synchronization.
Format

no boot auto-copy-sw trap

Mode

Privileged EXEC

boot auto-copy-sw allow-downgrade
This command enables downgrading the firmware version on the stack member if the
firmware version on the manager is older than the firmware version on the member.
Default

Enabled

Format

boot auto-copy-sw allow-downgrade

Mode

Privileged EXEC

no boot auto-copy-sw allow-downgrade
This command disables downgrading the image.
Format

no boot auto-copy-sw allow-downgrade

Mode

Privileged EXEC

Stacking Commands
36

ProSafe Managed Switch

show auto-copy-sw
This command displays the stack firmware synchronization configuration status.
Format

show auto-copy-sw

Mode

Privileged EXEC

Example:
(Switch)#show auto-copy-sw
Stack Firmware Synchronization
Synchronization: Enabled
SNMP Trap status: Enabled
Allow Downgrade: Enabled

Stacking Commands
37

3.

Switching Commands

3

This chapter describes the switching commands available in the managed switch CLI.
This chapter contains the following sections:
•

Port Configuration Commands

•

Loopback Interface Commands

•

Spanning Tree Protocol (STP) Commands

•

VLAN Commands

•

Double VLAN Commands

•

Voice VLAN Commands

•

Provisioning (IEEE 802.1p) Commands

•

Protected Ports Commands

•

Private Group Commands

•

Private VLAN

•

GARP Commands

•

GVRP Commands

•

GMRP Commands

•

Port-Based Network Access Control Commands

•

802.1X Supplicant Commands

•

Storm-Control Commands

•

Flow Control Commands

•

Port Mirroring

•

Static MAC Filtering

•

DHCP L2 Relay Agent Commands

•

DHCP Client Commands

•

DHCP Snooping Configuration Commands

•

Dynamic ARP Inspection Commands

•

IGMP Snooping Configuration Commands

•

IGMP Snooping Querier Commands

•

MLD Snooping Commands

38

ProSafe Managed Switch

•

MLD Snooping Querier Commands

•

Port Security Commands

•

LLDP (802.1AB) Commands

•

LLDP-MED Commands

•

Denial of Service Commands

•

MAC Database Commands

•

ISDP Commands

•

Priority-Based Flow Control Commands

The commands in this chapter are in three functional groups:
•

Show commands display switch settings, statistics, and other information.

•

Configuration commands configure features and options of the switch. For every
configuration command, there is a show command that displays the configuration setting.

•

Clear commands clear some or all of the settings to factory defaults.

Port Configuration Commands
This section describes the commands you use to view and configure port settings.

interface
This command gives you access to the Interface Config mode, which allows you to enable or
modify the operation of an interface (port).
Format

interface 

Mode

Global Config

interface vlan
This command gives you access to the vlan virtual interface mode, which allows certain port
configurations (for example, the IP address) to be applied to the VLAN interface. Type a
question mark (?) after entering the interface configuration mode to see the available options.
Format

interface vlan 

Mode

Global Config

interface lag
This command gives you access to the LAG (link aggregation, or port channel) virtual
interface, which allows certain port configurations to be applied to the LAG interface. Type a
question mark (?) after entering the interface configuration mode to see the available options.

Switching Commands
39

ProSafe Managed Switch

Note: The IP address cannot be assigned to a LAG virtual interface. The
interface must be put under a VLAN group and an IP address
assigned to the VLAN group.

Format

interface lag 

Mode

Global Config

auto-negotiate
This command enables automatic negotiation on a port.
Default

enabled

Format

auto-negotiate

Mode

Interface Config

no auto-negotiate
This command disables automatic negotiation on a port.

Note: Automatic sensing is disabled when automatic negotiation is
disabled.

auto-negotiate all
This command enables automatic negotiation on all ports.
Default

enabled

Format

auto-negotiate all

Mode

Global Config

no auto-negotiate all
This command disables automatic negotiation on all ports.
Format

no auto-negotiate all

Mode

Global Config

Switching Commands
40

ProSafe Managed Switch

description
Use this command to create an alpha-numeric description of the port.
Format

description 

Mode

Interface Config

mtu
Use the mtu command to set the maximum transmission unit (MTU) size, in bytes, for frames
that ingress or egress the interface. You can use the mtu command to configure jumbo frame
support for physical and port-channel (LAG) interfaces. For the standard 7000 series
implementation, the MTU size is a valid integer between 1522 - 9216 for tagged packets and
a valid integer between 1518 - 9216 for untagged packets.

Note: To receive and process packets, the Ethernet MTU must include any
extra bytes that Layer-2 headers might require. To configure the IP
MTU size, which is the maximum size of the IP packet (IP Header +
IP payload), see ip mtu on page 252.

Default

1518 (untagged)

Format

mtu <1518-9216>

Mode

Interface Config

no mtu
This command sets the default MTU size (in bytes) for the interface.
Format

no mtu

Mode

Interface Config

shutdown
This command disables a port.

Note: You can use the shutdown command on physical and port-channel
(LAG) interfaces, but not on VLAN routing interfaces.

Switching Commands
41

ProSafe Managed Switch

Format

shutdown

Mode

Interface Config

no shutdown
This command enables a port.
Format

no shutdown

Mode

Interface Config

shutdown all
This command disables all ports.

Note: You can use the shutdown all command on physical and
port-channel (LAG) interfaces, but not on VLAN routing interfaces.

Format

shutdown all

Mode

Global Config

no shutdown all
This command enables all ports.
Format

no shutdown all

Mode

Global Config

speed
This command sets the speed and duplex setting for the interface.
Format

speed [{auto}] [{<100 | 10 | 10G> {}}]

Mode

Interface Config

Acceptable
Values

Definition

100h

100BASE-T half duplex

100f

100BASE-T full duplex

10h

10BASE-T half duplex

Switching Commands
42

ProSafe Managed Switch

Acceptable
Values

Definition

10f

10BASE-T full duplex

10Gh

10GBase-T full duplex

10Gf

10Gbase-T half duplex

speed all
This command sets the speed and duplex setting for all interfaces.
Format

speed all [{auto}] [{<100 | 10 | 10G> {}}]

Mode

Global Config

Acceptable
Values

Definition

100h

100BASE-T half duplex

100f

100BASE-T full duplex

10h

10BASE-T half duplex

10f

10BASE-T full duplex

10Gh

10GBase-T full duplex

10Gf

10Gbase-T half duplex

show port
This command displays port information.
Format

show port { | all}

Mode

Privileged EXEC

Term

Definition

Interface

Valid slot and port number separated by forward slashes.

Type

If not blank, this field indicates that this port is a special type of port. The possible
values are:
• Mirror - this port is a monitoring port. For more information, see Port Mirroring on
page 139.
• PC Mbr- this port is a member of a port-channel (LAG).
• Probe - this port is a probe port.

Admin Mode

The Port control administration state. The port must be enabled in order for it to be
allowed into the network. - May be enabled or disabled. The factory default is enabled.

Switching Commands
43

ProSafe Managed Switch

Term

Definition

Physical Mode

The desired port speed and duplex mode. If auto-negotiation support is selected, then
the duplex mode and speed is set from the auto-negotiation process. Note that the
maximum capability of the port (full duplex -100M) is advertised. Otherwise, this object
determines the port's duplex mode and transmission rate. The factory default is Auto.

Physical Status

The port speed and duplex mode.

Link Status

The Link is up or down.

Link Trap

This object determines whether or not to send a trap when link status changes. The
factory default is enabled.

LACP Mode

LACP is enabled or disabled on this port.

show port protocol
This command displays the Protocol-Based VLAN information for either the entire system, or
for the indicated group.
Format

show port protocol { | all}

Mode

Privileged EXEC

Term

Definition

Group Name

The group name of an entry in the Protocol-based VLAN table.

Group ID

The group identifier of the protocol group.

Protocol(s)

The type of protocol(s) for this group.

VLAN

The VLAN associated with this Protocol Group.

Interface(s)

Lists the unit/slot/port interface(s) that are associated with this Protocol Group.

show port description
This command displays the port description for every port.
Format

show port description 

Mode

Privileged EXEC

Term

Definition

Interface

Valid slot and port number separated by forward slashes

Description

Shows the port description configured via the “description” command

Switching Commands
44

ProSafe Managed Switch

show port status
This command displays the Protocol-Based VLAN information for either the entire system, or
for the indicated group.
Format

show port status { | all}

Mode

Privileged EXEC

Term

Definition

Interface

Valid slot and port number separated by forward slashes.

Media Type

“Copper” or “Fiber” for combo port.

STP Mode

Indicate the spanning tree mode of the port.

Physical Mode

Either “Auto” or fixed speed and duplex mode.

Physical Status

The actual speed and duplex mode.

Link Status

Whether the link is Up or Down.

Loop Status

Whether the port is in loop state or not.

Partner Flow
Control

Whether the remote side is using flow control or not.

Loopback Interface Commands
The commands in this section describe how to create, delete, and manage loopback
interfaces. A loopback interface is always expected to be up. This interface can provide the
source address for sent packets and can receive both local and remote packets. The
loopback interface is typically used by routing protocols.
To assign an IP address to the loopback interface, see ip address on page 247. To assign an
IPv6 address to the loopback interface, see ipv6 address on page 377.

interface loopback
Use this command to enter the Interface Config mode for a loopback interface. The range of
the loopback ID is 0 to 7.
Format

interface loopback 

Mode

Global Config

Switching Commands
45

ProSafe Managed Switch

no interface loopback
This command removes the loopback interface and associated configuration parameters for
the specified loopback interface.
Format

no interface loopback 

Mode

Global Config

show interface loopback
This command displays information about configured loopback interfaces.
Format

show interface loopback []

Mode

Privileged EXEC

If you do not specify a loopback ID, the following information appears for each loopback
interface on the system:
Term

Definition

Loopback ID

The loopback ID associated with the rest of the information in the row.

Interface

The interface name.

IP Address

The IPv4 address of the interface.

Received
Packets

The number of packets received on this interface.

Sent Packets

The number of packets transmitted from this interface.

IPv6 Address

The IPv6 address of this interface.

If you specify a loopback ID, the following information appears:
Term

Definition

Interface Link
Status

Shows whether the link is up or down.

IP Address

The IPv4 address of the interface.

IPv6 is enabled
(disabled)

Shows whether IPv6 is enabled on the interface.

IPv6 Prefix is

The IPv6 address of the interface.

MTU size

The maximum transmission size for packets on this interface, in bytes.

Switching Commands
46

ProSafe Managed Switch

Spanning Tree Protocol (STP) Commands
This section describes the commands you use to configure Spanning Tree Protocol (STP).
STP helps prevent network loops, duplicate messages, and network instability.

spanning-tree
This command sets the spanning-tree operational mode to enabled.
Default

enabled

Format

spanning-tree

Mode

Global Config

no spanning-tree
This command sets the spanning-tree operational mode to disabled. While disabled, the
spanning-tree configuration is retained and can be changed, but is not activated.
Format

no spanning-tree

Mode

Global Config

spanning-tree auto-edge
This command enables auto-edge on the interface or range of interfaces. When enabled, the
interface becomes an edge port if it does not see BPDUs for edge delay time.
Default

enabled

Format

spanning-tree auto-edge

Mode

Interface Config

no spanning-tree auto-edge
This command disables auto-edge on the interface or range of interfaces.
Format

no spanning-tree auto-edge

Mode

Interface Config

spanning-tree bpdufilter
Use this command to enable BPDU Filter on an interface or range of interfaces.
Default

disabled

Format

spanning-tree bpdufilter

Mode

Interface Config

Switching Commands
47

ProSafe Managed Switch

no spanning-tree bpdufilter
Use this command to disable BPDU Filter on the interface or range of interfaces.
Default

disabled

Format

no spanning-tree bpdufilter

Mode

Interface Config

spanning-tree bpdufilter default
Use this command to enable BPDU Filter on all the edge port interfaces.
Default

disabled

Format

spanning-tree bpdufilter

Mode

Global Config

no spanning-tree bpdufilter default
Use this command to disable BPDU Filter on all the edge port interfaces.
Default

enabled

Format

no spanning-tree bpdufilter default

Mode

Global Config

spanning-tree bpduflood
Use this command to enable BPDU Flood on the interface.
Default

disabled

Format

spanning-tree bpduflood

Mode

Interface Config

no spanning-tree bpduflood
Use this command to disable BPDU Flood on the interface.
Format

no spanning-tree bpduflood

Mode

Interface Config

Switching Commands
48

ProSafe Managed Switch

spanning-tree bpduguard
Use this command to enable BPDU Guard on the switch.
Default

disabled

Format

spanning-tree bpduguard

Mode

Global Config

no spanning-tree bpduguard
Use this command to disable BPDU Guard on the switch.
Format

no spanning-tree bpduguard

Mode

Global Config

spanning-tree bpdumigrationcheck
Use this command to force a transmission of rapid spanning tree (RSTP) and multiple
spanning tree (MSTP) BPDUs. Use the  parameter to transmit a BPDU
from a specified interface, or use the all keyword to transmit BPDUs from all interfaces.
This command forces the BPDU transmission when you execute it, so the command does
not change the system configuration or have a “no” version.
Format

spanning-tree bpdumigrationcheck { | all}

Mode

Global Config

spanning-tree configuration name
This command sets the Configuration Identifier Name for use in identifying the configuration
that this switch is currently using. The  is a string of up to 32 characters.
Default

base MAC address in hexadecimal notation

Format

spanning-tree configuration name 

Mode

Global Config

no spanning-tree configuration name
This command resets the Configuration Identifier Name to its default.
Format

no spanning-tree configuration name

Mode

Global Config

Switching Commands
49

ProSafe Managed Switch

spanning-tree configuration revision
This command sets the Configuration Identifier Revision Level for use in identifying the
configuration that this switch is currently using. The Configuration Identifier Revision Level is
a number in the range of 0 to 65535.
Default

0

Format

spanning-tree configuration revision <0-65535>

Mode

Global Config

no spanning-tree configuration revision
This command sets the Configuration Identifier Revision Level for use in identifying the
configuration that this switch is currently using to the default value.
Format

no spanning-tree configuration revision

Mode

Global Config

spanning-tree edgeport
This command specifies that this port is an Edge Port within the common and internal
spanning tree. This allows this port to transition to Forwarding State without delay.
Default

enabled

Format

spanning-tree edgeport

Mode

Interface Config

no spanning-tree edgeport
This command specifies that this port is not an Edge Port within the common and internal
spanning tree.
Format

no spanning-tree edgeport

Mode

Interface Config

spanning-tree forceversion
This command sets the Force Protocol Version parameter to a new value.
Default

802.1s

Format

spanning-tree forceversion <802.1d | 802.1s | 802.1w>

Mode

Global Config

•

Use 802.1d to specify that the switch transmits ST BPDUs rather than MST BPDUs (IEEE
802.1d functionality supported).

Switching Commands
50

ProSafe Managed Switch

•

Use 802.1s to specify that the switch transmits MST BPDUs (IEEE 802.1s functionality
supported).

•

Use 802.1w to specify that the switch transmits RST BPDUs rather than MST BPDUs
(IEEE 802.1w functionality supported).

no spanning-tree forceversion
This command sets the Force Protocol Version parameter to the default value.
Format

no spanning-tree forceversion

Mode

Global Config

spanning-tree forward-time
This command sets the Bridge Forward Delay parameter to a new value for the common and
internal spanning tree. The forward-time value is in seconds within a range of 4 to 30, with
the value being greater than or equal to “(Bridge Max Age / 2) + 1”.
Default

15

Format

spanning-tree forward-time <4-30>

Mode

Global Config

no spanning-tree forward-time
This command sets the Bridge Forward Delay parameter for the common and internal
spanning tree to the default value.
Format

no spanning-tree forward-time

Mode

Global Config

spanning-tree guard
This command selects whether loop guard or root guard is enabled on an interface. If neither
is enabled, then the port operates in accordance with the multiple spanning tree protocol.
Default

none

Format

spanning-tree guard { none | root | loop }

Mode

Interface Config

no spanning-tree guard
This command disables loop guard or root guard on the interface.
Format

no spanning-tree guard

Mode

Interface Config

Switching Commands
51

ProSafe Managed Switch

spanning-tree tcnguard
This command enables the propagation of received topology change notifications and topology
changes to other ports.
Default

disable

Format

spanning-tree tcnguard

Mode

Interface Config

no spanning-tree tcnguard
This command disables the propagation of received topology change notifications and topology
changes to other ports.
Format

no spanning-tree tcnguard

Mode

Interface Config

spanning-tree max-age
This command sets the Bridge Max Age parameter to a new value for the common and
internal spanning tree. The max-age value is in seconds within a range of 6 to 40, with the
value being less than or equal to 2 x (Bridge Forward Delay - 1).
Default

20

Format

spanning-tree max-age <6-40>

Mode

Global Config

no spanning-tree max-age
This command sets the Bridge Max Age parameter for the common and internal spanning
tree to the default value.
Format

no spanning-tree max-age

Mode

Global Config

spanning-tree max-hops
This command sets the MSTP Max Hops parameter to a new value for the common and
internal spanning tree. The max-hops value is a range from 6 to 40.
Default

20

Format

spanning-tree max-hops <1-127>

Mode

Global Config

Switching Commands
52

ProSafe Managed Switch

no spanning-tree max-hops
This command sets the Bridge Max Hops parameter for the common and internal spanning
tree to the default value.
Format

no spanning-tree max-hops

Mode

Global Config

spanning-tree mst
This command sets the Path Cost or Port Priority for this port within the multiple spanning
tree instance or in the common and internal spanning tree. If you specify an 
parameter that corresponds to an existing multiple spanning tree instance, the configurations
are done for that multiple spanning tree instance. If you specify 0 (defined as the default CIST
ID) as the , the configurations are done for the common and internal spanning tree
instance.
If you specify the cost option, the command sets the path cost for this port within a multiple
spanning tree instance or the common and internal spanning tree instance, depending on the
 parameter. You can set the path cost as a number in the range of 1 to 200000000
or auto. If you select auto the path cost value is set based on Link Speed.
If you specify the external-cost option, this command sets the external-path cost for MST
instance ‘0’ i.e. CIST instance. You can set the external cost as a number in the range of 1 to
200000000 or auto. If you specify auto, the external path cost value is set based on Link
Speed.
If you specify the port-priority option, this command sets the priority for this port within a
specific multiple spanning tree instance or the common and internal spanning tree instance,
depending on the  parameter. The port-priority value is a number in the range of 0
to 240 in increments of 16.
Default

• cost—auto
• external-cost—auto
• port-priority—128

Format

spanning-tree mst  {{cost <1-200000000> | auto} |
{external-cost <1-200000000> | auto} | port-priority <0-240>}

Mode

Interface Config

no spanning-tree mst
This command sets the Path Cost or Port Priority for this port within the multiple spanning
tree instance, or in the common and internal spanning tree to the respective default values. If
you specify an  parameter that corresponds to an existing multiple spanning tree
instance, you are configuring that multiple spanning tree instance. If you specify 0 (defined as
the default CIST ID) as the , you are configuring the common and internal spanning
tree instance.

Switching Commands
53

ProSafe Managed Switch

If the you specify cost, this command sets the path cost for this port within a multiple
spanning tree instance or the common and internal spanning tree instance, depending on the
 parameter, to the default value, i.e. a path cost value based on the Link Speed.
If you specify external-cost, this command sets the external path cost for this port for mst ‘0’
instance, to the default value, i.e. a path cost value based on the Link Speed.
If you specify port-priority, this command sets the priority for this port within a specific
multiple spanning tree instance or the common and internal spanning tree instance,
depending on the  parameter, to the default value.
Format

no spanning-tree mst  

Mode

Interface Config

spanning-tree mst instance
This command adds a multiple spanning tree instance to the switch. The parameter 
is a number within a range of 1 to 4094, that corresponds to the new instance ID to be added.
The maximum number of multiple instances supported by the switch is 4.
Default

none

Format

spanning-tree mst instance 

Mode

Global Config

no spanning-tree mst instance
This command removes a multiple spanning tree instance from the switch and reallocates all
VLANs allocated to the deleted instance to the common and internal spanning tree. The
parameter  is a number that corresponds to the desired existing multiple spanning
tree instance to be removed.
Format

no spanning-tree mst instance 

Mode

Global Config

spanning-tree mst priority
This command sets the bridge priority for a specific multiple spanning tree instance. The
parameter  is a number that corresponds to the desired existing multiple spanning
tree instance. The priority value is a number within a range of 0 to 61440 in increments of
4096.
If you specify 0 (defined as the default CIST ID) as the , this command sets the
Bridge Priority parameter to a new value for the common and internal spanning tree. The
bridge priority value is a number within a range of 0 to 61440. The twelve least significant bits

Switching Commands
54

ProSafe Managed Switch

are masked according to the 802.1s specification. This causes the priority to be rounded
down to the next lower valid priority.
Default

32768

Format

spanning-tree mst priority  <0-61440>

Mode

Global Config

no spanning-tree mst priority
This command sets the bridge priority for a specific multiple spanning tree instance to the
default value. The parameter  is a number that corresponds to the desired existing
multiple spanning tree instance.
If 0 (defined as the default CIST ID) is passed as the , this command sets the
Bridge Priority parameter for the common and internal spanning tree to the default value.
Format

no spanning-tree mst priority 

Mode

Global Config

spanning-tree mst vlan
This command adds an association between a multiple spanning tree instance and one or
more VLANs so that the VLAN(s) are no longer associated with the common and internal
spanning tree. The parameter  is a number that corresponds to the desired existing
multiple spanning tree instance. The vlan range can be specified as a list or as a range of
values. To specify a list of VLANs, enter a list of VLAN IDs, each separated by a comma with
no spaces in between. To specify a range of VLANs, separate the beginning and ending
VLAN ID with a dash ("-").
Format

spanning-tree mst vlan  

Mode

Global Config

no spanning-tree mst vlan
This command removes an association between a multiple spanning tree instance and one
or more VLANs so that the VLAN(s) are again associated with the common and internal
spanning tree.
Format

no spanning-tree mst vlan  

Mode

Global Config

Switching Commands
55

ProSafe Managed Switch

spanning-tree port mode
This command sets the Administrative Switch Port State for this port to enabled.
Default

enabled

Format

spanning-tree port mode

Mode

Interface Config

no spanning-tree port mode
This command sets the Administrative Switch Port State for this port to disabled.
Format

no spanning-tree port mode

Mode

Interface Config

spanning-tree port mode all
This command sets the Administrative Switch Port State for all ports to enabled.
Default

enabled

Format

spanning-tree port mode all

Mode

Global Config

no spanning-tree port mode all
This command sets the Administrative Switch Port State for all ports to disabled.
Format

no spanning-tree port mode all

Mode

Global Config

spanning-tree edgeport all
This command specifies that every port is an Edge Port within the common and internal
spanning tree. This allows all ports to transition to Forwarding State without delay.
Format

spanning-tree edgeport all

Mode

Global Config

no spanning-tree edgeport all
This command disables Edge Port mode for all ports within the common and internal
spanning tree.
Format

no spanning-tree edgeport all

Mode

Global Config

Switching Commands
56

ProSafe Managed Switch

spanning-tree bpduforwarding
Normally a switch will not forward Spanning Tree Protocol (STP) BPDU packets if STP is
disabled. However, if in some network setup, the user wishes to forward BDPU packets
received from other network devices, this command can be used to enable the forwarding.
Default

disabled

Format

spanning-tree bpduforwarding

Mode

Global Config

no spanning-tree bpduforwarding
This command will cause the STP BPDU packets received from the network to be dropped if
STP is disabled.
Format

no spanning-tree bpduforwarding

Mode

Global Config

show spanning-tree
This command displays spanning tree settings for the common and internal spanning tree.
The following details are displayed.
Format

show spanning-tree

Mode

• Privileged EXEC
• User EXEC

Term

Definition

Bridge Priority

Specifies the bridge priority for the Common and Internal Spanning tree (CST). The value
lies between 0 and 61440. It is displayed in multiples of 4096.

Bridge Identifier The bridge identifier for the CST. It is made up using the bridge priority and the base
MAC address of the bridge.
Time Since
Topology
Change

Time in seconds.

Topology
Change Count

Number of times changed.

Topology
Change

Boolean value of the Topology Change parameter for the switch indicating if a topology
change is in progress on any port assigned to the common and internal spanning tree.

Designated
Root

The bridge identifier of the root bridge. It is made up from the bridge priority and the base
MAC address of the bridge.

Root Path Cost

Value of the Root Path Cost parameter for the common and internal spanning tree.

Switching Commands
57

ProSafe Managed Switch

Term

Definition

Root Port
Identifier

Identifier of the port to access the Designated Root for the CST

Root Port Max
Age

Derived value.

Root Port
Derived value.
Bridge Forward
Delay
Hello Time

Configured value of the parameter for the CST.

Bridge Hold
Time

Minimum time between transmission of Configuration Bridge Protocol Data Units
(BPDUs).

Bridge Max
Hops

Bridge max-hops count for the device.

CST Regional
Root

Bridge Identifier of the CST Regional Root. It is made up using the bridge priority and the
base MAC address of the bridge.

Regional Root
Path Cost

Path Cost to the CST Regional Root.

Associated
FIDs

List of forwarding database identifiers currently associated with this instance.

Associated
VLANs

List of VLAN IDs currently associated with this instance.

show spanning-tree brief
This command displays spanning tree settings for the bridge. The following information
appears.
Format

show spanning-tree brief

Mode

• Privileged EXEC
• User EXEC

Term

Definition

Bridge Priority

Configured value.

Bridge Identifier

The bridge identifier for the selected MST instance. It is made up using the
bridge priority and the base MAC address of the bridge.

Bridge Max Age

Configured value.

Bridge Max Hops

Bridge max-hops count for the device.

Bridge Hello Time

Configured value.

Bridge Forward Delay

Configured value.

Bridge Hold Time

Minimum time between transmission of Configuration Bridge Protocol Data
Units (BPDUs).

Switching Commands
58

ProSafe Managed Switch

show spanning-tree interface
This command displays the settings and parameters for a specific switch port within the
common and internal spanning tree. The  is the desired switch port.
The following details are displayed on execution of the command.
Format

show spanning-tree interface 

Mode

• Privileged EXEC
• User EXEC

Term

Definition

Hello Time

Admin hello time for this port.

Port Mode

Enabled or disabled.

BPDU Guard Effect

Enabled or disabled.

Root Guard

Enabled or disabled.

Loop Guard

Enabled or disabled.

TCN Guard

Enable or disable the propagation of received topology change notifications and
topology changes to other ports.

BPDU Filter Mode

Enabled or disabled.

BPDU Flood Mode

Enabled or disabled.

Auto Edge

To enable or disable the feature that causes a port that has not seen a BPDU for
‘edge delay’ time, to become an edge port and transition to forwarding faster.

Port Up Time Since
Counters Last Cleared

Time since port was reset, displayed in days, hours, minutes, and seconds.

STP BPDUs
Transmitted

Spanning Tree Protocol Bridge Protocol Data Units sent.

STP BPDUs Received

Spanning Tree Protocol Bridge Protocol Data Units received.

RSTP BPDUs
Transmitted

Rapid Spanning Tree Protocol Bridge Protocol Data Units sent.

RSTP BPDUs Received Rapid Spanning Tree Protocol Bridge Protocol Data Units received.
MSTP BPDUs
Transmitted

Multiple Spanning Tree Protocol Bridge Protocol Data Units sent.

MSTP BPDUs Received Multiple Spanning Tree Protocol Bridge Protocol Data Units received.

show spanning-tree mst port detailed
This command displays the detailed settings and parameters for a specific switch port within
a particular multiple spanning tree instance. The parameter  is a number that

Switching Commands
59

ProSafe Managed Switch

corresponds to the desired existing multiple spanning tree instance. The
 is the desired switch port.
Format

show spanning-tree mst port detailed  

Mode

• Privileged EXEC
• User EXEC

Term

Definition

MST Instance ID The ID of the existing MST instance.
Port Identifier

The port identifier for the specified port within the selected MST instance. It is made up
from the port priority and the interface number of the port.

Port Priority

The priority for a particular port within the selected MST instance. The port priority is
displayed in multiples of 16.

Port Forwarding Current spanning tree state of this port.
State
Port Role

Each enabled MST Bridge Port receives a Port Role for each spanning tree. The port
role is one of the following values: Root Port, Designated Port, Alternate Port, Backup
Port, Master Port or Disabled Port

Auto-Calculate
Port Path Cost

Indicates whether auto calculation for port path cost is enabled.

Port Path Cost

Configured value of the Internal Port Path Cost parameter.

Designated
Root

The Identifier of the designated root for this port.

Root Path Cost

The path cost to get to the root bridge for this instance. The root path cost is zero if the
bridge is the root bridge for that instance.

Designated
Bridge

Bridge Identifier of the bridge with the Designated Port.

Designated Port Port on the Designated Bridge that offers the lowest cost to the LAN.
Identifier
Loop
Inconsistent
State

The current loop inconsistent state of this port in this MST instance. When in loop
inconsistent state, the port has failed to receive BPDUs while configured with loop guard
enabled. Loop inconsistent state maintains the port in a "blocking" state until a
subsequent BPDU is received.

Transitions Into The number of times this interface has transitioned into loop inconsistent state.
Loop
Inconsistent
State
Transitions Out The number of times this interface has transitioned out of loop inconsistent state.
of Loop
Inconsistent
State

If you specify 0 (defined as the default CIST ID) as the , this command displays the
settings and parameters for a specific switch port within the common and internal spanning

Switching Commands
60

ProSafe Managed Switch

tree. The  is the desired switch port. In this case, the following are
displayed.
Term

Definition

Port Identifier

The port identifier for this port within the CST.

Port Priority

The priority of the port within the CST.

Port Forwarding The forwarding state of the port within the CST.
State
Port Role

The role of the specified interface within the CST.

Auto-Calculate
Port Path Cost

Indicates whether auto calculation for port path cost is enabled or not (disabled).

Port Path Cost

The configured path cost for the specified interface.

Auto-Calculate
External Port
Path Cost

Indicates whether auto calculation for external port path cost is enabled.

External Port
Path Cost

The cost to get to the root bridge of the CIST across the boundary of the region. This
means that if the port is a boundary port for an MSTP region, then the external path cost
is used.

Designated
Root

Identifier of the designated root for this port within the CST.

Root Path Cost

The root path cost to the LAN by the port.

Designated
Bridge

The bridge containing the designated port.

Designated Port Port on the Designated Bridge that offers the lowest cost to the LAN.
Identifier
Topology
Value of flag in next Configuration Bridge Protocol Data Unit (BPDU) transmission
Change
indicating if a topology change is in progress for this port.
Acknowledgem
ent
Hello Time

The hello time in use for this port.

Edge Port

The configured value indicating if this port is an edge port.

Edge Port
Status

The derived value of the edge port status. True if operating as an edge port; false
otherwise.

Point To Point
MAC Status

Derived value indicating if this port is part of a point to point link.

CST Regional
Root

The regional root identifier in use for this port.

CST Internal
Root Path Cost

The internal root path cost to the LAN by the designated external port.

Loop
Inconsistent
State

The current loop inconsistent state of this port in this MST instance. When in loop
inconsistent state, the port has failed to receive BPDUs while configured with loop guard
enabled. Loop inconsistent state maintains the port in a "blocking" state until a
subsequent BPDU is received.

Switching Commands
61

ProSafe Managed Switch

Term

Definition

Transitions Into The number of times this interface has transitioned into loop inconsistent state.
Loop
Inconsistent
State
Transitions Out The number of times this interface has transitioned out of loop inconsistent state.
of Loop
Inconsistent
State

show spanning-tree mst port summary
This command displays the settings of one or all ports within the specified multiple spanning
tree instance. The parameter  indicates a particular MST instance. The parameter
{ | all} indicates the desired switch port or all ports.
If you specify 0 (defined as the default CIST ID) as the , the status summary
displays for one or all ports within the common and internal spanning tree.
Format

show spanning-tree mst port summary  { | all}

Mode

• Privileged EXEC
• User EXEC

Term

Definition

MST Instance ID The MST instance associated with this port.
Interface

Valid slot and port number separated by forward slashes.

STP Mode

Indicates whether spanning tree is enabled or disabled on the port.

Type

Currently not used.

STP State

The forwarding state of the port in the specified spanning tree instance.

Port Role

The role of the specified port within the spanning tree.

Desc

Indicates whether the port is in loop inconsistent state or not. This field is blank if the loop
guard feature is not available.

show spanning-tree mst port summary active
This command displays settings for the ports within the specified multiple spanning tree
instance that are active links.
Format

show spanning-tree mst port summary

Mode

• Privileged EXEC
• User EXEC

 active

Switching Commands
62

ProSafe Managed Switch

Term

Definition

mstid

The ID of the existing MST instance.

Interface

unit/slot/port

STP Mode

Indicates whether spanning tree is enabled or disabled on the port.

Type

Currently not used.

STP State

The forwarding state of the port in the specified spanning tree instance.

Port Role

The role of the specified port within the spanning tree.

Desc

Indicates whether the port is in loop inconsistent state or not. This field is blank if the loop
guard feature is not available.

show spanning-tree mst summary
This command displays summary information about all multiple spanning tree instances in
the switch. On execution, the following details are displayed.
Format

show spanning-tree mst summary

Mode

• Privileged EXEC
• User EXEC

Term

Definition

MST Instance ID List of multiple spanning trees IDs currently configured.
List
For each
MSTID:
• Associated
FIDs
• Associated
VLANs

• List of forwarding database identifiers associated with this instance.
• List of VLAN IDs associated with this instance.

show spanning-tree summary
This command displays spanning tree settings and parameters for the switch. The following
details are displayed on execution of the command.
Format

show spanning-tree summary

Mode

• Privileged EXEC
• User EXEC

Switching Commands
63

ProSafe Managed Switch

Term

Definition

Spanning Tree
Adminmode

Enabled or disabled.

Spanning Tree
Version

Version of 802.1 currently supported (IEEE 802.1s, IEEE 802.1w, or IEEE 802.1d) based
upon the Force Protocol Version parameter.

BPDU Guard
Mode

Enabled or disabled.

BPDU Filter
Mode

Enabled or disabled.

Configuration
Name

Identifier used to identify the configuration currently being used.

Configuration
Revision Level

Identifier used to identify the configuration currently being used.

Configuration
Digest Key

A generated Key used in the exchange of the BPDUs.

Configuration
Specifies the version of the configuration format being used in the exchange of BPDUs.
Format Selector
The default value is zero.
MST Instances

List of all multiple spanning tree instances configured on the switch.

show spanning-tree vlan
This command displays the association between a VLAN and a multiple spanning tree
instance. The  corresponds to an existing VLAN ID.
Format

show spanning-tree vlan 

Mode

• Privileged EXEC
• User EXEC

Term

Definition

VLAN Identifier

The VLANs associated with the selected MST instance.

Associated
Instance

Identifier for the associated multiple spanning tree instance or “CST” if associated with
the common and internal spanning tree.

VLAN Commands
This section describes the commands you use to configure VLAN settings.

Switching Commands
64

ProSafe Managed Switch

vlan database
This command gives you access to the VLAN Config mode, which allows you to configure
VLAN characteristics.
Format

vlan database

Mode

Privileged EXEC

network mgmt_vlan
This command configures the Management VLAN ID.
Default

1

Format

network mgmt_vlan <1-4093>

Mode

Privileged EXEC

no network mgmt_vlan
This command sets the Management VLAN ID to the default.
Format

no network mgmt_vlan

Mode

Privileged EXEC

vlan
This command creates a new VLAN and assigns it an ID. The ID is a valid VLAN
identification number (ID 1 is reserved for the default VLAN). The vlan-list contains VlanId's in
range <1-4093>. Separate non-consecutive IDs with ',' and no spaces and no zeros in
between the range; Use '-' for range.
Format

vlan 

Mode

VLAN Config

no vlan
This command deletes an existing VLAN. The ID is a valid VLAN identification number (ID 1
is reserved for the default VLAN). The vlan-list contains VlanId's in range <1-4093>.
Separate non-consecutive IDs with ',' and no spaces and no zeros in between the range; Use
'-' for range.
Format

no vlan 

Mode

VLAN Config

Switching Commands
65

ProSafe Managed Switch

vlan acceptframe
This command sets the frame acceptance mode per interface. For VLAN Only mode,
untagged frames or priority frames received on this interface are discarded. For Admit All
mode, untagged frames or priority frames received on this interface are accepted and
assigned the value of the interface VLAN ID for this port. With either option, VLAN tagged
frames are forwarded in accordance with the IEEE 802.1Q VLAN Specification.
Default

all

Format

vlan acceptframe {untaggedonly | vlanonly | all}

Mode

Interface Config

no vlan acceptframe
This command resets the frame acceptance mode for the interface to the default value.
Format

no vlan acceptframe

Mode

Interface Config

vlan ingressfilter
This command enables ingress filtering. If ingress filtering is disabled, frames received with
VLAN IDs that do not match the VLAN membership of the receiving interface are admitted
and forwarded to ports that are members of that VLAN.
Default

disabled

Format

vlan ingressfilter

Mode

Interface Config

no vlan ingressfilter
This command disables ingress filtering. If ingress filtering is disabled, frames received with
VLAN IDs that do not match the VLAN membership of the receiving interface are admitted
and forwarded to ports that are members of that VLAN.
Format

no vlan ingressfilter

Mode

Interface Config

Switching Commands
66

ProSafe Managed Switch

vlan makestatic
This command changes a dynamically created VLAN (one that is created by GVRP
registration) to a static VLAN (one that is permanently configured and defined). The ID is a
valid VLAN identification number. VLAN range is 2-4093.
Format

vlan makestatic <2-4093>

Mode

VLAN Config

vlan name
This command changes the name of a VLAN. The name is an alphanumeric string of up to 32
characters, and the ID is a valid VLAN identification number. ID range is 1-4093.
Default

• VLAN ID 1 - default
• other VLANS - blank string

Format

vlan name <1-4093> 

Mode

VLAN Config

no vlan name
This command sets the name of a VLAN to a blank string.
Format

no vlan name <1-4093>

Mode

VLAN Config

vlan participation
This command configures the degree of participation for a specific interface in a VLAN. The
ID is a valid VLAN identification number, and the interface is a valid interface number.
Format

vlan participation {exclude | include | auto} <1-4093>

Mode

Interface Config

Participation options are:
Participation
Options

Definition

include

The interface is always a member of this VLAN. This is equivalent to registration fixed.

exclude

The interface is never a member of this VLAN. This is equivalent to registration
forbidden.

auto

The interface is dynamically registered in this VLAN by GVRP. The interface will not
participate in this VLAN unless a join request is received on this interface. This is
equivalent to registration normal.

Switching Commands
67

ProSafe Managed Switch

vlan participation all
This command configures the degree of participation for all interfaces in a VLAN. The ID is a
valid VLAN identification number.
Format

vlan participation all {exclude | include | auto} <1-4093>

Mode

Global Config

You can use the following participation options:
Participation
Options

Definition

include

The interface is always a member of this VLAN. This is equivalent to registration fixed.

exclude

The interface is never a member of this VLAN. This is equivalent to registration
forbidden.

auto

The interface is dynamically registered in this VLAN by GVRP. The interface will not
participate in this VLAN unless a join request is received on this interface. This is
equivalent to registration normal.

vlan port acceptframe all
This command sets the frame acceptance mode for all interfaces.
Default

all

Format

vlan port acceptframe all {vlanonly | all}

Mode

Global Config

The modes defined as follows:
Mode

Definition

VLAN Only
mode

Untagged frames or priority frames received on this interface are discarded.

Admit All mode Untagged frames or priority frames received on this interface are accepted and assigned
the value of the interface VLAN ID for this port.

With either option, VLAN tagged frames are forwarded in accordance with the IEEE 802.1Q
VLAN Specification.
no vlan port acceptframe all
This command sets the frame acceptance mode for all interfaces to Admit All. For Admit All
mode, untagged frames or priority frames received on this interface are accepted and

Switching Commands
68

ProSafe Managed Switch

assigned the value of the interface VLAN ID for this port. With either option, VLAN tagged
frames are forwarded in accordance with the IEEE 802.1Q VLAN Specification.
Format

no vlan port acceptframe all

Mode

Global Config

vlan port ingressfilter all
This command enables ingress filtering for all ports. If ingress filtering is disabled, frames
received with VLAN IDs that do not match the VLAN membership of the receiving interface
are admitted and forwarded to ports that are members of that VLAN.
Default

disabled

Format

vlan port ingressfilter all

Mode

Global Config

no vlan port ingressfilter all
This command disables ingress filtering for all ports. If ingress filtering is disabled, frames
received with VLAN IDs that do not match the VLAN membership of the receiving interface
are admitted and forwarded to ports that are members of that VLAN.
Format

no vlan port ingressfilter all

Mode

Global Config

vlan port pvid all
This command changes the VLAN ID for all interface.
Default

1

Format

vlan port pvid all <1-4093>

Mode

Global Config

no vlan port pvid all
This command sets the VLAN ID for all interfaces to 1.
Format

no vlan port pvid all

Mode

Global Config

Switching Commands
69

ProSafe Managed Switch

vlan port tagging all
This command configures the tagging behavior for all interfaces in a VLAN to enabled. If
tagging is enabled, traffic is transmitted as tagged frames. If tagging is disabled, traffic is
transmitted as untagged frames. The ID is a valid VLAN identification number.
Format

vlan port tagging all <1-4093>

Mode

Global Config

no vlan port tagging all
This command configures the tagging behavior for all interfaces in a VLAN to disabled. If
tagging is disabled, traffic is transmitted as untagged frames. The ID is a valid VLAN
identification number.
Format

no vlan port tagging all

Mode

Global Config

vlan protocol group
This command adds protocol-based VLAN groups to the system. When it is created, the
protocol group will be assigned a unique number (1-128) that will be used to identify the
group in subsequent commands.
Format

vlan protocol group <1-128>

Mode

Global Config

no vlan protocol group
This command removes a protocol group.
Format

no vlan protocol group <1-128>

Mode

Global Config

vlan protocol group name
This command assigns a name to a protocol-based VLAN groups. The groupname variable
can be a character string of 0 to 16 characters.
Format

vlan protocol group name <1-128> 

Mode

Global Config

Switching Commands
70

ProSafe Managed Switch

no vlan protocol group name
This command removes the name from a protocol-based VLAN groups.
Format

no vlan protocol group name <1-128>

Mode

Global Config

vlan protocol group add protocol
This command adds the protocol to the protocol-based VLAN identified by groupid. A group
may have more than one protocol associated with it. Each interface and protocol combination
can only be associated with one group. If adding a protocol to a group causes any conflicts
with interfaces currently associated with the group, this command fails and the protocol is not
added to the group. The possible values for protocol-list includes the keywords ip, arp, and
ipx and hexadecimal or decimal values ranging from 0x0600 (1536) to 0xFFFF (65535). The
protocol list can accept up to 16 protocols separated by a comma.
Default

none

Format

vlan protocol group add protocol  ethertype
{|arp|ip|ipx}

Mode

Global Config

no vlan protocol group add protocol
This command removes the  from this protocol-based VLAN group that is
identified by this . The possible values for protocol are ip, arp, and ipx.
Format

no vlan protocol group add protocol  ethertype
{|arp|ip|ipx}

Mode

Global Config

protocol group
This command attaches a  to the protocol-based VLAN identified by .
A group may only be associated with one VLAN at a time, however the VLAN association can
be changed.
Default

none

Format

protocol group  

Mode

VLAN Config

Switching Commands
71

ProSafe Managed Switch

no protocol group
This command removes the  from this protocol-based VLAN group that is
identified by this .
Format

no protocol group  

Mode

VLAN Config

protocol vlan group
This command adds the physical interface to the protocol-based VLAN identified by
. You can associate multiple interfaces with a group, but you can only associate
each interface and protocol combination with one group. If adding an interface to a group
causes any conflicts with protocols currently associated with the group, this command fails
and the interface(s) are not added to the group.
Default

none

Format

protocol vlan group 

Mode

Interface Config

no protocol vlan group
This command removes the interface from this protocol-based VLAN group that is identified
by this .
Format

no protocol vlan group 

Mode

Interface Config

protocol vlan group all
This command adds all physical interfaces to the protocol-based VLAN identified by
. You can associate multiple interfaces with a group, but you can only associate
each interface and protocol combination with one group. If adding an interface to a group
causes any conflicts with protocols currently associated with the group, this command will fail
and the interface(s) will not be added to the group.
Default

none

Format

protocol vlan group all 

Mode

Global Config

Switching Commands
72

ProSafe Managed Switch

no protocol vlan group all
This command removes all interfaces from this protocol-based VLAN group that is identified
by this .
Format

no protocol vlan group all 

Mode

Global Config

vlan pvid
This command changes the VLAN ID per interface.
Default

1

Format

vlan pvid <1-4093>

Mode

Interface Config

no vlan pvid
This command sets the VLAN ID per interface to 1.
Format

no vlan pvid

Mode

Interface Config

vlan tagging
This command configures the tagging behavior for a specific interface in a VLAN to enabled.
If tagging is enabled, traffic is transmitted as tagged frames. If tagging is disabled, traffic is
transmitted as untagged frames. The vlan-list contains VlanId's in range <1-4093>. Separate
non-consecutive IDs with ',' and no spaces and no zeros in between the range; Use '-' for
range.
Format

vlan tagging 

Mode

Interface Config

no vlan tagging
This command configures the tagging behavior for a specific interface in a VLAN to disabled.
If tagging is disabled, traffic is transmitted as untagged frames. The vlan-list contains VlanId's
in range <1-4093>. Separate non-consecutive IDs with ',' and no spaces and no zeros in
between the range; Use '-' for range.
Format

no vlan tagging 

Mode

Interface Config

Switching Commands
73

ProSafe Managed Switch

vlan association subnet
This command associates a VLAN to a specific IP-subnet.
Format

vlan association subnet   <1-4093>

Mode

VLAN Config

no vlan association subnet
This command removes association of a specific IP-subnet to a VLAN.
Format

no vlan association subnet  

Mode

VLAN Config

vlan association mac
This command associates a MAC address to a VLAN.
Format

vlan association mac  <1-4093>

Mode

VLAN database

no vlan association mac
This command removes the association of a MAC address to a VLAN.
Format

no vlan association mac 

Mode

VLAN database

show vlan
This command displays a list of all configured VLAN.
Format

show vlan

Mode

• Privileged EXEC
• User EXEC

Term

Definition

VLAN ID

There is a VLAN Identifier (VID) associated with each VLAN. The range of the VLAN ID
is 1 to 4093.

VLAN Name

A string associated with this VLAN as a convenience. It can be up to 32 alphanumeric
characters long, including blanks. The default is blank. VLAN ID 1 always has a name of
“Default.” This field is optional.

VLAN Type

Type of VLAN, which can be Default (VLAN ID = 1) or static (one that is configured and
permanently defined), or Dynamic (one that is created by GVRP registration).

Switching Commands
74

ProSafe Managed Switch

show vlan 
This command displays detailed information, including interface information, for a specific
VLAN. The ID is a valid VLAN identification number.
Format

show vlan 

Mode

• Privileged EXEC
• User EXEC

Term

Definition

VLAN ID

There is a VLAN Identifier (VID) associated with each VLAN. The range of the VLAN ID
is 1 to 4093.

VLAN Name

A string associated with this VLAN as a convenience. It can be up to 32 alphanumeric
characters long, including blanks. The default is blank. VLAN ID 1 always has a name of
“Default.” This field is optional.

VLAN Type

Type of VLAN, which can be Default (VLAN ID = 1) or static (one that is configured and
permanently defined), or Dynamic (one that is created by GVRP registration).

Interface

Valid slot and port number separated by forward slashes. It is possible to set the
parameters for all ports by using the selectors on the top line.

Current

The degree of participation of this port in this VLAN. The permissible values are:
• Include - This port is always a member of this VLAN. This is equivalent to registration
fixed in the IEEE 802.1Q standard.
• Exclude - This port is never a member of this VLAN. This is equivalent to registration
forbidden in the IEEE 802.1Q standard.
• Autodetect - To allow the port to be dynamically registered in this VLAN via GVRP.
The port will not participate in this VLAN unless a join request is received on this port.
This is equivalent to registration normal in the IEEE 802.1Q standard.

Configured

The configured degree of participation of this port in this VLAN. The permissible values
are:
• Include - This port is always a member of this VLAN. This is equivalent to registration
fixed in the IEEE 802.1Q standard.
• Exclude - This port is never a member of this VLAN. This is equivalent to registration
forbidden in the IEEE 802.1Q standard.
• Autodetect - To allow the port to be dynamically registered in this VLAN via GVRP.
The port will not participate in this VLAN unless a join request is received on this port.
This is equivalent to registration normal in the IEEE 802.1Q standard.

Tagging

The tagging behavior for this port in this VLAN.
• Tagged - Transmit traffic for this VLAN as tagged frames.
• Untagged - Transmit traffic for this VLAN as untagged frames.

Switching Commands
75

ProSafe Managed Switch

show vlan brief
This command displays a list of all configured VLANs.
Format

show vlan brief

Mode

• Privileged EXEC
• User EXEC

Term

Definition

VLAN ID

There is a VLAN Identifier (vlanid) associated with each VLAN. The range of the VLAN
ID is 1 to 3965.

VLAN Name

A string associated with this VLAN as a convenience. It can be up to 32 alphanumeric
characters long, including blanks. The default is blank. VLAN ID 1 always has a name of
“Default.” This field is optional.

VLAN Type

Type of VLAN, which can be Default (VLAN ID = 1) or static (one that is configured and
permanently defined), or a Dynamic (one that is created by GVRP registration).

show vlan port
This command displays VLAN port information.
Format

show vlan port { | all}

Mode

• Privileged EXEC
• User EXEC

Term

Definition

Interface

Valid slot and port number separated by forward slashes. It is possible to set the
parameters for all ports by using the selectors on the top line.

Port VLAN ID

The VLAN ID that this port will assign to untagged frames or priority tagged frames
received on this port. The value must be for an existing VLAN. The factory default is 1.

Acceptable
Frame Types

The types of frames that may be received on this port. The options are 'VLAN only' and
'Admit All'. When set to 'VLAN only', untagged frames or priority tagged frames received
on this port are discarded. When set to 'Admit All', untagged frames or priority tagged
frames received on this port are accepted and assigned the value of the Port VLAN ID for
this port. With either option, VLAN tagged frames are forwarded in accordance to the
802.1Q VLAN specification.

Ingress
Filtering

May be enabled or disabled. When enabled, the frame is discarded if this port is not a
member of the VLAN with which this frame is associated. In a tagged frame, the VLAN is
identified by the VLAN ID in the tag. In an untagged frame, the VLAN is the Port VLAN ID
specified for the port that received this frame. When disabled, all frames are forwarded in
accordance with the 802.1Q VLAN bridge specification. The factory default is disabled.

GVRP

May be enabled or disabled.

Default Priority

The 802.1p priority assigned to tagged packets arriving on the port.

Switching Commands
76

ProSafe Managed Switch

show vlan association subnet
This command displays the VLAN associated with a specific configured IP-Address and net
mask. If no IP address and net mask are specified, the VLAN associations of all the
configured IP-subnets are displayed.
Format

show vlan association subnet [ ]

Mode

Privileged EXEC

Term

Definition

IP Subnet

The IP address assigned to each interface.

IP Mask

The subnet mask.

VLAN ID

There is a VLAN Identifier (VID) associated with each VLAN.

show vlan association mac
This command displays the VLAN associated with a specific configured MAC address. If no
MAC address is specified, the VLAN associations of all the configured MAC addresses are
displayed.
Format

show vlan association mac []

Mode

Privileged EXEC

Term

Definition

MAC Address

A MAC address for which the switch has forwarding and or filtering information. The
format is 6 or 8 two-digit hexadecimal numbers that are separated by colons, for example
01:23:45:67:89:AB. In an IVL system the MAC address will be displayed as 8 bytes.

VLAN ID

There is a VLAN Identifier (VID) associated with each VLAN.

Double VLAN Commands
This section describes the commands you use to configure double VLAN (DVLAN). Double
VLAN tagging is a way to pass VLAN traffic from one customer domain to another through a
Metro Core in a simple and cost effective manner. The additional tag on the traffic helps
differentiate between customers in the MAN while preserving the VLAN identification of the
individual customers when they enter their own 802.1Q domain.

Switching Commands
77

ProSafe Managed Switch

dvlan-tunnel ethertype
This command configures the ether-type for all interfaces. The ether-type may have the
values of 802.1Q, vMAN, or custom. If the ether-type has a value of custom, the optional
value of the custom ether type must be set to a value from 0 to 65535.
Default

vman

Format

dvlan-tunnel ethertype {802.1Q | vman | custom} [0-65535]

Mode

Global Config

mode dot1q-tunnel
This command is used to enable Double VLAN Tunneling on the specified interface.
Default

disabled

Format

mode dot1q-tunnel

Mode

Interface Config

no mode dot1q-tunnel
This command is used to disable Double VLAN Tunneling on the specified interface. By
default, Double VLAN Tunneling is disabled.
Format

no mode dot1q-tunnel

Mode

Interface Config

mode dvlan-tunnel
Use this command to enable Double VLAN Tunneling on the specified interface.

Note: When you use the mode dvlan-tunnel command on an
interface, it becomes a service provider port. Ports that do not have
double VLAN tunneling enabled are customer ports.

Default

disabled

Format

mode dvlan-tunnel

Mode

Interface Config

Switching Commands
78

ProSafe Managed Switch

no mode dvlan-tunnel
This command is used to disable Double VLAN Tunneling on the specified interface. By
default, Double VLAN Tunneling is disabled.
Format

no mode dvlan-tunnel

Mode

Interface Config

show dot1q-tunnel
Use this command without the optional parameters to display all interfaces enabled for
Double VLAN Tunneling. Use the optional parameters to display detailed information about
Double VLAN Tunneling for the specified interface or all interfaces.
Format

show dot1q-tunnel [interface { | all}]

Mode

• Privileged EXEC
• User EXEC

Term

Definition

Interface

Valid slot and port number separated by forward slashes.

Mode

The administrative mode through which Double VLAN Tunneling can be enabled or
disabled. The default value for this field is disabled.

EtherType

A 2-byte hex EtherType to be used as the first 16 bits of the DVLAN tunnel. There are
three different EtherType tags. The first is 802.1Q, which represents the commonly used
value of 0x8100. The second is vMAN, which represents the commonly used value of
0x88A8. If EtherType is not one of these two values, then it is a custom tunnel value,
representing any value in the range of 0 to 65535.

show dvlan-tunnel
Use this command without the optional parameters to display all interfaces enabled for
Double VLAN Tunneling. Use the optional parameters to display detailed information about
Double VLAN Tunneling for the specified interface or all interfaces.
Format

show dvlan-tunnel [interface { | all}]

Mode

• Privileged EXEC
• User EXEC

Term

Definition

Interface

Valid slot and port number separated by forward slashes.

Switching Commands
79

ProSafe Managed Switch

Term

Definition

Mode

The administrative mode through which Double VLAN Tunneling can be enabled or
disabled. The default value for this field is disabled.

EtherType

A 2-byte hex EtherType to be used as the first 16 bits of the DVLAN tunnel. There are
three different EtherType tags. The first is 802.1Q, which represents the commonly used
value of 0x8100. The second is vMAN, which represents the commonly used value of
0x88A8. If EtherType is not one of these two values, then it is a custom tunnel value,
representing any value in the range of 0 to 65535.

Voice VLAN Commands
This section describes the commands you use for Voice VLAN. Voice VLAN enables switch
ports to carry voice traffic with defined priority so as to enable separation of voice and data
traffic coming onto the port. The benefits of using Voice VLAN is to ensure that the sound
quality of an IP phone could be safeguarded from deteriorating when the data traffic on the
port is high.
Also the inherent isolation provided by VLANs ensures that inter-VLAN traffic is under
management control and that network- attached clients cannot initiate a direct attack on voice
components. QoS-based on IEEE 802.1P class of service (CoS) uses classification and
scheduling to sent network traffic from the switch in a predictable manner. The system uses
the source MAC of the traffic traveling through the port to identify the IP phone data flow.

voice vlan (Global Config)
Use this command to enable the Voice VLAN capability on the switch.
Default

disabled

Format

voice vlan

Mode

Global Config

no voice vlan (Global Config)
Use this command to disable the Voice VLAN capability on the switch.
Format

no voice vlan

Mode

Global Config

voice vlan (Interface Config)
Use this command to enable the Voice VLAN capability on the interface.
Default

disabled

Switching Commands
80

ProSafe Managed Switch

Format

voice vlan { | dot1p  | none | untagged}

Mode

Interface Config

You can configure Voice VLAN in any of the following ways:
Parameter

Description

vlan-id

Configure the IP phone to forward all voice traffic through the specified VLAN. Valid
VLAN IDs are from 1 to 4093 (the maximum supported by the platform).

dot1p

Configure the IP phone to use 802.1p priority tagging for voice traffic and to use the
default native VLAN (VLAN 0) to carry all traffic. Valid  range is 0 to 7.

none

Allow the IP phone to use its own configuration to send untagged voice traffic.

untagged

Configure the phone to send untagged voice traffic.

no voice vlan (Interface Config)
Use this command to disable the Voice VLAN capability on the interface.
Format

no voice vlan

Mode

Interface Config

voice vlan data priority
Use this command to either trust or untrust the data traffic arriving on the Voice VLAN port.
Default

trust

Format

voice vlan data priority {untrust | trust}

Mode

Interface Config

show voice vlan
Format

show voice vlan [interface { | all}]

Mode

Privileged EXEC

When the interface parameter is not specified, only the global mode of the Voice VLAN is
displayed.
Term

Definition

Administrative
Mode

The Global Voice VLAN mode.

Switching Commands
81

ProSafe Managed Switch

When the interface is specified:.
Term

Definition

Voice VLAN Interface Mode The admin mode of the Voice VLAN on the interface.
Voice VLAN ID

The Voice VLAN ID

Voice VLAN Priority

The do1p priority for the Voice VLAN on the port.

Voice VLAN Untagged

The tagging option for the Voice VLAN traffic.

Voice VLAN CoS Override

The Override option for the voice traffic arriving on the port.

Voice VLAN Status

The operational status of Voice VLAN on the port.

Provisioning (IEEE 802.1p) Commands
This section describes the commands you use to configure provisioning, which allows you to
prioritize ports.

vlan port priority all
This command configures the port priority assigned for untagged packets for all ports
presently plugged into the device. The range for the priority is 0-7. Any subsequent per port
configuration will override this configuration setting.
Format

vlan port priority all 

Mode

Global Config

vlan priority
This command configures the default 802.1p port priority assigned for untagged packets for a
specific interface. The range for the priority is 0–7.
Default

0

Format

vlan priority 

Mode

Interface Config

Protected Ports Commands
This section describes commands you use to configure and view protected ports on a switch.
Protected ports do not forward traffic to each other, even if they are on the same VLAN.
However, protected ports can forward traffic to all unprotected ports in their group.
Unprotected ports can forward traffic to both protected and unprotected ports. Ports are
unprotected by default.

Switching Commands
82

ProSafe Managed Switch

If an interface is configured as a protected port, and you add that interface to a Port Channel
or Link Aggregation Group (LAG), the protected port status becomes operationally disabled
on the interface, and the interface follows the configuration of the LAG port. However, the
protected port configuration for the interface remains unchanged. Once the interface is no
longer a member of a LAG, the current configuration for that interface automatically becomes
effective.

switchport protected (Global Config)
Use this command to create a protected port group. The  parameter identifies the
set of protected ports. Use the name  pair to assign a name to the protected port
group. The name can be up to 32 alphanumeric characters long, including blanks. The
default is blank.

Note: Port protection occurs within a single switch. Protected port
configuration does not affect traffic between ports on two different
switches. No traffic forwarding is possible between two protected
ports.

Format

switchport protected  name 

Mode

Global Config

no switchport protected (Global Config)
Use this command to remove a protected port group. The groupid parameter identifies the
set of protected ports. Use the name keyword to remove the name from the group.
Format

NO switchport protected  name

Mode

Global Config

switchport protected (Interface Config)
Use this command to add an interface to a protected port group. The  parameter
identifies the set of protected ports to which this interface is assigned. You can only configure
an interface as protected in one group.

Note: Port protection occurs within a single switch. Protected port
configuration does not affect traffic between ports on two different
switches. No traffic forwarding is possible between two protected
ports.

Switching Commands
83

ProSafe Managed Switch

Default

unprotected

Format

switchport protected 

Mode

Interface Config

no switchport protected (Interface Config)
Use this command to configure a port as unprotected. The groupid parameter identifies the
set of protected ports to which this interface is assigned.
Format

no switchport protected 

Mode

Interface Config

show switchport protected
This command displays the status of all the interfaces, including protected and unprotected
interfaces.
Format

show switchport protected 

Mode

• Privileged EXEC
• User EXEC

Term

Definition

Group ID

The number that identifies the protected port group.

Name

An optional name of the protected port group. The name can be up to 32 alphanumeric
characters long, including blanks. The default is blank.

List of Physical List of ports, which are configured as protected for the group identified with . If
Ports
no port is configured as protected for this group, this field is blank.

show interfaces switchport
This command displays the status of the interface (protected/unprotected) under the groupid.
Format

show interfaces switchport  

Mode

• Privileged EXEC
• User EXEC

Term

Definition

Name

A string associated with this group as a convenience. It can be up to 32 alphanumeric
characters long, including blanks. The default is blank. This field is optional.

Protected port

Indicates whether the interface is protected or not. It shows TRUE or FALSE. If the group
is a multiple groups then it shows TRUE in Group .

Switching Commands
84

ProSafe Managed Switch

Private Group Commands
This section describes commands used to configure private group and view private group
configuration information.
Private group can be used to create a group of ports that can or can not share traffic to each
others in the same VLAN group. The main application is to isolate a group of users from
another without using VLAN.

switchport private-group
This command is used to assign one port or a range of ports to private group
 (or ).
The ingress traffic from a port in private group can be forwarded to other ports either in the
same private group or anyone in the same VLAN that are not in a private group.
By default, a port does not belong to any private group. A port cannot be in more than one
private group. An error message should return when that occurred. To change a port’s private
group, first the port must be removed from its private group.
Default

port not associated with any group.

Format

switchport private-group [|]

Mode

Interface Config

no switchport private group
This command is used to remove the specified port from the given private group.
Format

no switchport private-group [|]

Mode

Interface Config

private-group name
This command is used to create a private group with name . The name
string can be up to 24 bytes of non-blank characters. The total number of private groups is
192 such that the valid range for the ID is <1-192>.
The  field is optional. If not specified, a group id not used will be assigned
automatically.
The mode can be either “isolated” or “community”. When in “isolated” mode, the member port
in the group cannot forward its egress traffic to any other members in the same group. By
default, the mode is “community” mode that each member port can forward traffic to other
members in the same group, but not to members in other groups.

Switching Commands
85

ProSafe Managed Switch

Format

private-group name  [] [mode {community|isolated}]

Mode

Global Config

no private-group name
This command is used to remove the specified private group.
Format

private-group name 

Mode

Global Config

show private-group
This command displays the private groups’ information.
Format

show private-groupname [||port ]

Mode

Privileged EXEC

Term

Definition

Interface

Valid slot and port number separated by forward slashes.

Port VLANID

The VLAN ID associated with the port.

Private Group
ID

Total number of private groups is 192.

Private Group
Name

The name string can be up to 24 bytes of non-blank characters

Private Group

The mode can be either “isolated” or “community”.

Private VLAN
The Private VLANs feature separates a regular VLAN domain into two or more subdomains.
Each subdomain is defined (represented) by a primary VLAN and a secondary VLAN. The
primary VLAN ID is the same for all subdomains that belong to a private VLAN. The
secondary VLAN ID differentiates subdomains from each other and provides Layer 2 isolation
between ports of the same private VLAN. The types of VLANs within a private VLAN are as
follows:
•

Primary VLAN—Forwards the traffic from the promiscuous ports to isolated ports,
community ports and other promiscuous ports in the same private VLAN. Only one

Switching Commands
86

ProSafe Managed Switch

primary VLAN can be configured per private VLAN. All ports within a private VLAN share
the same primary VLAN.
•

Isolated VLAN—A secondary VLAN that carries traffic from isolated ports to promiscuous
ports. Only one isolated VLAN can be configured per private VLAN.

•

Community VLAN—A secondary VLAN that forwards traffic between ports that belong to
the same community and the promiscuous ports. There can be multiple community
VLANs per private VLAN.
Three types of port designations exist within a private VLAN:

•

Promiscuous Ports—An endpoint connected to a promiscuous port is allowed to
communicate with any endpoint within the private VLAN. Multiple promiscuous ports can
be defined for a single private VLAN domain.

•

Isolated Ports—An endpoint connected to an isolated port is allowed to communicate with
endpoints connected to promiscuous ports only. Endpoints connected to adjacent
isolated ports cannot communicate with each other.

•

Community Ports—An endpoint connected to a community port is allowed to
communicate with the endpoints within a community and with any configured
promiscuous port. The endpoints that belong to one community cannot communicate with
endpoints that belong to a different community or with endpoints connected to isolated
ports.

The Private VLANs can be extended across multiple switches through inter-switch/stack links
that transport primary, community and isolated VLANs between devices.

switchport private-vlan
This command is used to define a private-VLAN association for an isolated or community
port or a mapping for a promiscuous port.
Format

switchport private-vlan {host-association 
 | mapping  {add | remove}
}

Mode

Interface Config

Term

Definition

host-association

Defines VLAN association for community or host ports.

mapping

Defines the private VLAN mapping for promiscuous ports.

primary-vlan-id

Primary VLAN ID of a private VLAN.

secondary-vlan-id

Secondary (isolated or community) VLAN ID of a private VLAN.

add

Associates the secondary VLAN with the primary one.

remove

Deletes the secondary VLANs from the primary VLAN association.

secondary-vlan-list

A list of secondary VLANs to be mapped to a primary VLAN.

Switching Commands
87

ProSafe Managed Switch

no switchport private-vlan
This command is used to remove the private-VLAN association or mapping from the port.
Format

no switchport private-vlan {host-association | mapping}

Mode

Interface Config

switchport mode private-vlan
This command is used to configure a port as a promiscuous or host private VLAN port. Note
that the properties of each mode can be configured even when the switch is not in that mode.
However, they will only be applicable once the switch is in that particular mode.
Format

switchport mode private-vlan {host | promiscuous}

Mode

Interface Config

Default

General

Term

Definition

host

Configures an interface as a private VLAN host port. It can be either isolated or
community port depending on the secondary VLAN it is associated with.

promiscuous

Configures an interface as a private VLAN promiscuous port. The promiscuous ports
are members of the primary VLAN.

no switchport mode
This command is used to remove the private-VLAN association or mapping from the port.
Format

no switchport mode private-vlan

Mode

Interface Config

private-vlan
This command is used to configure the private VLANs and to configure the association
between the primary private VLAN and secondary VLANs.
Format

private-vlan {association [add | remove]  |
community | isolated | primary}

Mode

VLAN Config

Term

Definition

association

Associates the primary and secondary VLAN.

secondary-vlan-list

A list of secondary VLANs to be mapped to a primary VLAN.

community

Designates a VLAN as a community VLAN.

Switching Commands
88

ProSafe Managed Switch

Term

Definition

isolated

Designates a VLAN as the isolated VLAN.

primary

Designates a VLAN as the primary VLAN.

no private-vlan
This command is used to restore normal VLAN configuration.
Format

no private-vlan {association}

Mode

VLAN Config

vlan
Use this command to enter the private vlan configuration. The VLAN range is 1-4094.
Format

vlan 

Mode

Global Config

show vlan
This command displays information about the configured private VLANs including primary
and secondary VLAN IDs, type (community, isolated, or primary) and the ports that belong to
a private VLAN.
Format

show vlan private-vlan [type]

Mode

• Priviliged EXEC
• User EXEC

Term

Definition

Private -vlan

Displays information about the configured private VLANs

type

Displays only private VLAN ID and its type.

Primary

Displays primary VLAN ID

Secondary

Displays secondary VLAN ID

Type

Displays secondary VLAN type

Ports

Displays ports which are associated with a private VLAN

Switching Commands
89

ProSafe Managed Switch

show interface ethernet  switchport
This command displays the private-VLAN mapping information for the switch interfaces.
Format

show interface ethernet  switchport

Mode

• Privileged EXEC
• User EXEC

Term

Definition

Private-vlan host-association

Displays VLAN association for the private-VLAN host ports.

Private-vlan mapping

Displays VLAN mapping for the private-VLAN promiscuous ports

GARP Commands
This section describes the commands you use to configure Generic Attribute Registration
Protocol (GARP) and view GARP status. The commands in this section affect both GARP
VLAN Registration Protocol (GVRP) and Garp Multicast Registration Protocol (GMRP).
GARP is a protocol that allows client stations to register with the switch for membership in
VLANS (by using GVMP) or multicast groups (by using GVMP).

set garp timer join
This command sets the GVRP join time for one port (Interface Config mode) or all (Global
Config mode) and per GARP. Join time is the interval between the transmission of GARP
Protocol Data Units (PDUs) registering (or re-registering) membership for a VLAN or
multicast group. This command has an effect only when GVRP is enabled. The time is from
10 to 100 (centiseconds). The value 20 centiseconds is 0.2 seconds.
Default

20

Format

set garp timer join <10-100>

Mode

• Interface Config
• Global Config

no set garp timer join
This command sets the GVRP join time (for one or all ports and per GARP) to the default and
only has an effect when GVRP is enabled.
Format

no set garp timer join

Mode

• Interface Config
• Global Config

Switching Commands
90

ProSafe Managed Switch

set garp timer leave
This command sets the GVRP leave time for one port (Interface Config mode) or all ports
(Global Config mode) and only has an effect when GVRP is enabled. Leave time is the time
to wait after receiving an unregister request for a VLAN or a multicast group before deleting
the VLAN entry. This can be considered a buffer time for another station to assert registration
for the same attribute in order to maintain uninterrupted service. The leave time is 20 to 600
(centiseconds). The value 60 centiseconds is 0.6 seconds.
Default

60

Format

set garp timer leave <20-600>

Mode

• Interface Config
• Global Config

no set garp timer leave
This command sets the GVRP leave time on all ports or a single port to the default and only
has an effect when GVRP is enabled.
Format

no set garp timer leave

Mode

• Interface Config
• Global Config

set garp timer leaveall
This command sets how frequently Leave All PDUs are generated. A Leave All PDU
indicates that all registrations will be unregistered. Participants would need to rejoin in order
to maintain registration. The value applies per port and per GARP participation. The time may
range from 200 to 6000 (centiseconds). The value 1000 centiseconds is 10 seconds. You can
use this command on all ports (Global Config mode) or a single port (Interface Config mode),
and it only has an effect only when GVRP is enabled.
Default

1000

Format

set garp timer leaveall <200-6000>

Mode

• Interface Config
• Global Config

no set garp timer leaveall
This command sets how frequently Leave All PDUs are generated the default and only has
an effect when GVRP is enabled.
Format

no set garp timer leaveall

Mode

• Interface Config
• Global Config

Switching Commands
91

ProSafe Managed Switch

show garp
This command displays GARP information.
Format

show garp

Mode

• Privileged EXEC
• User EXEC

Term

Definition

GMRP Admin Mode

The administrative mode of GARP Multicast Registration Protocol (GMRP) for the
system.

GVRP Admin Mode

The administrative mode of GARP VLAN Registration Protocol (GVRP) for the
system.

GVRP Commands
This section describes the commands you use to configure and view GARP VLAN
Registration Protocol (GVRP) information. GVRP-enabled switches exchange VLAN
configuration information, which allows GVRP to provide dynamic VLAN creation on trunk
ports and automatic VLAN pruning.

Note: If GVRP is disabled, the system does not forward GVRP messages.

set gvrp adminmode
This command enables GVRP on the system.
Default

disabled

Format

set gvrp adminmode

Mode

Privileged EXEC

no set gvrp adminmode
This command disables GVRP.
Format

no set gvrp adminmode

Mode

Privileged EXEC

Switching Commands
92

ProSafe Managed Switch

set gvrp interfacemode
This command enables GVRP on a single port (Interface Config mode) or all ports (Global
Config mode).
Default

disabled

Format

set gvrp interfacemode

Mode

• Interface Config
• Global Config

no set gvrp interfacemode
This command disables GVRP on a single port (Interface Config mode) or all ports (Global
Config mode). If GVRP is disabled, Join Time, Leave Time and Leave All Time have no
effect.
Format

no set gvrp interfacemode

Mode

• Interface Config
• Global Config

show gvrp configuration
This command displays Generic Attributes Registration Protocol (GARP) information for one
or all interfaces.
Format

show gvrp configuration { | all}

Mode

• Privileged EXEC
• User EXEC

Term

Definition

Interface

Valid slot and port number separated by forward slashes.

Join Timer

The interval between the transmission of GARP PDUs registering (or re-registering)
membership for an attribute. Current attributes are a VLAN or multicast group. There is
an instance of this timer on a per-Port, per-GARP participant basis. Permissible values
are 10 to 100 centiseconds (0.1 to 1.0 seconds). The factory default is 20 centiseconds
(0.2 seconds). The finest granularity of specification is one centisecond (0.01 seconds).

Leave Timer

The period of time to wait after receiving an unregister request for an attribute before
deleting the attribute. Current attributes are a VLAN or multicast group. This may be
considered a buffer time for another station to assert registration for the same attribute in
order to maintain uninterrupted service. There is an instance of this timer on a per-Port,
per-GARP participant basis. Permissible values are 20 to 600 centiseconds (0.2 to 6.0
seconds). The factory default is 60 centiseconds (0.6 seconds).

Switching Commands
93

ProSafe Managed Switch

Term

Definition

LeaveAll Timer

This Leave All Time controls how frequently LeaveAll PDUs are generated. A LeaveAll
PDU indicates that all registrations will shortly be deregistered. Participants will need to
rejoin in order to maintain registration. There is an instance of this timer on a per-Port,
per-GARP participant basis. The Leave All Period Timer is set to a random value in the
range of LeaveAllTime to 1.5*LeaveAllTime. Permissible values are 200 to 6000
centiseconds (2 to 60 seconds). The factory default is 1000 centiseconds (10 seconds).

Port GVMRP
Mode

The GVRP administrative mode for the port, which is enabled or disabled (default). If this
parameter is disabled, Join Time, Leave Time and Leave All Time have no effect.

GMRP Commands
This section describes the commands you use to configure and view GARP Multicast
Registration Protocol (GMRP) information. Like IGMP snooping, GMRP helps control the
flooding of multicast packets. GMRP-enabled switches dynamically register and de-register
group membership information with the MAC networking devices attached to the same
segment. GMRP also allows group membership information to propagate across all
networking devices in the bridged LAN that support Extended Filtering Services.

Note: If GMRP is disabled, the system does not forward GMRP
messages.

set gmrp adminmode
This command enables GARP Multicast Registration Protocol (GMRP) on the system.
Default

disabled

Format

set gmrp adminmode

Mode

Privileged EXEC

no set gmrp adminmode
This command disables GARP Multicast Registration Protocol (GMRP) on the system.
Format

no set gmrp adminmode

Mode

Privileged EXEC

set gmrp interfacemode
This command enables GARP Multicast Registration Protocol on a single interface (Interface
Config mode) or all interfaces (Global Config mode). If an interface which has GARP enabled
is enabled for routing or is enlisted as a member of a port-channel (LAG), GARP functionality

Switching Commands
94

ProSafe Managed Switch

is disabled on that interface. GARP functionality is subsequently re-enabled if routing is
disabled and port-channel (LAG) membership is removed from an interface that has GARP
enabled.
Default

disabled

Format

set gmrp interfacemode

Mode

• Interface Config
• Global Config

no set gmrp interfacemode
This command disables GARP Multicast Registration Protocol on a single interface or all
interfaces. If an interface which has GARP enabled is enabled for routing or is enlisted as a
member of a port-channel (LAG), GARP functionality is disabled. GARP functionality is
subsequently re-enabled if routing is disabled and port-channel (LAG) membership is
removed from an interface that has GARP enabled.
Format

no set gmrp interfacemode

Mode

• Interface Config
• Global Config

show gmrp configuration
This command displays Generic Attributes Registration Protocol (GARP) information for one
or all interfaces.
Format

show gmrp configuration { | all}

Mode

• Privileged EXEC
• User EXEC

Term

Definition

Interface

The unit/slot/port of the interface that this row in the table describes.

Join Timer

The interval between the transmission of GARP PDUs registering (or re-registering)
membership for an attribute. Current attributes are a VLAN or multicast group. There is
an instance of this timer on a per-port, per-GARP participant basis. Permissible values
are 10 to 100 centiseconds (0.1 to 1.0 seconds). The factory default is 20 centiseconds
(0.2 seconds). The finest granularity of specification is 1 centisecond (0.01 seconds).

Leave Timer

The period of time to wait after receiving an unregister request for an attribute before
deleting the attribute. Current attributes are a VLAN or multicast group. This may be
considered a buffer time for another station to assert registration for the same attribute in
order to maintain uninterrupted service. There is an instance of this timer on a per-Port,
per-GARP participant basis. Permissible values are 20 to 600 centiseconds (0.2 to 6.0
seconds). The factory default is 60 centiseconds (0.6 seconds).

Switching Commands
95

ProSafe Managed Switch

Term

Definition

LeaveAll Timer

This Leave All Time controls how frequently LeaveAll PDUs are generated. A LeaveAll
PDU indicates that all registrations will shortly be deregistered. Participants will need to
rejoin in order to maintain registration. There is an instance of this timer on a per-Port,
per-GARP participant basis. The Leave All Period Timer is set to a random value in the
range of LeaveAllTime to 1.5*LeaveAllTime. Permissible values are 200 to 6000
centiseconds (2 to 60 seconds). The factory default is 1000 centiseconds (10 seconds).

Port GMRP
Mode

The GMRP administrative mode for the port. It may be enabled or disabled. If this
parameter is disabled, Join Time, Leave Time and Leave All Time have no effect.

show mac-address-table gmrp
This command displays the GMRP entries in the Multicast Forwarding Database (MFDB)
table.
Format

show mac-address-table gmrp

Mode

Privileged EXEC

Term

Definition

Mac Address

A unicast MAC address for which the switch has forwarding and or filtering information.
The format is 6 or 8 two-digit hexadecimal numbers that are separated by colons, for
example 01:23:45:67:89:AB. In an IVL system the MAC address is displayed as 8 bytes.

Type

The type of the entry. Static entries are those that are configured by the end user.
Dynamic entries are added to the table as a result of a learning process or protocol.

Description

The text description of this multicast table entry.

Interfaces

The list of interfaces that are designated for forwarding (Fwd:) and filtering (Flt:).

Port-Based Network Access Control Commands
This section describes the commands you use to configure port-based network access
control (802.1x). Port-based network access control allows you to permit access to network
services only to and devices that are authorized and authenticated.

clear dot1x statistics
This command resets the 802.1x statistics for the specified port or for all ports.
Format

clear dot1x statistics { | all}

Mode

Privileged EXEC

Switching Commands
96

ProSafe Managed Switch

clear radius statistics
This command is used to clear all RADIUS statistics.
Format

clear radius statistics

Mode

Privileged EXEC

dot1x guest-vlan
This command configures VLAN as guest vlan on a per port basis. The command specifies
an active VLAN as an IEEE 802.1x guest VLAN. The range is 1 to the maximum VLAN ID
supported by the platform.
Default

disabled

Format

dot1x guest-vlan 

Mode

Interface Config

no dot1x guest-vlan
This command disables Guest VLAN on the interface.
Default

disabled

Format

no dot1x guest-vlan

Mode

Interface Config

dot1x initialize
This command begins the initialization sequence on the specified port. This command is only
valid if the control mode for the specified port is “auto” or “mac-based”. If the control mode is
not 'auto' or “mac-based”, an error will be returned.
Format

dot1x initialize 

Mode

Privileged EXEC

dot1x mac-auth-bypass
This command enables MAC-Based Authentication Bypass (MAB) for 802.1x-unaware
clients. MAB provides 802.1x-unaware clients controlled access to the network using the
devices’ MAC address as an identifier. This requires that the known and allowable MAC
address and corresponding access rights be pre-populated in the authentication server. MAB
works only when the port control mode of the port is MAC-based.
Format

dot1x mac-auth-bypass

Mode

Interface Config

Switching Commands
97

ProSafe Managed Switch

no dot1x mac-auth-bypass
This command disables MAB for 802.1x-unaware clients.
Format

no dot1x mac-auth-bypass

Mode

Interface Config

dot1x max-req
This command sets the maximum number of times the authenticator state machine on this
port will transmit an EAPOL EAP Request/Identity frame before timing out the supplicant. The
 value must be in the range 1 - 10.
Default

2

Format

dot1x max-req 

Mode

Interface Config

no dot1x max-req
This command sets the maximum number of times the authenticator state machine on this
port will transmit an EAPOL EAP Request/Identity frame before timing out the supplicant.
Format

no dot1x max-req

Mode

Interface Config

dot1x max-users
Use this command to set the maximum number of clients supported on the port when
MAC-based dot1x authentication is enabled on the port. The maximum users supported per
port is dependent on the product. The  value is in the range 1 - 48.
Default

48

Format

dot1x max-users 

Mode

Interface Config

no dot1x max-users
This command resets the maximum number of clients allowed per port to its default value.
Format

no dot1x max-req

Mode

Interface Config

Switching Commands
98

ProSafe Managed Switch

dot1x port-control
This command sets the authentication mode to use on the specified port. Select
force-unauthorized to specify that the authenticator PAE unconditionally sets the
controlled port to unauthorized. Select force-authorized to specify that the authenticator
PAE unconditionally sets the controlled port to authorized. Select auto to specify that the
authenticator PAE sets the controlled port mode to reflect the outcome of the authentication
exchanges between the supplicant, authenticator and the authentication server. If the
mac-based option is specified, then MAC-based dot1x authentication is enabled on the port.
Default

auto

Format

dot1x port-control {force-unauthorized | force-authorized | auto |
mac-based}

Mode

Interface Config

no dot1x port-control
This command sets the 802.1x port control mode on the specified port to the default value.
Format

no dot1x port-control

Mode

Interface Config

dot1x port-control all
This command sets the authentication mode to use on all ports. Select
force-unauthorized to specify that the authenticator PAE unconditionally sets the
controlled port to unauthorized. Select force-authorized to specify that the authenticator
PAE unconditionally sets the controlled port to authorized. Select auto to specify that the
authenticator PAE sets the controlled port mode to reflect the outcome of the authentication
exchanges between the supplicant, authenticator and the authentication server. If the
mac-based option is specified, then MAC-based dot1x authentication is enabled on the port.
Default

auto

Format

dot1x port-control all {force-unauthorized | force-authorized | auto
| mac-based}

Mode

Global Config

no dot1x port-control all
This command sets the authentication mode on all ports to the default value.
Format

no dot1x port-control all

Mode

Global Config

Switching Commands
99

ProSafe Managed Switch

dot1x re-authenticate
This command begins the re-authentication sequence on the specified port. This command is
only valid if the control mode for the specified port is “auto” or “mac-based”. If the control
mode is not “auto” or “mac-based”, an error will be returned.
Format

dot1x re-authenticate 

Mode

Privileged EXEC

dot1x re-authentication
This command enables re-authentication of the supplicant for the specified port.
Default

disabled

Format

dot1x re-authentication

Mode

Interface Config

no dot1x re-authentication
This command disables re-authentication of the supplicant for the specified port.
Format

no dot1x re-authentication

Mode

Interface Config

dot1x system-auth-control
Use this command to enable the dot1x authentication support on the switch. While disabled,
the dot1x configuration is retained and can be changed, but is not activated.
Default

disabled

Format

dot1x system-auth-control

Mode

Global Config

no dot1x system-auth-control
This command is used to disable the dot1x authentication support on the switch.
Format

no dot1x system-auth-control

Mode

Global Config

Switching Commands
100

ProSafe Managed Switch

dot1x timeout
This command sets the value, in seconds, of the timer used by the authenticator state
machine on this port. Depending on the token used and the value (in seconds) passed,
various timeout configurable parameters are set. The following tokens are supported:
Tokens

Definition

guest-vlan-period The time, in seconds, for which the authenticator waits to see if any EAPOL packets are
received on a port before authorizing the port and placing the port in the guest vlan (if
configured). The guest vlan timer is only relevant when guest vlan has been configured
on that specific port.
reauth-period

The value, in seconds, of the timer used by the authenticator state machine on this port
to determine when re-authentication of the supplicant takes place. The reauth-period
must be a value in the range 1 - 65535.

quiet-period

The value, in seconds, of the timer used by the authenticator state machine on this port
to define periods of time in which it will not attempt to acquire a supplicant. The
quiet-period must be a value in the range 0 - 65535.

tx-period

The value, in seconds, of the timer used by the authenticator state machine on this port
to determine when to send an EAPOL EAP Request/Identity frame to the supplicant. The
quiet-period must be a value in the range 1 - 65535.

supp-timeout

The value, in seconds, of the timer used by the authenticator state machine on this port
to timeout the supplicant. The supp-timeout must be a value in the range 1 - 65535.

server-timeout

The value, in seconds, of the timer used by the authenticator state machine on this port
to timeout the authentication server. The supp-timeout must be a value in the range 1 65535.

Default

•
•
•
•
•
•

Format

dot1x timeout {{guest-vlan-period } |{reauth-period
} | {quiet-period } | {tx-period } |
{supp-timeout } | {server-timeout }}

Mode

Interface Config

guest-vlan-period: 90 seconds
reauth-period: 3600 seconds
quiet-period: 60 seconds
tx-period: 30 seconds
supp-timeout: 30 seconds
server-timeout: 30 seconds

no dot1x timeout
This command sets the value, in seconds, of the timer used by the authenticator state
machine on this port to the default values. Depending on the token used, the corresponding
default values are set.
Format

no dot1x timeout {guest-vlan-period | reauth-period | quiet-period |
tx-period | supp-timeout | server-timeout}

Mode

Interface Config

Switching Commands
101

ProSafe Managed Switch

dot1x unauthenticated-vlan
Use this command to configure the unauthenticated VLAN associated with that port. The
unauthenticated VLAN ID can be a valid VLAN ID from 0-Maximum supported VLAN ID
(4093 for 7000 series). The unauthenticated VLAN must be statically configured in the VLAN
database to be operational. By default, the unauthenticated VLAN is 0, i.e. invalid and not
operational.
Default

0

Format

dot1x unauthenticated-vlan 

Mode

Interface Config

no dot1x unauthenticated-vlan
This command resets the unauthenticated-vlan associated with the port to its default value.
Format

no dot1x unauthenticated-vlan

Mode

Interface Config

dot1x user
This command adds the specified user to the list of users with access to the specified port or
all ports. The  parameter must be a configured user.
Format

dot1x user  { | all}

Mode

Global Config

no dot1x user
This command removes the user from the list of users with access to the specified port or all
ports.
Format

no dot1x user  { | all}

Mode

Global Config

clear dot1x authentication-history
This command clears the authentication history table captured during successful and
unsuccessful authentication on all interface or the specified interface.
Format

clear dot1x authentication-history [unit/slot/port]

Mode

Global Config

Switching Commands
102

ProSafe Managed Switch

dot1x dynamic-vlan enable
Use this command to enable the switch to create VLANs dynamically when a RADIUS
assigned VLAN does not exist in the switch.
Format

dot1x dynamic-vlan enable

Mode

Global Config

Default

Disabled

no dot1x dynamic-vlan enable
Use this command to disable the switch from creating VLANs dynamically when a RADIUS
assigned VLAN does not exist in the switch.
Format

no dot1x dynamic-vlan enable

Mode

Global Config

dot1x system-auth-control monitor
Use this command to enable the 802.1X monitor mode on the switch. The purpose of Monitor
mode is to help troubleshoot port-based authentication configuration issues without
disrupting network access for hosts connected to the switch. In Monitor mode, a host is
granted network access to an 802.1X-enabled port even if it fails the authentication process.
The results of the process are logged for diagnostic purposes.
Format

dot1x system-auth-control monitor

Mode

Global Config

Default

Disabled

no dot1x system-auth-control monitor
Use this command to disable the 802.1X monitor on the switch.
Format

no dot1x system-auth-control monitor

Mode

Global Config

show dot1x authentication-history
This command displays 802.1X authentication events and information during successful and
unsuccessful Dot1x authentication process for all interfaces or the specified interface. Use
the optional keywords to display only failure authentication events in summary or in detail.
Format

show dot1x authentication-history {unit/slot/port | all}
[failedauth-only] [detail]

Mode

Privileged EXEC

Switching Commands
103

ProSafe Managed Switch

Term

Definition

Time Stamp

The exact time at which the event occurs.

Interface

Physical Port on which the event occurs.

Mac-Address

The supplicant/client MAC address.

VLAN assigned The VLAN assigned to the client/port on authentication.
VLAN assigned The type of VLAN ID assigned, which can be Guest VLAN, Unauth, Default, RADIUS
Reason
Assigned, or Monitor Mode VLAN ID.
Auth Status

The authentication status.

Reason

The actual reason behind the successful or failed authentication.

show authentication methods
This command displays information about the authentication methods.
Format

show authentication methods

Mode

Privileged EXEC

The following is an example of this command:
Login Authentication Method Lists
________________________________
Console_Default: None
Network_Default:Local
Enable Authentication Lists
_____________________
Console_Default: Enable None
Network_Default:Enable
Line Login Method List Enable Method Lists
_____________________
Console Console_Default Console_Default
Telnet Network_Default Network_Default
SSH Network_Default Network_Default
http : Local
https : Local
dot1x :

show dot1x
This command is used to show a summary of the global dot1x configuration, summary
information of the dot1x configuration for a specified port or all ports, the detailed dot1x

Switching Commands
104

ProSafe Managed Switch

configuration for a specified port and the dot1x statistics for a specified port - depending on
the tokens used.
Format

show dot1x [{summary { | all} | detail
 | statistics ]

Mode

Privileged EXEC

If you do not use the optional parameters  or , the command
displays the global dot1x mode, the VLAN Assignment mode, and the Dynamic VLAN
Creation mode.
Term

Definition

Administrative
Mode

Indicates whether authentication control on the switch is enabled or disabled.

VLAN
Assignment
Mode

Indicates whether assignment of an authorized port to a RADIUS assigned VLAN is
allowed (enabled) or not (disabled).

Dynamic VLAN
Creation Mode

Indicates whether the switch can dynamically create a RADIUS-assigned VLAN if it does
not currently exist on the switch.

Monitor Mode

Indicates whether the Dot1x Monitor mode on the switch is enabled or disabled.

If you use the optional parameter summary { | all}, the dot1x
configuration for the specified port or all ports are displayed.
Term

Definition

Interface

The interface whose configuration is displayed.

Control Mode

The configured control mode for this port. Possible values are force-unauthorized |
force-authorized | auto | mac-based | authorized | unauthorized.

Operating
Control Mode

The control mode under which this port is operating. Possible values are authorized |
unauthorized.

Reauthenticatio Indicates whether re-authentication is enabled on this port.
n Enabled
Port Status

Indicates whether the port is authorized or unauthorized. Possible values are authorized
| unauthorized.

If you use the optional parameter 'detail ', the detailed dot1x
configuration for the specified port is displayed.
Term

Definition

Port

The interface whose configuration is displayed.

Protocol Version The protocol version associated with this port. The only possible value is 1,
corresponding to the first version of the dot1x specification.
PAE Capabilities The port access entity (PAE) functionality of this port. Possible values are Authenticator
or Supplicant.

Switching Commands
105

ProSafe Managed Switch

Term

Definition

Control Mode

The configured control mode for this port. Possible values are force-unauthorized |
force-authorized | auto | mac-based.

Authenticator
PAE State

Current state of the authenticator PAE state machine. Possible values are Initialize,
Disconnected, Connecting, Authenticating, Authenticated, Aborting, Held,
ForceAuthorized, and ForceUnauthorized. When MAC-based authentication is enabled
on the port, this parameter is deprecated.

Backend
Authentication
State

Current state of the backend authentication state machine. Possible values are
Request, Response, Success, Fail, Timeout, Idle, and Initialize. When MAC-based
authentication is enabled on the port, this parameter is deprecated.

Quiet Period

The timer used by the authenticator state machine on this port to define periods of time
in which it will not attempt to acquire a supplicant. The value is expressed in seconds
and will be in the range 0 and 65535.

Transmit Period

The timer used by the authenticator state machine on the specified port to determine
when to send an EAPOL EAP Request/Identity frame to the supplicant. The value is
expressed in seconds and will be in the range of 1 and 65535.

Guest-VLAN ID

The guest VLAN identifier configured on the interface.

Guest VLAN
Period

The time in seconds for which the authenticator waits before authorizing and placing the
port in the Guest VLAN, if no EAPOL packets are detected on that port.

Supplicant
Timeout

The timer used by the authenticator state machine on this port to timeout the supplicant.
The value is expressed in seconds and will be in the range of 1 and 65535.

Server Timeout

The timer used by the authenticator on this port to timeout the authentication server.
The value is expressed in seconds and will be in the range of 1 and 65535.

Maximum
Requests

The maximum number of times the authenticator state machine on this port will
retransmit an EAPOL EAP Request/Identity before timing out the supplicant. The value
will be in the range of 1 and 10.

VLAN Id

The VLAN assigned to the port by the radius server. This is only valid when the port
control mode is not Mac-based.

VLAN Assigned
Reason

The reason the VLAN identified in the VLAN Idfield has been assigned to the port.
Possible values are RADIUS, Unauthenticated VLAN, Guest VLAN, default, and Not
Assigned. When the VLAN Assigned Reason is ‘Not Assigned’, it means that the port
has not been assigned to any VLAN by dot1x. This only valid when the port control
mode is not MAC-based.

Reauthentication The timer used by the authenticator state machine on this port to determine when
Period
reauthentication of the supplicant takes place. The value is expressed in seconds and
will be in the range of 1 and 65535.
Reauthentication Indicates if reauthentication is enabled on this port. Possible values are ‘True” or
Enabled
“False”.
Key
Transmission
Enabled

Indicates if the key is transmitted to the supplicant for the specified port. Possible values
are True or False.

Control Direction The control direction for the specified port or ports. Possible values are both or in.

Switching Commands
106

ProSafe Managed Switch

Term

Definition

Maximum Users

The maximum number of clients that can get authenticated on the port in the
MAC-based dot1x authentication mode. This value is used only when the port control
mode is not MAC-based.

Unauthenticated Indicates the unauthenticated VLAN configured for this port. This value is valid for the
VLAN ID
port only when the port control mode is not MAC-based.
Session Timeout Indicates the time for which the given session is valid. The time period in seconds is
returned by the RADIUS server on authentication of the port. This value is valid for the
port only when the port control mode is not MAC-based.
Session
Termination
Action

This value indicates the action to be taken once the session timeout expires. Possible
values are Default, Radius-Request. If the value is Default, the session is terminated
the port goes into unauthorized state. If the value is Radius-Request, then a
reauthentication of the client authenticated on the port is performed. This value is valid
for the port only when the port control mode is not MAC-based.

The show dot1x detail  command will display the following
MAC-based dot1x fields if the port-control mode for that specific port is MAC-based. For each
client authenticated on the port, the show dot1x detail  command will
display the following MAC-based dot1x parameters if the port-control mode for that specific
port is MAC-based.
Term

Definition

Supplicant
MAC-Address

The MAC-address of the supplicant.

Authenticator
PAE State

Current state of the authenticator PAE state machine. Possible values are Initialize,
Disconnected, Connecting, Authenticating, Authenticated, Aborting, Held,
ForceAuthorized, and ForceUnauthorized.

Backend
Authentication
State

Current state of the backend authentication state machine. Possible values are Request,
Response, Success, Fail, Timeout, Idle, and Initialize.

VLAN-Assigned The VLAN assigned to the client by the radius server.
Logical Port

The logical port number associated with the client.

If you use the optional parameter statistics , the following dot1x
statistics for the specified port appear.
Term

Definition

Port

The interface whose statistics are displayed.

EAPOL Frames
Received

The number of valid EAPOL frames of any type that have been received by this
authenticator.

EAPOL Frames
Transmitted

The number of EAPOL frames of any type that have been transmitted by this
authenticator.

EAPOL Start
Frames
Received

The number of EAPOL start frames that have been received by this authenticator.

Switching Commands
107

ProSafe Managed Switch

Term

Definition

EAPOL Logoff
Frames
Received

The number of EAPOL logoff frames that have been received by this authenticator.

Last EAPOL
Frame Version

The protocol version number carried in the most recently received EAPOL frame.

Last EAPOL
Frame Source

The source MAC address carried in the most recently received EAPOL frame.

EAP
Response/Id
Frames
Received

The number of EAP response/identity frames that have been received by this
authenticator.

EAP Response
Frames
Received

The number of valid EAP response frames (other than resp/id frames) that have been
received by this authenticator.

EAP Request/Id The number of EAP request/identity frames that have been transmitted by this
Frames
authenticator.
Transmitted
EAP Request
Frames
Transmitted

The number of EAP request frames (other than request/identity frames) that have been
transmitted by this authenticator.

Invalid EAPOL
Frames
Received

The number of EAPOL frames that have been received by this authenticator in which the
frame type is not recognized.

EAP Length
Error Frames
Received

The number of EAPOL frames that have been received by this authenticator in which the
frame type is not recognized.

show dot1x clients
This command displays 802.1x client information. This command also displays information
about the number of clients that are authenticated using Monitor mode and using 802.1X.
Format

show dot1x clients { | all}

Mode

Privileged EXEC

Term

Definition

Clients
Authenticated
using Monitor
Mode

Indicates the number of the Dot1x clients authenticated using Monitor mode.

Clients
Authenticated
using Dot1x

Indicates the number of Dot1x clients authenticated using 802.1x authentication process.

Logical
Interface

The logical port number associated with a client.

Interface

The physical port to which the supplicant is associated.

Switching Commands
108

ProSafe Managed Switch

Term

Definition

User Name

The user name used by the client to authenticate to the server.

Supplicant MAC The supplicant device MAC address.
Address
Session Time

The time since the supplicant is logged on.

Filter ID

Identifies the Filter ID returned by the RADIUS server when the client was authenticated.
This is a configured DiffServ policy name on the switch.

VLAN ID

The VLAN assigned to the port.

VLAN Assigned The reason the VLAN identified in the VLAN ID field has been assigned to the port.
Possible values are RADIUS, Unauthenticated VLAN, or Default. When the VLAN
Assigned reason is Default, it means that the VLAN was assigned to the port because
the PVID of the port was that VLAN ID.
Session
Timeout

This value indicates the time for which the given session is valid. The time period in
seconds is returned by the RADIUS server on authentication of the port. This value is
valid for the port only when the port-control mode is not MAC-based.

Session
Termination
Action

This value indicates the action to be taken once the session timeout expires. Possible
values are Default and Radius-Request. If the value is Default, the session is terminated
and client details are cleared. If the value is Radius-Request, then a reauthentication of
the client is performed.

show dot1x users
This command displays 802.1x port security user information for locally configured users.
Format

show dot1x users 

Mode

Privileged EXEC

Term

Definition

Users

Users configured locally to have access to the specified port.

802.1X Supplicant Commands
802.1X (“dot1x”) supplicant functionality is on point-to-point ports. The administrator can
configure the user name and password used in authentication and capabilities of the
supplicant port.

Switching Commands
109

ProSafe Managed Switch

dot1x pae
Use this command to set the port’s dot1x role. The port can serve as either a supplicant or an
authenticator.
Format

dot1x pae {supplicant | authenticator}

Mode

Interface Config

dot1x supplicant port-control
Use this command to set the ports authorization state (Authorized or Unauthorized) either
manually or by setting the port to auto-authorize upon startup. By default all the ports are
authenticators. If the port’s attribute needs to be moved from  or
, use this command.
Format

dot1x supplicant port-control {auto | force-authorized |
force_unauthorized}

Mode

Interface Config

Term

Description

auto

The port is in the Unauthorized state until it presents its user name and password
credentials to an authenticator. If the authenticator authorizes the port, then it is placed
in the Authorized state.

force-authorized

Sets the authorization state of the port to Authorized, bypassing the authentication
process.

forceunauthorized

Sets the authorization state of the port to Unauthorized, bypassing the authentication
process.

no dot1x supplicant port-control
Use this command to set the port-control mode to the default, auto.
Default

Auto

Format

no dot1x supplicant port-control

Mode

Interface Config

dot1x supplicant max-start
Use this command to configure the number of attempts that the supplicant makes to find the
authenticator before the supplicant assumes that there is no authenticator.
Default

3

Format

dot1x supplicant max-start <1-10>

Mode

Interface Config

Switching Commands
110

ProSafe Managed Switch

no dot1x supplicant max-start
Use this command to set the max-start value to the default.
Format

no dot1x supplicant max-start

Mode

Interface Config

dot1x supplicant timeout start-period
Use this command to configure the start period timer interval to wait for the EAP identity
request from the authenticator.
Default

30 seconds

Format

dot1x supplicant timeout start-period <1-65535 seconds>

Mode

Interface Config

no dot1x supplicant timeout start-period
Use this command to set the start-period value to the default.
Format

no dot1x supplicant timeout start-period

Mode

Interface Config

dot1x supplicant timeout held-period
Use this command to configure the held period timer interval to wait for the next
authentication on previous authentication fail.
Default

30 seconds

Format

dot1x supplicant timeout held-period <1-65535 seconds>

Mode

Interface Config

no dot1x supplicant timeout held-period
Use this command to set the held-period value to the default value.
Format

no dot1x supplicant timeout held-period

Mode

Interface Config

Switching Commands
111

ProSafe Managed Switch

dot1x supplicant timeout auth-period
Use this command to configure the authentication period timer interval to wait for the next
EAP request challenge from the authenticator.
Default

30 seconds

Format

dot1x supplicant timeout auth-period <1-65535 seconds>

Mode

Interface Config

no dot1x supplicant timeout auth-period
Use this command to set the auth-period value to the default value.
Format

no dot1x supplicant timeout auth-period

Mode

Interface Config

dot1x supplicant user
Use this command to map the given user to the port.
Format

dot1x supplicant user

Mode

Interface Config

Storm-Control Commands
This section describes commands you use to configure storm-control and view storm-control
configuration information. A traffic storm is a condition that occurs when incoming packets
flood the LAN, which creates performance degradation in the network. The Storm-Control
feature protects against this condition.
The 7000 series provides broadcast, multicast, and unicast story recovery for individual
interfaces. Unicast Storm-Control protects against traffic whose MAC addresses are not
known by the system. For broadcast, multicast, and unicast storm-control, if the rate of traffic
ingressing on an interface increases beyond the configured threshold for that type, the traffic
is dropped.
To configure storm-control, you will enable the feature for all interfaces or for individual
interfaces, and you will set the threshold (storm-control level) beyond which the broadcast,
multicast, or unicast traffic will be dropped. The Storm-Control feature allows you to limit the
rate of specific types of packets through the switch on a per-port, per-type, basis.
Configuring a storm-control level also enables that form of storm-control. Disabling a
storm-control level (using the “no” version of the command) sets the storm-control level back
to the default value and disables that form of storm-control. Using the “no” version of the
“storm-control” command (not stating a “level”) disables that form of storm-control but

Switching Commands
112

ProSafe Managed Switch

maintains the configured “level” (to be active the next time that form of storm-control is
enabled.)

Note: The actual rate of ingress traffic required to activate storm-control is
based on the size of incoming packets and the hard-coded average
packet size of 512 bytes - used to calculate a packet-per-second
(pps) rate - as the forwarding-plane requires pps versus an absolute
rate kbps. For example, if the configured limit is 10%, this is
converted to ~25000 pps, and this pps limit is set in forwarding plane
(hardware). You get the approximate desired output when 512bytes
packets are used.

storm-control broadcast
Use this command to enable broadcast storm recovery mode for a specific interface. If the
mode is enabled, broadcast storm recovery is active and, if the rate of L2 broadcast traffic
ingressing on an interface increases beyond the configured threshold, the traffic will be
dropped. Therefore, the rate of broadcast traffic will be limited to the configured threshold.
Default

enabled

Format

storm-control broadcast

Mode

Interface Config

no storm-control broadcast
Use this command to disable broadcast storm recovery mode for a specific interface.
Format

no storm-control broadcast

Mode

Interface Config

storm-control broadcast level
Use this command to configure the broadcast storm recovery threshold for an interface as a
percentage of link speed and enable broadcast storm recovery. If the mode is enabled,
broadcast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an
interface increases beyond the configured threshold, the traffic is dropped. Therefore, the
rate of broadcast traffic is limited to the configured threshold.
Default

5

Format

storm-control broadcast level <0-100>

Mode

Interface Config

Switching Commands
113

ProSafe Managed Switch

no storm-control broadcast level
This command sets the broadcast storm recovery threshold to the default value for an
interface and disables broadcast storm recovery.
Format

no storm-control broadcast level

Mode

Interface Config

storm-control broadcast rate
Use this command to configure the broadcast storm recovery threshold for an interface in
packets per second. If the mode is enabled, broadcast storm recovery is active, and if the
rate of L2 broadcast traffic ingressing on an interface increases beyond the configured
threshold, the traffic is dropped. Therefore, the rate of broadcast traffic is limited to the
configured threshold.
Default

0

Format

storm-control broadcast rate <0-14880000>

Mode

Interface Config

no storm-control broadcast rate
This command sets the broadcast storm recovery threshold to the default value for an
interface and disables broadcast storm recovery.
Format

no storm-control broadcast rate

Mode

Interface Config

storm-control broadcast (Global)
This command enables broadcast storm recovery mode for all interfaces. If the mode is
enabled, broadcast storm recovery is active, and if the rate of L2 broadcast traffic ingressing
on an interface increases beyond the configured threshold, the traffic will be dropped.
Therefore, the rate of broadcast traffic will be limited to the configured threshold.
Default

disabled

Format

storm-control broadcast

Mode

Global Config

no storm-control broadcast
This command disables broadcast storm recovery mode for all interfaces.
Format

no storm-control broadcast

Mode

Global Config

Switching Commands
114

ProSafe Managed Switch

storm-control broadcast level (Global)
This command configures the broadcast storm recovery threshold for all interfaces as a
percentage of link speed and enables broadcast storm recovery. If the mode is enabled,
broadcast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an
interface increases beyond the configured threshold, the traffic will be dropped. Therefore,
the rate of broadcast traffic will be limited to the configured threshold. This command also
enables broadcast storm recovery mode for all interfaces.
Default

5

Format

storm-control broadcast level <0-100>

Mode

Global Config

no storm-control broadcast level
This command sets the broadcast storm recovery threshold to the default value for all
interfaces and disables broadcast storm recovery.
Format

no storm-control broadcast level

Mode

Global Config

storm-control broadcast rate (Global)
Use this command to configure the broadcast storm recovery threshold for all interfaces in
packets per second. If the mode is enabled, broadcast storm recovery is active, and if the
rate of L2 broadcast traffic ingressing on an interface increases beyond the configured
threshold, the traffic is dropped. Therefore, the rate of broadcast traffic is limited to the
configured threshold.
Default

0

Format

storm-control broadcast rate <0-14880000>

Mode

Global Config

no storm-control broadcast rate
This command sets the broadcast storm recovery threshold to the default value for all
interfaces and disables broadcast storm recovery.
Format

no storm-control broadcast rate

Mode

Global Config

storm-control multicast
This command enables multicast storm recovery mode for an interface. If the mode is
enabled, multicast storm recovery is active, and if the rate of L2 multicast traffic ingressing on

Switching Commands
115

ProSafe Managed Switch

an interface increases beyond the configured threshold, the traffic will be dropped. Therefore,
the rate of multicast traffic will be limited to the configured threshold.
Default

disabled

Format

storm-control multicast

Mode

Interface Config

no storm-control multicast
This command disables multicast storm recovery mode for an interface.
Format

no storm-control multicast

Mode

Interface Config

storm-control multicast level
This command configures the multicast storm recovery threshold for an interface as a
percentage of link speed and enables multicast storm recovery mode. If the mode is enabled,
multicast storm recovery is active, and if the rate of L2 multicast traffic ingressing on an
interface increases beyond the configured threshold, the traffic will be dropped. Therefore,
the rate of multicast traffic will be limited to the configured threshold.
Default

5

Format

storm-control multicast level <0-100>

Mode

Interface Config

no storm-control multicast level
This command sets the multicast storm recovery threshold to the default value for an
interface and disables multicast storm recovery.
Format

no storm-control multicast level <0-100>

Mode

Interface Config

storm-control multicast rate
Use this command to configure the multicast storm recovery threshold for an interface in
packets per second. If the mode is enabled, multicast storm recovery is active, and if the rate
of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold,
the traffic is dropped. Therefore, the rate of multicast traffic is limited to the configured
threshold.
Default

0

Switching Commands
116

ProSafe Managed Switch

Format

storm-control multicast rate <0-14880000>

Mode

Interface Config

no storm-control multicast rate
This command sets the multicast storm recovery threshold to the default value for an
interface and disables multicast storm recovery.
Format

no storm-control multicast rate

Mode

Interface Config

storm-control multicast (Global)
This command enables multicast storm recovery mode for all interfaces. If the mode is
enabled, multicast storm recovery is active, and if the rate of L2 multicast traffic ingressing on
an interface increases beyond the configured threshold, the traffic will be dropped. Therefore,
the rate of multicast traffic will be limited to the configured threshold.
Default

disabled

Format

storm-control multicast

Mode

Global Config

no storm-control multicast
This command disables multicast storm recovery mode for all interfaces.
Format

no storm-control multicast

Mode

Global Config

storm-control multicast level (Global)
This command configures the multicast storm recovery threshold for all interfaces as a
percentage of link speed and enables multicast storm recovery mode. If the mode is enabled,
multicast storm recovery is active, and if the rate of L2 multicast traffic ingressing on an
interface increases beyond the configured threshold, the traffic will be dropped. Therefore,
the rate of multicast traffic will be limited to the configured threshold.
Default

5

Format

storm-control multicast level <0-100>

Mode

Global Config

Switching Commands
117

ProSafe Managed Switch

no storm-control multicast level
This command sets the multicast storm recovery threshold to the default value for all
interfaces and disables multicast storm recovery.
Format

no storm-control multicast level

Mode

Global Config

storm-control multicast rate (Global)
Use this command to configure the multicast storm recovery threshold for all interfaces in
packets per second. If the mode is enabled, multicast storm recovery is active, and if the rate
of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold,
the traffic is dropped. Therefore, the rate of multicast traffic is limited to the configured
threshold.
Default

0

Format

storm-control multicast rate <0-14880000>

Mode

Global Config

no storm-control broadcast rate
This command sets the broadcast storm recovery threshold to the default value for all
interfaces and disables broadcast storm recovery.
Format

no storm-control broadcast rate

Mode

Global Config

storm-control unicast
This command enables unicast storm recovery mode for an interface. If the mode is enabled,
unicast storm recovery is active, and if the rate of unknown L2 unicast (destination lookup
failure) traffic ingressing on an interface increases beyond the configured threshold, the traffic
will be dropped. Therefore, the rate of unknown unicast traffic will be limited to the configured
threshold.
Default

disabled

Format

storm-control unicast

Mode

Interface Config

Switching Commands
118

ProSafe Managed Switch

no storm-control unicast
This command disables unicast storm recovery mode for an interface.
Format

no storm-control unicast

Mode

Interface Config

storm-control unicast level
This command configures the unicast storm recovery threshold for an interface as a
percentage of link speed, and enables unicast storm recovery. If the mode is enabled, unicast
storm recovery is active, and if the rate of unknown L2 unicast (destination lookup failure)
traffic ingressing on an interface increases beyond the configured threshold, the traffic will be
dropped. Therefore, the rate of unknown unicast traffic will be limited to the configured
threshold. This command also enables unicast storm recovery mode for an interface.
Default

5

Format

storm-control unicast level <0-100>

Mode

Interface Config

no storm-control unicast level
This command sets the unicast storm recovery threshold to the default value for an interface
and disables unicast storm recovery.
Format

no storm-control unicast level

Mode

Interface Config

storm-control unicast rate
Use this command to configure the unicast storm recovery threshold for an interface in
packets per second. If the mode is enabled, unicast storm recovery is active, and if the rate of
L2 broadcast traffic ingressing on an interface increases beyond the configured threshold,
the traffic is dropped. Therefore, the rate of unicast traffic is limited to the configured
threshold.
Default

0

Format

storm-control unicast rate <0-14880000>

Mode

Interface Config

Switching Commands
119

ProSafe Managed Switch

no storm-control unicast rate
This command sets the unicast storm recovery threshold to the default value for an interface
and disables unicast storm recovery.
Format

no storm-control unicast rate

Mode

Interface Config

storm-control unicast (Global)
This command enables unicast storm recovery mode for all interfaces. If the mode is
enabled, unicast storm recovery is active, and if the rate of unknown L2 unicast (destination
lookup failure) traffic ingressing on an interface increases beyond the configured threshold,
the traffic will be dropped. Therefore, the rate of unknown unicast traffic will be limited to the
configured threshold.
Default

disabled

Format

storm-control unicast

Mode

Global Config

no storm-control unicast
This command disables unicast storm recovery mode for all interfaces.
Format

no storm-control unicast

Mode

Global Config

storm-control unicast level (Global)
This command configures the unicast storm recovery threshold for all interfaces as a
percentage of link speed, and enables unicast storm recovery. If the mode is enabled, unicast
storm recovery is active, and if the rate of unknown L2 unicast (destination lookup failure)
traffic ingressing on an interface increases beyond the configured threshold, the traffic will be
dropped. Therefore, the rate of unknown unicast traffic will be limited to the configured
threshold.
Default

5

Format

storm-control unicast level <0-100>

Mode

Global Config

Switching Commands
120

ProSafe Managed Switch

no storm-control unicast level
This command sets the unicast storm recovery threshold to the default value and disables
unicast storm recovery for all interfaces.
Format

no storm-control unicast level

Mode

Global Config

storm-control unicast rate (Global)
Use this command to configure the unicast storm recovery threshold for all interfaces in
packets per second. If the mode is enabled, unicast storm recovery is active, and if the rate of
L2 broadcast traffic ingressing on an interface increases beyond the configured threshold,
the traffic is dropped. Therefore, the rate of unicast traffic is limited to the configured
threshold.
Default

0

Format

storm-control unicast rate <0-14880000>

Mode

Global Config

no storm-control unicast rate
This command sets the multicast storm recovery threshold to the default value for an
interface and disables multicast storm recovery.
Format

no storm-control unicast rate

Mode

Global Config

show storm-control
This command displays switch configuration information. If you do not use any of the optional
parameters, this command displays global storm control configuration parameters:
•

Broadcast Storm Control Mode may be enabled or disabled. The factory default is
disabled.

•

Broadcast Storm Control Level The broadcast storm control level. The factory default is
5%.

•

Multicast Storm Control Mode may be enabled or disabled. The factory default is
disabled.

•

Multicast Storm Control Level The multicast storm control level. The factory default is
5%.

•

Unicast Storm Control Mode may be enabled or disabled. The factory default is
disabled.

•

Unicast Storm Control Level The unicast storm control level. The factory default is 5%.

Switching Commands
121

ProSafe Managed Switch

Use the all keyword to display the per-port configuration parameters for all interfaces, or
specify the unit/slot/port to display information about a specific interface.
Format

show storm-control [all | ]

Mode

Privileged EXEC

Term

Definition

Bcast Mode

Shows whether the broadcast storm control mode is enabled or disabled. The factory
default is disabled.

Bcast Level

The broadcast storm control level.

Mcast Mode

Shows whether the multicast storm control mode is enabled or disabled.

Mcast Level

The multicast storm control level.

Ucast Mode

Shows whether the Unknown Unicast or DLF (Destination Lookup Failure) storm control
mode is enabled or disabled.

Ucast Level

The Unknown Unicast or DLF (Destination Lookup Failure) storm control level.

Flow Control Commands
In 802.3x flow control, the MAC control PAUSE operation is specified in IEEE 802.3 Annex 31
B. It allows traffic from one device to be throttled for a specified period of time and is defined
for devices that are directly connected. A device that needs to inhibit transmission of data
frames from another device on the LAN transmits a PAUSE frame as defined in the IEEE
specification.
This feature allows the user to configure the switch to use symmetric, asymmetric, or no flow
control. Asymmetric flow control allows the switch to respond to received PAUSE frames, but
the port cannot generate PAUSE frames. Symmetric flow control allows the switch to both
respond to and generate MAC control PAUSE frames.

flowcontrol {symmetric|asymmetric}
Use this command to enable or disable the symmetric or asymmetric flow control on the
switch. Use the no form of command to disable the symmetric or asymmetric flow control.
Asymmetric here means that Tx Pause can never be enabled. Only Rx Pause can be
enabled.
Default

Disabled

Format

flowcontrol {symmetric|asymmetric}

Mode

• Global Config
• Interface Config

Switching Commands
122

ProSafe Managed Switch

no flowcontrol
Format

no flowcontrol

Mode

• Global Config
• Interface Config

show flowcontrol
Use this command to display the IEEE 802.3 Annex 31B flow control settings and status for a
specific interface or all interfaces. It also displays 802.3 Tx and Rx pause counts. Priority
Flow Control frames counts are not displayed. If the port is enabled for priority flow control,
operational flow control status is displayed as “Inactive”. Operational flow control status for
stacking ports is always displayed as “N/A”.
Format

show flowcontrol [unit/slot/port]

Mode

Privileged Exec

Examples:
(switch)#show flowcontrol
Admin Flow Control: Symmetric
Port
-----0/1
0/2

Flow Control
Oper
-----------Active
Inactive

RxPause

TxPause

-------310
0

--------611
0

(switch)#show flowcontrol interface 0/1
Admin Flow Control: Symmetric
Port
--------0/1

Flow Control
Oper
------Active

RxPause

TxPause

-------310

------611

Port-Channel/LAG (802.3ad) Commands
This section describes the commands you use to configure port-channels, which are also
known as link aggregation groups (LAGs). Link aggregation allows you to combine multiple
full-duplex Ethernet links into a single logical link. Network devices treat the aggregation as if
it were a single link, which increases fault tolerance and provides load sharing. The LAG
feature initially load shares traffic based upon the source and destination MAC
address.Assign the port-channel (LAG) VLAN membership after you create a port-channel. If
you do not assign VLAN membership, the port-channel might become a member of the
management VLAN which can result in learning and switching issues.

Switching Commands
123

ProSafe Managed Switch

A port-channel (LAG) interface can be either static or dynamic, but not both. All members of a
port channel must participate in the same protocols.) A static port-channel interface does not
require a partner system to be able to aggregate its member ports.

Note: If you configure the maximum number of dynamic port-channels
(LAGs) that your platform supports, additional port-channels that you
configure are automatically static.

addport
This command adds one port to the port-channel (LAG). The interface is a logical
unit/slot/port number or a group ID of a configured port-channel.

Note: Before adding a port to a port-channel, set the physical mode of the
port. For more information, see speed on page 42.

Format

addport {|lag }

Mode

Interface Config

deleteport (Interface Config)
This command deletes the port from the port-channel (LAG). The interface is a logical
unit/slot/port number or a group ID of a configured port-channel.
Format

deleteport {|lag }

Mode

Interface Config

deleteport (Global Config)
This command deletes all configured ports from the port-channel (LAG). The interface is a
logical unit/slot/port number of a configured port-channel. To clear the port channels, see
clear port-channel on page 565.
Format

deleteport 

Mode

Global Config

Switching Commands
124

ProSafe Managed Switch

lacp admin key
Use this command to configure the administrative value of the key for the port-channel. The
value range of  is 0 to 65535.
Default

0x8000

Format

lacp admin key 

Mode

Interface Config

Note: This command is only applicable to port-channel interfaces.

no lacp admin key
Use this command to configure the default administrative value of the key for the
port-channel.
Format

no lacp admin key

Mode

Interface Config

lacp collector max-delay
Use this command to configure the port-channel collector max delay. The valid range of
 is 0-65535.
Default

0x8000

Format

lacp collector max-delay 

Mode

Interface Config

Note: This command is only applicable to port-channel interfaces.

no lacp collector max delay
Use this command to configure the default port-channel collector max delay.
Format

no lacp collector max-delay

Mode

Interface Config

lacp actor admin
Use this command to configure the LACP actor admin parameters.

Switching Commands
125

ProSafe Managed Switch

lacp actor admin key
Use this command to configure the administrative value of the LACP actor admin key. The
valid range for  is 0-65535.
Default

Internal Interface Number of this Physical Port

Format

lacp actor admin key 

Mode

Interface Config

Note: This command is only applicable to physical interfaces.

no lacp actor admin key
Use this command to configure the default administrative value of the key.
Format

no lacp actor admin key

Mode

Interface Config

lacp actor admin state individual
Use this command to set LACP actor admin state to individual.
Format

lacp actor admin state individual

Mode

Interface Config

Note: This command is only applicable to physical interfaces.

no lacp actor admin state individual
Use this command to set the LACP actor admin state to aggregation.
Format

no lacp actor admin state individual

Mode

Interface Config

lacp actor admin state longtimeout
Use this command to set LACP actor admin state to longtimeout.
Format

lacp actor admin state longtimeout

Mode

Interface Config

Switching Commands
126

ProSafe Managed Switch

Note: This command is only applicable to physical interfaces.

no lacp actor admin state longtimeout
Use this command to set the LACP actor admin state to short timeout.
Format

no lacp actor admin state longtimeout

Mode

Interface Config

Note: This command is only applicable to physical interfaces.

lacp actor admin state passive
Use this command to set the LACP actor admin state to passive.
Format

lacp actor admin state passive

Mode

Interface Config

Note: This command is only applicable to physical interfaces.

no lacp actor admin state passive
Use this command to set the LACP actor admin state to active.
Format

no lacp actor admin state passive

Mode

Interface Config

lacp actor port priority
Use this command to configure the priority value assigned to the Aggregation Port. The valid
range for  is 0 to 255.
Default

0x80

Format

lacp actor port priority 

Mode

Interface Config

Note: This command is only applicable to physical interfaces.

Switching Commands
127

ProSafe Managed Switch

no lacp actor port priority
Use this command to configure the default priority value assigned to the Aggregation Port.
Format

no lacp actor port priority

Mode

Interface Config

lacp actor system priority
Use this command to configure the priority value associated with the LACP Actor’s SystemID.
The range for  is 0 to 65535.
Default

32768

Format

lacp actor system priority 

Mode

Interface Config

Note: This command is only applicable to physical interfaces.

no lacp actor system priority
Use this command to configure the priority value associated with the Actor’s SystemID.
Format

no lacp actor system priority

Mode

Interface Config

lacp partner admin key
Use this command to configure the administrative value of the Key for the protocol partner.
The valid range for  is 0 to 65535.
Default

0x0

Format

lacp partner admin key

Mode

Interface Config

Note: This command is only applicable to physical interfaces.

Switching Commands
128

ProSafe Managed Switch

no lacp partner admin key
Use this command to configure the administrative value of the Key for the protocol partner.
Format

no lacp partner admin key 

Mode

Interface Config

lacp partner admin state individual
Use this command to set LACP partner admin state to individual.
Format

lacp partner admin state individual

Mode

Interface Config

Note: This command is only applicable to physical interfaces.

no lacp partner admin state individual
Use this command to set the LACP partner admin state to aggregation.
Format

no lacp partner admin state individual

Mode

Interface Config

lacp partner admin state longtimeout
Use this command to set LACP partner admin state to longtimeout.
Format

lacp partner admin state longtimeout

Mode

Interface Config

Note: This command is only applicable to physical interfaces.

no lacp partner admin state longtimeout
Use this command to set the LACP partner admin state to short timeout.
Format

no lacp partner admin state longtimeout

Mode

Interface Config

Note: This command is only applicable to physical interfaces.

Switching Commands
129

ProSafe Managed Switch

lacp partner admin state passive
Use this command to set the LACP partner admin state to passive.
Format

lacp partner admin state passive

Mode

Interface Config

Note: This command is only applicable to physical interfaces.

no lacp partner admin state passive
Use this command to set the LACP partner admin state to active.
Format

no lacp partner admin state passive

Mode

Interface Config

lacp partner port id
Use this command to configure the LACP partner port id. The valid range for  is 0
to 65535.
Default

0x80

Format

lacp partner portid 

Mode

Interface Config

Note: This command is only applicable to physical interfaces.

no lacp partner port id
Use this command to set the LACP partner port id to the default.
Format

no lacp partner portid

Mode

Interface Config

lacp partner port priority
Use this command to configure the LACP partner port priority. The valid range for
 is 0 to 255.
Default

0x0

Switching Commands
130

ProSafe Managed Switch

Format

lacp partner port priority 

Mode

Interface Config

Note: This command is only applicable to physical interfaces.

no lacp partner port priority
Use this command to configure the default LACP partner port priority.
Format

no lacp partner port priority

Mode

Interface Config

lacp partner system id
Use this command to configure the 6-octet MAC Address value representing the
administrative value of the Aggregation Port’s protocol Partner’s System ID. The valid range
of  is 00:00:00:00:00:00 - FF:FF:FF:FF:FF.
Default

00:00:00:00:00:00

Format

lacp partner system id 

Mode

Interface Config

Note: This command is only applicable to physical interfaces.

no lacp partner system id
Use this command to configure the default value representing the administrative value of the
Aggregation Port’s protocol Partner’s System ID.
Format

no lacp partner system id

Mode

Interface Config

lacp partner system priority
Use this command to configure the administrative value of the priority associated with the
Partner’s System ID. The valid range for  is 0 to 65535.
Default

0x0

Format

lacp partner system priority 

Mode

Interface Config

Switching Commands
131

ProSafe Managed Switch

Note: This command is applicable only to physical interfaces.

no lacp partner system priority
Use this command to configure the default administrative value of priority associated with the
Partner’s System ID.
Format

no lacp partner system priority

Mode

Interface Config

port-channel local-preference
This command enables the local-preference mode on a port-channel (LAG) interface or
range of interfaces. By default, the local-preference mode for a port-channel is disabled. This
command can be used only on port-channel interfaces.
Default

disabled

Format

port-channel local-preference

Mode

Interface Config

no port-channel local-preference
This command disables the local-preference mode on a port-channel.
Format

no port-channel local-preference

Mode

Interface Config

port-channel static
This command enables the static mode on a port-channel (LAG) interface. By default the
static mode for a new port-channel is disabled, which means the port-channel is dynamic.
However if the maximum number of allowable dynamic port-channels are already present in
the system, the static mode for a new port-channel enabled, which means the port-channel is
static.You can only use this command on port-channel interfaces.
Default

disabled

Format

port-channel static

Mode

Interface Config

Switching Commands
132

ProSafe Managed Switch

no port-channel static
This command sets the static mode on a particular port-channel (LAG) interface to the default
value. This command will be executed only for interfaces of type port-channel (LAG).
Format

no port-channel static

Mode

Interface Config

port lacpmode
This command enables Link Aggregation Control Protocol (LACP) on a port.
Default

enabled

Format

port lacpmode

Mode

Interface Config

no port lacpmode
This command disables Link Aggregation Control Protocol (LACP) on a port.
Format

no port lacpmode

Mode

Interface Config

port lacpmode enable all
This command enables Link Aggregation Control Protocol (LACP) on all ports.
Format

port lacpmode enable all

Mode

Global Config

no port lacpmode enable all
This command disables Link Aggregation Control Protocol (LACP) on all ports.
Format

no port lacpmode enable all

Mode

Global Config

port lacptimeout (Interface Config)
This command sets the timeout on a physical interface of a particular device type (actor or
partner) to either long or short timeout.
Default

long

Format

port lacptimeout {actor | partner} {long | short}

Mode

Interface Config

Switching Commands
133

ProSafe Managed Switch

no port lacptimeout
This command sets the timeout back to its default value on a physical interface of a particular
device type (actor or partner).
Format

no port lacptimeout {actor | partner}

Mode

Interface Config

port lacptimeout (Global Config)
This command sets the timeout for all interfaces of a particular device type (actor or
partner) to either long or short timeout.
Default

long

Format

port lacptimeout {actor | partner} {long | short}

Mode

Global Config

no port lacptimeout
This command sets the timeout for all physical interfaces of a particular device type (actor
or partner) back to their default values.
Format

no port lacptimeout {actor | partner}

Mode

Global Config

port-channel adminmode
This command enables a port-channel (LAG). This command sets every configured
port-channel with the same administrative mode setting.
Format

port-channel adminmode all

Mode

Global Config

no port-channel adminmode
This command disables a port-channel (LAG). This command clears every configured
port-channel with the same administrative mode setting.
Format

no port-channel adminmode [all]

Mode

Global Config

Switching Commands
134

ProSafe Managed Switch

port-channel linktrap
This command enables link trap notifications for the port-channel (LAG). The interface is a
logical unit/slot/port for a configured port-channel. The option all enables link trap
notifications for all the configured port-channels.
Default

enabled

Format

port-channel linktrap { | lag  | all}

Mode

Global Config

no port-channel linktrap
This command disables link trap notifications for the port-channel (LAG). The interface is a
logical slot and port for a configured port-channel. The option all disables link trap
notifications for all the configured port-channels.
Format

no port-channel linktrap { | all}

Mode

Global Config

port-channel load-balance
This command selects the load-balancing option used on a port-channel (LAG). Traffic is
balanced on a port-channel (LAG) by selecting one of the links in the channel over which to
transmit specific packets. The link is selected by creating a binary pattern from selected fields
in a packet, and associating that pattern with a particular link.
Load-balancing is not supported on every device. The range of options for load-balancing
can vary per device. The managed switch also supports enhanced hashing mode, which has
the following advantages:
•

MODULO-N (where N is the number of active link members in a LAG) operation based on
the number of ports in the LAG

•

Packet attributes selection based on the packet type: For L2 packets, source and
destination MAC address are used for hash computation. For L3 packets, source IP,
destination IP address, TCP/UDP ports are used.

•

Non-Unicast traffic and unicast traffic is hashed using a common hash algorithm

•

Excellent load balancing performance.

Default

3

Format

port-channel load-balance
{ |}

Mode

Interface Config
Global Config

{ 1 | 2 | 3 | 4 | 5 | 6 | 7}

Switching Commands
135

ProSafe Managed Switch

Term

Definition

1

Source MAC, VLAN, EtherType, and incoming port associated with the packet

2

Destination MAC, VLAN, EtherType, and incoming port associated with the packet

3

Source/Destination MAC, VLAN, EtherType, and incoming port associated with the
packet

4

Source IP and Source TCP/UDP fields of the packet

5

Destination IP and Destination TCP/UDP Port fields of the packet

6

Source/Destination IP and source/destination TCP/UDP Port fields of the packet

7

Enhanced Hashing Mode

| all Global Config Mode only: The interface is a logical unit/slot/port number of a
configured port-channel. "All" applies the command to all currently configured
port-channels.

no port-channel load-balance
This command reverts to the default load balancing configuration.

Format

no port-channel load-balance { | }

Mode

Interface Config
Global Config

Term

Definition

| all

Global Config Mode only: The interface is a logical unit/slot/port number of a
configured port-channel. "All" applies the command to all currently configured
port-channels.

port-channel name
This command defines a name for the port-channel (LAG). The interface is a logical
unit/slot/port for a configured port-channel, and  is an alphanumeric string up to 15
characters.
Format

port-channel name { | }

Mode

Global Config

Switching Commands
136

ProSafe Managed Switch

port-channel system priority
Use this command to configure port-channel system priority. The valid range of  is
0-65535.
Default

0x8000

Format

port-channel system priority 

Mode

Global Config

no port-channel system priority
Use this command to configure the default port-channel system priority value.
Format

no port-channel system priority

Mode

Global Config

show lacp actor
Use this command to display LACP actor attributes.
Format

show lacp actor {|all}

Mode

Global Config

The following output parameters are displayed.
Parameter

Description

System Priority The system priority assigned to the Aggregation Port.
Admin Key

The administrative value of the Key.

Port Priority

The priority value assigned to the Aggregation Port.

Admin State

The administrative values of the actor state as transmitted by the Actor in LACPDUs.

show lacp partner
Use this command to display LACP partner attributes.
Format

show lacp partner {|all}

Mode

Privileged EXEC

Switching Commands
137

ProSafe Managed Switch

The following output parameters are displayed.
Parameter

Description

System Priority The administrative value of priority associated with the Partner’s System ID.
System ID

The value representing the administrative value of the Aggregation Port’s protocol
Partner’s System ID.

Admin Key

The administrative value of the Key for the protocol Partner.

Port Priority

The administrative value of the port priority for the protocol Partner.

Port-ID

The administrative value of the port number for the protocol Partner.

Admin State

The administrative values of the actor state for the protocol Partner.

show port-channel brief
This command displays the static capability of all port-channel (LAG) interfaces on the device
as well as a summary of individual port-channel interfaces.
Format

show port-channel brief

Mode

• Privileged EXEC
• User EXEC

For each port-channel the following information is displayed:
Term

Definition

Logical
Interface

The unit/slot/port of the logical interface.

Port-channel
Name

The name of port-channel (LAG) interface.

Link-State

Shows whether the link is up or down.

Trap Flag

Shows whether trap flags are enabled or disabled.

Type

Shows whether the port-channel is statically or dynamically maintained.

Mbr Ports

The members of this port-channel.

Active Ports

The ports that are actively participating in the port-channel.

show port-channel
This command displays an overview of all port-channels (LAGs) on the switch.
Format

show port-channel { | all}

Mode

• Privileged EXEC
• User EXEC

Switching Commands
138

ProSafe Managed Switch

Term

Definition

Logical
Interface

Valid slot and port number separated by forward slashes.

Port-Channel
Name

The name of this port-channel (LAG). You may enter any string of up to 15 alphanumeric
characters.

Link State

Indicates whether the Link is up or down.

Admin Mode

May be enabled or disabled. The factory default is enabled.

Type

The status designating whether a particular port-channel (LAG) is statically or
dynamically maintained.
• Static - The port-channel is statically maintained.
• Dynamic - The port-channel is dynamically maintained.

Mbr Ports

A listing of the ports that are members of this port-channel (LAG), in unit/slot/port
notation. There can be a maximum of eight ports assigned to a given port-channel (LAG).

Device Timeout For each port, lists the timeout (long or short) for Device Type (actor or partner).
Port Speed

Speed of the port-channel port.

Ports Active

This field lists ports that are actively participating in the port-channel (LAG).

Load Balance
Option

The load balance option associated with this LAG. See port-channel load-balance on
page 135.

Local
Preference
Mode

Indicates whether the local preference mode is enabled or disabled.

show port-channel system priority
Use this command to display the port-channel system priority.
Format

show port-channel system priority

Mode

Privileged EXEC

Port Mirroring
Port mirroring, which is also known as port monitoring, selects network traffic that you can
analyze with a network analyzer, such as a SwitchProbe device or other Remote Monitoring
(RMON) probe.

monitor session
This command configures a probe port and a monitored port for monitor session (port
monitoring). Use the source interface  parameter to specify the
interface to monitor. Use rx to monitor only ingress packets, or use tx to monitor only egress
packets. If you do not specify an {rx | tx} option, the destination port monitors both
ingress and egress packets. Use the destination interface  to

Switching Commands
139

ProSafe Managed Switch

specify the interface to receive the monitored traffic. Use the mode parameter to enabled the
administrative mode of the session. If enabled, the probe port monitors all the traffic received
and transmitted on the physical monitored port.
Format

monitor session  {source interface  [{rx
| tx}] | destination interface  | mode}

Mode

Global Config

no monitor session
Use this command without optional parameters to remove the monitor session (port
monitoring) designation from the source probe port, the destination monitored port and all
VLANs. Once the port is removed from the VLAN, you must manually add the port to any
desired VLANs. Use the source interface  parameter or
destination interface  to remove the specified interface from
the port monitoring session. Use the mode parameter to disable the administrative mode of
the session

Note: Since the current version of 7000 series software supports only one
session, if you do not supply optional parameters, the behavior of
this command is similar to the behavior of the no monitor
command.

Format

no monitor session  [{source interface 
| destination interface  | mode}]

Mode

Global Config

no monitor
This command removes all the source ports and a destination port for the and restores the
default value for mirroring session mode for all the configured sessions.

Note: This is a stand-alone “no” command. This command does not have
a “normal” form.

Default

enabled

Format

no monitor

Mode

Global Config

Switching Commands
140

ProSafe Managed Switch

show monitor session
This command displays the Port monitoring information for a particular mirroring session.

Note: The  parameter is an integer value used to identify
the session. In the current version of the software, the
 parameter is always one (1)

Format

show monitor session 

Mode

Privileged EXEC

Term

Definition

Session ID

An integer value used to identify the session. Its value can be anything between 1 and
the maximum number of mirroring sessions allowed on the platform.

Admin Mode

Indicates whether the Port Mirroring feature is enabled or disabled for the session
identified with . The possible values are Enabled and Disabled.

Probe Port

Probe port (destination port) for the session identified with . If probe port
is not set then this field is blank.

Mirrored Port

The port, which is configured as mirrored port (source port) for the session identified with
. If no source port is configured for the session then this field is blank.

Type

Direction in which source port configured for port mirroring. Types are tx for transmitted
packets and rx for receiving packets.

Static MAC Filtering
The commands in this section describe how to configure static MAC filtering. Static MAC
filtering allows you to configure destination ports for a static multicast MAC filter irrespective
of the platform.

macfilter
This command adds a static MAC filter entry for the MAC address  on the VLAN
. The value of the  parameter is a 6-byte hexadecimal number in the
format of b1:b2:b3:b4:b5:b6. The restricted MAC Addresses are: 00:00:00:00:00:00,
01:80:C2:00:00:00 to 01:80:C2:00:00:0F, 01:80:C2:00:00:20 to 01:80:C2:00:00:21, and
FF:FF:FF:FF:FF:FF. The  parameter must identify a valid VLAN.
The number of static mac filters supported on the system is different for MAC filters where
source ports are configured and MAC filters where destination ports are configured.
•

For unicast MAC address filters and multicast MAC address filters with source port lists,
the maximum number of static MAC filters supported is 20.

Switching Commands
141

ProSafe Managed Switch

•

For multicast MAC address filters with destination ports configured, the maximum number
of static filters supported is 256.

For example, for current platforms you can configure the following combinations:
•

Unicast MAC and source port (max = 20)

•

Multicast MAC and source port (max=20)

•

Multicast MAC and destination port (only) (max=256)

•

Multicast MAC and source ports and destination ports (max=20)

Format

macfilter  

Mode

Global Config

no macfilter
This command removes all filtering restrictions and the static MAC filter entry for the MAC
address  on the VLAN . The  parameter must be specified
as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6.
The  parameter must identify a valid VLAN.
Format

no macfilter  

Mode

Global Config

macfilter adddest
Use this command to add the interface to the destination filter set for the MAC filter with the
given  and VLAN of . The  parameter must be specified as
a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6. The  parameter
must identify a valid VLAN.

Note: Configuring a destination port list is only valid for multicast MAC
addresses.

Format

macfilter adddest  

Mode

Interface Config

no macfilter adddest
This command removes a port from the destination filter set for the MAC filter with the given
 and VLAN of . The  parameter must be specified as a

Switching Commands
142

ProSafe Managed Switch

6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6. The  parameter
must identify a valid VLAN.
Format

no macfilter adddest  

Mode

Interface Config

macfilter adddest all
This command adds all interfaces to the destination filter set for the MAC filter with the given
 and VLAN of . The  parameter must be specified as a
6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6. The  parameter
must identify a valid VLAN.

Note: Configuring a destination port list is only valid for multicast MAC
addresses.

Format

macfilter adddest all  

Mode

Global Config

no macfilter adddest all
This command removes all ports from the destination filter set for the MAC filter with the
given  and VLAN of . The  parameter must be specified
as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6. The 
parameter must identify a valid VLAN.
Format

no macfilter adddest all  

Mode

Global Config

macfilter addsrc
This command adds the interface to the source filter set for the MAC filter with the MAC
address of  and VLAN of . The  parameter must be specified
as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6. The 
parameter must identify a valid VLAN.
Format

macfilter addsrc  

Mode

Interface Config

no macfilter addsrc
This command removes a port from the source filter set for the MAC filter with the MAC
address of  and VLAN of . The  parameter must be

Switching Commands
143

ProSafe Managed Switch

specified as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6. The
 parameter must identify a valid VLAN.
Format

no macfilter addsrc  

Mode

Interface Config

macfilter addsrc all
This command adds all interfaces to the source filter set for the MAC filter with the MAC
address of  and . You must specify the  parameter as a
6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6. The  parameter
must identify a valid VLAN.
Format

macfilter addsrc all  

Mode

Global Config

no macfilter addsrc all
This command removes all interfaces to the source filter set for the MAC filter with the MAC
address of  and VLAN of . You must specify the 
parameter as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6.
The  parameter must identify a valid VLAN.
Format

no macfilter addsrc all  

Mode

Global Config

show mac-address-table static
This command displays the Static MAC Filtering information for all Static MAC Filters. If you
select , all the Static MAC Filters in the system are displayed. If you supply a value for
, you must also enter a value for , and the system displays Static
MAC Filter information only for that MAC address and VLAN.
Format

show mac-address-table static {  | all}

Mode

Privileged EXEC

Term

Definition

MAC Address

The MAC Address of the static MAC filter entry.

VLAN ID

The VLAN ID of the static MAC filter entry.

Source Port(s)

The source port filter set's slot and port(s).

Switching Commands
144

ProSafe Managed Switch

Note: Only multicast address filters will have destination port lists.

show mac-address-table staticfiltering
This command displays the Static Filtering entries in the Multicast Forwarding Database
(MFDB) table.
Format

show mac-address-table staticfiltering

Mode

Privileged EXEC

Term

Definition

Mac Address

A unicast MAC address for which the switch has forwarding and or filtering information.
As the data is gleaned from the MFDB, the address will be a multicast address. The
format is 6 or 8 two-digit hexadecimal numbers that are separated by colons, for example
01:23:45:67:89:AB. In an IVL system the MAC address will be displayed as 8 bytes.

Type

The type of the entry. Static entries are those that are configured by the end user.
Dynamic entries are added to the table as a result of a learning process or protocol.

Description

The text description of this multicast table entry.

Interfaces

The list of interfaces that are designated for forwarding (Fwd:) and filtering (Flt:).

DHCP L2 Relay Agent Commands
You can enable the switch to operate as a DHCP Layer 2 relay agent to relay DHCP requests
from clients to a Layer 3 relay agent or server. The Circuit ID and Remote ID can be added to
DHCP requests relayed from clients to a DHCP server. This information is included in DHCP
Option 82, as specified in sections 3.1 and 3.2 of RFC3046.

dhcp l2relay
Use this command to enable the DHCP Layer 2 Relay agent for an interface, a range of
interfaces, or all interfaces. The subsequent commands mentioned in this section can be
used only when the DHCP L2 relay is enabled.
Format

dhcp l2relay

Modes

• Global Config
• Interface Config

Switching Commands
145

ProSafe Managed Switch

no dhcp l2relay
Use this command to disable the DHCP Layer 2 relay agent for an interface or range of
interfaces.
Format

no dhcp l2relay

Modes

• Global Config
• Interface Config

dhcp l2relay circuit-id vlan
Use this parameter to set the DHCP Option-82 Circuit ID for a VLAN. When enabled, the
interface number is added as the Circuit ID in DHCP option 82. Vlan-list range is 1–4093.
Separate non-consecutive IDs with a comma (,), and do not insert spaces or zeros in
between the range. Use a dash (–) for the range.
Format

dhcp l2relay circuit-id vlan 

Mode

Global Config

no dhcp l2relay circuit-id vlan
Use this parameter to clear the DHCP Option-82 Circuit ID for a VLAN.
Format

no dhcp l2relay circuit-id vlan 

Mode

Global Config

dhcp l2relay remote-id vlan
Use this parameter to set the DHCP Option-82 Remote ID for a VLAN and subscribed service
(based on subscription-name). The vlan–list range is 1–4093. Separate non-consecutive IDs
with a comma (,), and do not insert spaces or zeros between the range. Use a dash (–) for
the range.
Format

dhcp l2relay remote-id  vlan 

Mode

Global Config

no dhcp l2relay remote-id vlan
Use this parameter to clear the DHCP Option-82 Remote ID for a VLAN and subscribed
service (based on subscription-name).
Format

no dhcp l2relay remote-id vlan vlan-list

Mode

Global Config

Switching Commands
146

ProSafe Managed Switch

dhcp l2relay vlan
Use this command to enable the DHCP L2 Relay agent for a set of VLANs. All DHCP packets
which arrive on interfaces in the configured VLAN are subject to L2 Relay processing.
vlan–list range is 1–4093. Separate non-consecutive IDs with a comma (,), and do not insert
spaces or zeros between the range. Use a dash (–) for the range.
Default

disabled

Format

dhcp l2relay vlan 

Mode

Global Config

no dhcp l2relay vlan
Use this command to disable the DHCP L2 Relay agent for a set of VLANs.
Format

no dhcp l2relay vlan 

Mode

Global Config

dhcp l2relay trust
Use this command to configure an interface or range of interfaces as trusted for Option-82
reception.
Default

untrusted

Format

dhcp l2relay trust

Mode

Interface Config

no dhcp l2relay trust
Use this command to configure an interface to the default untrusted for Option-82 reception.
Format

no dhcp l2relay trust

Mode

Interface Config

show dhcp l2relay all
Use this command to display the summary of DHCP L2 Relay configuration.
Format

show dhcp l2relay all

Mode

Privileged EXEC

Example: The following shows example CLI display output for the command.
(switch) #show dhcp l2relay all
DHCP L2 Relay is Enabled.
Interface
L2RelayMode
--------------------

TrustMode
--------------

Switching Commands
147

ProSafe Managed Switch

0/2
0/4
VLAN Id
--------3
5
6
7
8
9
10

Enabled
Disabled
L2 Relay
---------Disabled
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled

untrusted
trusted
CircuitId
----------Enabled
Enabled
Enabled
Disabled
Disabled
Disabled
Disabled

RemoteId
-------------NULL—
--NULL—
netgear
--NULL—
--NULL—
--NULL—
--NULL—

show dhcp l2relay interface
Use this command to display DHCP L2 relay configuration specific to interfaces.
Format

show dhcp l2relay interface {all | interface-num}

Mode

Privileged EXEC

Example: The following shows example CLI display output for the command.
(switch) #show dhcp l2relay interface all
DHCP L2 Relay is Enabled.
Interface
L2RelayMode
TrustMode
--------------------------------1/0/2
Enabled
untrusted
1/0/4
Disabled
trusted

show dhcp l2relay stats interface
Use this command to display statistics specific to DHCP L2 Relay configured interface.
Format

show dhcp l2relay stats interface {all | interface-num}

Mode

Privileged EXEC

Example: The following shows example CLI display output for the command.
(switch) #show dhcp l2relay stats interface all DHCP L2 Relay is Enabled.
Interface UntrustedServer
UntrustedClient TrustedServer
TrustedClient
MsgsWithOpt82
MsgsWithOpt82
MsgsWithoutOpt82 MsgsWithoutOpt82
--------- --------------- ----------------- ----------------- -------------0/1
0
0
0
0
0/2
0
0
3
7
0/3
0
0
0
0
0/4
0
12
0
0
0/5
0
0
0
0
0/6
3
0
0
0
0/7
0
0
0
0
0/8
0
0
0
0
0/9
0
0
0
0

Switching Commands
148

ProSafe Managed Switch

show dhcp l2relay agent-option vlan
Use this command to display the DHCP L2 Relay Option-82 configuration specific to VLAN.
Format

show dhcp l2relay agent-option vlan vlan-range

Mode

Privileged EXEC

Example: The following shows example CLI display output for the command.
(switch) #show dhcp l2relay agent-option vlan 5-10
DHCP L2 Relay is Enabled.
VLAN Id
L2 Relay
CircuitId
RemoteId
--------------------------------------5
Enabled
Enabled
--NULL—
6
Enabled
Enabled
netgear
7
Enabled
Disabled
--NULL—
8
Enabled
Disabled
--NULL—
9
Enabled
Disabled
--NULL—
10
Enabled
Disabled
--NULL--

DHCP Client Commands
DHCP Client can include vendor and configuration information in DHCP client requests
relayed to a DHCP server. This information is included in DHCP Option 60, Vendor Class
Identifier. The information is a string of 128 octets.

dhcp client vendor-id-option
Use this command to enable the inclusion of DHCP Option-60, Vendor Class Identifier
included in the requests transmitted to the DHCP server by the DHCP client operating in the
switch.
Format

dhcp client vendor-id-option

Mode

Global Config

no dhcp client vendor-id-option
Use this command to disable the inclusion of DHCP Option-60, Vendor Class Identifier
included in the requests transmitted to the DHCP server by the DHCP client operating in the
switch.
Format

no dhcp client vendor-id-option

Mode

Global Config

Switching Commands
149

ProSafe Managed Switch

dhcp client vendor-id-option-string
Use this command to set the DHCP Vendor Option-60 string to be included in requests
transmitted to the DHCP server by the DHCP client operating in the switch.
Format

dhcp client vendor-id-option-string 

Mode

Global Config

no dhcp client vendor-id-option-string
Use this command to clear the DHCP Vendor Option-60 string.
Format

no dhcp client vendor-id-option-string

Mode

Global Config

show dhcp client vendor-id-option
Use this command to display the configured administration mode of the vendor-id-option and
the vendor-id string to be included in Option-43 in DHCP requests.
Format

show dhcp client vendor-id-option

Mode

Privileged EXEC

Example: The following shows example CLI display output for the command.
(switch) #show dhcp client vendor-id-option
DHCP Client Vendor Identifier Option ........... Enabled
DHCP Client Vendor Identifier Option string .... Client.

DHCP Snooping Configuration Commands
This section describes commands you use to configure DHCP Snooping.

ip dhcp snooping
Use this command to enable DHCP Snooping globally.
Default

disabled

Format

ip dhcp snooping

Mode

Global Config

Switching Commands
150

ProSafe Managed Switch

no ip dhcp snooping
Use this command to disable DHCP Snooping globally.
Format

no ip dhcp snooping

Mode

Global Config

ip dhcp snooping vlan
Use this command to enable DHCP Snooping on a list of comma-separated VLAN ranges.
Default

disabled

Format

ip dhcp snooping vlan 

Mode

Global Config

no ip dhcp snooping vlan
Use this command to disable DHCP Snooping on VLANs.
Format

no ip dhcp snooping vlan 

Mode

Global Config

ip dhcp snooping verify mac-address
Use this command to enable verification of the source MAC address with the client hardware
address in the received DCHP message.
Default

enabled

Format

ip dhcp snooping verify mac-address

Mode

Global Config

no ip dhcp snooping verify mac-address
Use this command to disable verification of the source MAC address with the client hardware
address.
Format

no ip dhcp snooping verify mac-address

Mode

Global Config

Switching Commands
151

ProSafe Managed Switch

ip dhcp snooping database
Use this command to configure the persistent location of the DHCP Snooping database. This
can be local or a remote file on a given IP machine.
Default

local

Format

ip dhcp snooping database {local|tftp://hostIP/filename}

Mode

Global Config

ip dhcp snooping database write-delay
Use this command to configure the interval in seconds at which the DHCP Snooping
database will be persisted. The interval value ranges from 15 to 86400 seconds.
Default

300 seconds

Format

ip dhcp snooping database write-delay 

Mode

Global Config

no ip dhcp snooping database write-delay
Use this command to set the write delay value to the default value.
Format

no ip dhcp snooping database write-delay

Mode

Global Config

ip dhcp snooping binding
Use this command to configure static DHCP Snooping binding.
Format

ip dhcp snooping binding  vlan  
interface 

Mode

Global Config

no ip dhcp snooping binding 
Use this command to remove the DHCP static entry from the DHCP Snooping database.
Format

no ip dhcp snooping binding 

Mode

Global Config

Switching Commands
152

ProSafe Managed Switch

ip verify binding
Use this command to configure static IP source guard (IPSG) entries.
Format

ip verify binding  vlan   interface


Mode

Global Config

no ip verify binding
Use this command to remove the IPSG static entry from the IPSG database.
Format

no ip verify binding  vlan  
interface 

Mode

Global Config

ip dhcp snooping limit
Use this command to control the rate at which the DHCP Snooping messages come. The
default rate is 15 pps with a range from 0 to 30 pps. The default burst level is 1 second with a
range of 1 to 15 seconds.
Default

15 pps for rate limiting and 1 sec for burst interval

Format

ip dhcp snooping limit {rate pps [burst interval seconds]}

Mode

Interface Config

no ip dhcp snooping limit
Use this command to set the rate at which the DHCP Snooping messages come, and the
burst level, to the defaults.
Format

no ip dhcp snooping limit

Mode

Interface Config

ip dhcp snooping log-invalid
Use this command to control the logging DHCP messages filtration by the DHCP Snooping
application.
Default

disabled

Format

ip dhcp snooping log-invalid

Mode

Interface Config

Switching Commands
153

ProSafe Managed Switch

no ip dhcp snooping log-invalid
Use this command to disable the logging DHCP messages filtration by the DHCP Snooping
application.
Format

no ip dhcp snooping log-invalid

Mode

Interface Config

ip dhcp snooping trust
Use this command to configure the port as trusted.
Default

disabled

Format

ip dhcp snooping trust

Mode

Interface Config

no ip dhcp snooping trust
Use this command to configure the port as untrusted.
Format

no ip dhcp snooping trust

Mode

Interface Config

ip verify source
Use this command to configure the IPSG source ID attribute to filter the data traffic in the
hardware. Source ID is the combination of IP address and MAC address. Normal command
allows data traffic filtration based on the IP address. With the “port-security” option, the data
traffic will be filtered based on the IP and MAC addresses.
Default

the source ID is the IP address

Format

ip verify source {port-security}

Mode

Interface Config

no ip verify source
Use this command to disable the IPSG configuration in the hardware. You cannot disable
port-security alone if it is configured.
Format

no ip verify source

Mode

Interface Config

Switching Commands
154

ProSafe Managed Switch

show ip dhcp snooping
Use this command to display the DHCP Snooping global configurations and per port
configurations.
Format

show ip dhcp snooping

Mode

• Privileged EXEC
• User EXEC

Term

Definition

Interface

The interface for which data is displayed.

Trusted

If it is enabled, DHCP snooping considers the port as trusted. The factory default is
disabled.

Log Invalid Pkts If it is enabled, DHCP snooping application logs invalid packets on the specified
interface.
Example: The following shows example CLI display output for the command.
(switch) #show ip dhcp snooping
DHCP
DHCP
DHCP
11 -

snooping is Disabled
snooping source MAC verification is enabled
snooping is enabled on the following VLANs:
30, 40

Interface
--------0/1
0/2
0/3
0/4
0/6

Trusted
-------Yes
No
No
No
No

Log Invalid Pkts
---------------No
Yes
Yes
No
No

show ip dhcp snooping binding
Use this command to display the DHCP Snooping binding entries. To restrict the output, use
the following options:
•

Dynamic: Restrict the output based on DCHP snooping.

•

Interface: Restrict the output based on a specific interface.

•

Static: Restrict the output based on static entries.

•

VLAN: Restrict the output based on VLAN.

Format

show ip dhcp snooping binding [{static/dynamic}] [interface
unit/slot/port] [vlan id]

Mode

• Privileged EXEC
• User EXEC

Switching Commands
155

ProSafe Managed Switch

Term

Definition

MAC Address

Displays the MAC address for the binding that was added. The MAC address is the key
to the binding database.

IP Address

Displays the valid IP address for the binding rule.

VLAN

The VLAN for the binding rule.

Interface

The interface to add a binding into the DHCP snooping interface.

Type

Binding type; statically configured from the CLI or dynamically learned.

Lease (sec)

The remaining lease time for the entry.

Example: The following shows example CLI display output for the command.
(switch) #show ip dhcp snooping binding
Total number of bindings: 2
MAC Address
-----------------00:02:B3:06:60:80
00:0F:FE:00:13:04

IP Address
-----------210.1.1.3
210.1.1.4

VLAN
---10
10

Interface
--------0/1
0/1

Type Lease (Secs)
---- ------------86400
86400

show ip dhcp snooping database
Use this command to display the DHCP Snooping configuration related to the database
persistency.
Format

show ip dhcp snooping database

Mode

• Privileged EXEC
• User EXEC

Term

Definition

Agent URL

Bindings database agent URL.

Write Delay

The maximum write time to write the database into local or remote.

Example: The following shows example CLI display output for the command.
(switch) #show ip dhcp snooping database
agent url:
write-delay:

/10.131.13.79:/sai1.txt
5000

Switching Commands
156

ProSafe Managed Switch

show ip dhcp snooping interfaces
Use this command to show the DHCP Snooping status of the interfaces.
Format

show ip dhcp snooping interfaces

Mode

Privileged EXEC

show ip dhcp snooping statistics
Use this command to list statistics for DHCP Snooping security violations on untrusted ports.
Format

show ip dhcp snooping statistics

Mode

• Privileged EXEC
• User EXEC

Term

Definition

Interface

The IP address of the interface in unit/slot/port format.

MAC Verify
Failures

Represents the number of DHCP messages that were filtered on an untrusted interface
because of source MAC address and client HW address mismatch.

Client Ifc
Mismatch

Represents the number of DHCP release and Deny messages received on the different
ports than learned previously.

DHCP Server
Msgs Rec’d

Represents the number of DHCP server messages received on Untrusted ports.

Example: The following shows example CLI display output for the command.
(switch) #show ip dhcp snooping statistics
Interface
----------1/0/2
1/0/3
1/0/4
1/0/5
1/0/6
1/0/7
1/0/8
1/0/9
1/0/10
1/0/11
1/0/12
1/0/13
1/0/14
1/0/15
1/0/16
1/0/17
1/0/18
1/0/19

MAC Verify
Failures
---------0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0

Client Ifc
Mismatch
---------0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0

DHCP Server
Msgs Rec'd
----------0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0

Switching Commands
157

ProSafe Managed Switch

1/0/20

0

0

0

clear ip dhcp snooping binding
Use this command to clear all DHCP Snooping bindings on all interfaces or on a specific
interface.
Format

clear ip dhcp snooping binding [interface ]

Mode

• Privileged EXEC
• User EXEC

clear ip dhcp snooping statistics
Use this command to clear all DHCP Snooping statistics.
Format

clear ip dhcp snooping statistics

Mode

• Privileged EXEC
• User EXEC

show ip verify source
Use this command to display the IPSG configurations on all ports.
Format

show ip verify source

Mode

• Privileged EXEC
• User EXEC

Term

Definition

Interface

Interface address in unit/slot/port format.

Filter Type

Is one of two values:
• ip-mac: User has configured MAC address filtering on this interface.
• ip: Only IP address filtering on this interface.

IP Address

IP address of the interface

MAC Address

If MAC address filtering is not configured on the interface, the MAC Address field is
empty. If port security is disabled on the interface, then the MAC Address field displays
“permit-all.”

VLAN

The VLAN for the binding rule.

Example: The following shows example CLI display output for the command.
(switch) #show ip verify source
Interface
---------

Filter Type
-----------

IP Address
---------------

MAC Address
-----------------

Switching Commands
158

Vlan
-----

ProSafe Managed Switch

0/1
0/1

ip-mac
ip-mac

210.1.1.3
210.1.1.4

00:02:B3:06:60:80
00:0F:FE:00:13:04

10
10

show ip source binding
This command displays the IPSG bindings.
Format

show ip source binding [{static/dynamic}] [interface unit/slot/port]
[vlan id]

Mode

• Privileged EXEC
• User EXEC

Term

Definition

MAC Address

The MAC address for the entry that is added.

IP Address

The IP address of the entry that is added.

Type

Entry type; statically configured from CLI or dynamically learned from DHCP Snooping.

VLAN

VLAN for the entry.

Interface

IP address of the interface in unit/slot/port format.

The following shows sample CLI display output for the command.
(switch) #show ip source binding
MAC Address
----------------00:00:00:00:00:08

IP Address
--------------1.2.3.4

Type
------------dhcp-snooping

Vlan
----2

Interface
------------1/0/1

00:00:00:00:00:09

1.2.3.4

dhcp-snooping

3

1/0/1

00:00:00:00:00:0A

1.2.3.4

dhcp-snooping

4

1/0/1

Dynamic ARP Inspection Commands
Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP
packets. DAI prevents a class of man-in-the-middle attacks, where an unfriendly station
intercepts traffic for other stations by poisoning the ARP caches of its unsuspecting
neighbors. The miscreant sends ARP requests or responses mapping another station’s IP
address to its own MAC address.
DAI relies on DHCP snooping. DHCP snooping listens to DHCP message exchanges and
builds a binding database of valid {MAC address, IP address, VLAN, and interface} tuples.
When DAI is enabled, the switch drops ARP packets whose sender MAC address and
sender IP address do not match an entry in the DHCP snooping bindings database. You can
optionally configure additional ARP packet validation.

Switching Commands
159

ProSafe Managed Switch

ip arp inspection vlan
Use this command to enable Dynamic ARP Inspection on a list of comma-separated VLAN
ranges.
Default

disabled

Format

ip arp inspection vlan vlan-list

Mode

Global Config

no ip arp inspection vlan
Use this command to disable Dynamic ARP Inspection on a list of comma-separated VLAN
ranges.
Format

no ip arp inspection vlan vlan-list

Mode

Global Config

ip arp inspection validate
Use this command to enable additional validation checks like source-mac validation,
destination-mac validation, and ip address validation on the received ARP packets. Each
command overrides the configuration of the previous command. For example, if a command
enables src-mac and dst-mac validations, and a second command enables IP validation only,
the src-mac and dst-mac validations are disabled as a result of the second command.
Default

disabled

Format

ip arp inspection validate {[src-mac] [dst-mac] [ip]}

Mode

Global Config

no ip arp inspection validate
Use this command to disable the additional validation checks on the received ARP packets.
Format

no ip arp inspection validate {[src-mac] [dst-mac] [ip]}

Mode

Global Config

ip arp inspection vlan logging
Use this command to enable logging of invalid ARP packets on a list of comma-separated
VLAN ranges.
Default

enabled

Format

ip arp inspection vlan vlan-list logging

Mode

Global Config

Switching Commands
160

ProSafe Managed Switch

no ip arp inspection vlan logging
Use this command to disable logging of invalid ARP packets on a list of comma-separated
VLAN ranges.
Format

no ip arp inspection vlan vlan-list logging

Mode

Global Config

ip arp inspection trust
Use this command to configure an interface as trusted for Dynamic ARP Inspection.
Default

enabled

Format

ip arp inspection trust

Mode

Interface Config

no ip arp inspection trust
Use this command to configure an interface as untrusted for Dynamic ARP Inspection.
Format

no ip arp inspection trust

Mode

Interface Config

ip arp inspection limit
Use this command to configure the rate limit and burst interval values for an interface.
Configuring none for the limit means the interface is not rate limited for Dynamic ARP
Inspections.

Note: The user interface will accept a rate limit for a trusted interface, but
the limit will not be enforced unless the interface is configured to be
untrusted.

Default

15 pps for rate and 1 second for burst-interval

Format

ip arp inspection limit {rate pps [burst interval seconds] | none}

Mode

Interface Config

Switching Commands
161

ProSafe Managed Switch

no ip arp inspection limit
Use this command to set the rate limit and burst interval values for an interface to the default
values of 15 pps and 1 second, respectively.
Format

no ip arp inspection limit

Mode

Interface Config

ip arp inspection filter
Use this command to configure the ARP ACL used to filter invalid ARP packets on a list of
comma-separated VLAN ranges. If the static keyword is given, packets that do not match a
permit statement are dropped without consulting the DHCP snooping bindings.
Default

No ARP ACL is configured on a VLAN

Format

ip arp inspection filter acl-name vlan vlan-list [static]

Mode

Global Config

no ip arp inspection filter
Use this command to unconfigure the ARP ACL used to filter invalid ARP packets on a list of
comma-separated VLAN ranges.
Format

no ip arp inspection filter acl-name vlan vlan-list [static]

Mode

Global Config

arp access-list
Use this command to create an ARP ACL.
Format

arp access-list acl-name

Mode

Global Config

no arp access-list
Use this command to delete a configured ARP ACL.
Format

no arp access-list acl-name

Mode

Global Config

Switching Commands
162

ProSafe Managed Switch

permit ip host mac host
Use this command to configure a rule for a valid IP address and MAC address combination
used in ARP packet validation.
Format

permit ip host sender-ip mac host sender-mac

Mode

ARP Access-list Config

no permit ip host mac host
Use this command to delete a rule for a valid IP and MAC combination.
Format

no permit ip host sender-ip mac host sender-mac

Mode

ARP Access-list Config

show ip arp inspection
Use this command to display the Dynamic ARP Inspection global configuration and
configuration on all the VLANs. With the vlan-list argument (i.e. comma separated VLAN
ranges), the command displays the global configuration and configuration on all the VLANs in
the given VLAN list. The global configuration includes the source mac validation,
destination mac validation and invalid IP validation information.
Format

show ip arp inspection [vlan ]

Mode

• Privileged EXEC
• User EXEC

Term

Definition

Source MAC
Validation

Displays whether Source MAC Validation of ARP frame is enabled or disabled.

Destination
Displays whether Destination MAC Validation is enabled or disabled.
MAC Validation
IP Address
Validation

Displays whether IP Address Validation is enabled or disabled.

VLAN

The VLAN ID for each displayed row.

Configuration

Displays whether DAI is enabled or disabled on the VLAN.

Log Invalid

Displays whether logging of invalid ARP packets is enabled on the VLAN.

ACL Name

The ARP ACL Name, if configured on the VLAN.

Static Flag

If the ARP ACL is configured static on the VLAN.

Example: The following shows example CLI display output for the command.
(Switch) #show ip arp inspection vlan 10-12

Switching Commands
163

ProSafe Managed Switch

Source Mac Validation
: Disabled
Destination Mac Validation : Disabled
IP Address Validation
: Disabled
Vlan
---10
11
12

Configuration
------------Enabled
Disabled
Enabled

Log Invalid
----------Enabled
Enabled
Disabled

ACL Name
--------H2

Static flag
---------Enabled

show ip arp inspection statistics
Use this command to display the statistics of the ARP packets processed by Dynamic ARP
Inspection. Give the vlan-list argument and the command displays the statistics on all
DAI-enabled VLANs in that list. Give the single vlan argument and the command displays the
statistics on that VLAN. If no argument is included, the command lists a summary of the
forwarded and dropped ARP packets.
Format

show ip arp inspection statistics [vlan vlan-list]

Mode

• Privileged EXEC
• User EXEC

Term

Definition

VLAN

The VLAN ID for each displayed row.

Forwarded

The total number of valid ARP packets forwarded in this VLAN.

Dropped

The total number of not valid ARP packets dropped in this VLAN.

DHCP Drops

The number of packets dropped due to DHCP snooping binding database match failure.

ACL Drops

The number of packets dropped due to ARP ACL rule match failure.

DHCP Permits

The number of packets permitted due to DHCP snooping binding database match.

ACL Permits

The number of packets permitted due to ARP ACL rule match.

Bad Src MAC

The number of packets dropped due to Source MAC validation failure.

Bad Dest MAC

The number of packets dropped due to Destination MAC validation failure.

Invalid IP

The number of packets dropped due to invalid IP checks.

Example: The following shows example CLI display output for the command show ip arp inspection statistics
which lists the summary of forwarded and dropped ARP packets on all DAI-enabled VLANs.
VLAN
---10
20

Forwarded
--------90
10

Dropped
------14
3

Example: The following shows example CLI display output for the command show ip arp inspection statistics vlan
.

Switching Commands
164

ProSafe Managed Switch

VLAN

DHCP
ACL
DHCP
ACL
Bad Src
Bad Dest
Invalid
Drops
Drops
Permits
Permits
MAC
MAC
IP
----- -------- --------- ----------- --------- ---------- ----------- --------10
11
1
65
25
1
1
0
20
1
0
8
2
0
1
1

clear ip arp inspection statistics
Use this command to reset the statistics for Dynamic ARP Inspection on all VLANs.
Default

none

Format

clear ip arp inspection statistics

Mode

Privileged EXEC

show ip arp inspection interfaces
Use this command to display the Dynamic ARP Inspection configuration on all the
DAI-enabled interfaces. An interface is said to be enabled for DAI if at least one VLAN, that
the interface is a member of, is enabled for DAI. Given a unit/slot/port interface argument, the
command displays the values for that interface whether the interface is enabled for DAI or
not.
Format

show ip arp inspection interfaces [unit/slot/port]

Mode

• Privileged EXEC
• User EXEC

Term

Definition

Interface

The interface ID for each displayed row.

Trust State

Whether the interface is trusted or untrusted for DAI.

Rate Limit

The configured rate limit value in packets per second.

Burst Interval

The configured burst interval value in seconds.

Example: The following shows example CLI display output for the command.
(Switch) #show ip arp inspection interfaces
Interface
--------------0/1
0/2

Trust State

Rate Limit Burst Interval
(pps)
(seconds)
-------------------- --------------Untrusted
15
1
Untrusted
10
10

Switching Commands
165

ProSafe Managed Switch

show arp access-list
Use this command to display the configured ARP ACLs with the rules. Giving an ARP ACL
name as the argument will display only the rules in that ARP ACL.
Format

show arp access-list [acl-name]

Mode

• Privileged EXEC
• User EXEC

Example: The following shows example CLI display output for the command.
(Switch) #show arp access-list
ARP access
permit
permit
ARP access
ARP access
permit

list H2
ip host 1.1.1.1 mac host 00:01:02:03:04:05
ip host 1.1.1.2 mac host 00:03:04:05:06:07
list H3
list H4
ip host 2.1.1.2 mac host 00:03:04:05:06:08

IGMP Snooping Configuration Commands
This section describes the commands you use to configure IGMP snooping. The software
supports IGMP Versions 1, 2, and 3. The IGMP snooping feature can help conserve
bandwidth because it allows the switch to forward IP multicast traffic only to connected hosts
that request multicast traffic. IGMPv3 adds source filtering capabilities to IGMP versions 1
and 2.

set igmp
This command enables IGMP Snooping on the system (Global Config Mode) or an interface
(Interface Config Mode). This command also enables IGMP snooping on a particular VLAN
(VLAN Config Mode) and can enable IGMP snooping on all interfaces participating in a
VLAN.
If an interface has IGMP Snooping enabled and you enable this interface for routing or enlist
it as a member of a port-channel (LAG), IGMP Snooping functionality is disabled on that
interface. IGMP Snooping functionality is re-enabled if you disable routing or remove
port-channel (LAG) membership from an interface that has IGMP Snooping enabled.
The IGMP application supports the following activities:
•

Validation of the IP header checksum (as well as the IGMP header checksum) and
discarding of the frame upon checksum error.

•

Maintenance of the forwarding table entries based on the MAC address versus the IP
address.

Switching Commands
166

ProSafe Managed Switch

•

Flooding of unregistered multicast data packets to all ports in the VLAN.

Default

disabled

Format

set igmp

Mode

• Global Config
• Interface Config

Format

set igmp 

Mode

VLAN Config

no set igmp
This command disables IGMP Snooping on the system, an interface or a VLAN.
Format

no set igmp

Mode

• Global Config
• Interface Config

Format

no set igmp 

Mode

VLAN Config

set igmp interfacemode
This command enables IGMP Snooping on all interfaces. If an interface has IGMP Snooping
enabled and you enable this interface for routing or enlist it as a member of a port-channel
(LAG), IGMP Snooping functionality is disabled on that interface. IGMP Snooping
functionality is re-enabled if you disable routing or remove port-channel (LAG) membership
from an interface that has IGMP Snooping enabled.
Default

disabled

Format

set igmp interfacemode

Mode

Global Config

no set igmp interfacemode
This command disables IGMP Snooping on all interfaces.
Format

no set igmp interfacemode

Mode

Global Config

set igmp fast-leave
This command enables or disables IGMP Snooping fast-leave admin mode on a selected
interface or VLAN. Enabling fast-leave allows the switch to immediately remove the layer 2

Switching Commands
167

ProSafe Managed Switch

LAN interface from its forwarding table entry upon receiving an IGMP leave message for that
multicast group without first sending out MAC-based general queries to the interface.
You should enable fast-leave admin mode only on VLANs where only one host is connected
to each layer 2 LAN port. This prevents the inadvertent dropping of the other hosts that were
connected to the same layer 2 LAN port but were still interested in receiving multicast traffic
directed to that group. Also, fast-leave processing is supported only with IGMP version 2
hosts.
Default

disabled

Format

set igmp fast-leave

Mode

Interface Config

Format

set igmp fast-leave 

Mode

VLAN Config

no set igmp fast-leave
This command disables IGMP Snooping fast-leave admin mode on a selected interface.
Format

no set igmp fast-leave

Mode

Interface Config

Format

no set igmp fast-leave 

Mode

VLAN Config

set igmp groupmembership-interval
This command sets the IGMP Group Membership Interval time on a VLAN, one interface or
all interfaces. The Group Membership Interval time is the amount of time in seconds that a
switch waits for a report from a particular group on a particular interface before deleting the
interface from the entry. This value must be greater than the IGMPv3 Maximum Response
time value. The range is 2 to 3600 seconds.
Default

260 seconds

Format

set igmp groupmembership-interval <2-3600>

Mode

• Interface Config
• Global Config

Format

set igmp groupmembership-interval  <2-3600>

Mode

VLAN Config

Switching Commands
168

ProSafe Managed Switch

no set igmp groupmembership-interval
This command sets the IGMPv3 Group Membership Interval time to the default value.
Format

no set igmp groupmembership-interval

Mode

• Interface Config
• Global Config

Format

no set igmp groupmembership-interval 

Mode

VLAN Config

set igmp maxresponse
This command sets the IGMP Maximum Response time for the system, or on a particular
interface or VLAN. The Maximum Response time is the amount of time in seconds that a
switch will wait after sending a query on an interface because it did not receive a report for a
particular group in that interface. This value must be less than the IGMP Query Interval time
value. The range is 1 to 25 seconds.
Default

10 seconds

Format

set igmp maxresponse <1-25>

Mode

• Global Config
• Interface Config

Format

set igmp maxresponse  <1-25>

Mode

VLAN Config

no set igmp maxresponse
This command sets the max response time (on the interface or VLAN) to the default value.
Format

no set igmp maxresponse

Mode

• Global Config
• Interface Config

Format

no set igmp maxresponse 

Mode

VLAN Config

set igmp mcrtrexpiretime
This command sets the Multicast Router Present Expiration time. The time is set for the
system, on a particular interface or VLAN. This is the amount of time in seconds that a switch
waits for a query to be received on an interface before the interface is removed from the list of

Switching Commands
169

ProSafe Managed Switch

interfaces with multicast routers attached. The range is 0 to 3600 seconds. A value of 0
indicates an infinite time-out, i.e. no expiration.
Default

0

Format

set igmp mcrtrexpiretime <0-3600>

Mode

• Global Config
• Interface Config

Format

set igmp mcrtrexpiretime  <0-3600>

Mode

VLAN Config

no set igmp mcrtrexpiretime
This command sets the Multicast Router Present Expiration time to 0. The time is set for the
system, on a particular interface or a VLAN.
Format

no set igmp mcrtrexpiretime

Mode

• Global Config
• Interface Config

Format

no set igmp mcrtrexpiretime 

Mode

VLAN Config

set igmp mrouter
This command configures the VLAN ID () that has the multicast router mode
enabled.
Format

set igmp mrouter 

Mode

Interface Config

no set igmp mrouter
This command disables multicast router mode for a particular VLAN ID ().
Format

no set igmp mrouter 

Mode

Interface Config

Switching Commands
170

ProSafe Managed Switch

set igmp mrouter interface
This command configures the interface as a multicast router interface. When configured as a
multicast router interface, the interface is treated as a multicast router interface in all VLANs.
Default

disabled

Format

set igmp mrouter interface

Mode

Interface Config

no set igmp mrouter interface
This command disables the status of the interface as a statically configured multicast router
interface.
Format

no set igmp mrouter interface

Mode

Interface Config

set igmp report-suppression
Use this command to suppress the IGMP reports on a given VLAN ID. In order to optimize
the number of reports traversing the network with no added benefits, a Report Suppression
mechanism is implemented. When more than one client responds to an MGMD query for the
same Multicast Group address within the max-response-time, only the first response is
forwarded to the query and others are suppressed at the switch.
Default

Disabled

Format

set igmp report-suppression <1-4093>

Mode

VLAN Config

no set igmp report-suppression
Use this command to restore the system default.
Format

no set igmp report-suppression

Mode

VLAN Config

set igmp header-validation
This command enables the validation of 3 igmp header fields TTL (Time To Live), ToS (Type of
Service), and Router Alert options. The fields validated depend on the IGMP version being used.
IGMPv1 - Only the TTL field is validated.
IGMPv2 - TTL and Router Alert fields are validated.

Switching Commands
171

ProSafe Managed Switch

IGMPv3 - TTL, ToS, and Router Alert fields are validated
Default

Enabled

Format

set igmp header-validation

Mode

Global Config

no set igmp header-validation
This command disables the header validation for IGMP packets.
Format

no set igmp header-validation

Mode

Global Config

mac address-table multicast forbidden-unregistered vlan
Use this command to forbid forwarding unregistered multicast addresses (in other words,
unknown multicast traffic) on a given VLAN ID.
Default

Disabled

Format

mac address-table multicast forbidden-unregistered vlan
<1-4093>

Mode

Global Config

no mac address-table multicast forbidden-unregistered vlan
Use this command to restore the default.
Format

no mac address-table multicast forbidden-unregistered
vlan

Mode

Global Config

mac address-table multicast forward-unregistered vlan
Use this command to enable forwarding unregistered multicast address (in other words,
unknown multicast traffic) on a given VLAN ID.
Format

mac address-table multicast forward-unregistered vlan
<1-4093>

Mode

Global Config

Switching Commands
172

ProSafe Managed Switch

mac address-table multicast forward-all vlan
Use this command to enable forwarding of all multicast packets on a given VLAN ID.
Format

mac address-table multicast forward-all vlan <1-4093>

Mode

Global Config

no mac address-table multicast forward-all vlan
This command to restores the system default.
Format

no mac address-table multicast forward-all vlan

Mode

Global Config

Switching Commands
173

ProSafe Managed Switch

show igmpsnooping
This command displays IGMP Snooping information. Configured information is displayed
whether or not IGMP Snooping is enabled.
Format

show igmpsnooping [ | ]

Mode

Privileged EXEC

When the optional arguments  or  are not used, the
command displays the following information:
Term

Definition

Admin Mode

Indicates whether or not IGMP Snooping is active on the switch.

Multicast
Control Frame
Count

The number of multicast control frames that are processed by the CPU.

Interface
The list of interfaces on which IGMP Snooping is enabled.
Enabled for
IGMP Snooping
VLANS Enabled The list of VLANS on which IGMP Snooping is enabled.
for IGMP
Snooping

When you specify the  values, the following information appears:
Term

Definition

IGMP Snooping Indicates whether IGMP Snooping is active on the interface.
Admin Mode
Fast Leave
Mode

Indicates whether IGMP Snooping Fast-leave is active on the interface.

Group
Membership
Interval

The amount of time in seconds that a switch will wait for a report from a particular group
on a particular interface before deleting the interface from the entry.This value may be
configured.

Maximum
The amount of time the switch waits after it sends a query on an interface because it did
Response Time
not receive a report for a particular group on that interface. This value may be configured.
Multicast
Router Expiry
Time

The amount of time to wait before removing an interface from the list of interfaces with
multicast routers attached. The interface is removed if a query is not received. This value
may be configured.

Switching Commands
174

ProSafe Managed Switch

When you specify a value for , the following information appears:
Term

Definition

VLAN ID

The VLAN ID.

IGMP Snooping Indicates whether IGMP Snooping is active on the VLAN.
Admin Mode
Fast Leave
Mode

Indicates whether IGMP Snooping Fast-leave is active on the VLAN.

Group
Membership
Interval

The amount of time in seconds that a switch will wait for a report from a particular group
on a particular interface, which is participating in the VLAN, before deleting the interface
from the entry.This value may be configured.

Maximum
The amount of time the switch waits after it sends a query on an interface, participating in
Response Time
the VLAN, because it did not receive a report for a particular group on that interface. This
value may be configured.
Multicast
Router Expiry
Time

The amount of time to wait before removing an interface that is participating in the VLAN
from the list of interfaces with multicast routers attached. The interface is removed if a
query is not received. This value may be configured.

show igmpsnooping mrouter interface
This command displays information about statically configured ports.
Format

show igmpsnooping mrouter interface 

Mode

Privileged EXEC

Term

Definition

Interface

The port on which multicast router information is being displayed.

Multicast
Router
Attached

Indicates whether multicast router is statically enabled on the interface.

VLAN ID

The list of VLANs of which the interface is a member.

show igmpsnooping mrouter vlan
This command displays information about statically configured ports.
Format

show igmpsnooping mrouter vlan 

Mode

Privileged EXEC

Term

Definition

Interface

The port on which multicast router information is being displayed.

VLAN ID

The list of VLANs of which the interface is a member.

Switching Commands
175

ProSafe Managed Switch

show mac-address-table igmpsnooping
This command displays the IGMP Snooping entries in the MFDB table.
Format

show mac-address-table igmpsnooping

Mode

Privileged EXEC

Term

Definition

MAC Address

A multicast MAC address for which the switch has forwarding or filtering information. The
format is two-digit hexadecimal numbers that are separated by colons, for example
01:23:45:67:89:AB. In an IVL system the MAC address is displayed as a MAC address
and VLAN ID combination of 8 bytes.

Type

The type of the entry, which is either static (added by the user) or dynamic (added to the
table as a result of a learning process or protocol).

Description

The text description of this multicast table entry.

Interfaces

The list of interfaces that are designated for forwarding (Fwd:) and filtering (Flt:).

show mac address-table multicast filtering
Use this command to display the multicast filtering details for a given VLAN.
Format

show mac address-table multicast filtering

Mode

Privileged EXEC

Parameter

Description

vlan-id

A valid VLAN ID

mode

The filtering mode

The following shows example CLI display output for the command.
(netgear switch) #show mac address-table multicast filtering 1
VLAN-ID....... 1
Mode.......... Forward-Forbidden-Unregistered

Switching Commands
176

ProSafe Managed Switch

IGMP Snooping Querier Commands
IGMP Snooping requires that one central switch or router periodically query all end-devices
on the network to announce their multicast memberships. This central device is the “IGMP
Querier”. The IGMP query responses, known as IGMP reports, keep the switch updated with
the current multicast group membership on a port-by-port basis. If the switch does not
receive updated membership information in a timely fashion, it will stop forwarding multicasts
to the port where the end device is located.
This section describes commands used to configure and display information on IGMP
Snooping Queriers on the network and, separately, on VLANs.

set igmp querier
Use this command to enable IGMP Snooping Querier on the system, using Global Config
mode, or on a VLAN. Using this command, you can specify the IP Address that the Snooping
Querier switch should use as the source address while generating periodic queries.
If a VLAN has IGMP Snooping Querier enabled and IGMP Snooping is operationally disabled
on it, IGMP Snooping Querier functionality is disabled on that VLAN. IGMP Snooping
functionality is re-enabled if IGMP Snooping is operational on the VLAN.

Note: The Querier IP Address assigned for a VLAN takes preference over
global configuration.

The IGMP Snooping Querier application supports sending periodic general queries on the
VLAN to solicit membership reports.
Default

disabled

Format

set igmp querier [] [address ipv4_address]

Mode

• Global Config
• VLAN Mode

no set igmp querier
Use this command to disable IGMP Snooping Querier on the system. Use the optional
address parameter to reset the querier address to 0.0.0.0.
Format

no set igmp querier [] [address]

Mode

• Global Config
• VLAN Mode

Switching Commands
177

ProSafe Managed Switch

set igmp querier query-interval
Use this command to set the IGMP Querier Query Interval time. It is the amount of time in
seconds that the switch waits before sending another general query.
Default

disabled

Format

set igmp querier query-interval <1-18000>

Mode

Global Config

no set igmp querier query-interval
Use this command to set the IGMP Querier Query Interval time to its default value.
Format

no set igmp querier query-interval

Mode

Global Config

set igmp querier timer expiry
Use this command to set the IGMP Querier timer expiration period. It is the time period that
the switch remains in Non-Querier mode once it has discovered that there is a Multicast
Querier in the network.
Default

60 seconds

Format

set igmp querier timer expiry <60-300>

Mode

Global Config

no set igmp querier timer expiry
Use this command to set the IGMP Querier timer expiration period to its default value.
Format

no set igmp querier timer expiry

Mode

Global Config

set igmp querier version
Use this command to set the IGMP version of the query that the snooping switch is going to
send periodically.
Default

1

Format

set igmp querier version <1-2>

Mode

Global Config

Switching Commands
178

ProSafe Managed Switch

no set igmp querier version
Use this command to set the IGMP Querier version to its default value.
Format

no set igmp querier version

Mode

Global Config

set igmp querier election participate
Use this command to enable the Snooping Querier to participate in the Querier Election
process when it discovers the presence of another Querier in the VLAN. When this mode is
enabled, if the Snooping Querier finds that the other Querier’s source address is better (less)
than the Snooping Querier’s address, it stops sending periodic queries. If the Snooping
Querier wins the election, then it will continue sending periodic queries.
Default

disabled

Format

set igmp querier election participate

Mode

VLAN Config

no set igmp querier election participate
Use this command to set the Snooping Querier not to participate in querier election but go
into non-querier mode as soon as it discovers the presence of another querier in the same
VLAN.
Format

no set igmp querier election participate

Mode

VLAN Config

show igmpsnooping querier
Use this command to display IGMP Snooping Querier information. Configured information is
displayed whether or not IGMP Snooping Querier is enabled.
Format

show igmpsnooping querier [{detail | vlan }]

Mode

Privileged EXEC

When the optional argument  is not used, the command displays the following
information.
Field

Description

Admin Mode

Indicates whether or not IGMP Snooping Querier is active on the switch.

Admin Version

The version of IGMP that will be used while sending out the queries.

Querier
Address

The IP Address which will be used in the IPv4 header while sending out IGMP queries. It
can be configured using the appropriate command.

Switching Commands
179

ProSafe Managed Switch

Field

Description

Query Interval

The amount of time in seconds that a Snooping Querier waits before sending out the
periodic general query.

Querier Timeout The amount of time to wait in the Non-Querier operational state before moving to a
Querier state.

When you specify a value for , the following additional information appears.
Field

Description

VLAN Admin
Mode

Indicates whether iGMP Snooping Querier is active on the VLAN.

VLAN
Operational
State

Indicates whether IGMP Snooping Querier is in “Querier” or “Non-Querier” state. When
the switch is in Querier state, it will send out periodic general queries. When in
Non-Querier state, it will wait for moving to Querier state and does not send out any
queries.

VLAN
Operational
Max Response
Time

Indicates the time to wait before removing a Leave from a host upon receiving a Leave
request. This value is calculated dynamically from the Queries received from the
network. If the Snooping Switch is in Querier state, then it is equal to the configured
value.

Querier Election Indicates whether the IGMP Snooping Querier participates in querier election if it
Participation
discovers the presence of a querier in the VLAN.
Querier VLAN
Address

The IP address will be used in the IPv4 header while sending out IGMP queries on this
VLAN. It can be configured using the appropriate command.

Operational
Version

The version of IPv4 will be used while sending out IGMP queries on this VLAN.

Last Querier
Address

Indicates the IP address of the most recent Querier from which a Query was received.

Last Querier
Version

Indicates the IGMP version of the most recent Querier from which a Query was received
on this VLAN.

When the optional argument detail is used, the command shows the global information
and the information for all Querier-enabled VLANs.

MLD Snooping Commands
This section describes commands used for MLD Snooping. In IPv4, Layer 2 switches can use
IGMP Snooping to limit the flooding of multicast traffic by dynamically configuring Layer 2
interfaces so that multicast traffic is forwarded only to those interfaces associated with IP
multicast addresses. In IPv6, MLD Snooping performs a similar function. With MLD
Snooping, IPv6 multicast data is selectively forwarded to a list of ports that want to receive
the data, instead of being flooded to all ports in a VLAN. This list is constructed by snooping
IPv6 multicast control packets.

Switching Commands
180

ProSafe Managed Switch

set mld
Use this command to enable MLD Snooping on the system (Global Config Mode) or an
Interface (Interface Config Mode). This command also enables MLD Snooping on a particular
VLAN and enables MLD Snooping on all interfaces participating in a VLAN.
If an interface has MLD Snooping enabled and you enable this interface for routing or enlist it
as a member of a port-channel (LAG), MLD Snooping functionality is disabled on that
interface. MLD Snooping functionality is re-enabled if you disable routing or remove port
channel (LAG) membership from an interface that has MLD Snooping enabled.
MLD Snooping supports the following activities:
•

Validation of address version, payload length consistencies and discarding of the frame
upon error.

•

Maintenance of the forwarding table entries based on the MAC address versus the IPv6
address.

•

Flooding of unregistered multicast data packets to all ports in the VLAN.

Default

disabled

Format

set mld vlanid

Mode

• Global Config
• Interface Config
• VLAN Mode

no set mld
Use this command to disable MLD Snooping on the system.
Format

set mld vlanid

Mode

• Global Config
• Interface Config
• VLAN Mode

set mld interfacemode
Use this command to enable MLD Snooping on all interfaces. If an interface has MLD
Snooping enabled and you enable this interface for routing or enlist it as a member of a
port-channel (LAG), MLD Snooping functionality is disabled on that interface. MLD Snooping
functionality is re-enabled if you disable routing or remove port-channel (LAG) membership
from an interface that has MLD Snooping enabled.
Default

disabled

Format

set mld interfacemode

Mode

Global Config

Switching Commands
181

ProSafe Managed Switch

no set mld interfacemode
Use this command to disable MLD Snooping on all interfaces.
Format

no set mld interfacemode

Mode

Global Config

set mld fast-leave
Use this command to enable MLD Snooping fast-leave admin mode on a selected interface
or VLAN. Enabling fast-leave allows the switch to immediately remove the Layer 2 LAN
interface from its forwarding table entry upon receiving and MLD done message for that
multicast group without first sending out MAC-based general queries to the interface.

Note: You should enable fast-leave admin mode only on VLANs where
only one host is connected to each Layer 2 LAN port. This prevents
the inadvertent dropping of the other hosts that were connected to
the same layer 2 LAN port but were still interested in receiving
multicast traffic directed to that group.

Note: Fast-leave processing is supported only with MLD version 1 hosts.

Default

disabled

Format

set mld fast-leave vlanid

Mode

• Interface Config
• VLAN Mode

no set mld fast-leave
Use this command to disable MLD Snooping fast-leave admin mode on a selected interface.
Format

no set mld fast-leave vlanid

Mode

• Interface Config
• VLAN Mode

set mld groupmembership-interval
Use this command to set the MLD Group Membership Interval time on a VLAN, one interface
or all interfaces. The Group Membership Interval time is the amount of time in seconds that a
switch waits for a report from a particular group on a particular interface before deleting the

Switching Commands
182

ProSafe Managed Switch

interface from the entry. This value must be greater than the MLDv2 Maximum Response
time value. The range is 2 to 3600 seconds.
Default

260 seconds

Format

set mld groupmembership-interval vlanid 2-3600

Mode

• Interface Config
• Global Config
• VLAN Mode

no set groupmembership-interval
Use this command to set the MLDv2 Group Membership Interval time to the default value.
Format

no set mld groupmembership-interval

Mode

• Interface Config
• Global Config
• VLAN Mode

set mld maxresponse
Use this command to set the MLD Maximum Response time for the system, on a particular
interface or VLAN. The Maximum Response time is the amount of time in seconds that a
switch will wait after sending a query on an interface because it did not receive a report for a
particular group in that interface. This value must be less than the MLD Query Interval time
value. The range is 1 to 65 seconds.
Default

10 seconds

Format

set mld maxresponse 1-65

Mode

• Global Config
• Interface Config
• VLAN Mode

no set mld maxresponse
Use this command to set the max response time (on the interface or VLAN) to the default
value.
Format

no set mld maxresponse

Mode

• Global Config
• Interface Config
• VLAN Mode

set mld mcrtexpiretime
Use this command to set the Multicast Router Present Expiration time. The time is set for the
system, on a particular interface or VLAN. This is the amount of time in seconds that a switch

Switching Commands
183

ProSafe Managed Switch

waits for a query to be received on an interface before the interface is removed from the list of
interfaces with multicast routers attached. The range is 0 to 3600 seconds. A value of 0
indicates an infinite timeout, that is, no expiration.
Default

0

Format

set mld mcrtexpiretime vlanid 0-3600

Mode

• Global Config
• Interface Config

no set mld mcrtexpiretime
Use this command to set the Multicast Router Present Expiration time to 0. The time is set for
the system, on a particular interface or a VLAN.
Format

no set mld mcrtexpiretime vlanid

Mode

• Global Config
• Interface Config

set mld mrouter
Use this command to configure the VLAN ID for the VLAN that has the multicast router
attached mode enabled.
Format

set mld mrouter vlanid

Mode

Interface Config

no set mld mrouter
Use this command to disable multicast router attached mode for a VLAN with a particular
VLAN ID.
Format

no set mld mrouter vlanid

Mode

Interface Config

set mld mrouter interface
Use this command to configure the interface as a multicast router-attached interface. When
configured as a multicast router interface, the interface is treated as a multicast
router-attached interface in all VLANs.
Default

disabled

Format

set mld mrouter interface

Mode

Interface Config

Switching Commands
184

ProSafe Managed Switch

no set mld mrouter interface
Use this command to disable the status of the interface as a statically configured multicast
router-attached interface.
Format

no set mld mrouter interface

Mode

Interface Config

show mldsnooping
Use this command to display MLD Snooping information. Configured information is displayed
whether or not MLD Snooping is enabled.
Format

show mldsnooping [unit/slot/port | vlanid]

Mode

Privileged EXEC

When the optional arguments unit/slot/port or vlanid are not used, the command
displays the following information.
Term

Definition

Admin Mode

Indicates whether or not MLD Snooping is active on the switch.

Interfaces
Enabled for
MLD Snooping

Interfaces on which MLD Snooping is enabled.

MLD Control
Frame Count

Displays the number of MLD Control frames that are processed by the CPU.

VLANs Enabled VLANs on which MLD Snooping is enabled.
for MLD
Snooping

When you specify the unit/slot/port values, the following information displays.
Term

Definition

MLD Snooping
Admin Mode

Indicates whether MLD Snooping is active on the interface.

Fast Leave
Mode

Indicates whether MLD Snooping Fast Leave is active on the VLAN.

Group
Membership
Interval

Shows the amount of time in seconds that a switch will wait for a report from a particular
group on a particular interface, which is participating in the VLAN, before deleting the
interface from the entry. This value may be configured.

Max Response
Time

Displays the amount of time the switch waits after it sends a query on an interface,
participating in the VLAN, because it did not receive a report for a particular group on that
interface. This value may be configured.

Multicast
Displays the amount of time to wait before removing an interface that is participating in
Router Present
the VLAN from the list of interfaces with multicast routers attached. The interface is
Expiration Time
removed if a query is not received. This value may be configured.

Switching Commands
185

ProSafe Managed Switch

When you specify a value for vlanid, the following information appears.
Term

Definition

VLAN Admin
Mode

Indicates whether MLD Snooping is active on the VLAN.

show mldsnooping mrouter interface
Use this command to display information about statically configured multicast router attached
interfaces.
Format

show mldsnooping mrouter interface unit/slot/port

Mode

Privileged EXEC

Term

Definition

Interface

Shows the interface on which multicast router information is being displayed.

Multicast
Router
Attached

Indicates whether multicast router is statically enabled on the interface.

VLAN ID

Displays the list of VLANs of which the interface is a member.

show mldsnooping mrouter vlan
Use this command to display information about statically configured multicast router-attached
interfaces.
Format

show mldsnooping mrouter vlan unit/slot/port

Mode

Privileged EXEC

Term

Definition

Interface

Shows the interface on which multicast router information is being displayed.

VLAN ID

Displays the list of VLANs of which the interface is a member.

show mac-address-table mldsnooping
Use this command to display the MLD Snooping entries in the Multicast Forwarding
Database (MFDB) table.
Format

show mac-address-table mldsnooping

Mode

Privileged EXEC

Switching Commands
186

ProSafe Managed Switch

Term

Definition

VLAN ID

The VLAN in which the MAC address is learned.

MAC Address

A multicast MAC address for which the switch has forwarding or filtering information. The
format is 6 two-digit hexadecimal numbers that are separated by colons, for example
01:23:45:67:89:AB.

Type

The type of entry, which is either static (added by the user) or dynamic (added to the
table as a result of a learning process or protocol.)

Description

The text description of this multicast table entry.

Interfaces

The list of interfaces that are designated for forwarding (Fwd:) and filtering (Flt:).

MLD Snooping Querier Commands
In an IPv6 environment, MLD Snooping requires that one central switch or router periodically
query all end-devices on the network to announce their multicast memberships. This central
device is the MLD Querier. The MLD query responses, known as MLD reports, keep the
switch updated with the current multicast group membership on a port-by-port basis. If the
switch does not receive updated membership information in a timely fashion, it will stop
forwarding multicasts to the port where the end device is located.
This section describes the commands you use to configure and display information on MLD
Snooping queries on the network and, separately, on VLANs.

set mld querier
Use this command to enable MLD Snooping Querier on the system (Global Config Mode) or
on a VLAN. Using this command, you can specify the IP address that the snooping querier
switch should use as a source address while generating periodic queries.
If a VLAN has MLD Snooping Querier enabled and MLD Snooping is operationally disabled
on it, MLD Snooping Querier functionality is disabled on that VLAN. MLD Snooping
functionality is re-enabled if MLD Snooping is operational on the VLAN.
The MLD Snooping Querier sends periodic general queries on the VLAN to solicit
membership reports.
Default

disabled

Format

set mld querier [vlan-id] [address ipv6_address]

Mode

• Global Config
• VLAN Mode

Switching Commands
187

ProSafe Managed Switch

no set mld querier
Use this command to disable MLD Snooping Querier on the system. Use the optional
parameter address to reset the querier address.
Format

no set mld querier [vlan-id][address]

Mode

• Global Config
• VLAN Mode

set mld querier query_interval
Use this command to set the MLD Querier Query Interval time. This is the amount of time in
seconds that the switch waits before sending another general query.
Default

disabled

Format

set mld querier query_interval <1-18000>

Mode

Global Config

no set mld querier query_interval
Use this command to set the MLD Querier Query Interval time to its default value.
Format

no set mld querier query_interval

Mode

Global Config

set mld querier timer expiry
Use this command to set the MLD Querier timer expiration period. This is the time period that
the switch remains in Non-Querier mode once it discovers that there is a Multicast Querier in
the network.
Default

60 seconds

Format

set mld querier timer expiry <60-300>

Mode

Global Config

no set mld querier timer expiry
Use this command to set the MLD Querier timer expiration period to its default value.
Format

no set mld querier timer expiry

Mode

Global Config

Switching Commands
188

ProSafe Managed Switch

set mld querier election participate
Use this command to enable the Snooping Querier to participate in the Querier Election
process when it discovers the presence of another Querier in the VLAN. When this mode is
enabled, if the Snooping Querier finds that the other Querier’s source address is better (less)
than the Snooping Querier’s address, it stops sending periodic queries. If the Snooping
Querier wins the election, then it will continue sending periodic queries.
Default

disabled

Format

set mld querier election participate

Mode

VLAN Config

no set mld querier election participate
Use this command to set the snooping querier not to participate in querier election, but go
into a non-querier mode as soon as it discovers the presence of another querier in the same
VLAN.
Format

no set mld querier election participate

Mode

VLAN Config

show mldsnooping querier
Use this command to display MLD Snooping Querier information. Configured information is
displayed whether or not MLD Snooping Querier is enabled.
Format

show mldsnooping querier [{detail | vlan }]

Mode

Privileged EXEC

When the optional arguments vlandid are not used, the command displays the following
information.
Field

Description

Admin Mode

Indicates whether or not MLD Snooping Querier is active on the switch.

Admin Version

Indicates the version of MLD that will be used while sending out the queries. This is
defaulted to MLD v1 and it cannot be changed.

Querier Address

Shows the IP address which will be used in the IPv6 header while sending out MLD
queries. It can be configured using the appropriate command.

Query Interval

Shows the amount of time in seconds that a Snooping Querier waits before sending
out the periodic general query.

Querier Timeout

Displays the amount of time to wait in the Non-Querier operational state before moving
to a Querier state.

Switching Commands
189

ProSafe Managed Switch

When you specify a value for vlanid, the following information appears.
Field

Description

VLAN Admin
Mode

Indicates whether MLD Snooping Querier is active on the VLAN.

VLAN Operational Indicates whether MLD Snooping Querier is in “Querier” or “Non-Querier” state. When
State
the switch is in Querier state, it will send out periodic general queries. When in
Non-Querier state, it will wait for moving to Querier state and does not send out any
queries.
Operational Max
Response Time

Indicates the time to wait before removing a Leave from a host upon receiving a Leave
request. This value is calculated dynamically from the Queries received from the
network. If the Snooping Switch is in Querier state, then it is equal to the configured
value.

Querier Election
Participate

Indicates whether the MLD Snooping Querier participates in querier election if it
discovers the presence of a querier in the VLAN.

Querier VLAN
Address

The IP address will be used in the IPv6 header while sending out MLD queries on this
VLAN. It can be configured using the appropriate command.

Operational
Version

This version of IPv6 will be used while sending out MLD queriers on this VLAN.

Last Querier
Address

Indicates the IP address of the most recent Querier from which a Query was received.

Last Querier
Version

Indicates the MLD version of the most recent Querier from which a Query was received
on this VLAN.

When the optional argument detail is used, the command shows the global information
and the information for all Querier-enabled VLANs.

Port Security Commands
This section describes the commands you use to configure Port Security on the switch. Port
security, which is also known as port MAC locking, allows you to secure the network by
locking allowable MAC addresses on a port. Packets with a matching source MAC address
are forwarded normally, and all other packets are discarded.

Note: To enable the SNMP trap specific to port security, see snmp-server
enable traps violation on page 686.

Switching Commands
190

ProSafe Managed Switch

port-security
This command enables port locking at the system level (Global Config) or port level
(Interface Config).
Default

disabled

Format

port-security

Mode

• Global Config
• Interface Config

no port-security
This command disables port locking for one (Interface Config) or all (Global Config) ports.
Format

no port-security

Mode

• Global Config
• Interface Config

port-security max-dynamic
This command sets the maximum number of dynamically locked MAC addresses allowed on
a specific port.
Default

600

Format

port-security max-dynamic 

Mode

Interface Config

no port-security max-dynamic
This command resets the maximum number of dynamically locked MAC addresses allowed
on a specific port to its default value.
Format

no port-security max-dynamic

Mode

Interface Config

port-security max-static
This command sets the maximum number of statically locked MAC addresses allowed on a
port.
Default

20

Format

port-security max-static 

Mode

Interface Config

Switching Commands
191

ProSafe Managed Switch

no port-security max-static
This command sets maximum number of statically locked MAC addresses to the default
value.
Format

no port-security max-static

Mode

Interface Config

port-security mac-address
This command adds a MAC address to the list of statically locked MAC addresses. The
 is the VLAN ID.
Format

port-security mac-address  

Mode

Interface Config

no port-security mac-address
This command removes a MAC address from the list of statically locked MAC addresses.
Format

no port-security mac-address  

Mode

Interface Config

port-security mac-address move
This command converts dynamically locked MAC addresses to statically locked addresses.
Format

port-security mac-address move

Mode

Interface Config

port-security mac-address sticky
This command enables sticky mode Port MAC Locking on a port. If accompanied by a MAC
address and a VLAN id (for interface config mode only), it adds a sticky MAC address to the
list of statically locked MAC addresses. These sticky addresses are converted back to
dynamically locked addresses if sticky mode is disabled on the port. The  is the VLAN
ID. The Global command applies the sticky mode to all valid interfaces (physical and LAG).
There is no global sticky mode as such.
Sticky addresses that are dynamically learned will appear in show running config as
port-security mac-address sticky   entries. This distinguishes them
from static entries.
Format

port-security mac-address sticky [ ]

Modes

• Global Config
• Interface Config

Switching Commands
192

ProSafe Managed Switch

no port-security mac-address sticky
The no form removes the sticky mode. The sticky MAC address can be deleted by using the
command no port-security mac-address  .
Format

no port-security mac-address sticky [
]

Modes

• Global Config
• Interface Config

show port-security
This command displays the port-security settings. If you do not use a parameter, the
command displays the settings for the entire system. Use the optional parameters to display
the settings on a specific interface or on all interfaces.
Format

show port-security [{ | all}]

Mode

Privileged EXEC

Term

Definition

Admin Mode

Port Locking mode for the entire system. This field displays if you do not supply any
parameters.

For each interface, or for the interface you specify, the following information appears:
Term

Definition

Admin Mode

Port Locking mode for the Interface.

Dynamic Limit

Maximum dynamically allocated MAC Addresses.

Static Limit

Maximum statically allocated MAC Addresses.

Violation Trap
Mode

Whether violation traps are enabled.

show port-security dynamic
This command displays the dynamically locked MAC addresses for the port.
Format

show port-security dynamic [lag  | ]

Mode

Privileged EXEC

Term

Definition

MAC Address

MAC Address of dynamically locked MAC.

Switching Commands
193

ProSafe Managed Switch

show port-security static
This command displays the statically locked MAC addresses for port.
Format

show port-security static [lag  | ]

Mode

Privileged EXEC

Term

Definition

MAC Address

MAC Address of statically locked MAC.

show port-security violation
This command displays the source MAC address of the last packet discarded on a locked
port.
Format

show port-security violation [lag  | ]

Mode

Privileged EXEC

Term

Definition

MAC Address

MAC Address of discarded packet on locked port.

LLDP (802.1AB) Commands
This section describes the command you use to configure Link Layer Discovery Protocol
(LLDP), which is defined in the IEEE 802.1AB specification. LLDP allows stations on an 802
LAN to advertise major capabilities and physical descriptions. The advertisements allow a
network management system (NMS) to access and display this information.

lldp transmit
Use this command to enable the LLDP advertise capability.
Default

enabled

Format

lldp transmit

Mode

Interface Config

no lldp transmit
Use this command to return the local data transmission capability to the default.
Format

no lldp transmit

Mode

Interface Config

Switching Commands
194

ProSafe Managed Switch

lldp receive
Use this command to enable the LLDP receive capability.
Default

enabled

Format

lldp receive

Mode

Interface Config

no lldp receive
Use this command to return the reception of LLDPDUs to the default value.
Format

no lldp receive

Mode

Interface Config

lldp timers
Use this command to set the timing parameters for local data transmission on ports enabled
for LLDP. The  determines the number of seconds to wait between
transmitting local data LLDPDUs. The range is 1-32768 seconds. The  is the
multiplier on the transmit interval that sets the TTL in local data LLDPDUs. The multiplier
range is 2-10. The  is the delay before re-initialization, and the range is
1-0 seconds.
Default

• interval—30 seconds
• hold—4
• reinit—2 seconds

Format

lldp timers [interval ] [hold ] [reinit
]

Mode

Global Config

no lldp timers
Use this command to return any or all timing parameters for local data transmission on ports
enabled for LLDP to the default values.
Format

no lldp timers [interval] [hold] [reinit]

Mode

Global Config

lldp transmit-tlv
Use this command to specify which optional type length values (TLVs) in the 802.1AB basic
management set are transmitted in the LLDPDUs. Use sys-name to transmit the system
name TLV. To configure the system name, see snmp-server on page 683. Use sys-descto
transmit the system description TLV. Use sys-cap to transmit the system capabilities TLV.

Switching Commands
195

ProSafe Managed Switch

Use port-desc to transmit the port description TLV. To configure the port description, see
description on page 41
Default

all optional TLVs are included

Format

lldp transmit-tlv [sys-desc] [sys-name] [sys-cap] [port-desc]

Mode

Interface Config

no lldp transmit-tlv
Use this command to remove an optional TLV from the LLDPDUs. Use the command without
parameters to remove all optional TLVs from the LLDPDU.
Format

no lldp transmit-tlv [sys-desc] [sys-name] [sys-cap] [port-desc]

Mode

Interface Config

lldp transmit-mgmt
Use this command to include transmission of the local system management address
information in the LLDPDUs.
Default

enabled

Format

lldp transmit-mgmt

Mode

Interface Config

no lldp transmit-mgmt
Use this command to include transmission of the local system management address
information in the LLDPDUs. Use this command to cancel inclusion of the management
information in LLDPDUs.
Format

no lldp transmit-mgmt

Mode

Interface Config

lldp notification
Use this command to enable remote data change notifications.
Default

disabled

Format

lldp notification

Mode

Interface Config

Switching Commands
196

ProSafe Managed Switch

no lldp notification
Use this command to disable notifications.
Default

disabled

Format

no lldp notification

Mode

Interface Config

lldp notification-interval
Use this command to configure how frequently the system sends remote data change
notifications. The  parameter is the number of seconds to wait between sending
notifications. The valid interval range is 5-3600 seconds.
Default

5

Format

lldp notification-interval 

Mode

Global Config

no lldp notification-interval
Use this command to return the notification interval to the default value.
Format

no lldp notification-interval

Mode

Global Config

clear lldp statistics
Use this command to reset all LLDP statistics, including MED-related information.
Format

clear lldp statistics

Mode

Privileged Exec

clear lldp remote-data
Use this command to delete all information from the LLDP remote data table, including
MED-related information.
Format

clear lldp remote-data

Mode

Global Config

Switching Commands
197

ProSafe Managed Switch

show lldp
Use this command to display a summary of the current LLDP configuration.
Format

show lldp

Mode

Privileged Exec

Term

Definition

Transmit
Interval

How frequently the system transmits local data LLDPDUs, in seconds.

Transmit Hold
Multiplier

The multiplier on the transmit interval that sets the TTL in local data LLDPDUs.

Re-initialization The delay before re-initialization, in seconds.
Delay
Notification
Interval

How frequently the system sends remote data change notifications, in seconds.

show lldp interface
Use this command to display a summary of the current LLDP configuration for a specific
interface or for all interfaces.
Format

show lldp interface { | all}

Mode

Privileged Exec

Term

Definition

Interface

The interface in a unit/slot/port format.

Link

Shows whether the link is up or down.

Transmit

Shows whether the interface transmits LLDPDUs.

Receive

Shows whether the interface receives LLDPDUs.

Notify

Shows whether the interface sends remote data change notifications.

TLVs

Shows whether the interface sends optional TLVs in the LLDPDUs. The TLV codes can
be 0 (Port Description), 1 (System Name), 2 (System Description), or 3 (System
Capability).

Mgmt

Shows whether the interface transmits system management address information in the
LLDPDUs.

Switching Commands
198

ProSafe Managed Switch

show lldp statistics
Use this command to display the current LLDP traffic and remote table statistics for a specific
interface or for all interfaces.
Format

show lldp statistics { | all}

Mode

Privileged Exec

Term

Definition

Last Update

The amount of time since the last update to the remote table in days, hours, minutes, and
seconds.

Total Inserts

Total number of inserts to the remote data table.

Total Deletes

Total number of deletes from the remote data table.

Total Drops

Total number of times the complete remote data received was not inserted due to
insufficient resources.

Total Ageouts

Total number of times a complete remote data entry was deleted because the Time to
Live interval expired.

The table contains the following column headings:
Term

Definition

Interface

The interface in unit/slot/port format.

Transmit Total

Total number of LLDP packets transmitted on the port.

Receive Total

Total number of LLDP packets received on the port.

Discards

Total number of LLDP frames discarded on the port for any reason.

Errors

The number of invalid LLDP frames received on the port.

Ageouts

Total number of times a complete remote data entry was deleted for the port because the
Time to Live interval expired.

TLV Discards

The number of TLVs discarded.

TLV Unknowns

Total number of LLDP TLVs received on the port where the type value is in the reserved
range, and not recognized.

TLV MED

Total number of LLDP MED TLVs received on the local ports.

TVL802.1

Total number of 802.1 LLDP TLVs received on the local ports.

TVL802.3

Total number of 802.3 LLDP TLVs received on the local ports.

Switching Commands
199

ProSafe Managed Switch

show lldp remote-device
Use this command to display summary information about remote devices that transmit
current LLDP data to the system. You can show information about LLDP remote data
received on all ports or on a specific port.
Format

show lldp remote-device { | all}

Mode

Privileged EXEC

Term

Definition

Local Interface

The interface that received the LLDPDU from the remote device.

RemID

An internal identifier to the switch to mark each remote device to the system.

Chassis ID

The ID that is sent by a remote device as part of the LLDP message, it is usually a MAC
address of the device.

Port ID

The port number that transmitted the LLDPDU.

System Name

The system name of the remote device.

Example: The following shows example CLI display output for the command.
(switch) #show lldp remote-device all
LLDP Remote Device Summary
Local
Interface RemID
------- ------0/1
0/2
0/3
0/4
0/5
0/6
0/7
2
0/7
3
0/7
4
0/7
5
0/7
1
0/7
6
0/8
0/9
0/10
0/11
0/12
--More-- or (q)uit

Chassis ID
--------------------

Port ID
------------------

00:FC:E3:90:01:0F
00:FC:E3:90:01:0F
00:FC:E3:90:01:0F
00:FC:E3:90:01:0F
00:FC:E3:90:01:0F
00:FC:E3:90:01:0F

00:FC:E3:90:01:11
00:FC:E3:90:01:12
00:FC:E3:90:01:13
00:FC:E3:90:01:14
00:FC:E3:90:03:11
00:FC:E3:90:04:11

Switching Commands
200

System Name
------------------

ProSafe Managed Switch

show lldp remote-device detail
Use this command to display detailed information about remote devices that transmit current
LLDP data to an interface on the system.
Format

show lldp remote-device detail 

Mode

Privileged EXEC

Term

Definition

Local Interface

The interface that received the LLDPDU from the remote device.

Remote
Identifier

An internal identifier to the switch to mark each remote device to the system.

Chassis ID
Subtype

The type of identification used in the Chassis ID field.

Chassis ID

The chassis of the remote device.

Port ID Subtype The type of port on the remote device.
Port ID

The port number that transmitted the LLDPDU.

System Name

The system name of the remote device.

System
Description

Describes the remote system by identifying the system name and versions of hardware,
operating system, and networking software supported in the device.

Port
Description

Describes the port in an alpha-numeric format. The port description is configurable.

System
Capabilities
Supported

Indicates the primary function(s) of the device.

System
Capabilities
Enabled

Shows which of the supported system capabilities are enabled.

Management
Address

For each interface on the remote device with an LLDP agent, lists the type of address the
remote LLDP agent uses and specifies the address used to obtain information related to
the device.

Time To Live

The amount of time (in seconds) the remote device's information received in the
LLDPDU should be treated as valid information.

Example: The following shows example CLI display output for the command.
(Switch) #show lldp remote-device detail 0/7
LLDP Remote Device Detail
Local Interface: 0/7

Remote Identifier: 2
Chassis ID Subtype: MAC Address
Chassis ID: 00:FC:E3:90:01:0F
Port ID Subtype: MAC Address

Switching Commands
201

ProSafe Managed Switch

Port ID: 00:FC:E3:90:01:11
System Name:
System Description:
Port Description:
System Capabilities Supported:
System Capabilities Enabled:
Time to Live: 24 seconds

show lldp local-device
Use this command to display summary information about the advertised LLDP local data.
This command can display summary information or detail for each interface.
Format

show lldp local-device { | all}

Mode

Privileged EXEC

Term

Definition

Interface

The interface in a unit/slot/port format.

Port ID

The port ID associated with this interface.

Port
Description

The port description associated with the interface.

show lldp local-device detail
Use this command to display detailed information about the LLDP data a specific interface
transmits.
Format

show lldp local-device detail 

Mode

Privileged EXEC

Term

Definition

Interface

The interface that sends the LLDPDU.

Chassis ID
Subtype

The type of identification used in the Chassis ID field.

Chassis ID

The chassis of the local device.

Port ID Subtype The type of port on the local device.
Port ID

The port number that transmitted the LLDPDU.

System Name

The system name of the local device.

System
Description

Describes the local system by identifying the system name and versions of hardware,
operating system, and networking software supported in the device.

Port
Description

Describes the port in an alpha-numeric format.

Switching Commands
202

ProSafe Managed Switch

Term

Definition

System
Capabilities
Supported

Indicates the primary function(s) of the device.

System
Capabilities
Enabled

Shows which of the supported system capabilities are enabled.

Management
Address

The type of address and the specific address the local LLDP agent uses to send and
receive information.

LLDP-MED Commands
Link Layer Discovery Protocol - Media Endpoint Discovery (LLDP-MED) (ANSI-TIA-1057)
provides an extension to the LLDP standard. Specifically, LLDP-MED provides extensions for
network configuration and policy, device location, Power over Ethernet (PoE) management
and inventory management.

lldp med
Use this command to enable MED. By enabling MED, you will be effectively enabling the
transmit and receive function of LLDP.
Default

enabled

Format

lldp med

Mode

Interface Config

no lldp med
Use this command to disable MED.
Format

no lldp med

Mode

Interface Config

lldp med confignotification
Use this command to configure all the ports to send the topology change notification.
Default

enabled

Format

lldp med confignotification

Mode

Interface Config

Switching Commands
203

ProSafe Managed Switch

no ldp med confignotification
Use this command to disable notifications.
Format

no lldp med confignotification

Mode

Interface Config

lldp med transmit-tlv
Use this command to specify which optional Type Length Values (TLVs) in the LLDP MED set
will be transmitted in the Link Layer Discovery Protocol Data Units (LLDPDUs).
Default

By default, the capabilities and network policy TLVs are included.

Format

lldp med transmit-tlv [capabilities] [ex-pd] [ex-pse] [inventory]
[location] [network-policy]

Mode

Interface Config

Term

Definition

capabilities

Transmit the LLDP capabilities TLV.

ex-pd

Transmit the LLDP extended PD TLV.

ex-pse

Transmit the LLDP extended PSE TLV.

inventory

Transmit the LLDP inventory TLV.

location

Transmit the LLDP location TLV.

network-policy

Transmit the LLDP network policy TLV.

Note: The current implementation supports one network policy: the voice
VLAN as defined by the voice vlan commands.

no lldp med transmit-tlv
Use this command to remove a TLV.
Format

no lldp med transmit-tlv [capabilities] [network-policy] [ex-pse]
[ex-pd] [location] [inventory]

Mode

Interface Config

Switching Commands
204

ProSafe Managed Switch

lldp med all
Use this command to configure LLDP-MED on all the ports
Format

lldp med all

Mode

Global Config

no lldp med all
Use this command to remove LLDP-MD on all ports.
Format

no lldp med all

Mode

Global Config

lldp med confignotification all
Use this command to configure all the ports to send the topology change notification.
Format

lldp med confignotification all

Mode

Global Config

no lldp med confignotification all
Use this command to disable all the ports to send the topology change notification.
Format

no lldp med confignotification all

Mode

Global Config

lldp med faststartrepeatcount
Use this command to set the value of the fast start repeat count. [count] is the number of
LLDP PDUs that will be transmitted when the product is enabled. The range is 1 to 10.
Default

3

Format

lldp med faststartrepeatcount [count]

Mode

Global Config

no lldp med faststartrepeatcount
Use this command to return to the factory default value.
Format

no lldp med faststartrepeatcount

Mode

Global Config

Switching Commands
205

ProSafe Managed Switch

lldp med transmit-tlv all
Use this command to specify which optional Type Length Values (TLVs) in the LLDP MED set
will be transmitted in the Link Layer Discovery Protocol Data Units (LLDPDUs).
Default

By default, the capabilities and network policy TLVs are included.

Format

lldp med transmit-tlv all [capabilities] [ex-pd] [ex-pse] [inventory]
[location] [network-policy]

Mode

Global Config

Term

Definition

capabilities

Transmit the LLDP capabilities TLV.

ex-pd

Transmit the LLDP extended PD TLV.

ex-pse

Transmit the LLDP extended PSE TLV.

inventory

Transmit the LLDP inventory TLV.

location

Transmit the LLDP location TLV.

network-policy

Transmit the LLDP network policy TLV.

no lldp med transmit-tlv
Use this command to remove a TLV.
Format

no lldp med transmit-tlv all [capabilities] [network-policy] [ex-pse]
[ex-pd] [location] [inventory]

Mode

Global Config

show lldp med
Use this command to display a summary of the current LLDP MED configuration.
Format

show lldp med

Mode

Privileged Exec

Term

Definition

Fast Start
Repeat Count

The number of LLDP PDUs that will be transmitted when the protocol is enabled.

Device Class

The local device’s MED Classification. There are four different kinds of devices, three of
them represent the actual end points (classified as Class I Generic[IP Communication
Controller etc.], Class II Media Conference Bridge etc.], Class III Communication [IP
Telephone etc.]. Class IV Network Connectivity Device, which is typically a LAN Switch,
Router, IEEE 802.11 Wireless Access Point, etc.

Switching Commands
206

ProSafe Managed Switch

Example: The following shows example CLI display output for the command.
(switch) #show lldp med
LLDP MED Global Configuration
Fast Start Repeat Count: 3
Device Class: Network Connectivity
(switch) #

show lldp med interface
Use this command to display a summary of the current LLDP MED configuration for a
specific interface.  indicates a specific physical interface. all indicates
all valid LLDP interfaces.
Format

show lldp med interface { | all}

Mode

Privileged Exec

Term

Definition

Interface

The interface in a unit/slot/port format.

Link

Shows whether the link is up or down.

ConfigMED

Shows if the LLPD-MED mode is enabled or disabled on this interface

OperMED

Shows if the LLPD-MED TLVs are transmitted or not on this interface.

ConfigNotify

Shows if the LLPD-MED topology notification mode of this interface.

TLVsTx

Shows whether the interface sends optional TLVs in the LLDPDUs. The TLV codes
can be 0 (Capabilities), 1 (Network Policy), 2 (Location), 3 (Extended PSE), 4
(Extended Pd), or 5 (Inventory).

Example: The following shows example CLI display output for the command.
(Switch) #show lldp med interface all
Interface
--------1/0/1
1/0/2
1/0/3
1/0/4
1/0/5
1/0/6
1/0/7
1/0/8
1/0/9
1/0/10
1/0/11
1/0/12
1/0/13

Link
-----Down
Up
Down
Down
Down
Down
Down
Down
Down
Down
Down
Down
Down

configMED
--------Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled

operMED
-------Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled

ConfigNotify
-----------Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled
Disabled

TLVsTx
----------0,1
0,1
0,1
0,1
0,1
0,1
0,1
0,1
0,1
0,1
0,1
0,1
0,1

Switching Commands
207

ProSafe Managed Switch

1/0/14

Down

Disabled

Disabled

TLV Codes: 0- Capabilities,
2- Location,
4- Extended Pd,
--More-- or (q)uit
(Switch) #show lldp med interface
Interface
--------1/0/2

Link
-----Up

0,1

1- Network Policy
3- Extended PSE
5- Inventory
1/0/2

configMED operMED
--------- -------Disabled Disabled

TLV Codes: 0- Capabilities,
2- Location,
4- Extended Pd,

Disabled

ConfigNotify TLVsTx
------------ ----------Disabled
0,1

1- Network Policy
3- Extended PSE
5- Inventory

(Routing) #

show lldp med local-device detail
This command displays detailed information about the LLDP data a specific interface
transmits.
Format

show lldp med local-device detail 

Mode

Privileged EXEC

Term

Definition

Media Application
Type

Shows the application type. Types are unknown, voice, voicesignaling, guestvoice,
guestvoicesignaling, sfotphonevoice, videoconferencing, streamingvideo,
videosignaling.

Vlan ID

Shows the VLAN id associated with a particular policy type

Priority

Shows the priority associated with a particular policy type.

DSCP

Shows the DSCP associated with a particular policy type.

Unknown

Indicates if the policy type is unknown. In this case, the VLAN ID, Priority and DSCP
are ignored.

Tagged

Indicates if the policy type is using tagged or untagged VLAN.

Hardware Rev

Shows the local hardware version.

Firmware Rev

Shows the local firmware version.

Software Rev

Shows the local software version.

Serial Num

Shows the local serial number.

Mfg Name

Shows the manufacture name.

Model Name

Shows the model name.

Example: The following shows example CLI display output for the command.

Switching Commands
208

ProSafe Managed Switch

(Switch) #show lldp med local-device detail 1/0/8
LLDP MED Local Device Detail
Interface: 1/0/8
Network Policies
Media Policy Application Type : voice
Vlan ID: 10
Priority: 5
DSCP: 1
Unknown: False
Tagged: True
Media Policy Application Type : streamingvideo
Vlan ID: 20
Priority: 1
DSCP: 2
Unknown: False
Tagged: True

Inventory
Hardware Rev: xxx xxx xxx
Firmware Rev: xxx xxx xxx
Software Rev: xxx xxx xxx
Serial Num: xxx xxx xxx
Mfg Name: xxx xxx xxx
Model Name: xxx xxx xxx
Asset ID: xxx xxx xxx
Location
Subtype: elin
Info: xxx xxx xxx
Extended POE
Device Type: pseDevice
Extended POE PSE
Available: 0.3 Watts
Source: primary
Priority: critical
Extended POE PD
Required: 0.2 Watts
Source: local
Priority: low

Switching Commands
209

ProSafe Managed Switch

show lldp med remote-device
This command displays summary information about remote devices that transmit current
LLDP MED data to the system. You can show information about LLDP remote data received
on all ports or on a specific port.
Format

show lldp med remote-device { | all}

Mode

Privileged EXEC

Term

Definition

Interface

The interface in a unit/slot/port format.

Device Class

The Remote device’s MED Classification. There are four different kinds of devices, three
of them represent the actual end points (classified as Class I Generic [IP Communication
Controller etc.], Class II Media [Conference Bridge etc.], Class III Communication [IP
Telephone etc]). The fourth device is Network Connectivity Device, which is typically a
LAN Switch/Router, IEEE 802.1 Bridge, IEEE 802.11 Wireless Access Point etc.

Example: The following shows example CLI display output for the command.
(Switch) #show lldp med remote-device all
LLDP MED Remote Device Summary
Local
Interface
--------1/0/8
1/0/9
1/0/10
1/0/11
1/0/12

Remote ID
--------1
2
3
4
5

Device Class
-----------Class I
Not Defined
Class II
Class III
Network Con

show lldp med remote-device detail
Use this command to display detailed information about remote devices that transmit current
LLDP MED data to an interface on the system.
Format

show lldp med remote-device detail 

Mode

Privileged EXEC

Term

Definition

Supported
Capabilities

Shows the supported capabilities that were received in MED TLV on this port.

Enabled
capabilities

Shows the enabled capabilities that were enabled in MED TLV on this port.

Switching Commands
210

ProSafe Managed Switch

Term

Definition

Device Class

Shows the device class as advertized by the device remotely connected to the port.

Network Policy
Information

Shows if network policy TLV is received in the LLDP frames on this port.

Media
Application
Type

Shows the application type. Types of applications are unknown, voice, voicesignaling,
guestvoice, guestvoicesignaling, sfotphonevoice, videoconferencing, streamingvideo,
videosignaling.

VLAN Id

Shows the VLAN id associated with a particular policy type.

Priority

Shows the priority associated with a particular policy type.

DSCP

Shows the DSCP associated with a particular policy type.

Unknown

Indicates if the policy type is unknown. In this case, the VLAN id, Priority and DSCP are
ignored.

Tagged

Indicates if the policy type is using tagged or untagged VLAN.

Hardware
Revision

Shows the hardware version of the remote device.

Firmware
Revision

Shows the firmware version of the remote device.

Software
Revision

Shows the software version of the remote device.

Serial Number

Shows the serial number of the remote device.

Manufacturer
Name

Shows the manufacture name of the remote device.

Model Name

Shows the model name of the remote device.

Asset ID

Shows the asset id of the remote device.

Sub Type

Shows the type of location information.

Location
Information

Shows the location information as a string for a given type of location id

Device Type

Shows the remote device’s PoE device type connected to this port.

Available

Shows the remote port’s PSE power value in tenths of a watt.

Source

Shows the remote port’s PSE power source.

Priority

Shows the remote port’s PSE priority.

Required

Shows the remote port’s PD power requirement.

Source

Shows the remote port’s PD power source.

Priority

Shows the remote port’s PD power priority.

Example: The following shows example CLI display output for the command.
(Switch) #show lldp med remote-device detail 1/0/8
LLDP MED Remote Device Detail

Switching Commands
211

ProSafe Managed Switch

Local Interface: 1/0/8
Remote Identifier: 18
Capabilities
MED Capabilities Supported: capabilities, networkpolicy, location, extendedpse
MED Capabilities Enabled: capabilities, networkpolicy
Device Class: Endpoint Class I
Network Policies
Media Policy Application Type : voice
Vlan ID: 10
Priority: 5
DSCP: 1
Unknown: False
Tagged: True
Media Policy Application Type : streamingvideo
Vlan ID: 20
Priority: 1
DSCP: 2
Unknown: False
Tagged: True
Inventory
Hardware Rev: xxx xxx xxx
Firmware Rev: xxx xxx xxx
Software Rev: xxx xxx xxx
Serial Num: xxx xxx xxx
Mfg Name: xxx xxx xxx
Model Name: xxx xxx xxx
Asset ID: xxx xxx xxx
Location
Subtype: elin
Info: xxx xxx xxx
Extended POE
Device Type: pseDevice
Extended POE PSE
Available: 0.3 Watts
Source: primary
Priority: critical
Extended POE PD
Required: 0.2 Watts
Source: local
Priority: low

Denial of Service Commands

Switching Commands
212

ProSafe Managed Switch

This section describes the commands you use to configure Denial of Service (DoS) Control.
The software provides support for classifying and blocking specific types of Denial of Service
attacks. You can configure your system to monitor and block these types of attacks:
•

SIP=DIP: Source IP address = Destination IP address.

•

First Fragment: TCP Header size smaller then configured value.

•

TCP Fragment: IP Fragment Offset = 1.

•

TCP Flag: TCP Flag SYN set and Source Port < 1024 or TCP Control Flags = 0 and TCP
Sequence Number = 0 or TCP Flags FIN, URG, and PSH set and TCP Sequence
Number = 0 or TCP Flags SYN and FIN set.

•

L4 Port: Source TCP/UDP Port = Destination TCP/UDP Port.

•

ICMP: Limiting the size of ICMP Ping packets.

•

SMAC = DMAC: Source MAC address = Destination MAC address.

•

TCP Port: Source TCP Port = Destination TCP Port.

•

UDP Port: Source UDP Port = Destination UDP Port.

•

TCP Flag & Sequence: TCP Flag SYN set and Source Port < 1024 or TCP Control Flags
= 0 and TCP Sequence Number = 0 or TCP Flags FIN, URG, and PSH set and TCP
Sequence Number = 0 or TCP Flags SYN and FIN set.

•

TCP Offset: TCP Header Offset = 1.

•

TCP SYN: TCP Flag SYN set.

•

TCP SYN & FIN: TCP Flags SYN and FIN set.

•

TCP FIN & URG & PSH: TCP Flags FIN and URG and PSH set and TCP Sequence
Number = 0.

•

ICMP V6: Limiting the size of ICMPv6 Ping packets.

•

ICMP Fragment: Checks for fragmented ICMP packets.

dos-control all
This command enables Denial of Service protection checks globally.
Default

disabled

Format

dos-control all

Mode

Global Config

no dos-control all
This command disables Denial of Service prevention checks globally.
Format

no dos-control all

Mode

Global Config

Switching Commands
213

ProSafe Managed Switch

dos-control sipdip
This command enables Source IP address = Destination IP address (SIP=DIP) Denial of
Service protection. If the mode is enabled, Denial of Service prevention is active for this type
of attack. If packets ingress with SIP=DIP, the packets will be dropped if the mode is enabled.
Default

disabled

Format

dos-control sipdip

Mode

Global Config

no dos-control sipdip
This command disables Source IP address = Destination IP address (SIP=DIP) Denial of
Service prevention.
Format

no dos-control sipdip

Mode

Global Config

dos-control firstfrag
This command enables Minimum TCP Header Size Denial of Service protection. If the mode
is enabled, Denial of Service prevention is active for this type of attack. If packets ingress
having a TCP Header Size smaller then the configured value, the packets will be dropped if
the mode is enabled.The default is disabled. If you enable dos-control firstfrag, but do not
provide a Minimum TCP Header Size, the system sets that value to 20.
Default

disabled <20>

Format

dos-control firstfrag

Mode

Global Config

[<0-255>]

no dos-control firstfrag
This command sets Minimum TCP Header Size Denial of Service protection to the default
value of disabled.
Format

no dos-control firstfrag

Mode

Global Config

Switching Commands
214

ProSafe Managed Switch

dos-control tcpfrag
This command enables TCP Fragment Denial of Service protection. If the mode is enabled,
Denial of Service prevention is active for this type of attack. If packets ingress having IP
Fragment Offset equal to one (1), the packets will be dropped if the mode is enabled.
Default

disabled

Format

dos-control tcpfrag

Mode

Global Config

no dos-control tcpfrag
This command disabled TCP Fragment Denial of Service protection.
Format

no dos-control tcpfrag

Mode

Global Config

dos-control tcpflag
This command enables TCP Flag Denial of Service protections. If the mode is enabled,
Denial of Service prevention is active for this type of attacks. If packets ingress having TCP
Flag SYN set and a source port less than 1024 or having TCP Control Flags set to 0 and TCP
Sequence Number set to 0 or having TCP Flags FIN, URG, and PSH set and TCP Sequence
Number set to 0 or having TCP Flags SYN and FIN both set, the packets will be dropped if
the mode is enabled.
Default

disabled

Format

dos-control tcpflag

Mode

Global Config

no dos-control tcpflag
This command sets disables TCP Flag Denial of Service protections.
Format

no dos-control tcpflag

Mode

Global Config

dos-control l4port
This command enables L4 Port Denial of Service protections. If the mode is enabled, Denial
of Service prevention is active for this type of attack. If packets ingress having Source
TCP/UDP Port Number equal to Destination TCP/UDP Port Number, the packets will be
dropped if the mode is enabled.

Switching Commands
215

ProSafe Managed Switch

Note: Some applications mirror source and destination L4 ports - RIP for
example uses 520 for both. If you enable dos-control l4port,
applications such as RIP may experience packet loss which would
render the application inoperable.

Default

disabled

Format

dos-control l4port

Mode

Global Config

no dos-control l4port
This command disables L4 Port Denial of Service protections.
Format

no dos-control l4port

Mode

Global Config

dos-control icmp
This command enables Maximum ICMP Packet Size Denial of Service protections. If the
mode is enabled, Denial of Service prevention is active for this type of attack. If ICMP Echo
Request (PING) packets ingress having a size greater than the configured value, the packets
will be dropped if the mode is enabled.
Default

disabled <512>

Format

dos-control icmp [<0-1023>]

Mode

Global Config

no dos-control icmp
This command disables Maximum ICMP Packet Size Denial of Service protections.
Format

no dos-control icmp

Mode

Global Config

dos-control smacdmac
This command enables Source MAC address = Destination MAC address (SMAC=DMAC)
Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for

Switching Commands
216

ProSafe Managed Switch

this type of attack. If packets ingress with SMAC=DMAC, the packets will be dropped if the
mode is enabled.
Default

disabled

Format

dos-control smacdmac

Mode

Global Config

no dos-control smacdmac
This command disables Source MAC address = Destination MAC address (SMAC=DMAC)
Denial of Service protection.
Format

no dos-control smacdmac

Mode

Global Config

dos-control tcpport
This command enables TCP L4 source = destination port number (Source TCP Port =
Destination TCP Port) Denial of Service protection. If the mode is enabled, Denial of Service
prevention is active for this type of attack. If packets ingress with Source TCP Port =
Destination TCP Port, the packets will be dropped if the mode is enabled.
Default

disabled

Format

dos-control tcpport

Mode

Global Config

no dos-control tcpport
This command disables TCP L4 source = destination port number (Source TCP Port =
Destination TCP Port) Denial of Service protection.
Format

no dos-control smacdmac

Mode

Global Config

dos-control udpport
This command enables UDP L4 source = destination port number (Source UDP Port =
Destination UDP Port) Denial of Service protection. If the mode is enabled, Denial of Service
prevention is active for this type of attack. If packets ingress with Source UDP Port =
Destination UDP Port, the packets will be dropped if the mode is enabled.
Default

disabled

Format

dos-control udppport

Mode

Global Config

Switching Commands
217

ProSafe Managed Switch

no dos-control udpport
This command disables UDP L4 source = destination port number (Source UDP Port =
Destination UDP Port) Denial of Service protection.
Format

no dos-control udppport

Mode

Global Config

dos-control tcpflagseq
This command enables TCP Flag and Sequence Denial of Service protections. If the mode is
enabled, Denial of Service prevention is active for this type of attack. If packets ingress
having TCP Flag SYN set and a source port less than 1024 or having TCP Control Flags set
to 0 and TCP Sequence Number set to 0 or having TCP Flags FIN, URG, and PSH set and
TCP Sequence Number set to 0 or having TCP Flags SYN and FIN both set, the packets will
be dropped if the mode is enabled.
Default

disabled

Format

dos-control tcpflagseq

Mode

Global Config

no dos-control tcpflagseq
This command sets disables TCP Flag and Sequence Denial of Service protection.
Format

no dos-control tcpflagseq

Mode

Global Config

dos-control tcpoffset
This command enables TCP Offset Denial of Service protection. If the mode is enabled,
Denial of Service prevention is active for this type of attack. If packets ingress having TCP
Header Offset equal to one (1), the packets will be dropped if the mode is enabled.
Default

disabled

Format

dos-control tcpoffset

Mode

Global Config

no dos-control tcpoffset
This command disabled TCP Offset Denial of Service protection.
Format

no dos-control tcpoffset

Mode

Global Config

Switching Commands
218

ProSafe Managed Switch

dos-control tcpsyn
This command enables TCP SYN and L4 source = 0-1023 Denial of Service protection. If the
mode is enabled, Denial of Service prevention is active for this type of attack. If packets
ingress having TCP flag SYN set and an L4 source port from 0 to 1023, the packets will be
dropped if the mode is enabled.
Default

disabled

Format

dos-control tcpsyn

Mode

Global Config

no dos-control tcpsyn
This command sets disables TCP SYN and L4 source = 0-1023 Denial of Service protection.
Format

no dos-control tcpsyn

Mode

Global Config

dos-control tcpsynfin
This command enables TCP SYN and FIN Denial of Service protection. If the mode is
enabled, Denial of Service prevention is active for this type of attack. If packets ingress
having TCP flags SYN and FIN set, the packets will be dropped if the mode is enabled.
Default

disabled

Format

dos-control tcpsynfin

Mode

Global Config

no dos-control tcpsynfin
This command sets disables TCP SYN & FIN Denial of Service protection.
Format

no dos-control tcpsynfin

Mode

Global Config

dos-control tcpfinurgpsh
This command enables TCP FIN and URG and PSH and SEQ=0 checking Denial of Service
protections. If the mode is enabled, Denial of Service prevention is active for this type of
attack. If packets ingress having TCP FIN, URG, and PSH all set and TCP Sequence Number
set to 0, the packets will be dropped if the mode is enabled.
Default

disabled

Format

dos-control tcpfinurgpsh

Mode

Global Config

Switching Commands
219

ProSafe Managed Switch

no dos-control tcpfinurgpsh
This command sets disables TCP FIN and URG and PSH and SEQ=0 checking Denial of
Service protections.
Format

no dos-control tcpfinurgpsh

Mode

Global Config

dos-control icmpv4
This command enables Maximum ICMPv4 Packet Size Denial of Service protections. If the
mode is enabled, Denial of Service prevention is active for this type of attack. If ICMPv4 Echo
Request (PING) packets ingress having a size greater than the configured value, the packets
will be dropped if the mode is enabled.
Default

disabled <512>

Format

dos-control icmpv4 <0-16384>

Mode

Global Config

no dos-control icmpv4
This command disables Maximum ICMP Packet Size Denial of Service protections.
Format

no dos-control icmpv4

Mode

Global Config

dos-control icmpv6
This command enables Maximum ICMPv6 Packet Size Denial of Service protections. If the
mode is enabled, Denial of Service prevention is active for this type of attack. If ICMPv6 Echo
Request (PING) packets ingress having a size greater than the configured value, the packets
will be dropped if the mode is enabled.
Default

disabled <512>

Format

dos-control icmpv6 <0-16384>

Mode

Global Config

no dos-control icmpv6
This command disables Maximum ICMP Packet Size Denial of Service protections.
Format

no dos-control icmpv6

Mode

Global Config

Switching Commands
220

ProSafe Managed Switch

dos-control icmpfrag
This command enables ICMP Fragment Denial of Service protection. If the mode is enabled,
Denial of Service prevention is active for this type of attack. If packets ingress having
fragmented ICMP packets, the packets will be dropped if the mode is enabled.
Default

disabled

Format

dos-control icmpfrag

Mode

Global Config

no dos-control icmpfrag
This command disabled ICMP Fragment Denial of Service protection.
Format

no dos-control icmpfrag

Mode

Global Config

show dos-control
This command displays Denial of Service configuration information.
Format

show dos-control

Mode

Privileged EXEC

Note: Not all messages below are available in all 7000series managed
switches.

Term

Definition

First Fragment
Mode

May be enabled or disabled. The factory default is disabled.

Min TCP Hdr
Size <0-255>

The factory default is 20.

ICMP Mode

May be enabled or disabled. The factory default is disabled.

Max ICMPv4 Pkt The range is 0-1023. The factory default is 512.
Size
Max ICMPv6 Pkt The range is 0-16384. The factory default is 512.
Size
ICMP Fragment May be enabled or disabled. The factory default is disabled.
Mode
L4 Port Mode

May be enabled or disabled. The factory default is disabled.

TCP Port Mode

May be enabled or disabled. The factory default is disabled.

Switching Commands
221

ProSafe Managed Switch

Term

Definition

UDP Port Mode

May be enabled or disabled. The factory default is disabled.

SIPDIP Mode

May be enabled or disabled. The factory default is disabled.

SMACDMAC
Mode

May be enabled or disabled. The factory default is disabled.

TCP Flag Mode

May be enabled or disabled. The factory default is disabled.

TCP FIN&URG& May be enabled or disabled. The factory default is disabled.
PSH Mode
TCP Flag &
May be enabled or disabled. The factory default is disabled.
Sequence Mode
TCP SYN Mode

May be enabled or disabled. The factory default is disabled.

TCP SYN & FIN
Mode

May be enabled or disabled. The factory default is disabled.

TCP Fragment
Mode

May be enabled or disabled. The factory default is disabled.

TCP Offset
Mode

May be enabled or disabled. The factory default is disabled.

MAC Database Commands
This section describes the commands you use to configure and view information about the
MAC databases.

bridge aging-time
This command configures the forwarding database address aging timeout in seconds. The
 parameter must be within the range of 10 to 1,000,000 seconds.
Default

300

Format

bridge aging-time <10-1,000,000>

Mode

Global Config

no bridge aging-time
This command sets the forwarding database address aging timeout to the default value.
Format

no bridge aging-time

Mode

Global Config

Switching Commands
222

ProSafe Managed Switch

show forwardingdb agetime
This command displays the timeout for address aging.
Default

300s

Format

show forwardingdb agetime

Mode

Privileged EXEC

Term

Definition

Address Aging
Timeout

This parameter displays the address aging timeout for the associated forwarding
database.

show mac-address-table multicast
This command displays the Multicast Forwarding Database (MFDB) information. If you enter
the command with no parameter, the entire table is displayed. You can display the table entry
for one MAC Address by specifying the MAC address as an optional parameter.
Format

show mac-address-table multicast 

Mode

Privileged EXEC

Term

Definition

MAC Address

A multicast MAC address for which the switch has forwarding and or filtering information.
The format is two-digit hexadecimal numbers separated by colons, for example
01:23:45:67:89:AB. In an IVL system the MAC address will be displayed as a MAC
address and VLAN ID combination of 8 bytes.

Type

The type of the entry. Static entries are those that are configured by the end user.
Dynamic entries are added to the table as a result of a learning process or protocol.

Component

The component that is responsible for this entry in the Multicast Forwarding Database.
Possible values are IGMP Snooping, GMRP, and Static Filtering.

Description

The text description of this multicast table entry.

Interfaces

The list of interfaces that are designated for forwarding (Fwd:) and filtering (Flt:).

Forwarding
Interfaces

The resultant forwarding list is derived from combining all the component’s forwarding
interfaces and removing the interfaces that are listed as the static filtering interfaces.

show mac-address-table stats
This command displays the Multicast Forwarding Database (MFDB) statistics.
Format

show mac-address-table stats

Mode

Privileged EXEC

Switching Commands
223

ProSafe Managed Switch

Term

Definition

Max MFDB
Table Entries

The total number of entries that can possibly be in the Multicast Forwarding Database
table.

Most MFDB
Entries Since
Last Reset

The largest number of entries that have been present in the Multicast Forwarding
Database table. This value is also known as the MFDB high-water mark.

Current Entries

The current number of entries in the MFDB.

ISDP Commands
This section describes the commands you use to configure the industry standard Discovery
Protocol (ISDP).

isdp run
This command enables ISDP on the switch.
Default

Enabled

Format

isdp run

Mode

Global Config

no isdp run
This command disables ISDP on the switch.
Format

no isdp run

Mode

Global Config

isdp holdtime
This command configures the hold time for ISDP packets that the switch transmits. The hold
time specifies how long a receiving device should store information sent in the ISDP packet
before discarding it. The range is given in seconds.
Default

180 seconds

Format

isdp holdtime <10-255>

Mode

Global Config

Switching Commands
224

ProSafe Managed Switch

isdp timer
This command sets the period of time between sending new ISDP packets. The range is
given in seconds.
Default

30 seconds

Format

isdp timer <5-254>

Mode

Global Config

isdp advertise-v2
This command enables the sending of ISDP version 2 packets from the device.
Default

Enabled

Format

isdp advertise-v2

Mode

Global Config

no isdp advertise-v2
This command disables the sending of ISDP version 2 packets from the device.
Format

no isdp advertise-v2

Mode

Global Config

isdp enable
This command enables ISDP on the interface.
Default

Enabled

Format

isdp enable

Mode

Interface Config

no isdp enable
This command disables ISDP on the interface.
Format

no isdp enable

Mode

Interface Config

Switching Commands
225

ProSafe Managed Switch

clear isdp counters
This command clears ISDP counters.
Format

clear isdp counters

Mode

Privileged EXEC

clear isdp table
This command clears entries in the ISDP table.
Format

clear isdp table

Mode

Privileged EXEC

show isdp
This command displays global ISDP settings.
Format

show isdp

Mode

Privileged EXEC

Term

Definition

Timer

The frequency with which this device sends ISDP packets. This value is given in
seconds.

Hold Time

The length of time the receiving device should save information sent by this device. This
value is given in seconds.

Version 2
The setting for sending ISDPv2 packets. If disabled, version 1 packets are transmitted.
Advertisements
Device ID

The Device ID advertised by this device. The format of this Device ID is characterized by
the value of the Device ID Format object.

Device ID
Format
Capability

Indicates the Device ID format capability of the device.
• serialNumber indicates that the device uses a serial number as the format for its
Device ID.
• macAddress indicates that the device uses a Layer 2 MAC address as the format for
its Device ID.
• other indicates that the device uses its platform-specific format as the format for its
Device ID.

Device ID
Format

Indicates the Device ID format of the device.
• serialNumber indicates that the value is in the form of an ASCII string containing the
device serial number.
• macAddress indicates that the value is in the form of a Layer 2 MAC address.
• other indicates that the value is in the form of a platform specific ASCII string
containing info that identifies the device. For example, ASCII string contains
serialNumber appended/prepended with system name.

Switching Commands
226

ProSafe Managed Switch

show isdp interface
This command displays ISDP settings for the specified interface.
Format

show isdp interface {all | }

Mode

Privileged EXEC

Term

Definition

Mode

ISDP mode enabled/disabled status for the interface(s).

show isdp entry
This command displays ISDP entries. If the device id is specified, then only entries for that
device are shown.
Format

show isdp entry

Mode

Privileged EXEC

Term

Definition

Device ID

The device ID associated with the neighbor which advertised the information.

IP Addresses

The IP address(es) associated with the neighbor.

Platform

The hardware platform advertised by the neighbor.

Interface

The interface (slot/port) on which the neighbor's advertisement was received.

Port ID

The port ID of the interface from which the neighbor sent the advertisement.

Hold Time

The hold time advertised by the neighbor.

Version

The software version that the neighbor is running.

Advertisement
Version

The version of the advertisement packet received from the neighbor.

Capability

ISDP Functional Capabilities advertised by the neighbor.

{all | deviceid}

show isdp neighbors
This command displays the list of neighboring devices.
Format

show isdp neighbors [ { |

Mode

Privileged EXEC

Switching Commands
227

detail} ]

ProSafe Managed Switch

Term

Definition

Device ID

The device ID associated with the neighbor which advertised the information.

IP Addresses

The IP addresses associated with the neighbor.

Capability

ISDP functional capabilities advertised by the neighbor.

Platform

The hardware platform advertised by the neighbor.

Interface

The interface (unit/slot/port) on which the neighbor's advertisement was received.

Port ID

The port ID of the interface from which the neighbor sent the advertisement.

Hold Time

The hold time advertised by the neighbor.

Advertisement
Version

The version of the advertisement packet received from the neighbor.

Entry Last
Changed Time

Displays when the entry was last modified.

Version

The software version that the neighbor is running.

Example: The following shows example CLI display output for the command.
(Switch) #show isdp neighbors detail
Device ID
Address(es):
IP Address:
Capability
Platform
Interface
Port ID
Holdtime
Advertisement Version
Entry last changed time
Version :

0001f45f1bc0
10.27.7.57
Router Trans Bridge Switch IGMP
SecureStack C2
0/48
ge.3.14
131
2
0 days 00:01:59
05.00.56

show isdp traffic
This command displays ISDP statistics.
Format

show isdp traffic

Mode

Privileged EXEC

Term

Definition

ISDP Packets Received

Total number of ISDP packets received

ISDP Packets Transmitted

Total number of ISDP packets transmitted

ISDPv1 Packets Received

Total number of ISDPv1 packets received

Switching Commands
228

ProSafe Managed Switch

Term

Definition

ISDPv1 Packets
Transmitted

Total number of ISDPv1 packets transmitted

ISDPv2 Packets Received

Total number of ISDPv2 packets received

ISDPv2 Packets
Transmitted

Total number of ISDPv2 packets transmitted

ISDP Bad Header

Number of packets received with a bad header

ISDP Checksum Error

Number of packets received with a checksum error

ISDP Transmission Failure

Number of packets which failed to transmit

ISDP Invalid Format

Number of invalid packets received

ISDP Table Full

Number of times a neighbor entry was not added to the table due to a full
database

ISDP IP Address Table Full

Displays the number of times a neighbor entry was added to the table
without an IP address.

debug isdp packet
This command enables tracing of ISDP packets processed by the switch. ISDP must be
enabled on both the device and the interface in order to monitor packets for a particular
interface.
Format

debug isdp packet [{receive | transmit}]

Mode

Privileged EXEC

no debug isdp packet
This command disables tracing of ISDP packets on the receive or the transmit sides or on
both sides.
Format

no debug isdp packet [{receive | transmit}]

Mode

Privileged EXEC

Priority-Based Flow Control Commands
Ordinarily, when flow control is enabled on a physical link, it applies to all traffic on the link.
When congestion occurs, the hardware sends pause frames that temporarily suspend traffic
flow. Pausing traffic helps prevent buffer overflow and dropped frames.
Priority-based flow control provides a way to distinguish which traffic on physical link is
paused when congestion occurs, based on the priority of the traffic. An interface can be
configured to pause only high priority (i.e., loss-sensitive) traffic when necessary to prevent
dropped frames, while allowing traffic that has greater loss tolerance to continue to flow on
the interface.

Switching Commands
229

ProSafe Managed Switch

Priorities are differentiated by the priority field of the IEEE 802.1Q VLAN header, which
identifies an IEEE 802.1p priority value. In NETGEAR Managed Switch, these priority values
must be mapped to internal class-of-service (CoS) values.
To enable priority-based flow control for a particular CoS value on an interface:
•

Ensure that VLAN tagging is enabled on the interface so that the 802.1p priority values
are carried through the network.

•

Ensure that 802.1p priority values are mapped to IEEE 802.1Q CoS values.

•

Use the datacenter-bridging priority-flow-control mode on command to enable
priority-based flow control on the interface.

•

Use the datacenter-bridging priority-flow-control priority command to specify the CoS
values that should be paused ("no-drop") due to greater loss sensitivity. Unless
configured as "no-drop," all CoS priorities are considered nonpausable ("drop") when
priority-based flow control is enabled.

When priority-flow-control is disabled, the interface defaults to the IEEE 802.3x flow control
setting for the interface. When priority-based flow control is enabled, the interface will not
pause any CoS unless there is at least one no-drop priority.

datacenter-bridging
Use this command to go into datacenter-bridging mode.
Format

datacenter-bridging

Mode

Interface Config

priority-flow-control mode
Use this command to enable or disable priority-based flow control on an interface.
Format

priority-flow-control mode [on | off]

Mode

Datacenter-Bridging Config

Default

Disabled

priority-flow-control priority
Use this command to specify the priority group(s) that should be paused when necessary to
prevent dropped frames; i.e., the group to receive priority flow control. This configuration has
no effect on interfaces not enabled for priority flow control.
VLAN tagging must be enabled to carry the 802.1p value through the network. The number of
lossless priorities supported is 2. Additionally, the mapping of class-of-service levels to
802.1p priority values to must be set to one-to-one.
Format

priority-flow-control priority priority-list {drop | no-drop}

Switching Commands
230

ProSafe Managed Switch

Mode

Interface Config

Default

drop

show interface priority-flow-control
This command displays a summary of the priority flow control configuration for a specified
interface or all interfaces.
Format

show interface priority-flow-control [interface
]

Mode

Privileged EXEC

(Switch) #show interface priority-flow-control
Port
Drop
No-Drop
Operational
Priorities
Priorities
Status
-------------------- --------------- ----------0/1
0-7
Inactive
0/2
0-7
Inactive

Switching Commands
231

4.

Multicast VLAN Registration (MVR)

4

This chapter contains the following sections:
•

About MVR

•

MVR Commands

About MVR
Internet Group Management Protocol (IGMP) Layer 3 is widely used for IPv4 network
multicasting. In Layer 2 networks, IGMP uses resources inefficiently. For example, a Layer 2
switch multicasts traffic to all ports, even if there are receivers connected to only a few ports.
To address this problem, the IGMP Snooping protocol was developed. The problem still
appears, though, when receivers are in different VLANs.
MVR is intended to solve the problem of receivers in different VLANs. It uses a dedicated
manually configured VLAN, called the multicast VLAN, to forward multicast traffic over a
Layer 2 network in conjunction with IGMP snooping.

MVR Commands
mvr
This command enables MVR.
Format

mvr

Mode

Global Config
Interface Config

Default

Disabled

232

ProSafe Managed Switch

no mvr
This command disables MVR.
Format

no mvr

Mode

Global Config
Interface Config

mvr group
This command adds an MVR membership group.  is the IP multicast group being
added.
The count is the number of incremental multicast groups being added (the first multicast group is
A.B.C.D). If a count is not specified, then only one multicast group is added.
Format

mvr group  [count]

Mode

Global Config

no mvr group
This command removes the MVR membership group.
Format

no mvr group  [count]

Mode

Global Config

mvr mode
This command changes the MVR mode type. If the mode is set to compatible, then the switch
does not learn multicast groups; they need to be configured by the operator as the protocol does
not forward joins from the hosts to the router. To operate in this mode, the IGMP router needs to
be statically configured to transmit all required multicast streams to the MVR switch. If the mode
is set to dynamic, then the switch learns existing multicast groups by snooping the IGMP queries
from router on source ports and forwarding the IGMP joins from the hosts to the IGMP router on
the multicast VLAN (with appropriate translation of the VLAN ID).
Format

mvr mode { compatible |dynamic }

Mode

Global Config

Default

compatible

Multicast VLAN Registration (MVR)
233

ProSafe Managed Switch

no mvr mode
This command sets the mode type to the default value.
Format

no mvr mode

Mode

Global Config

mvr querytime
This command sets the MVR query response time.
Format

mvr querytime<1-100>

Mode

Global Config

Default

5

no mvr querytime
This command sets the MVR query response time to the default value.
Format

no mvr querytime

Mode

Global Config

mvr vlan
This command sets the MVR multicast VLAN.
Format

mvr vlan <1-4094>

Mode

Global Config

Default

1

no mvr vlan
This command sets the MVR multicast VLAN to the default value.
Format

no mvr vlan

Mode

Global Config

mvr immediate
This command enables MVR immediate leave mode. MVR has two modes of operating with the
IGMP Leave messages: normal leave and immediate leave:
•

In normal leave mode, when a leave is received, the general IGMP query is sent from a
Layer 2 switch to the receiver port, where the leave was received. Then reports are

Multicast VLAN Registration (MVR)
234

ProSafe Managed Switch

received from other interested hosts that are also connected to that port, for example,
using hub.
•

In immediate leave mode, when a leave is received, the switch is immediately
reconfigured not to forward a specific multicast stream to the port where a message is
received. This mode is used only for ports where only one client might be connected.

Format

mvr immediate

Mode

Interface Config

Default

Disabled

no mvr immediate
This command sets the MVR multicast VLAN to the default value.
Format

no mvr immediate

Mode

Interface Config

mvr type
This command sets the MVR port type. When a port is set as source, it is the port to which the
multicast traffic flows using the multicast VLAN. When a port is set to receiver, it is the port where
a listening host is connected to the switch.
Format

mvr type { receiver|source }

Mode

Interface Config

Default

none

no mvr type
Use this command to set the MVR port type to none.
Format

no mvr type

Mode

Interface Config

mvr vlan group
Use this command to include the port in the specific MVR group.  is the multicast
VLAN, and  is the IP multicast group
Format

mvr vlan  group 

Mode

Interface Config

Multicast VLAN Registration (MVR)
235

ProSafe Managed Switch

no mvr vlan
Use this command to exclude the port from the specific MVR group.
Format

no mvr vlan  group 

Mode

Interface Config

show mvr
This command displays global MVR settings.
Format

show mvr

Mode

Privileged EXEC

The following table explains the output parameters.
Term

Definition

MVR Running

MVR running state. It can be enabled or disabled.

MVR multicast VLAN

Current MVR multicast VLAN. It can be in the range from 1 to
4094.

MVR Max Multicast Groups

The maximum number of multicast groups supported by MVR.

MVR Current multicast groups

The current number of MVR groups allocated.

MVR Query response time

The current MVR query response time.

MVR Mode

The current MVR mode. It can be compatible or dynamic.

Example:
(Switch)#show mvr
MVR Running…...........................
MVR multicast VLAN…....................
MVR Max Multicast Groups…..............
MVR Current multicast groups…..........
MVR Global query response time…........
MVR Mode…..............................

TRUE
1200
256
1
10 (tenths of sec)
compatible

show mvr members
This command displays the MVR membership groups allocated.  is a valid multicast
address in IPv4 dotted notation.
Format

show mvr members []

Mode

Privileged EXEC

Multicast VLAN Registration (MVR)
236

ProSafe Managed Switch

The following table describes the output parameters.
Term

Definition

MVR Group IP

MVR group multicast IP address.

Status

The status of the specific MVR group. It can be active or inactive.

Members

The list of ports that participates in the specified MVR group.

Example:
(switch)#show mvr members
MVR Group IP
Status
-------------------------------224.1.1.1
INACTIVE

Members
--------------------1/0/1, 1/0/2, 1/0/3

(switch)#show mvr members 224.1.1.1
MVR Group IP
Status
-------------------------------224.1.1.1
INACTIVE

Members
--------------------1/0/1, 1/0/2, 1/0/3

show mvr interface
This command displays the MVR-enabled interfaces configuration.
Format

show mvr interface [ [members [vlan ]] ]

Mode

Privileged EXEC

The following table explains the output parameters.
Parameter

Description

Port

Interface number

Type

The MVR port type. It can be none, receiver, or source type.

Status

The interface status. It consists of two characteristics:
• active or inactive indicates whether the port is forwarding.
• inVLAN or notInVLAN indicates whether the port is part of any VLAN.

Immediate Leave

The state of immediate mode. It can be enabled or disabled.

Example:
(switch)#show mvr interface
Port
Type
----------------------1/0/9
RECEIVER

Status
--------------------ACTIVE/inVLAN

Immediate Leave
-------------------DISABLED

Multicast VLAN Registration (MVR)
237

ProSafe Managed Switch

(switch)#show mvr interface 1/0/9
Type: RECEIVER Status: ACTIVE
Immediate Leave: DISABLED
(switch)#show mvr interface Fa1/0/23 members
235.0.0.1 STATIC ACTIVE
(switch)#show mvr interface Fa1/0/23 members vlan 12
235.0.0.1 STATIC ACTIVE
235.1.1.1 STATIC ACTIVE

show mvr traffic
This command displays global MVR statistics.
Format

show mvr traffic

Mode

Privileged EXEC

The following table explains the output parameters.
Term

Definition

IGMP Query Received

Number of received IGMP queries

IGMP Report V1 Received

Number of received IGMP reports V1

IGMP Report V2 Received

Number of received IGMP reports V2

IGMP Leave Received

Number of received IGMP leaves

IGMP Query Transmitted

Number of transmitted IGMP queries

IGMP Report V1 Transmitted

Number of transmitted IGMP reports V1

IGMP Report V2 Transmitted

Number of transmitted IGMP reports V2

IGMP Leave Transmitted

Number of transmitted IGMP leaves

IGMP Packet Receive Failures

Number of failures on receiving the IGMP packets

IGMP Packet Transmit Failures

Number of failures on transmitting the IGMP packets

Example:
(switch)#show mvr traffic
IGMP
IGMP
IGMP
IGMP
IGMP

Query Received…........................................
Report V1 Received…....................................
Report V2 Received…....................................
Leave Received…........................................
Query Transmitted….....................................

Multicast VLAN Registration (MVR)
238

2
0
3
0
2

ProSafe Managed Switch

IGMP
IGMP
IGMP
IGMP
IGMP

Report V1 Transmitted….................................
Report V2 Transmitted….................................
Leave Transmitted….....................................
Packet Receive Failures…...............................
Packet Transmit Failures…..............................

Multicast VLAN Registration (MVR)
239

0
3
1
0
0

5.

Routing Commands

5

This chapter describes the routing commands available in the 7000 series CLI.

Note: Some commands described in this chapter require a license. For
more information, see Licensing and Command Support on page 8.

This chapter contains the following sections:
•

Address Resolution Protocol (ARP) Commands

•

IP Routing Commands

•

Router Discovery Protocol Commands

•

Virtual LAN Routing Commands

•

Virtual Router Redundancy Protocol Commands

•

DHCP and BOOTP Relay Commands

•

IP Helper Commands

•

Open Shortest Path First (OSPF) Commands

•

OSPF Graceful Restart Commands

•

Routing Information Protocol (RIP) Commands

•

ICMP Throttling Commands

The commands in this chapter are in three functional groups:
•

Show commands display switch settings, statistics, and other information.

•

Configuration commands configure features and options of the switch. For every
configuration command, there is a show command that displays the configuration setting.

•

Clear commands clear some or all of the settings to factory defaults.

Address Resolution Protocol (ARP) Commands
This section describes the commands you use to configure ARP and to view ARP
information on the switch. ARP associates IP addresses with MAC addresses and stores the
information as ARP entries in the ARP cache.

240

ProSafe Managed Switch

arp
This command creates an ARP entry. The value for  is the IP address of a
device on a subnet attached to an existing routing interface.  is a unicast MAC
address for that device.
The format of the MAC address is 6 two-digit hexadecimal numbers that are separated by
colons, for example 00:06:29:32:81:40.
Format

arp  

Mode

Global Config

no arp
This command deletes an ARP entry. The value for  is the IP address of the
interface. The value for  is the IP address of a device on a subnet attached to
an existing routing interface.  is a unicast MAC address for that device.
Format

no arp  

Mode

Global Config

ip local-proxy-arp
This command enables local-proxy-arp on interface or range of interfaces. The switch only
responds if all next hops in its route to the destination are through interfaces other than the
interface that received the ARP request. Enabling local proxy ARP removes this restriction..
Default

disabled

Format

ip local-proxy-arp

Mode

Interface Config

no ip local-proxy-arp
This command disables local-proxy-arp on the interface or a range of interfaces.
Format

no ip local-proxy-arp

Mode

Interface Config

ip proxy-arp
This command enables proxy ARP on a router interface. Without proxy ARP, a device only
responds to an ARP request if the target IP address is an address configured on the interface
where the ARP request arrived. With proxy ARP, the device may also respond if the target IP

Routing Commands
241

ProSafe Managed Switch

address is reachable. The device only responds if all next hops in its route to the destination
are through interfaces other than the interface that received the ARP request.
Default

enabled

Format

ip proxy-arp

Mode

Interface Config

no ip proxy-arp
This command disables proxy ARP on a router interface.
Format

no ip proxy-arp

Mode

Interface Config

arp cachesize
This command configures the ARP cache size. The ARP cache size value is a platform
specific integer value. The default size also varies depending on the platform.
Format

arp cachesize 

Mode

Global Config

no arp cachesize
This command configures the default ARP cache size.
Format

no arp cachesize

Mode

Global Config

arp dynamicrenew
This command enables the ARP component to automatically renew dynamic ARP entries
when they age out.
Default

enabled

Format

arp dynamicrenew

Mode

Privileged EXEC

no arp dynamicrenew
This command prevents dynamic ARP entries from renewing when they age out.
Format

no arp dynamicrenew

Mode

Privileged EXEC

Routing Commands
242

ProSafe Managed Switch

arp purge
This command causes the specified IP address to be removed from the ARP cache. Only
entries of type dynamic or gateway are affected by this command.
Format

arp purge 

Mode

Privileged EXEC

arp resptime
This command configures the ARP request response timeout.
The value for  is a valid positive integer, which represents the IP ARP entry
response timeout time in seconds. The range for  is between 1-10 seconds.
Default

1

Format

arp resptime <1-10>

Mode

Global Config

no arp resptime
This command configures the default ARP request response timeout.
Format

no arp resptime

Mode

Global Config

arp retries
This command configures the ARP count of maximum request for retries.
The value for  is an integer, which represents the maximum number of request
for retries. The range for  is an integer between 0-10 retries.
Default

4

Format

arp retries <0-10>

Mode

Global Config

no arp retries
This command configures the default ARP count of maximum request for retries.
Format

no arp retries

Mode

Global Config

Routing Commands
243

ProSafe Managed Switch

arp timeout
This command configures the ARP entry ageout time.
The value for  is a valid positive integer, which represents the IP ARP entry
ageout time in seconds. The range for  is between 15-21600 seconds.
Default

1200

Format

arp timeout <15-21600>

Mode

Global Config

no arp timeout
This command configures the default ARP entry ageout time.
Format

no arp timeout

Mode

Global Config

clear arp-cache
This command causes all ARP entries of type dynamic to be removed from the ARP cache. If
the gateway keyword is specified, the dynamic entries of type gateway are purged as well.
Format

clear arp-cache [gateway]

Mode

Privileged EXEC

clear arp-switch
Use this command to clear the contents of the switch’s Address Resolution Protocol (ARP)
table that contains entries learned through the Management port. To observe whether this
command is successful, ping from the remote system to the DUT. Issue the show arp
switch command to see the ARP entries. Then issue the clear arp-switch command
and check the show arp switch entries. There will be no more arp entries.
Format

clear arp-switch

Mode

Privileged EXEC

show arp
This command displays the Address Resolution Protocol (ARP) cache. The displayed results
are not the total ARP entries. To view the total ARP entries, the operator should view the
show arp results in conjunction with the show arp switch results.
Format

show arp

Mode

Privileged EXEC

Routing Commands
244

ProSafe Managed Switch

Term

Definition

Age Time
(seconds)

The time it takes for an ARP entry to age out. This is configurable. Age time is
measured in seconds.

Response Time
(seconds)

The time it takes for an ARP request timeout. This value is configurable. Response
time is measured in seconds.

Retries

The maximum number of times an ARP request is retried. This value is configurable.

Cache Size

The maximum number of entries in the ARP table. This value is configurable.

Dynamic Renew
Mode

Displays whether the ARP component automatically attempts to renew dynamic ARP
entries when they age out.

Total Entry Count
Current / Peak

The total entries in the ARP table and the peak entry count in the ARP table.

Static Entry Count The static entry count in the ARP table, the active entry count in the ARP table, the
Configured/Active
active entry count in the ARP table, and maximum static entry count in the ARP table.
/ Max

The following are displayed for each ARP entry:
Term

Definition

IP Address

The IP address of a device on a subnet attached to an existing routing interface.

MAC Address

The hardware MAC address of that device.

Interface

The routing unit/slot/port associated with the device ARP entry.

Type

The type that is configurable. The possible values are Local, Gateway, Dynamic and
Static.

Age

The current age of the ARP entry since last refresh (in hh:mm:ss format )

show arp brief
This command displays the brief Address Resolution Protocol (ARP) table information.
Format

show arp brief

Mode

Privileged EXEC

Term

Definition

Age Time
(seconds)

The time it takes for an ARP entry to age out. This value is configurable. Age time is
measured in seconds.

Response Time The time it takes for an ARP request timeout. This value is configurable. Response time
(seconds)
is measured in seconds.
Retries

The maximum number of times an ARP request is retried. This value is configurable.

Cache Size

The maximum number of entries in the ARP table. This value is configurable.

Routing Commands
245

ProSafe Managed Switch

Term

Definition

Dynamic Renew Displays whether the ARP component automatically attempts to renew dynamic ARP
Mode
entries when they age out.
Total Entry
The total entries in the ARP table and the peak entry count in the ARP table.
Count Current /
Peak
Static Entry
The static entry count in the ARP table and maximum static entry count in the ARP table.
Count Current /
Max

show arp switch
This command displays the contents of the switch’s Address Resolution Protocol (ARP)
table.
Format

show arp switch

Mode

Privileged EXEC

Term

Definition

IP Address

The IP address of a device on a subnet attached to the switch.

MAC Address

The hardware MAC address of that device.

Interface

The routing unit/slot/port associated with the device’s ARP entry.

IP Routing Commands
This section describes the commands you use to enable and configure IP routing on the
switch.

routing
This command enables IPv4 and IPv6 routing for an interface. You can view the current value
for this function with the show ip brief command. The value is labeled as “Routing
Mode.”
Default

disabled

Format

routing

Mode

Interface Config

no routing
This command disables routing for an interface.

Routing Commands
246

ProSafe Managed Switch

You can view the current value for this function with the show ip brief command. The
value is labeled as “Routing Mode.”
Format

no routing

Mode

Interface Config

ip routing
This command enables the IP Router Admin Mode for the master switch.
Format

ip routing

Mode

Global Config

no ip routing
This command disables the IP Router Admin Mode for the master switch.
Format

no ip routing

Mode

Global Config

ip address
This command configures an IP address on an interface. You can also use this command to
configure one or more secondary IP addresses on the interface.The value for  is
the IP address of the interface. The value for  is a 4-digit dotted-decimal
number which represents the subnet mask of the interface. The subnet mask must have
contiguous ones and be no longer than 30 bits, for example 255.255.255.0. This command
adds the label IP address in show ip interface.
Format

ip address   [secondary]

Mode

Interface Config

Parameter

Description

ipaddr

The IP address of the interface.

subnetmask

A four-digit dotted-decimal number that represents the subnet mask of the interface

masklen

Implements RFC 3021. Using the / notation of the subnet mask, this is an integer that
indicates the length of the subnet mask. Range is 5 to 32 bits.

no ip address
This command deletes an IP address from an interface. The value for  is the IP
address of the interface in a.b.c.d format where the range for a, b, c, and d is 1-255. The
value for  is a 4-digit dotted-decimal number which represents the Subnet

Routing Commands
247

ProSafe Managed Switch

Mask of the interface. To remove all of the IP addresses (primary and secondary) configured
on the interface, enter the command no ip address.
Format

no ip address [{  [secondary]}]

Mode

Interface Config

ip address dhcp
Use this command to enable the DHCPv4 client on an in-band interface so that it can acquire
network information, such as the IP address, subnet mask, and default gateway from a
network DHCP server. When DHCP is enabled on the interface, the system automatically
deletes all manually configured IPv4 addresses on the interface.
Default

disabled

Format

ip address dhcp

Mode

Interface Config

no ip address dhcp
Use this command to release a leased address and disable DHCPv4 on an interface.
Format

no ip address dhcp

Mode

Interface Config

ip default-gateway
Use this command to manually configure a default gateway for the switch. Only one default
gateway can be configured. If you use this command multiple times, each command replaces
the previous value.
Format

ip default-gateway 

Mode

Global Config

no ip default-gateway
Use this command to remove the default gateway address from the configuration.
Format

no ip default-gateway 

Mode

Interface Config

Routing Commands
248

ProSafe Managed Switch

release dhcp
Use this command to force the DHCPv4 client to release the leased address from the
specified interface.
Format

release dhcp 

Mode

Privileged EXEC

renew dhcp
Use this command to force the DHCPv4 client to immediately renew an IPv4 address lease
on the specified interface.
Format

renew dhcp {|network-port}

Mode

Privileged EXEC

Note: This command can be used on in-band ports as well as network
(out-of-band) port.

show dhcp lease
Use this command to display a list of IPv4 addresses currently leased from a DHCP server
on a specific in-band interface or all in-band interfaces. This command does not apply to
service or network ports.
Format

show dhcp lease [interface ]

Mode

Privileged EXEC

Term

Definition

IP address,
Subnet mask

The IP address and network mask leased from the DHCP server.

DHCP Lease
server

The IPv4 address of the DHCP server that leased the address.

State

State of the DHCPv4 Client on this interface.

DHCP transaction The transaction ID of the DHCPv4 Client.
ID
Lease

The time (in seconds) that the IP address was leased by the server.

Renewal

The time (in seconds) when the next DHCP renew Request is sent by DHCPv4 Client
to renew the leased IP address.

Rebind

The time (in seconds) when the DHCP Rebind process starts.

Retry count

Number of times the DHCPv4 client sends a DHCP REQUEST message before the
server responds.

Routing Commands
249

ProSafe Managed Switch

ip route
This command configures a static route. The  parameter is a valid IP address,
and  is a valid subnet mask. The  parameter is a valid IP
address of the next hop router. Specifying Null0 as nexthop parameter adds a static reject
route. The optional  parameter is an integer (value from 1 to 255) that allows
you to specify the preference value (sometimes called “administrative distance”) of an
individual static route. Among routes to the same destination, the route with the lowest
preference value is the route entered into the forwarding database. By specifying the
preference of a static route, you control whether a static route is more or less preferred than
routes from dynamic routing protocols. The preference also controls whether a static route is
more or less preferred than other static routes to the same destination. A route with a
preference of 255 cannot be used to forward traffic.
For the static routes to be visible, you must perform the following steps:
•

Enable ip routing globally.

•

Enable ip routing for the interface.

•

Confirm that the associated link is also up.

Default

preference—1

Format

ip route   [ | Null0] []

Mode

Global Config

no ip route
This command deletes a single next hop to a destination static route. If you use the
 parameter, the next hop is deleted. If you use the  value, the
preference value of the static route is reset to its default.
Format

no ip route   [{ [] |
Null0}]

Mode

Global Config

ip route default
This command configures the default route. The value for  is a valid IP
address of the next hop router. The  is an integer value from 1 to 255. A route
with a preference of 255 cannot be used to forward traffic.
Default

preference—1

Format

ip route default  []

Mode

Global Config

Routing Commands
250

ProSafe Managed Switch

no ip route default
This command deletes all configured default routes. If the optional  parameter
is designated, the specific next hop is deleted from the configured default route and if the
optional preference value is designated, the preference of the configured default route is
reset to its default.
Format

no ip route default [{ | }]

Mode

Global Config

ip route distance
This command sets the default distance (preference) for static routes. Lower route distance
values are preferred when determining the best route. The ip route and ip route
default commands allow you to optionally set the distance (preference) of an individual
static route. The default distance is used when no distance is specified in these commands.
Changing the default distance does not update the distance of existing static routes, even if
they were assigned the original default distance. The new default distance will only be
applied to static routes created after invoking the ip route distance command.
Default

1

Format

ip route distance <1-255>

Mode

Global Config

no ip route distance
This command sets the default static route preference value in the router. Lower route
preference values are preferred when determining the best route.
Format

no ip route distance

Mode

Global Config

ip netdirbcast
This command enables the forwarding of network-directed broadcasts. When enabled,
network directed broadcasts are forwarded. When disabled they are dropped.
Default

disabled

Format

ip netdirbcast

Mode

Interface Config

Routing Commands
251

ProSafe Managed Switch

no ip netdirbcast
This command disables the forwarding of network-directed broadcasts. When disabled,
network directed broadcasts are dropped.
Format

no ip netdirbcast

Mode

Interface Config

ip mtu
This command sets the IP Maximum Transmission Unit (MTU) on a routing interface. The IP
MTU is the size of the largest IP packet that can be transmitted on the interface without
fragmentation. The software currently does not fragment IP packets.
•

Packets forwarded in hardware ignore the IP MTU.

•

Packets forwarded in software are dropped if they exceed the IP MTU of the outgoing
interface.

Packets originated on the router, such as OSPF packets, may be fragmented by the IP stack.
The IP stack uses its default IP MTU and ignores the value set using the ip mtu command.
OSPF advertises the IP MTU in the Database Description packets it sends to its neighbors
during database exchange. If two OSPF neighbors advertise different IP MTUs, they will not
form an adjacency. (unless OSPF has been instructed to ignore differences in IP MTU with
the ip ospf mtu-ignore command.)

Note: The IP MTU size refers to the maximum size of the IP packet (IP
Header + IP payload). It does not include any extra bytes that may
be required for Layer-2 headers. To receive and process packets,
the Ethernet MTU (see mtu on page 41) must take into account the
size of the Ethernet header.

Default

1500 bytes

Format

ip mtu <68-9198>

Mode

Interface Config

no ip mtu
This command resets the ip mtu to the default value.
Format

no ip mtu 

Mode

Interface Config

Routing Commands
252

ProSafe Managed Switch

encapsulation
This command configures the link layer encapsulation type for the packet. The encapsulation
type can be ethernet or snap.
Default

ethernet

Format

encapsulation {ethernet | snap}

Mode

Interface Config

Note: Routed frames are always ethernet encapsulated when a frame is
routed to a VLAN.

clear ip route all
This command removes all the route entries learned over the network.
Format

clear ip route all

Mode

Privileged EXEC

Protocol

Tells which protocol added the specified route. The possibilities are: local, static, OSPF, or
RIP.

Total
Number of
Routes

The total number of routes.

clear ip route counters
This command resets to zero the IPv4 routing table counters reported in show ip route
summary. The command resets only the event counters. Counters that report the current
state of the routing table, such as the number of routes of each type, are not reset.
Format

clear ip route counters

Mode

Privileged EXEC

show ip brief
This command displays all the summary information of the IP, including the ICMP rate limit
configuration and the global ICMP Redirect configuration.

Format

show ip brief

Modes

• Privileged EXEC
• User EXEC

Routing Commands
253

ProSafe Managed Switch

Term

Definition

Default Time to Live

The computed TTL (Time to Live) of forwarding a packet from the local router to the
final destination.

Routing Mode

Shows whether the routing mode is enabled or disabled.

Maximum Next Hops The maximum number of next hops the packet can travel.
Maximum Routes

The maximum number of routes the packet can travel.

ICMP Rate Limit
Interval

Shows how often the token bucket is initialized with burst-size tokens.
Burst-interval is from 0 to 2147483647 milliseconds. The default burst-interval is
1000 msec.

ICMP Rate Limit
Burst Size

Shows the number of ICMPv4 error messages that can be sent during one
burst-interval. The range is from 1 to 200 messages. The default value is 100
messages.

ICMP Echo Replies

Shows whether ICMP Echo Replies are enabled or disabled.

ICMP Redirects

Shows whether ICMP Redirects are enabled or disabled.

The following shows example CLI display output for the command.
(Switch) #show ip brief
Default Time to Live...........................
Routing Mode...................................
Maximum Next Hops..............................
Maximum Routes.................................
ICMP Rate Limit Interval.......................
ICMP Rate Limit Burst Size.....................
ICMP Echo Replies..............................
ICMP Redirects.................................

64
Disabled
4
6000
1000 msec
100 messages
Enabled
Enabled

show ip interface
This command displays all pertinent information about the IP interface.
Format

show ip interface { | vlan <1-4093> | loopback <0-7>}

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Routing
Determine the operational status of IPv4 routing Interface. The possible values are Up or
Interface Status
Down.
Primary IP
Address

The primary IP address and subnet masks for the interface. This value appears only if
you configure it.

Secondary IP
Address

One or more secondary IP addresses and subnet masks for the interface. This value
appears only if you configure it.

Routing Commands
254

ProSafe Managed Switch

Term

Definition

Method

Shows whether the IP address was configured manually or acquired from a DHCP
server.

Routing Mode

The administrative mode of router interface participation. The possible values are enable
or disable. This value is configurable.

Administrative
Mode

The administrative mode of the specified interface. The possible values of this field are
enable or disable. This value is configurable.

Forward Net
Directed
Broadcasts

Displays whether forwarding of network-directed broadcasts is enabled or disabled. This
value is configurable.

Proxy ARP

Displays whether Proxy ARP is enabled or disabled on the system.

Local Proxy
ARP

Displays whether Local Proxy ARP is enabled or disabled on the interface.

Active State

Displays whether the interface is active or inactive. An interface is considered active if its
link is up and it is in forwarding state.

Link Speed Data An integer representing the physical link data rate of the specified interface. This is
Rate
measured in Megabits per second (Mbps).
MAC Address

The burned in physical address of the specified interface. The format is 6 two-digit
hexadecimal numbers that are separated by colons.

Encapsulation
Type

The encapsulation type for the specified interface. The types are: Ethernet or SNAP.

IP MTU

The maximum transmission unit (MTU) size of a frame, in bytes.

Bandwidth

Shows the bandwidth of the interface.

Destination
Unreachables

Displays whether ICMP Destination Unreachables may be sent (enabled or disabled).

ICMP Redirects Displays whether ICMP Redirects may be sent (enabled or disabled).

The following shows example CLI display output for the command.
(Switch) >show ip interface 1/0/2
Routing Interface Status.......................
Method.........................................
Routing Mode...................................
Administrative Mode............................
Forward Net Directed Broadcasts................
Proxy ARP......................................
Local Proxy ARP................................
Active State...................................
Link Speed Data Rate...........................
MAC address....................................
Encapsulation Type.............................
IP MTU.........................................
Bandwidth......................................
Destination Unreachables.......................
ICMP Redirects.................................

Down
None
Disable
Enable
Disable
Enable
Disable
Inactive
Inactive
02:14:6C:FF:00:DE
Ethernet
1500
100000 kbps
Enabled
Disabled

Routing Commands
255

ProSafe Managed Switch

show ip interface brief
This command displays summary information about IP configuration settings for all ports in
the router.
Format

show ip interface brief

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Interface

Valid slot and port number separated by forward slashes.

State

Routing operational state of the interface.

IP Address

The IP address of the routing interface in 32-bit dotted decimal format.

IP Mask

The IP mask of the routing interface in 32-bit dotted decimal format.

Netdir Bcast

Indicates if IP forwards net-directed broadcasts on this interface. Possible values are
Enable or Disable.

MultiCast Fwd

The multicast forwarding administrative mode on the interface. Possible values are
Enable or Disable.

Method

Shows whether the IP address was configured manually or acquired from a DHCP
server.

show ip protocols
This command lists a summary of the configuration and status for each unicast routing
protocol. The command lists routing protocols that are configured and enabled. If a protocol is
selected on the command line, the display is limited to that protocol.
Format

show ip protocols [ospf | rip]

Mode

Privileged EXEC

Parameter

Description

OSPFv2
Router ID

The router ID configured for OSPFv2

OSPF Admin Mode

Whether OSPF is enabled or disabled globally

Maximum Paths

The maximum number of next hops in an OSPF route

Routing for
Networks

The address ranges configured with an OSPF network command

Distance

The administrative distance (or route preference) for intra-area, inter-area, and external routes

Default Route
Advertise

Whether OSPF is configured to originate a default route

Routing Commands
256

ProSafe Managed Switch

Parameter

Description

Always

Whether default advertisement depends on having a default route in the common routing
table

Metric

The metric configured to be advertised with the default route

Metric Type

The metric type for the default route

Redist Source

A type of routes that OSPF is redistributing

Metric

The metric to advertise for redistributed routes of this type

Metric Type

The metric type to advertise for redistributed routes of this type

Subnets

Whether OSPF redistributes subnets of classful addresses, or only classful prefixes

Dist List

A distribute list used to filter routes of this type. Only routes that pass the distribute list are
redistributed

Number of Active
Areas

The number of OSPF areas with at least one interface running on this router. Also broken
down by area type

ABR Status

Whether the router is currently an area border router. A router is an area border router if it has
interfaces that are up in more than one area

ASBR Status

Whether the router is an autonomous system boundary router. The router is an ASBR if it is
redistributing any routes or originating a default route

RIP
Split Horizon Mode

Whether RIP advertises routes on the interface where they were received

Default Metric

The metric assigned to redistributed routes

Default Route
Advertise

Whether this router is originating a default route

Distance

The administrative distance for RIP routes

Redistribution

A table showing information for each source protocol (connected, static, bgp, and ospf). For
each of these source the distribution list and metric are shown. Fields which are not
configured are left blank. For ospf, configured ospf match parameters are also shown

Interface

The interfaces where RIP is enabled and the version sent and accepted on each interface

show ip route
This command displays the routing table. The  specifies the network for
which the route is to be displayed and displays the best matching best-route for the address.
The  specifies the subnet mask for the given . When you use the
longer-prefixes keyword, the  and  pair becomes the prefix, and
the command displays the routes to the addresses that match that prefix. Use the
 parameter to specify the protocol that installed the routes. The value for
 can be connected, ospf, rip, or static. Use the all parameter to display
all routes including best and non-best routes. If you do not use the all parameter, the
command only displays the best route.

Routing Commands
257

ProSafe Managed Switch

A “T” flag appended to a route indicates that it is an ECMP route, but only one of its next hops
has been installed in the forwarding table. The forwarding table might limit the number of
ECMP routes or the number of ECMP groups. When an ECMP route cannot be installed
because such a limit is reached, the route is installed with a single next hop. Such truncated
routes can be identified by a “T” after the interface name.

Note: If you use the connected keyword for , the all
option is not available because there are no best or non-best
connected routes.

Format

show ip route [{ [] | { 
[longer-prefixes] [] | } [all] | all}]

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Route Codes

The key for the routing protocol codes that might appear in the routing table output.

The show ip route command displays the routing tables in the following format:
Code

IP-Address/Mask [Preference/Metric] via Next-Hop, Route-Timestamp, Interface

The columns for the routing table display the following information:
Term

Definition

Code

The codes for the routing protocols that created the routes.

IP-Address/Mask

The IP-Address and mask of the destination network corresponding to this route.

Preference

The administrative distance associated with this route. Routes with low values are
preferred over routes with higher values.

Metric

The cost associated with this route.

via Next-Hop

The outgoing router IP address to use when forwarding traffic to the next router (if any)
in the path toward the destination.

Route-Timestamp The last updated time for dynamic routes. The format of Route-Timestamp will be
• Days:Hours:Minutes if days > = 1
• Hours:Minutes:Seconds if days < 1
Interface

The outgoing router interface to use when forwarding traffic to the next destination. For
reject routes, the next hop interface would be Null0 interface.

To administratively control the traffic destined to a particular network and prevent it from
being forwarded through the router, you can configure a static reject route on the router. Such
traffic would be discarded and the ICMP destination unreachable message is sent back to the

Routing Commands
258

ProSafe Managed Switch

source. This is typically used for preventing routing loops. The reject route added in the RTO
is of the type OSPF Inter-Area. Reject routes (routes of REJECT type installed by any
protocol) are not redistributed by OSPF/RIP. Reject routes are supported in both OSPFv2
and OSPFv3.
The following shows example CLI display output for the command.
(Switch) #show ip route
Route Codes: R - RIP Derived, O - OSPF Derived, C - Connected, S - Static
B - BGP Derived, IA - OSPF Inter Area
E1 - OSPF External Type 1, E2 - OSPF External Type 2
N1 - OSPF NSSA External Type 1, N2 - OSPF NSSA External Type 2
C 1.1.1.0/24 [0/1] directly connected, 0/11
C 2.2.2.0/24 [0/1] directly connected, 0/1
C 5.5.5.0/24 [0/1] directly connected, 0/5
S 7.0.0.0/8 [1/0] directly connected, Null0
OIA 10.10.10.0/24 [110/6] via 5.5.5.2,
00h:00m:01s,
C 11.11.11.0/24 [0/1] directly connected,
0/11
S 12.0.0.0/8 [5/0] directly connected, Null0
S 23.0.0.0/8 [3/0] directly connected, Null0

0/5

show ip route ecmp-groups
This command reports all current ECMP groups in the IPv4 routing table. An ECMP group is
a set of two or more next hops used in one or more routes. The groups are numbered
arbitrarily from 1 to n. The output indicates the number of next hops in the group and the
number of routes that use the set of next hops. The output lists the IPv4 address and
outgoing interface of each next hop in each group.
Format

show ip route ecmp-groups

Mode

Privileged EXEC

Example
(switch) #show ip route ecmp-groups
ECMP Group 1 with 2 next hops (used by 1 route)
172.20.33.100 on interface 2/33
172.20.34.100 on interface 2/34
ECMP Group 2 with 3 next hops (used by 1 route)
172.20.32.100 on interface 2/32
172.20.33.100 on interface 2/33
172.20.34.100 on interface 2/34
ECMP Group 3 with 4 next hops (used by 1 route)
172.20.31.100 on interface 2/31
172.20.32.100 on interface 2/32
172.20.33.100 on interface 2/33
172.20.34.100 on interface 2/34

Routing Commands
259

ProSafe Managed Switch

show ip route summary
Use this command to display the routing table summary. Use the optional all parameter to
show the number of all routes, including best and non-best routes. To include only the
number of best routes, do not use the optional parameter.
When the optional keyword all is given, some statistics, such as the number of routes from
each source, include counts for alternate routes. An alternate route is a route that is not the
most preferred route to its destination and therefore is not installed in the forwarding table.
When this keyword is not given, the output reports only for the best routes.
Format

show ip route summary [all]

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Connected
Routes

The total number of connected routes in the routing table.

Static Routes

Total number of static routes in the routing table.

RIP Routes

Total number of routes installed by RIP protocol.

OSPF Routes

Total number of routes installed by OSPF protocol.

Reject Routes

Total number of reject routes installed by all protocols.

Total Routes

Total number of routes in the routing table.

Best Routes

The number of best routes currently in the routing table. This number counts only the
best route to each destination.

Alternate
Routes

The number of alternate routes currently in the routing table. An alternate route is one
that was not selected as the best route to its destination.

Route Adds

The number of routes added to the routing table.

Route Modifies

The number of routes that changed after they were initially added to the routing table.

Route Deletes

The number of routes that deleted from the routing table.

Unresolved
Route Adds

The number of route adds that failed because none of the route’s next hops were on a
local subnet. Note that static routes can fail to be added to the routing table at startup
because the routing interfaces are not up yet. This counter gets incremented in this case.
The static routes are added to the routing table when the routing interfaces come up.

Invalid Route
Adds

The number of routes that failed to be added to the routing table because the route was
invalid. A log message is written for each of these failures.

Failed Route
Adds

The number of routes that failed to be added to the routing table because of a resource
limitation in the routing table.

Reserved
Locals

The number of routing table entries reserved for a local subnet on a routing interface that
is down. Space for local routes is always reserved so that local routes can be installed
when a routing interface bounces.

Routing Commands
260

ProSafe Managed Switch

Term

Definition

Unique Next
Hops

The number of distinct next hops used among all routes currently in the routing table.
These include local interfaces for local routes and neighbors for indirect routes.

Unique Next
Hops High
Water

The highest count of unique next hops since the counters were last cleared.

Next Hop
Groups

The current number of next hop groups in use by one or more routes. Each next hop
group includes one or more next hops.

Next Hop
Groups High
Water

The highest count of next hop groups since the counters were last cleared.

ECMP Groups

The number of next hop groups with multiple next hops.

ECMP Routes

The number of routes with multiple next hops currently in the routing table.

Truncated
ECMP Routes

The number of ECMP routes that are currently installed in the forwarding table with just
one next hop. The forwarding table might limit the number of ECMP routes or the number
of ECMP groups. When an ECMP route cannot be installed because the limit is reached,
the route is installed with a single next hop.

ECMP Retries

The number of ECMP routes that have been installed in the forwarding table after initially
being installed with a single next hop.

Routes with n
Next Hops

The current number of routes with each number of next hops.

The following shows example CLI display output for the command.
(router) #show ip route summary
Connected Routes...............................
Static Routes..................................
RIP Routes.....................................
OSPF Routes....................................
Intra Area Routes............................
Inter Area Routes............................
External Type-1 Routes.......................
External Type-2 Routes.......................
Reject Routes..................................
Total routes...................................
Best Routes (High).............................
Alternate Routes...............................
Route Adds.....................................
Route Modifies.................................
Route Deletes..................................
Unresolved Route Adds..........................
Invalid Route Adds.............................
Failed Route Adds..............................
Reserved Locals................................
Unique Next Hops (High)........................
Next Hop Groups (High).........................
ECMP Groups (High).............................
ECMP Routes....................................
Truncated ECMP Routes..........................
ECMP Retries...................................
Routes with 1 Next Hop.........................

7
1
20
1004
4
1000
0
0
0
1032
1032 (1032)
0
1010
1
10
0
0
0
0
13 (13)
13 (14)
2 (3)
1001
0
0
31

Routing Commands
261

ProSafe Managed Switch

Routes with 2 Next Hops........................ 1
Routes with 4 Next Hops........................ 1000

show ip route preferences
This command displays detailed information about the route preferences. Route preferences
are used in determining the best route. Lower router preference values are preferred over
higher router preference values. A route with a preference of 255 cannot be used to forward
traffic.
Format

show ip route preferences

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Local

The local route preference value.

Static

The static route preference value.

OSPF Intra

The OSPF Intra route preference value.

OSPF Inter

The OSPF Inter route preference value.

OSPF External

The OSPF External route preference value.

RIP

The RIP route preference value.

show ip stats
This command displays IP statistical information. Refer to RFC 1213 for more information
about the fields that are displayed.
Format

show ip stats

Modes

• Privileged EXEC
• User EXEC

show routing heap summary
This command displays a summary of the memory allocation from the routing heap. The
routing heap is a chunk of memory set aside when the system boots for use by the routing
applications.
Format

show routing heap summary

Mode

Privileged EXEC

Routing Commands
262

ProSafe Managed Switch

Parameter

Description

Heap Size

The amount of memory, in bytes, allocated at startup for the routing heap.

Memory In Use

The number of bytes currently allocated.

Memory on Free
List

The number of bytes currently on the free list. When a chunk of memory from the routing heap
is freed, it is placed on a free list for future reuse.

Memory Available
in Heap

The number of bytes in the original heap that have never been allocated.

In Use High Water
Mark

The maximum memory in use since the system last rebooted.

The following shows example CLI display output for the command.
(netgear switch) #show routing heap summary
Heap Size....................... 92594000 bytes
Memory In Use................... 149598 bytes (0%)
Memory on Free List............. 78721 bytes (0%)
Memory Available in Heap........ 92365249 bytes (99%)
In Use High Water Mark.......... 210788 bytes (0%)

Router Discovery Protocol Commands
This section describes the commands you use to view and configure Router Discovery
Protocol settings on the switch. The Router Discovery Protocol enables a host to discover the
IP address of routers on the subnet.

ip irdp
This command enables Router Discovery on an interface.
Default

disabled

Format

ip irdp

Mode

Interface Config

no ip irdp
This command disables Router Discovery on an interface.
Format

no ip irdp

Mode

Interface Config

Routing Commands
263

ProSafe Managed Switch

ip irdp multicast
This command configures the address that the interface uses to send the router discovery
advertisements. The address is 224.0.0.1, which is the all-hosts IP multicast address.
Default

224.0.0.1

Format

ip irdp multicast

Mode

Interface Config

no ip irdp multicast
This command configures the address used to advertise the router to the Broadcast address
(255.255.255.155)..
Format

no ip irdp multicast

Mode

Interface Config

ip irdp holdtime
This command configures the value, in seconds, of the holdtime field of the router
advertisement sent from this interface. The holdtime range is the value of
 to 9000 seconds.
Default

3 * maxinterval

Format

ip irdp holdtime 

Mode

Interface Config

no ip irdp holdtime
This command configures the default value, in seconds, of the holdtime field of the router
advertisement sent from this interface.
Format

no ip irdp holdtime

Mode

Interface Config

ip irdp maxadvertinterval
This command configures the maximum time, in seconds, allowed between sending router
advertisements from the interface. The range for maxadvertinterval is 4 to 1800 seconds.
Default

600

Format

ip irdp maxadvertinterval <4-1800>

Mode

Interface Config

Routing Commands
264

ProSafe Managed Switch

no ip irdp maxadvertinterval
This command configures the default maximum time, in seconds.
Format

no ip irdp maxadvertinterval

Mode

Interface Config

ip irdp minadvertinterval
This command configures the minimum time, in seconds, allowed between sending router
advertisements from the interface. The range for minadvertinterval is three to the value of
maxadvertinterval.
Default

0.75 * maxadvertinterval

Format

ip irdp minadvertinterval <3-maxadvertinterval>

Mode

Interface Config

no ip irdp minadvertinterval
This command sets the default minimum time to the default.
Format

no ip irdp minadvertinterval

Mode

Interface Config

ip irdp preference
This command configures the preferability of the address as a default router address, relative
to other router addresses on the same subnet.
Default

0

Format

ip irdp preference <-2147483648 to 2147483647>

Mode

Interface Config

no ip irdp preference
This command configures the default preferability of the address as a default router address,
relative to other router addresses on the same subnet.
Format

no ip irdp preference

Mode

Interface Config

Routing Commands
265

ProSafe Managed Switch

show ip irdp
This command displays the router discovery information for all interfaces, or a specified
interface.
Format

show ip irdp { | all}

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Interface

The  that matches the rest of the information in the row.

Ad Mode

The advertise mode, which indicates whether router discovery is enabled or disabled on
this interface.

Advertise
Address

The IP address to which the interface sends the advertisement.

Max Int

The maximum advertise interval, which is the maximum time, in seconds, allowed
between sending router advertisements from the interface.

Min Int

The minimum advertise interval, which is the minimum time, in seconds, allowed
between sending router advertisements from the interface.

Hold Time

The amount of time, in seconds, that a system should keep the router advertisement
before discarding it.

Preference

The preference of the address as a default router address, relative to other router
addresses on the same subnet.

Virtual LAN Routing Commands
This section describes the commands you use to view and configure VLAN routing and to
view VLAN routing status information.

vlan routing
This command enables routing on a VLAN. The vlanid value has a range from 1 to 4093. The
[interface ID] value has a range from 1 to 128. Typically, you will not supply the interface ID
argument, and the system automatically selects the interface ID. However, if you specify an
interface ID that is already in use, the CLI displays an error message and does not create the
VLAN interface.
Format

vlan routing  [interface ID]

Mode

VLAN Config

Routing Commands
266

ProSafe Managed Switch

no vlan routing
This command deletes routing on a VLAN. The  value has a range from 1 to 4093.
Format

no vlan routing 

Mode

VLAN Config

show ip vlan
This command displays the VLAN routing information for all VLANs with routing enabled.
Format

show ip vlan

Modes

• Privileged EXEC
• User EXEC

Term

Definition

MAC Address
The MAC Address associated with the internal bridge-router interface (IBRI). The same
used by
MAC Address is used by all VLAN routing interfaces. It will be displayed above the
Routing VLANs
per-VLAN information.
VLAN ID

The identifier of the VLAN.

Logical
Interface

The logical unit/slot/port associated with the VLAN routing interface.

IP Address

The IP address associated with this VLAN.

Subnet Mask

The subnet mask that is associated with this VLAN.

Virtual Router Redundancy Protocol Commands
This section describes the commands you use to view and configure Virtual Router
Redundancy Protocol (VRRP) and to view VRRP status information. VRRP helps provide
failover and load balancing when you configure two devices as a VRRP pair.

ip vrrp (Global Config)
Use this command in Global Config mode to enable the administrative mode of VRRP on the
router.
Default

none

Format

ip vrrp

Mode

Global Config

Routing Commands
267

ProSafe Managed Switch

no ip vrrp
Use this command in Global Config mode to disable the default administrative mode of
VRRP on the router.
Format

no ip vrrp

Mode

Global Config

ip vrrp (Interface Config)
Use this command in Interface Config mode to create a virtual router associated with the
interface. The parameter  is the virtual router ID, which has an integer value range
from 1 to 255.
Format

ip vrrp 

Mode

Interface Config

no ip vrrp
Use this command in Interface Config mode to delete the virtual router associated with the
interface. The virtual Router ID, , is an integer value that ranges from 1 to 255.
Format

no ip vrrp 

Mode

Interface Config

ip vrrp mode
This command enables the virtual router configured on the specified interface. Enabling the
status field starts a virtual router. The parameter  is the virtual router ID which has an
integer value ranging from 1 to 255.
Default

disabled

Format

ip vrrp  mode

Mode

Interface Config

no ip vrrp mode
This command disables the virtual router configured on the specified interface. Disabling the
status field stops a virtual router.
Format

no ip vrrp  mode

Mode

Interface Config

Routing Commands
268

ProSafe Managed Switch

ip vrrp ip
This command sets the virtual router IP address value for an interface. The value for
 is the IP address which is to be configured on that interface for VRRP. The
parameter  is the virtual router ID which has an integer value range from 1 to 255.
You can use the optional [secondary] parameter to designate the IP address as a
secondary IP address.
Default

none

Format

ip vrrp  ip  [secondary]

Mode

Interface Config

no ip vrrp ip
Use this command in Interface Config mode to delete a secondary IP address value from the
interface. To delete the primary IP address, you must delete the virtual router on the
interface.
Format

no ip vrrp   secondary

Mode

Interface Config

ip vrrp authentication
This command sets the authorization details value for the virtual router configured on a
specified interface. The parameter {none | simple} specifies the authorization type for
virtual router configured on the specified interface. The parameter [key] is optional, it is only
required when authorization type is simple text password. The parameter  is the
virtual router ID which has an integer value ranges from 1 to 255.
Default

no authorization

Format

ip vrrp  authentication {none | simple }

Mode

Interface Config

no ip vrrp authentication
This command sets the default authorization details value for the virtual router configured on
a specified interface.
Format

no ip vrrp  authentication

Mode

Interface Config

Routing Commands
269

ProSafe Managed Switch

ip vrrp preempt
This command sets the preemption mode value for the virtual router configured on a
specified interface. The parameter  is the virtual router ID, which is an integer from 1
to 255.
Default

enabled

Format

ip vrrp  preempt

Mode

Interface Config

no ip vrrp preempt
This command sets the default preemption mode value for the virtual router configured on a
specified interface.
Format

no ip vrrp  preempt

Mode

Interface Config

ip vrrp priority
This command sets the priority of a router within a VRRP group. Higher values equal higher
priority. The range is from 1 to 254. The parameter  is the virtual router ID, whose
range is from 1 to 255.
The router with the highest priority is elected master. If a router is configured with the address
used as the address of the virtual router, the router is called the “address owner.” The priority
of the address owner is always 255 so that the address owner is always master. If the master
has a priority less than 255 (it is not the address owner) and you configure the priority of
another router in the group higher than the master’s priority, the router will take over as
master only if preempt mode is enabled.
Default

100 unless the router is the address owner, in which case its priority is automatically set to
255.

Format

ip vrrp  priority <1-254>

Mode

Interface Config

no ip vrrp priority
This command sets the default priority value for the virtual router configured on a specified
interface.
Format

no ip vrrp  priority

Mode

Interface Config

Routing Commands
270

ProSafe Managed Switch

ip vrrp timers advertise
This command sets the frequency, in seconds, that an interface on the specified virtual router
sends a virtual router advertisement.
Default

1

Format

ip vrrp  timers advertise <1-255>

Mode

Interface Config

no ip vrrp timers advertise
This command sets the default virtual router advertisement value for an interface.
Format

no ip vrrp  timers advertise

Mode

Interface Config

ip vrrp track interface
Use this command to alter the priority of the VRRP router based on the availability of its
interfaces. This command is useful for tracking interfaces that are not configured for VRRP.
Only IP interfaces are tracked. A tracked interface is up if the IP on that interface is up.
Otherwise, the tracked interface is down.
When the tracked interface is down or the interface has been removed from the router, the
priority of the VRRP router will be decremented by the value specified in the 
argument. When the interface is up for IP protocol, the priority will be incremented by the
 value.
A VRRP configured interface can track more than one interface. When a tracked interface
goes down, then the priority of the router will be decreased by 10 (the default priority
decrement) for each downed interface. The default priority decrement is changed using the
 argument. The default priority of the virtual router is 100, and the default
decrement priority is 10. By default, no interfaces are tracked. If you specify just the interface
to be tracked, without giving the optional priority, then the default priority will be set. The
default priority decrement is 10.
Default

priority: 10

Format

ip vrrp  track interface  [decrement
]

Mode

Interface Config

Routing Commands
271

ProSafe Managed Switch

no ip vrrp track interface
Use this command to remove the interface from the tracked list or to restore the priority
decrement to its default.
Format

no ip vrrp  track interface  [decrement]

Mode

Interface Config

ip vrrp track ip route
Use this command to track the route reachability. When the tracked route is deleted, the
priority of the VRRP router will be decremented by the value specified in the 
argument. When the tracked route is added, the priority will be incremented by the same.
A VRRP configured interface can track more than one route. When a tracked route goes
down, then the priority of the router will be decreased by 10 (the default priority decrement)
for each downed route. By default no routes are tracked. If you specify just the route to be
tracked, without giving the optional priority, then the default priority will be set. The default
priority decrement is 10. The default priority decrement is changed using the 
argument.
Default

priority: 10

Format

ip vrrp  track ip route  [decrement
]

Mode

Interface Config

no ip vrrp track ip route
Use this command to remove the route from the tracked list or to restore the priority
decrement to its default. When removing a tracked IP route from the tracked list, the priority
should be incremented by the decrement value if the route is not reachable.
Format

no ip vrrp  track ip route 
[decrement]

Mode

Interface Config

ip vrrp  accept-mode
This command is used to allow a router to respond to ICMP Echo Requests sent to an
address on a VRRP virtual router. VRRP supports responding to pings, but does not allow the
VRRP Master to accept other types of packets. A new configuration option controls whether
the router responds to Echo Requests sent to a VRRP IP address.
The VRRP Master responds to both fragmented and un-fragmented ICMP Echo Request
packets. The VRRP Master responds to Echo Requests sent to the virtual router's primary
address or any of its secondary addresses.

Routing Commands
272

ProSafe Managed Switch

Ping to a VRRP IP address only works from the host side (where the VRRP router is
configured). There is no value in pinging to the VRRP IP from another interface because
packet flow from the network to the host doesn't involve VRRP. This is used only to
troubleshoot a connectivity problem for traffic originating on the VRRP protected LAN.
Members of the virtual router who are in backup state discard ping packets destined to VRRP
address(es), just as they discard any Ethernet frame sent to a VRRP MAC address. When
the VRRP master responds with an Echo Reply, the source IPv4 address is the VRRP
address and source MAC address is the virtual router's MAC address.
There is a separate command "ip icmp echo-reply" that controls whether the router responds
to ICMP Echo Requests. When Echo Replies are disabled using that command, the VRRP
master does not respond to Echo Requests, even if this new option is enabled.
Default

disabled

Format

ip vrrp  accept-mode

Mode

Interface Config

no ip vrrp vrid accept-mode
This command is used to allow a router to respond to ICMP Echo Requests sent to an
address on a VRRP virtual router.
Format

no ip vrrp  accept-mode

Mode

Interface Config

show ip vrrp interface stats
This command displays the statistical information about each virtual router configured on the
switch.

Format

show ip vrrp interface stats  

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Uptime

The time that the virtual router has been up, in days, hours, minutes and seconds.

Protocol

The protocol configured on the interface.

State
Transitioned to
Master

The total number of times virtual router state has changed to MASTER.

Advertisement
Received

The total number of VRRP advertisements received by this virtual router.

Advertisement
Interval Errors

The total number of VRRP advertisements received for which advertisement interval is
different than the configured value for this virtual router.

Routing Commands
273

ProSafe Managed Switch

Term

Definition

Authentication
Failure

The total number of VRRP packets received that don't pass the authentication check.

IP TTL errors

The total number of VRRP packets received by the virtual router with IP TTL (time to live)
not equal to 255.

Zero Priority
Packets
Received

The total number of VRRP packets received by virtual router with a priority of '0'.

Zero Priority
Packets Sent

The total number of VRRP packets sent by the virtual router with a priority of '0'.

Invalid Type
Packets
Received

The total number of VRRP packets received by the virtual router with invalid 'type' field.

Address List
Errors

The total number of VRRP packets received for which address list does not match the
locally configured list for the virtual router.

Invalid
Authentication
Type

The total number of VRRP packets received with unknown authentication type.

Authentication
Type Mismatch

The total number of VRRP advertisements received for which 'auth type' not equal to
locally configured one for this virtual router.

Packet Length
Errors

The total number of VRRP packets received with packet length less than length of VRRP
header.

show ip vrrp
This command displays whether VRRP functionality is enabled or disabled on the switch. It
also displays some global parameters which are required for monitoring. This command
takes no options.
Format

show ip vrrp

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Admin Mode

The administrative mode for VRRP functionality on the switch.

Router
Checksum
Errors

The total number of VRRP packets received with an invalid VRRP checksum value.

Router Version
Errors

The total number of VRRP packets received with Unknown or unsupported version
number.

Router VRID
Errors

The total number of VRRP packets received with invalid VRID for this virtual router.

Routing Commands
274

ProSafe Managed Switch

show ip vrrp interface
This command displays all configuration information and VRRP router statistics of a virtual
router configured on a specific interface. Use the output of the command to verify the track
interface and track IP route configurations.
Format

show ip vrrp interface {  }

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Primary IP
Address

The configured IP address for the Virtual router.

VMAC address

The VMAC address of the specified router.

Authentication
type

The authentication type for the specific virtual router.

Priority

The priority value for the specific virtual router, taking into account any priority
decrements for tracked interfaces or routes.

Configured
Priority

The priority configured through the ip vrrp  priority <1-254> command.

Advertisement
interval

The advertisement interval in seconds for the specific virtual router.

Pre-Empt Mode The preemption mode configured on the specified virtual router.
Administrative
Mode

The status (Enable or Disable) of the specific router.

State

The state (Master/backup) of the virtual router.

The following shows example CLI display output for the command.
(Switch)#show ip vrrp interface 1/0/1 1
Primary IP Address.............................
VMAC Address...................................
Authentication Type............................
Priority.......................................
Configured priority..........................
Advertisement Interval (secs)..................
Pre-empt Mode..................................
Administrative Mode............................
Accept Mode....................................
State..........................................
Track Interface
--------------<1/0/1>

State
------

TrackRoute (pfx/len)
-----------------------10.10.10.1/255.255.255.0

DecrementPriority
------------------

down
State
-----down

1.1.1.5
00:00:5e:00:01:01
None
100
100
1
Enable
Disable
Enable
Initialized

10
DecrementPriority
-----------------10

Routing Commands
275

ProSafe Managed Switch

show ip vrrp interface brief
This command displays information about each virtual router configured on the switch. This
command takes no options. It displays information about each virtual router.
Format

show ip vrrp interface brief

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Interface

Valid slot and port number separated by forward slashes.

VRID

The router ID of the virtual router.

IP Address

The virtual router IP address.

Mode

Indicates whether the virtual router is enabled or disabled.

State

The state (Master/backup) of the virtual router.

DHCP and BOOTP Relay Commands
This section describes the commands you use to configure BootP/DHCP Relay on the
switch. A DHCP relay agent operates at Layer 3 and forwards DHCP requests and replies
between clients and servers when they are not on the same physical subnet.

bootpdhcprelay cidoptmode
This command enables the circuit ID option mode for BootP/DHCP Relay on the system.
Default

disabled

Format

bootpdhcprelay cidoptmode

Mode

Global Config

no bootpdhcprelay cidoptmode
This command disables the circuit ID option mode for BootP/DHCP Relay on the system.
Format

no bootpdhcprelay cidoptmode

Mode

Global Config

Routing Commands
276

ProSafe Managed Switch

bootpdhcprelay maxhopcount
This command configures the maximum allowable relay agent hops for BootP/DHCP Relay
on the system. The  parameter has a range of 1 to 16.
Default

4

Format

bootpdhcprelay maxhopcount <1-16>

Mode

Global Config

no bootpdhcprelay maxhopcount
This command configures the default maximum allowable relay agent hops for BootP/DHCP
Relay on the system.
Format

no bootpdhcprelay maxhopcount

Mode

Global Config

bootpdhcprelay minwaittime
This command configures the minimum wait time in seconds for BootP/DHCP Relay on the
system. When the BOOTP relay agent receives a BOOTREQUEST message, it MAY use the
seconds-since-client-began-booting field of the request as a factor in deciding whether to
relay the request or not. The parameter has a range of 0 to 100 seconds.
Default

0

Format

bootpdhcprelay minwaittime <0-100>

Mode

Global Config

no bootpdhcprelay minwaittime
This command configures the default minimum wait time in seconds for BootP/DHCP Relay
on the system.
Format

no bootpdhcprelay minwaittime

Mode

Global Config

show bootpdhcprelay
This command displays the BootP/DHCP Relay information.
Format

show bootpdhcprelay

Modes

• Privileged EXEC
• User EXEC

Routing Commands
277

ProSafe Managed Switch

Term

Definition

Maximum Hop
Count

The maximum allowable relay agent hops.

Minimum Wait
The minimum wait time.
Time (Seconds)
Admin Mode

Indicates whether relaying of requests is enabled or disabled.

Server IP
Address

The IP address for the BootP/DHCP Relay server.

Circuit Id
Option Mode

The DHCP circuit Id option which may be enabled or disabled.

Requests
Received

The number or requests received.

Requests
Relayed

The number of requests relayed.

Packets
Discarded

The number of packets discarded.

IP Helper Commands
This section describes the commands to configure a DHCP relay agent with multiple DHCP
server addresses per routing interface, and to use different server addresses for client
packets arriving on different interfaces on the relay agent.

clear ip helper statistics
Use this command to reset the statistics displayed in the show ip helper statistics
command to zero.
Format

clear ip helper statistics

Mode

Privileged EXEC

ip helper-address (Global Config)
Use the Global Configuration ip helper-address command to have the switch forward User
Datagram Protocol (UDP) broadcasts received on an interface. To disable the forwarding of
broadcast packets to specific addresses, use the no form of this command.
The ip helper-address command forwards specific UDP broadcast from one interface to
another. You can define many helper addresses but the total number of address-port pairs is
limited to 128 for the whole device. The setting of a helper address for a specific interface has
precedence over a setting of a helper address for all interfaces.
Ip-address: Destination broadcast or host address to be used when forwarding UDP
broadcasts. You can specify 0.0.0.0 to indicate not to forward the UDP packet to any host and
use "255.255.255.255" to broadcast the UDP packets to all hosts on the target subnet.

Routing Commands
278

ProSafe Managed Switch

udp-port-list: The broadcast packet destination UDP port number to forward. If not specified,
packets for the default services are forwarded to the helper address. Valid range, 0-65535.
Default

Disabled

Format

ip helper-address 
{<1-65535>|dhcp|domain|isakmp|mobile-ip|nameserver|
netbios-dgm|netbios-ns|ntp|pim-auto-rip|rip|tacacs|tftp|time}

Mode

Global Config

no ip helper-address (Global Config)
Use this command to remove the IP address from the previously configured list. The no
command without an  argument removes the entire list of helper addresses
on that interface.
Format

no ip helper-address {}
{<1-65535>|dhcp|domain|isakmp|mobile-ip|nameserver|
netbios-dgm|netbios-ns|ntp|pim-auto-rip|rip|tacacs|tftp|time}

Mode

GlobalConfig

ip helper enable
Use this command to enable relay of UDP packets. This command can be used to
temporarily disable IP helper without deleting all IP helper addresses. This command
replaces the bootpdhcprelay enable command, but affects not only relay of DHCP
packets, but also relay of any other protocols for which an IP helper address has been
configured.
Default

disabled

Format

ip helper enable

Mode

Global Config

no ip helper enable
Use this command to disable relay of all UDP packets.
Format

no ip helper enable

Mode

Global Config

ip helper-address
Use this command to add a unicast helper address to the list of helper addresses on an
interface. This is the address of a DHCP server. This command can be applied multiple times

Routing Commands
279

ProSafe Managed Switch

on the routing interface to form the helper addresses list until the list reaches the maximum
supported helper addresses.
Format

ip helper-address 
{<1-65535>|dhcp|domain|isakmp|mobile-ip|nameserver|
netbios-dgm|netbios-ns|ntp|pim-auto-rip|rip|tacacs|tftp|time}

Mode

Interface Config

no ip helper-address
Use this command to remove the IP address from the previously configured list. The no
command without an  argument removes the entire list of helper addresses
on that interface.
Format

no ip helper-address {}
{<1-65535>|dhcp|domain|isakmp|mobile-ip|nameserver|
netbios-dgm|netbios-ns|ntp|pim-auto-rip|rip|tacacs|tftp|time}

Mode

Interface Config

ip helper-address discard
Use this command to drop matching packets.
Format

ip helper-address discard
{<1-65535>|dhcp|domain|isakmp|mobile-ip|nameserver|
netbios-dgm|netbios-ns|ntp|pim-auto-rip|rip|tacacs|tftp|time}

Mode

Interface Config

no ip helper-address discard
Use this command to permit the matching packets.
Format

no ip helper-address discard
{<1-65535>|dhcp|domain|isakmp|mobile-ip|nameserver|
netbios-dgm|netbios-ns|ntp|pim-auto-rip|rip|tacacs|tftp|time}

Mode

Interface Config

show ip helper-address
Use this command to display the configured helper addresses on the given interface.
Format

show ip helper-address 

Mode

• Privileged EXEC
• User EXEC

The following shows example CLI display output for the command.
(switch) #show ip helper-address 1/0/1

Routing Commands
280

ProSafe Managed Switch

Helper IP Address.............................. 1.2.3.4
............................................... 1.2.3.5

show ip helper statistics
Use this command to display the number of DHCP and other UDP packets processed and
relayed by the UDP relay agent.
Format

show ip helper statistics

Mode

Privileged EXEC

Term

Definition

DHCP client
messages received

The number of valid messages received from a DHCP client. The count is
incremented only if IP helper is enabled globally, the ingress routing interface is up,
and the packet passes a number of validity checks, such as having a TTL>1 and
having valid source and destination IP addresses.

DHCP client
messages relayed

The number of DHCP client messages relayed to a server. If a message is relayed
to multiple servers, the count is incremented once for each server.

DHCP server
messages received

The number of DHCP responses received from the DHCP server. This count
includes only messages that the DHCP server unicasts to the relay agent for relay
to the client.

DHCP server
messages relayed

The number of DHCP server messages relayed to a client.

UDP clients
messages received

The number of valid UDP packets received. This count includes DHCP messages
and all other protocols relayed. Conditions are similar to those for the first statistic in
this table.

UDP clients
messages relayed

The number of UDP packets relayed. This count includes DHCP messages relayed
as well as all other protocols. The count is incremented for each server to which a
packet is sent.

DHCP message hop The number of DHCP client messages received whose hop count is larger than the
count exceeded max
maximum allowed. The maximum hop count is a configurable value listed in show
bootpdhcprelay. A log message is written for each such failure. The DHCP relay
agent does not relay these packets.
DHCP message with The number of DHCP client messages received whose secs field is less than the
secs field below min
minimum value. The minimum secs value is a configurable value and is displayed in
show bootpdhcprelay. A log message is written for each such failure. The DHCP
relay agent does not relay these packets.
DHCP message with The number of DHCP client messages received whose gateway address, giaddr, is
giaddr set to local
already set to an IP address configured on one of the relay agent’s own IP
address
addresses. In this case, another device is attempting to spoof the relay agent’s
address. The relay agent does not relay such packets. A log message gives details
for each occurrence.

Routing Commands
281

ProSafe Managed Switch

Term

Definition

Packets with expired The number of packets received with TTL of 0 or 1 that might otherwise have been
TTL
relayed.
Packets that
matched a discard
entry

The number of packets ignored by the relay agent because they match a discard
relay entry.

Open Shortest Path First (OSPF) Commands
This section describes the commands you use to view and configure OSPF, which is a
link-state routing protocol that you use to route traffic within a network.

router ospf
Use this command to enter Router OSPF mode.
Format

router ospf

Mode

Global Config

enable (OSPF)
This command resets the default administrative mode of OSPF in the router (active).
Default

enabled

Format

enable

Mode

Router OSPF Config

no enable (OSPF)
This command sets the administrative mode of OSPF in the router to inactive.
Format

no enable

Mode

Router OSPF Config

network area (OSPF)
Use this command to enable OSPFv2 on an interface and set its area ID if the IP address of
an interface is covered by this network command.
Default

disabled

Format

network   area 

Mode

Router OSPF Config

Routing Commands
282

ProSafe Managed Switch

no network area (OSPF)
Use this command to disable the OSPFv2 on a interface if the IP address of an interface was
earlier covered by this network command.
Format

no network   area 

Mode

Router OSPF Config

ip ospf area
Use this command to enable OSPFv2 and set the area ID of an interface. The  is
an IP address formatted as a 4-digit dotted-decimal number or a decimal value in the range
of <0-4294967295>. This command supersedes the effects of the network area
command. It can also be used to configure the advertiseability of the secondary addresses
on this interface into the OSPFv2 domain.
Default

disabled

Format

ip ospf area  [secondaries none]

Mode

Interface Config

no ip ospf area
Use this command to disable OSPF on an interface.
Format

no ip ospf area [secondaries none]

Mode

Interface Config

1583compatibility
This command enables OSPF 1583 compatibility.

Note: 1583 compatibility mode is enabled by default. If all OSPF routers in
the routing domain are capable of operating according to RFC 2328,
OSPF 1583 compatibility mode should be disabled.

Default

enabled

Format

1583compatibility

Mode

Router OSPF Config

Routing Commands
283

ProSafe Managed Switch

no 1583compatibility
This command disables OSPF 1583 compatibility.
Format

no 1583compatibility

Mode

Router OSPF Config

area default-cost (OSPF)
This command configures the default cost for the stub area. You must specify the area ID and
an integer value between 1-16777215.
Format

area  default-cost <1-16777215>

Mode

Router OSPF Config

area nssa (OSPF)
This command configures the specified areaid to function as an NSSA.
Format

area  nssa

Mode

Router OSPF Config

no area nssa
This command disables nssa from the specified area id.
Format

no area  nssa

Mode

Router OSPF Config

area nssa default-info-originate (OSPF)
This command configures the metric value and type for the default route advertised into the
NSSA. The optional metric parameter specifies the metric of the default route and is to be in
a range of 1-16777214. If no metric is specified, the default value is 10. The metric type can
be comparable (nssa-external 1) or non-comparable (nssa-external 2).
Format

area  nssa default-info-originate [] [{comparable |
non-comparable}]

Mode

Router OSPF Config

Routing Commands
284

ProSafe Managed Switch

no area nssa default-info-originate (OSPF)
This command disables the default route advertised into the NSSA.
Format

no area  nssa default-info-originate [] [{comparable
| non-comparable}]

Mode

Router OSPF Config

area nssa no-redistribute (OSPF)
This command configures the NSSA Area Border router (ABR) so that learned external
routes will not be redistributed to the NSSA.
Format

area  nssa no-redistribute

Mode

Router OSPF Config

no area nssa no-redistribute (OSPF)
This command disables the NSSA ABR so that learned external routes are redistributed to
the NSSA.
Format

no area  nssa no-redistribute

Mode

Router OSPF Config

area nssa no-summary (OSPF)
This command configures the NSSA so that summary LSAs are not advertised into the
NSSA.
Format

area  nssa no-summary

Mode

Router OSPF Config

no area nssa no-summary (OSPF)
This command disables nssa from the summary LSAs.
Format

no area  nssa no-summary

Mode

Router OSPF Config

area nssa translator-role (OSPF)
This command configures the translator role of the NSSA. A value of always causes the
router to assume the role of the translator the instant it becomes a border router and a value

Routing Commands
285

ProSafe Managed Switch

of candidate causes the router to participate in the translator election process when it
attains border router status.
Format

area  nssa translator-role {always | candidate}

Mode

Router OSPF Config

no area nssa translator-role (OSPF)
This command disables the nssa translator role from the specified area id.
Format

no area  nssa translator-role {always | candidate}

Mode

Router OSPF Config

area nssa translator-stab-intv (OSPF)
This command configures the translator  of the NSSA. The
 is the period of time that an elected translator continues to perform
its duties after it determines that its translator status has been deposed by another router.
Format

area  nssa translator-stab-intv 

Mode

Router OSPF Config

no area nssa translator-stab-intv (OSPF)
This command disables the nssa translator’s  from the specified
area id.
Format

no area  nssa translator-stab-intv 

Mode

Router OSPF Config

area range (OSPF)
Use this command in Router Configuration mode to configure a summary prefix that an area
border router advertises for a specific area.
Default

No area ranges are configured by default. No cost is configured by default.

Format

area areaid range prefix netmask {summarylink |
nssaexternallink} [advertise | not-advertise] [cost cost]

Mode

OSPFv2 Router Configuration

Parameter

Description

area-id

The area identifier for the area whose networks are to be summarized.

prefix netmask

The summary prefix to be advertised when the ABR computes a route to one or more
networks within this prefix in this area.

Routing Commands
286

ProSafe Managed Switch

Parameter

Description

summarylink

When this keyword is given, the area range is used when summarizing prefixes advertised in
type 3 summary LSAs.

nssaexternallink

When this keyword is given, the area range is used when translating type 7 LSAs to type 5
LSAs.

advertise

[Optional] When this keyword is given, the summary prefix is advertised when the area range
is active. This is the default.

not-advertise

[Optional] When this keyword is given, neither the summary prefix nor the contained prefixes
are advertised when the area range is active. When the not-advertise option is given, any
static cost previously configured is removed from the system configuration.

cost

[Optional] If an optional cost is given, OSPF sets the metric field in the summary LSA to the
configured value rather than setting the metric to the largest cost among the networks
covered by the area range. A static cost may only be configured if the area range is
configured to advertise the summary. The range is 0 to 16,777,215. If the cost is set to
16,777,215 for type 3 summarization, a type 3 summary LSA is not advertised, but contained
networks are suppressed. This behavior is equivalent to specifying the not-advertise option. If
the range is configured for type 7 to type 5 translation, a type 5 LSA is sent if the metric is set
to 16,777,215; however, other routers will not compute a route from a type 5 LSA with this
metric.

no area range
The no form of this command deletes a specified area range or reverts an option to its
default.
Format

no area areaid range prefix netmask {summarylink |
nssaexternallink} [advertise | not-advertise] [cost]

Mode

OSPFv2 Router Configuration

area stub (OSPF)
This command creates a stub area for the specified area ID. A stub area is characterized by
the fact that AS External LSAs are not propagated into the area. Removing AS External LSAs
and Summary LSAs can significantly reduce the link state database of routers within the stub
area.
Format

area  stub

Mode

Router OSPF Config

no area stub
This command deletes a stub area for the specified area ID.
Format

no area  stub

Mode

Router OSPF Config

Routing Commands
287

ProSafe Managed Switch

area stub no-summary (OSPF)
This command configures the Summary LSA mode for the stub area identified by .
Use this command to prevent LSA Summaries from being sent.
Default

disabled

Format

area  stub no-summary

Mode

Router OSPF Config

no area stub no-summary
This command configures the default Summary LSA mode for the stub area identified by
.
Format

no area  stub no-summary

Mode

Router OSPF Config

area virtual-link (OSPF)
This command creates the OSPF virtual interface for the specified  and
. The  parameter is the Router ID of the neighbor.
Format

area  virtual-link 

Mode

Router OSPF Config

no area virtual-link
This command deletes the OSPF virtual interface from the given interface, identified by
 and . The  parameter is the Router ID of the neighbor.
Format

no area  virtual-link 

Mode

Router OSPF Config

area virtual-link authentication
This command configures the authentication type and key for the OSPF virtual interface
identified by  and . The  parameter is the Router ID of
the neighbor. The value for  is either none, simple, or encrypt. The [key] is
composed of standard displayable, non-control keystrokes from a Standard 101/102-key
keyboard. The authentication key must be 8 bytes or less if the authentication type is simple.
If the type is encrypt, the key may be up to 16 bytes. Unauthenticated interfaces do not need
an authentication key. If the type is encrypt, a key id in the range of 0 and 255 must be

Routing Commands
288

ProSafe Managed Switch

specified. The default value for authentication type is none. Neither the default password key
nor the default key id are configured.
Default

none

Format

area  virtual-link  authentication {none | {simple
} | {encrypt  }}

Mode

Router OSPF Config

no area virtual-link authentication
This command configures the default authentication type for the OSPF virtual interface
identified by  and . The  parameter is the Router ID of
the neighbor.
Format

no area  virtual-link  authentication

Mode

Router OSPF Config

area virtual-link dead-interval (OSPF)
This command configures the dead interval for the OSPF virtual interface on the virtual
interface identified by  and . The  parameter is the
Router ID of the neighbor. The range for seconds is 1 to 65535.
Default

40

Format

area  virtual-link  dead-interval 

Mode

Router OSPF Config

no area virtual-link dead-interval
This command configures the default dead interval for the OSPF virtual interface on the
virtual interface identified by  and . The  parameter is
the Router ID of the neighbor.
Format

no area  virtual-link  dead-interval

Mode

Router OSPF Config

area virtual-link hello-interval (OSPF)
This command configures the hello interval for the OSPF virtual interface on the virtual
interface identified by  and . The  parameter is the
Router ID of the neighbor. The range for  is 1 to 65535.
Default

10

Format

area  virtual-link  hello-interval <1-65535>

Mode

Router OSPF Config

Routing Commands
289

ProSafe Managed Switch

no area virtual-link hello-interval
This command configures the default hello interval for the OSPF virtual interface on the
virtual interface identified by  and . The  parameter is
the Router ID of the neighbor.
Format

no area  virtual-link  hello-interval

Mode

Router OSPF Config

area virtual-link retransmit-interval (OSPF)
This command configures the retransmit interval for the OSPF virtual interface on the virtual
interface identified by  and . The  parameter is the
Router ID of the neighbor. The range for seconds is 0 to 3600.
Default

5

Format

area  virtual-link  retransmit-interval 

Mode

Router OSPF Config

no area virtual-link retransmit-interval
This command configures the default retransmit interval for the OSPF virtual interface on the
virtual interface identified by  and . The  parameter is
the Router ID of the neighbor.
Format

no area  virtual-link  retransmit-interval

Mode

Router OSPF Config

area virtual-link transmit-delay (OSPF)
This command configures the transmit delay for the OSPF virtual interface on the virtual
interface identified by  and . The  parameter is the
Router ID of the neighbor. The range for seconds is 0 to 3600 (1 hour).
Default

1

Format

area  virtual-link  transmit-delay 

Mode

Router OSPF Config

no area virtual-link transmit-delay
This command resets the default transmit delay for the OSPF virtual interface to the default
value.
Format

no area  virtual-link  transmit-delay

Mode

Router OSPF Config

Routing Commands
290

ProSafe Managed Switch

auto-cost (OSPF)
By default, OSPF computes the link cost of each interface from the interface bandwidth.
Faster links have lower metrics, making them more attractive in route selection. The
configuration parameters in the auto-cost reference bandwidth and bandwidth
commands give you control over the default link cost. You can configure for OSPF an
interface bandwidth that is independent of the actual link speed. A second configuration
parameter allows you to control the ratio of interface bandwidth to link cost. The link cost is
computed as the ratio of a reference bandwidth to the interface bandwidth (ref_bw / interface
bandwidth), where interface bandwidth is defined by the bandwidth command. Because the
default reference bandwidth is 100 Mbps, OSPF uses the same default link cost for all
interfaces whose bandwidth is 100 Mbps or greater. Use the auto-cost command to
change the reference bandwidth, specifying the reference bandwidth in megabits per second
(Mbps). The reference bandwidth range is 1-4294967 Mbps. The different reference
bandwidth can be independently configured for OSPFv2 and OSPFv3.
Default

100Mbps

Format

auto-cost reference-bandwidth <1 to 4294967>

Mode

Router OSPF Config

no auto-cost reference-bandwidth (OSPF)
Use this command to set the reference bandwidth to the default value.
Format

no auto-cost reference-bandwidth

Mode

Router OSPF Config

bandwidth
By default, OSPF computes the link cost of an interface as the ratio of the reference
bandwidth to the interface bandwidth. Reference bandwidth is specified with the auto-cost
command. For the purpose of the OSPF link cost calculation, use the bandwidth command to
specify the interface bandwidth. The bandwidth is specified in kilobits per second. If no
bandwidth is configured, the bandwidth defaults to the actual interface bandwidth for
port-based routing interfaces and to 10 Mbps for VLAN routing interfaces. This command
does not affect the actual speed of an interface.
Default

actual interface bandwidth

Format

bandwidth <1-10000000>

Mode

Interface Config

Routing Commands
291

ProSafe Managed Switch

no bandwidth
Use this command to set the interface bandwidth to its default value.
Format

no bandwidth

Mode

Interface Config

capability opaque
Use this command to enable Opaque Capability on the Router. The information contained in
Opaque LSAs may be used directly by OSPF or indirectly by an application wishing to
distribute information throughout the OSPF domain. The 7000 series supports the storing and
flooding of Opaque LSAs of different scopes.
Default

disabled

Format

capability opaque

Mode

Router OSPF Config

no capability opaque
Use this command to disable opaque capability on the router.
Format

no capability opaque

Mode

Router OSPF Config

clear ip ospf
Use this command to disable and re-enable OSPF.
Format

clear ip ospf

Mode

Privileged EXEC

clear ip ospf configuration
Use this command to reset the OSPF configuration to factory defaults.
Format

clear ip ospf configuration

Mode

Privileged EXEC

clear ip ospf counters
Use this command to reset global and interface statistics.
Format

clear ip ospf counters

Mode

Privileged EXEC

Routing Commands
292

ProSafe Managed Switch

clear ip ospf neighbor
Use this command to drop the adjacency with all OSPF neighbors. On each neighbor’s
interface, send a one-way hello. Adjacencies may then be re-established. To drop all
adjacencies with a specific router ID, specify the neighbor’s Router ID using the optional
parameter [neighbor-id].
Format

clear ip ospf neighbor [neighbor-id]

Mode

Privileged EXEC

clear ip ospf neighbor interface
To drop adjacency with all neighbors on a specific interface, use the optional parameter
[unit/slot/port]. To drop adjacency with a specific router ID on a specific interface, use the
optional parameter [neighbor-id].
Format

clear ip ospf neighbor interface [unit/slot/port] [neighbor-id]

Mode

Privileged EXEC

clear ip ospf redistribution
Use this command to flush all self-originated external LSAs. Reapply the redistribution
configuration and re-originate prefixes as necessary.
Format

clear ip ospf redistribution

Mode

Privileged EXEC

clear ip ospf stub-router
OSPF can enter stub router mode due to resource exhaustion (too many LSA's, too many
routes, memory allocation failures etc). When this happens, the user can get out of this mode
by issuing the command after the cause of the overload has been resolved.

Format

clear ip ospf stub-router

Mode

Privileged EXEC

default-information originate (OSPF)
This command is used to control the advertisement of default routes.
Default

• metric—unspecified
• type—2

Format

default-information originate [always] [metric <0-16777214>]
[metric-type {1 | 2}]

Mode

Router OSPF Config

Routing Commands
293

ProSafe Managed Switch

no default-information originate (OSPF)
This command is used to control the advertisement of default routes.
Format

no default-information originate [metric] [metric-type]

Mode

Router OSPF Config

default-metric (OSPF)
This command is used to set a default for the metric of distributed routes.
Format

default-metric <1-16777214>

Mode

Router OSPF Config

no default-metric (OSPF)
This command is used to set a default for the metric of distributed routes.
Format

no default-metric

Mode

Router OSPF Config

distance ospf (OSPF)
This command sets the route preference value of OSPF in the router. Lower route preference
values are preferred when determining the best route. The type of OSPF route can be
intra, inter, or external. All the external type routes are given the same preference
value. The range of  value is 1 to 255.
Default

110

Format

distance ospf {intra-area <1-255> | inter-area <1-255> | external
<1-255>}

Mode

Router OSPF Config

no distance ospf
This command sets the default route preference value of OSPF routes in the router. The type
of OSPF can be intra, inter, or external. All the external type routes are given the same
preference value.
Format

no distance ospf {intra-area | inter-area | external}

Mode

Router OSPF Config

Routing Commands
294

ProSafe Managed Switch

distribute-list out (OSPF)
Use this command to specify the access list to filter routes received from the source protocol.
Format

distribute-list <1-199> out {rip | static | connected}

Mode

Router OSPF Config

no distribute-list out
Use this command to specify the access list to filter routes received from the source protocol.
Format

no distribute-list <1-199> out {rip | static | connected}

Mode

Router OSPF Config

exit-overflow-interval (OSPF)
This command configures the exit overflow interval for OSPF. It describes the number of
seconds after entering overflow state that a router will wait before attempting to leave the
overflow state. This allows the router to again originate non-default AS-external-LSAs. When
set to 0, the router will not leave overflow state until restarted. The range for seconds is 0 to
2147483647 seconds.
Default

0

Format

exit-overflow-interval 

Mode

Router OSPF Config

no exit-overflow-interval
This command configures the default exit overflow interval for OSPF.
Format

no exit-overflow-interval

Mode

Router OSPF Config

external-lsdb-limit (OSPF)
This command configures the external LSDB limit for OSPF. If the value is -1, then there is no
limit. When the number of non-default AS-external-LSAs in a router's link-state database
reaches the external LSDB limit, the router enters overflow state. The router never holds
more than the external LSDB limit non-default AS-external-LSAs in it database. The external
LSDB limit MUST be set identically in all routers attached to the OSPF backbone and/or any
regular OSPF area. The range for limit is -1 to 2147483647.
Default

-1

Format

external-lsdb-limit 

Mode

Router OSPF Config

Routing Commands
295

ProSafe Managed Switch

no external-lsdb-limit
This command configures the default external LSDB limit for OSPF.
Format

no external-lsdb-limit

Mode

Router OSPF Config

log-adjacency-changes
To enable logging of OSPFv2 neighbor state changes, use this command in router
configuration mode. State changes are logged with INFORMATIONAL severity.
Default

Adjacency state changes are logged, but without the detail option.

Format

log-adjacency-changes [detail]

Mode

OSPFv2 Router Configuration

Parameter

Description

detail

(Optional) When this keyword is specified, all adjacency state changes are logged. Otherwise,
OSPF only logs transitions to FULL state and when a backwards transition occurs.

no log-adjacency-changes
Use the no form of the command to disable state change logging.
Format

no log-adjacency-changes [detail]

Mode

OSPFv2 Router Configuration

ip ospf authentication
This command sets the OSPF Authentication Type and Key for the specified interface. The
value of  is either none, simple or encrypt. The  is composed of standard
displayable, non-control keystrokes from a Standard 101/102-key keyboard. The
authentication key must be 8 bytes or less if the authentication type is simple. If the type is
encrypt, the key may be up to 16 bytes. If the type is encrypt a  in the range of 0 and
255 must be specified. Unauthenticated interfaces do not need an authentication key or
authentication key ID. There is no default value for this command.
Format

ip ospf authentication {none | {simple } | {encrypt 
}}

Mode

Interface Config

Routing Commands
296

ProSafe Managed Switch

no ip ospf authentication
This command sets the default OSPF Authentication Type for the specified interface.
Format

no ip ospf authentication

Mode

Interface Config

ip ospf cost
This command configures the cost on an OSPF interface. The  parameter has a
range of 1 to 65535.
Default

10

Format

ip ospf cost <1-65535>

Mode

Interface Config

no ip ospf cost
This command configures the default cost on an OSPF interface.
Format

no ip ospf cost

Mode

Interface Config

ip ospf database-filter all out
Use this command in Interface Configuration mode to disable OSPFv2 LSA flooding on an
interface.
Default

Disabled

Format

ip ospf database-filter all out

Mode

Interface Configuration

no ip ospf database-filter all out
Use this command in Interface Configuration mode to enable OSPFv2 LSA flooding on an
interface.
Default

Disabled

Format

no ip ospf database-filter all out

Mode

Interface Configuration

Routing Commands
297

ProSafe Managed Switch

ip ospf dead-interval
This command sets the OSPF dead interval for the specified interface. The value for
 is a valid positive integer, which represents the length of time in seconds that a
router's Hello packets have not been seen before its neighbor routers declare that the router
is down. The value for the length of time must be the same for all routers attached to a
common network. This value should be some multiple of the Hello Interval (i.e. 4). Valid
values range in seconds from 1 to 2147483647.
Default

40

Format

ip ospf dead-interval 

Mode

Interface Config

no ip ospf dead-interval
This command sets the default OSPF dead interval for the specified interface.
Format

no ip ospf dead-interval

Mode

Interface Config

ip ospf hello-interval
This command sets the OSPF hello interval for the specified interface. The value for seconds
is a valid positive integer, which represents the length of time in seconds. The value for the
length of time must be the same for all routers attached to a network. Valid values range from
1 to 65535.
Default

10

Format

ip ospf hello-interval 

Mode

Interface Config

no ip ospf hello-interval
This command sets the default OSPF hello interval for the specified interface.
Format

no ip ospf hello-interval

Mode

Interface Config

ip ospf network
Use this command to configure OSPF to treat an interface as a point-to-point rather than
broadcast interface. The broadcast option sets the OSPF network type to broadcast. The
point-to-point option sets the OSPF network type to point-to-point. OSPF treats
interfaces as broadcast interfaces by default. (Loopback interfaces have a special loopback
network type, which cannot be changed.) When there are only two routers on the network,

Routing Commands
298

ProSafe Managed Switch

OSPF can operate more efficiently by treating the network as a point-to-point network. For
point-to-point networks, OSPF does not elect a designated router or generate a network link
state advertisement (LSA). Both endpoints of the link must be configured to operate in
point-to-point mode.
Default

broadcast

Format

ip ospf network {broadcast|point-to-point}

Mode

Interface Config

no ip ospf network
Use this command to return the OSPF network type to the default.
Format

no ip ospf network

Mode

Interface Config

ip ospf priority
This command sets the OSPF priority for the specified router interface. The priority of the
interface is a priority integer from 0 to 255. A value of 0 indicates that the router is not eligible
to become the designated router on this network.
Default

1, which is the highest router priority

Format

ip ospf priority <0-255>

Mode

Interface Config

no ip ospf priority
This command sets the default OSPF priority for the specified router interface.
Format

no ip ospf priority

Mode

Interface Config

ip ospf retransmit-interval
This command sets the OSPF retransmit Interval for the specified interface. The retransmit
interval is specified in seconds. The value for  is the number of seconds between
link-state advertisement retransmissions for adjacencies belonging to this router interface.
This value is also used when retransmitting database description and link-state request
packets. Valid values range from 0 to 3600 (1 hour).
Default

5

Format

ip ospf retransmit-interval <0-3600>

Mode

Interface Config

Routing Commands
299

ProSafe Managed Switch

no ip ospf retransmit-interval
This command sets the default OSPF retransmit Interval for the specified interface.
Format

no ip ospf retransmit-interval

Mode

Interface Config

ip ospf transmit-delay
This command sets the OSPF Transit Delay for the specified interface. The transmit delay is
specified in seconds. In addition, it sets the estimated number of seconds it takes to transmit
a link state update packet over this interface. Valid values for  range from 1 to
3600 (1 hour).
Default

1

Format

ip ospf transmit-delay <1-3600>

Mode

Interface Config

no ip ospf transmit-delay
This command sets the default OSPF Transit Delay for the specified interface.
Format

no ip ospf transmit-delay

Mode

Interface Config

ip ospf mtu-ignore
This command disables OSPF maximum transmission unit (MTU) mismatch detection. OSPF
Database Description packets specify the size of the largest IP packet that can be sent
without fragmentation on the interface. When a router receives a Database Description
packet, it examines the MTU advertised by the neighbor. By default, if the MTU is larger than
the router can accept, the Database Description packet is rejected and the OSPF adjacency
is not established.
Default

enabled

Format

ip ospf mtu-ignore

Mode

Interface Config

no ip ospf mtu-ignore
This command enables the OSPF MTU mismatch detection.
Format

no ip ospf mtu-ignore

Mode

Interface Config

Routing Commands
300

ProSafe Managed Switch

router-id (OSPF)
This command sets a 4-digit dotted-decimal number uniquely identifying the router ospf id.
The  is a configured value.
Format

router-id 

Mode

Router OSPF Config

redistribute (OSPF)
This command configures OSPF protocol to allow redistribution of routes from the specified
source protocol/routers.
Default

• metric—unspecified
• type—2
• tag—0

Format

redistribute {rip | static | connected} [metric <0-16777214>]
[metric-type {1 | 2}] [tag <0-4294967295>] [subnets]

Mode

Router OSPF Config

no redistribute
This command configures OSPF protocol to prohibit redistribution of routes from the
specified source protocol/routers.
Format

no redistribute {rip | static | connected} [metric] [metric-type]
[tag] [subnets]

Mode

Router OSPF Config

maximum-paths (OSPF)
This command sets the number of paths that OSPF can report for a given destination where
maxpaths is platform dependent.
Default

4

Format

maximum-paths 

Mode

Router OSPF Config

no maximum-paths
This command resets the number of paths that OSPF can report for a given destination back
to its default value.
Format

no maximum-paths

Mode

Router OSPF Config

Routing Commands
301

ProSafe Managed Switch

passive-interface default (OSPF)
Use this command to enable global passive mode by default for all interfaces. It overrides
any interface level passive mode. OSPF will not form adjacencies over a passive interface.
Default

disabled

Format

passive-interface default

Mode

Router OSPF Config

no passive-interface default
Use this command to disable the global passive mode by default for all interfaces. Any
interface previously configured to be passive reverts to non-passive mode.
Format

no passive-interface default

Mode

Router OSPF Config

passive-interface (OSPF)
Use this command to set the interface or tunnel as passive. It overrides the global passive
mode that is currently effective on the interface or tunnel.
Default

disabled

Format

passive-interface {}

Mode

Router OSPF Config

no passive-interface
Use this command to set the interface or tunnel as non-passive. It overrides the global
passive mode that is currently effective on the interface or tunnel.
Format

no passive-interface {}

Mode

Router OSPF Config

timers pacing flood
To adjust the rate at which OSPFv2 sends LS Update packets, use this command in router
OSPFv2 global configuration mode. OSPF distributes routing information in Link State
Advertisements (LSAs), which are bundled into Link State Update (LS Update) packets. To
reduce the likelihood of sending a neighbor more packets than it can buffer, OSPF rate limits
the transmission of LS Update packets. By default, OSPF sends up to 30 updates per second
on each interface (1/the pacing interval). Use this command to adjust this packet rate.
Default

33 milliseconds

Routing Commands
302

ProSafe Managed Switch

Format

timers pacing flood milliseconds

Mode

OSPFv2 Router Configuration

Parameter

Description

milliseconds

The average time between transmission of LS Update packets. The range is from 5 ms to 100
ms. The default is 33 ms.

no timers pacing flood
To revert LSA transmit pacing to the default rate, use the no timers pacing flood command.
Format

no timers pacing flood

Mode

OSPFv2 Router Configuration

timers pacing lsa-group
To adjust how OSPF groups LSAs for periodic refresh, use this command in OSPFv2 Router
Configuration mode. OSPF refreshes self-originated LSAs approximately once every 30
minutes. When OSPF refreshes LSAs, it considers all self-originated LSAs whose age is
from 1800 to 1800 plus the pacing group size. Grouping LSAs for refresh allows OSPF to
combine refreshed LSAs into a minimal number of LS Update packets. Minimizing the
number of Update packets makes LSA distribution more efficient. When OSPF originates a
new or changed LSA, it selects a random refresh delay for the LSA. When the refresh delay
expires, OSPF refreshes the LSA. By selecting a random refresh delay, OSPF avoids
refreshing a large number of LSAs at one time, even if a large number of LSAs are originated
at one time.
Default

60 seconds

Format

timers pacing lsa-group seconds

Mode

OSPFv2 Router Configuration

Parameter

Description

seconds

Width of the window in which LSAs are refreshed. The range for the pacing group window is
from 10 to 1800 seconds.

timers spf
Use this command to configure the SPF delay time and hold time. The valid range for both
parameters is 0-65535 seconds.
Default

• delay-time—5
• hold-time—10

Routing Commands
303

ProSafe Managed Switch

Format

timers spf  

Mode

Router OSPF Config

trapflags (OSPF)
Use this command to enable individual OSPF traps, enable a group of trap flags at a time, or
enable all the trap flags at a time. The different groups of trapflags, and each group’s specific
trapflags to enable or disable, are listed in Table 1.
Table 1. Trapflags Groups
Group

Flags

errors

•
•
•
•
•
•

if-rx

ir-rx-packet

lsa

• lsa-maxage
• lsa-originate

overflow

• lsdb-overflow
• lsdb-approaching-overflow

retransmit

• packets
• virt-packets

rtb

• rtb-entry-info

state-change

•
•
•
•

authentication-failure
bad-packet
config-error
virt-authentication-failure
virt-bad-packet
virt-config-error

if-state-change
neighbor-state-change
virtif-state-change
virtneighbor-state-change

•

To enable the individual flag, enter the group name followed by that particular flag.

•

To enable all the flags in that group, give the group name followed by all.

•

To enable all the flags, give the command as trapflags all.

Routing Commands
304

ProSafe Managed Switch

Default

disabled

Format

trapflags {
all |
errors {all | authentication-failure | bad-packet | config-error |
virtauthentication-failure | virt-bad-packet | virt-config-error} |
if-rx {all | if-rx-packet} |
lsa {all | lsa-maxage | lsa-originate} |
overflow {all | lsdb-overflow | lsdb-approaching-overflow} |
retransmit {all | packets | virt-packets} |
rtb {all, rtb-entry-info} |
state-change {all | if-state-change | neighbor-state-change |
virtif-statechange | virtneighbor-state-change}
}

Mode

Router OSPF Config

no trapflags
Use this command to revert to the default reference bandwidth.
•

To disable the individual flag, enter the group name followed by that particular flag.

•

To disable all the flags in that group, give the group name followed by all.

•

To disable all the flags, give the command as trapflags all.

Format

no trapflags {
all |
errors {all | authentication-failure | bad-packet | config-error |
virtauthentication-failure | virt-bad-packet | virt-config-error} |
if-rx {all | if-rx-packet} |
lsa {all | lsa-maxage | lsa-originate} |
overflow {all | lsdb-overflow | lsdb-approaching-overflow} |
retransmit {all | packets | virt-packets} |
rtb {all, rtb-entry-info} |
state-change {all | if-state-change | neighbor-state-change |
virtif-statechange | virtneighbor-state-change}
}

Mode

Router OSPF Config

Routing Commands
305

ProSafe Managed Switch

show ip ospf
This command displays information relevant to the OSPF router.
Format

show ip ospf

Mode

Privileged EXEC

Note: Some of the information below displays only if you enable OSPF
and configure certain features.

Term

Definition

Router ID

A 32-bit integer in dotted decimal format identifying the router, about which information is
displayed. This is a configured value.

OSPF Admin
Mode

Shows whether the administrative mode of OSPF in the router is enabled or disabled.
This is a configured value.

ASBR Mode

Indicates whether the ASBR mode is enabled or disabled. Enable implies that the router
is an autonomous system border router. Router automatically becomes an ASBR when it
is configured to redistribute routes learnt from other protocol. The possible values for the
ASBR status is enabled (if the router is configured to re-distribute routes learned by other
protocols) or disabled (if the router is not configured for the same).

RFC 1583
Compatibility

Indicates whether 1583 compatibility is enabled or disabled. This is a configured value.

External LSDB
Limit

The maximum number of non-default AS-external-LSA (link state advertisement) entries
that can be stored in the link-state database.

Exit Overflow
Interval

The number of seconds that, after entering overflow state, a router will attempt to leave
overflow state.

Spf Delay Time

The number of seconds between two subsequent changes of LSAs, during which time
the routing table calculation is delayed.

Spf Hold Time

The number of seconds between two consecutive spf calculations.

Flood Pacing
Interval

The average time, in milliseconds, between LS Update packet transmissions on an
interface. This is the value configured with the timers pacing flood command.

LSA Refresh
Group Pacing
Time

The size, in seconds, of the LSA refresh group window. This is the value configured with
the timers pacing lsa-group command.

Opaque
Capability

Shows whether the router is capable of sending Opaque LSAs. This is a configured
value.

Autocost Ref
BW

Shows the value of auto-cost reference bandwidth configured on the router.

ABR Status

Shows whether the router is an OSPF Area Border Router.

Routing Commands
306

ProSafe Managed Switch

Term

Definition

ASBR Status

Reflects whether the ASBR mode is enabled or disabled. Enable implies that the router is
an autonomous system border router. The router automatically becomes an ASBR when
it is configured to redistribute routes learnt from other protocols. The possible values for
the ASBR status is enabled (if the router is configured to redistribute routes learned by
other protocols) or disabled (if the router is not configured for the same).

Stub Router

When OSPF runs out of resources to store the entire link state database, or any other
state information, OSPF goes into stub router mode. As a stub router, OSPF
re-originates its own router LSAs, setting the cost of all non-stub interfaces to infinity. To
restore OSPF to normal operation, disable and re-enable OSPF.

Exit Overflow
Interval

The number of seconds that, after entering overflow state, a router will attempt to leave
overflow state.

External LSDB
Overflow

When the number of non-default external LSAs exceeds the configured limit, External
LSDB Limit, OSPF goes into LSDB overflow state. In this state, OSPF withdraws all of its
self-originated non-default external LSAs. After the Exit Overflow Interval, OSPF leaves
the overflow state, if the number of external LSAs has been reduced.

External LSA
Count

The number of external (LS type 5) link-state advertisements in the link-state database.

External LSA
Checksum

The sum of the LS checksums of external link-state advertisements contained in the
link-state database.

AS_OPAQUE
LSA Count

Shows the number of AS Opaque LSAs in the link-state database.

AS_OPAQUE
Shows the sum of the LS Checksums of AS Opaque LSAs contained in the link-state
LSA Checksum
database.
New LSAs
Originated

The number of new link-state advertisements that have been originated.

LSAs Received

The number of link-state advertisements received determined to be new instantiations.

LSA Count

The total number of link state advertisements currently in the link state database.

Maximum
Number of
LSAs

The maximum number of LSAs that OSPF can store.

LSA High Water The maximum size of the link state database since the system started.
Mark
Retransmit List
Entries

The total number of LSAs waiting to be acknowledged by all neighbors. An LSA may be
pending acknowledgment from more than one neighbor.

Maximum
Number of
Retransmit
Entries

The maximum number of LSAs that can be waiting for acknowledgment at any given
time.

Retransmit
Entries High
Water Mark

The highest number of LSAs that have been waiting for acknowledgment.

External LSDB
Limit

The maximum number of non-default AS-external-LSAs entries that can be stored in the
link-state database.

Default Metric

Default value for redistributed routes.

Routing Commands
307

ProSafe Managed Switch

Term

Definition

Default Passive Shows whether the interfaces are passive by default.
Setting
Default Route
Advertise

Indicates whether the default routes received from other source protocols are advertised
or not.

Always

Shows whether default routes are always advertised.

Metric

The metric of the routes being redistributed. If the metric is not configured, this field is
blank.

Metric Type

Shows whether the routes are External Type 1 or External Type 2.

Number of
Active Areas

The number of active OSPF areas. An “active” OSPF area is an area with at least one
interface up.

AutoCost Ref
BW

Shows the value of auto-cost reference bandwidth configured on the router.

Maximum Paths The maximum number of paths that OSPF can report for a given destination.
Redistributing

This field is a heading and appears only if you configure the system to take routes
learned from a non-OSPF source and advertise them to its peers.

Source

The source protocol/routes that are being redistributed. Possible values are static,
connected, or RIP.

Tag

The decimal value attached to each external route.

Subnets

For redistributing routes into OSPF, the scope of redistribution for the specified protocol.

Distribute-List

The access list used to filter redistributed routes.

The following shows example CLI display output for the command.
(Switch) #show ip ospf
Router ID.....................................2.2.2.2
OSPF Admin Mode...............................Disable
RFC 1583 Compatibility........................Enable
External LSDB Limit...........................No Limit
Exit Overflow Interval........................0
Spf Delay Time................................5
Spf Hold Time.................................10
Opaque Capability.............................Disable
AutoCost Ref BW...............................100 Mbps
Default Passive Setting.......................Disabled
Maximum Paths.................................4
Default Metric................................Not configured
Default Route Advertise.......................Disabled
Always........................................FALSE
Metric........................................Not configured
Metric Type...................................External Type 2

Routing Commands
308

ProSafe Managed Switch

Number of Active Areas......................... 3 (3 normal, 0 stub, 0 nssa)
ABR Status....................................Disable
ASBR Status...................................Disable
Stub Router...................................FALSE
External LSDB Overflow........................FALSE
External LSA Count............................0
External LSA Checksum.........................0
AS_OPAQUE LSA Count...........................0
AS_OPAQUE LSA Checksum........................0
LSAs Originated...............................0
LSAs Received.................................0
LSA Count.....................................0
Maximum Number of LSAs........................18200
LSA High Water Mark...........................0
Retransmit List Entries........................ 9078
Maximum Number of Retransmit Entries........... 72800
Retransmit Entries High Water Mark............. 72849

show ip ospf abr
This command displays the internal OSPF routing table entries to Area Border Routers
(ABR). This command takes no options.
Format

show ip ospf abr

Mode

• Privileged EXEC
• User EXEC

Term

Definition

Type

The type of the route to the destination. It can be either:
• intra — Intra-area route
• inter — Inter-area route

Router ID

Router ID of the destination.

Cost

Cost of using this route.

Area ID

The area ID of the area from which this route is learned.

Next Hop

Next hop toward the destination.

Next Hop Intf

The outgoing router interface to use when forwarding traffic to the next hop.

show ip ospf area
This command displays information about the area. The  identifies the OSPF area
that is being displayed.
Format

show ip ospf area 

Modes

• Privileged EXEC
• User EXEC

Routing Commands
309

ProSafe Managed Switch

Term

Definition

AreaID

The area id of the requested OSPF area.

External
Routing

A number representing the external routing capabilities for this area.

Spf Runs

The number of times that the intra-area route table has been calculated using this area's
link-state database.

Area Border
Router Count

The total number of area border routers reachable within this area.

Area LSA Count Total number of link-state advertisements in this area's link-state database, excluding AS
External LSA's.
Area LSA
Checksum

A number representing the Area LSA Checksum for the specified AreaID excluding the
external (LS type 5) link-state advertisements.

Import
Shows whether to import summary LSAs.
Summary LSAs
OSPF Stub
Metric Value

The metric value of the stub area. This field displays only if the area is a configured as a
stub area.

The following OSPF NSSA specific information displays only if the area is configured as an
NSSA:
Term

Definition

Import
Shows whether to import summary LSAs into the NSSA.
Summary LSAs
Redistribute
into NSSA

Shows whether to redistribute information into the NSSA.

Default
Information
Originate

Shows whether to advertise a default route into the NSSA.

Default Metric

The metric value for the default route advertised into the NSSA.

Default Metric
Type

The metric type for the default route advertised into the NSSA.

Translator Role The NSSA translator role of the ABR, which is always or candidate.
Translator
The amount of time that an elected translator continues to perform its duties after it
Stability Interval
determines that its translator status has been deposed by another router.
Translator State Shows whether the ABR translator state is disabled, always, or elected.

Routing Commands
310

ProSafe Managed Switch

show ip ospf asbr
This command displays the internal OSPF routing table entries to Autonomous System
Boundary Routers (ASBR). This command takes no options.
Format

show ip ospf asbr

Mode

• Privileged EXEC
• User EXEC

Term

Definition

Type

The type of the route to the destination. It can be one of the following values:
intra — Intra-area route
inter — Inter-area route

Router ID

Router ID of the destination.

Cost

Cost of using this route.

Area ID

The area ID of the area from which this route is learned.

Next Hop

Next hop toward the destination.

Next Hop Intf

The outgoing router interface to use when forwarding traffic to the next hop.

show ip ospf database
This command displays information about the link state database when OSPF is enabled. If
you do not enter any parameters, the command displays the LSA headers for all areas. Use
the optional  parameter to display database information about a specific area. Use
the optional parameters to specify the type of link state advertisements to display.
Parameter

Description

asbr-summary

Use asbr-summary to show the autonomous system boundary router (ASBR) summary
LSAs.

external

Use external to display the external LSAs.

network

Use network to display the network LSAs.

nssa-external

Use nssa-external to display NSSA external LSAs.

opaque-area

Use opaque-area to display area opaque LSAs.

opaque-as

Use opaque-as to display AS opaque LSAs.

opaque-link

Use opaque-link to display link opaque LSAs.

router

Use router to display router LSAs.

summary

Use summary to show the LSA database summary information.

Routing Commands
311

ProSafe Managed Switch

Parameter

Description

adv-router

Use adv-router to show the LSAs that are restricted by the advertising router.

self-originate

Use self-originate to display the LSAs in that are self originated. The information
below is only displayed if OSPF is enabled

The information below is only displayed if OSPF is enabled.
Format

show ip ospf [] database [{database-summary | [{asbr-summary
| external | network | nssa-external | opaque-area | opaque-as |
opaque-link | router | summary}] [{adv-router [] |
self-originate}]}]

Mode

• Privileged EXEC
• User EXEC

For each link-type and area, the following information is displayed:
Term

Definition

Adv Router

The Advertising Router. Is a 32 bit dotted decimal number representing the LSDB
interface.

Age

A number representing the age of the link state advertisement in seconds.

Sequence

A number that represents which LSA is more recent.

Checksum

The total number LSA checksum.

Options

This is an integer. It indicates that the LSA receives special handling during routing
calculations.

Rtr Opt

Router Options are valid for router links only.

show ip ospf database database-summary
Use this command to display the number of each type of LSA in the database for each area
and for the router. The command also displays the total number of LSAs in the database.
Format

show ip ospf database database-summary

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Router

Total number of router LSAs in the OSPF link state database.

Network

Total number of network LSAs in the OSPF link state database.

Summary Net

Total number of summary network LSAs in the database.

Summary ASBR Number of summary ASBR LSAs in the database.

Routing Commands
312

ProSafe Managed Switch

Term

Definition

Type-7 Ext

Total number of Type-7 external LSAs in the database.

Self-Originated
Type-7

Total number of self originated AS external LSAs in the OSPFv3 link state database.

Opaque Link

Number of opaque link LSAs in the database.

Opaque Area

Number of opaque area LSAs in the database.

Subtotal

Number of entries for the identified area.

Opaque AS

Number of opaque AS LSAs in the database.

Total

Number of entries for all areas.

show ip ospf interface
This command displays the information for the IFO object or virtual interface tables.
Format

show ip ospf interface { | loopback  |
vlan <1-4093>}

Mode

• Privileged EXEC
• User EXEC

Term

Definition

IP Address

The IP address for the specified interface.

Subnet Mask

A mask of the network and host portion of the IP address for the OSPF interface.

Secondary IP
Address(es)

The secondary IP addresses if any are configured on the interface.

OSPF Admin
Mode

States whether OSPF is enabled or disabled on a router interface.

OSPF Area ID

The OSPF Area ID for the specified interface.

OSPF Network
Type

The type of network on this interface that the OSPF is running on.

Router Priority

A number representing the OSPF Priority for the specified interface.

Retransmit
Interval

A number representing the OSPF Retransmit Interval for the specified interface.

Hello Interval

A number representing the OSPF Hello Interval for the specified interface.

Dead Interval

A number representing the OSPF Dead Interval for the specified interface.

LSA Ack
Interval

A number representing the OSPF LSA Acknowledgment Interval for the specified
interface.

Transit Delay
Interval

A number representing the OSPF Transit Delay for the specified interface.

Authentication
Type

The OSPF Authentication Type for the specified interface are: none, simple, and encrypt.

Routing Commands
313

ProSafe Managed Switch

Term

Definition

Metric Cost

The cost of the OSPF interface.

Passive Status

Shows whether the interface is passive or not.

OSPF
MTU-ignore

Indicates whether to ignore MTU mismatches in database descriptor packets sent from
neighboring routers.

The information below will only be displayed if OSPF is enabled.
Term

Definition

OSPF Interface
Type

Broadcast LANs, such as Ethernet and IEEE 802.5, take the value broadcast. The
OSPF Interface Type will be 'broadcast'.

State

The OSPF Interface States are: down, loopback, waiting, point-to-point, designated
router, and backup designated router.

Designated
Router

The router ID representing the designated router.

Backup
Designated
Router

The router ID representing the backup designated router.

Number of Link The number of link events.
Events
Local Link LSAs The number of Link Local Opaque LSAs in the link-state database.
Local Link LSA
Checksum

The sum of LS Checksums of Link Local Opaque LSAs in the link-state database.

show ip ospf interface brief
This command displays brief information for the IFO object or virtual interface tables.
Format

show ip ospf interface brief

Mode

• Privileged EXEC
• User EXEC

Term

Definition

Interface

Valid slot and port number separated by forward slashes.

OSPF Admin
Mode

States whether OSPF is enabled or disabled on a router interface.

OSPF Area ID

The OSPF Area Id for the specified interface.

Router Priority

A number representing the OSPF Priority for the specified interface.

Hello Interval

A number representing the OSPF Hello Interval for the specified interface.

Dead Interval

A number representing the OSPF Dead Interval for the specified interface.

Routing Commands
314

ProSafe Managed Switch

Term

Definition

Retransmit
Interval

A number representing the OSPF Retransmit Interval for the specified interface.

Retransmit
Delay Interval

A number representing the OSPF Transit Delay for the specified interface.

LSA Ack
Interval

A number representing the OSPF LSA Acknowledgment Interval for the specified
interface.

show ip ospf interface stats
This command displays the statistics for a specific interface. The information below will only
be displayed if OSPF is enabled.
Format

show ip ospf interface stats 

Modes

• Privileged EXEC
• User EXEC

Term

Definition

OSPF Area ID

The area id of this OSPF interface.

Area Border
Router Count

The total number of area border routers reachable within this area. This is initially zero,
and is calculated in each SPF pass.

AS Border
Router Count

The total number of Autonomous System border routers reachable within this area.

Area LSA Count The total number of link-state advertisements in this area's link-state database, excluding
AS External LSAs.
IP Address

The IP address associated with this OSPF interface.

OSPF Interface
Events

The number of times the specified OSPF interface has changed its state, or an error has
occurred.

Virtual Events

The number of state changes or errors that occurred on this virtual link.

Neighbor
Events

The number of times this neighbor relationship has changed state, or an error has
occurred.

External LSA
Count

The number of external (LS type 5) link-state advertisements in the link-state database.

Sent Packets

The number of OSPF packets transmitted on the interface.

Received
Packets

The number of valid OSPF packets received on the interface.

Discards

The number of received OSPF packets discarded because of an error in the packet or an
error in processing the packet.

Bad Version

The number of received OSPF packets whose version field in the OSPF header does not
match the version of the OSPF process handling the packet.

Routing Commands
315

ProSafe Managed Switch

Term

Definition

Source Not On
Local Subnet

The number of received packets discarded because the source IP address is not within a
subnet configured on a local interface.
Note: This field only applies to OSPFv2.

Virtual Link Not The number of received OSPF packets discarded where the ingress interface is in a
Found
non-backbone area and the OSPF header identifies the packet as belonging to the
backbone, but OSPF does not have a virtual link to the packet’s sender.
Area Mismatch

The number of OSPF packets discarded because the area ID in the OSPF header is not
the area ID configured on the ingress interface.

Invalid
Destination
Address

The number of OSPF packets discarded because the packet’s destination IP address is
not the address of the ingress interface and is not the AllDrRouters or AllSpfRouters
multicast addresses.

Wrong
Authentication
Type

The number of packets discarded because the authentication type specified in the OSPF
header does not match the authentication type configured on the ingress interface.
Note: This field only applies to OSPFv2.

Authentication
Failure

The number of OSPF packets dropped because the sender is not an existing neighbor or
the sender’s IP address does not match the previously recorded IP address for that
neighbor.
Note: This field only applies to OSPFv2.

No Neighbor at The number of OSPF packets dropped because the sender is not an existing neighbor or
Source Address
the sender’s IP address does not match the previously recorded IP address for that
neighbor.
Note: Does not apply to Hellos.
Invalid OSPF
Packet Type

The number of OSPF packets discarded because the packet type field in the OSPF
header is not a known type.

Hellos Ignored

The number of received Hello packets that were ignored by this router from the new
neighbors after the limit has been reached for the number of neighbors on an interface or
on the system as a whole.

The command lists the number of OSPF packets of each type sent and received on the
interface.
Packet Type

Sent

Received

Hello

6960

6960

Database Description

3

3

LS Request

1

1

LS Update

141

42

LS Acknowledgment

40

135

Routing Commands
316

ProSafe Managed Switch

show ip ospf neighbor
This command displays information about OSPF neighbors. If you do not specify a neighbor
IP address, the output displays summary information in a table. If you specify an interface or
tunnel, only the information for that interface or tunnel displays. The  is the IP
address of the neighbor, and when you specify this, detailed information about the neighbor
displays. The information below only displays if OSPF is enabled and the interface has a
neighbor.
Format

show ip ospf neighbor [interface ] []

Modes

• Privileged EXEC
• User EXEC

If you do not specify an IP address, a table with the following columns displays for all
neighbors or the neighbor associated with the interface that you specify:
Term

Definition

Router ID

The 4-digit dotted-decimal number of the neighbor router.

Priority

The OSPF priority for the specified interface. The priority of an interface is a priority
integer from 0 to 255. A value of '0' indicates that the router is not eligible to become the
designated router on this network.

IP Address

The IP address of the neighbor.

Neighbor
Interface

The interface of the local router in unit/slot/port format.

State

The state of the neighboring routers. Possible values are:
• Down - initial state of the neighbor conversation - no recent information has been
received from the neighbor.
• Attempt - no recent information has been received from the neighbor but a more
concerted effort should be made to contact the neighbor.
• Init - an Hello packet has recently been seen from the neighbor, but bidirectional
communication has not yet been established.
• 2 way - communication between the two routers is bidirectional.
• Exchange start - the first step in creating an adjacency between the two neighboring
routers, the goal is to decide which router is the master and to decide upon the initial
DD sequence number.
• Exchange - the router is describing its entire link state database by sending Database
Description packets to the neighbor.
• Loading - Link State Request packets are sent to the neighbor asking for the more
recent LSAs that have been discovered (but not yet received) in the Exchange state.
• Full - the neighboring routers are fully adjacent and they will now appear in
router-LSAs and network-LSAs.

Dead Time

The amount of time, in seconds, to wait before the router assumes the neighbor is
unreachable.

Routing Commands
317

ProSafe Managed Switch

If you specify an IP address for the neighbor router, the following fields display:
Term

Definition

Interface

Valid slot and port number separated by forward slashes.

Neighbor IP
Address

The IP address of the neighbor router.

Interface Index

The interface ID of the neighbor router.

Area ID

The area ID of the OSPF area associated with the interface.

Options

An integer value that indicates the optional OSPF capabilities supported by the neighbor.
The neighbor's optional OSPF capabilities are also listed in its Hello packets. This
enables received Hello Packets to be rejected (i.e., neighbor relationships will not even
start to form) if there is a mismatch in certain crucial OSPF capabilities.

Router Priority

The OSPF priority for the specified interface. The priority of an interface is a priority
integer from 0 to 255. A value of '0' indicates that the router is not eligible to become the
designated router on this network.

Dead Timer Due The amount of time, in seconds, to wait before the router assumes the neighbor is
unreachable.
Up Time

Neighbor uptime; how long since the adjacency last reached the Full state.

State

The state of the neighboring routers.

Events

The number of times this neighbor relationship has changed state, or an error has
occurred.

Retransmission An integer representing the current length of the retransmission queue of the specified
Queue Length
neighbor router Id of the specified interface.

The following shows example CLI display output for the command.
(Switch) #show ip ospf neighbor 170.1.1.50
Interface.....................................0/17
Neighbor IP Address...........................170.1.1.50
Interface Index...............................17
Area Id.......................................0.0.0.2
Options.......................................0x2
Router Priority...............................1
Dead timer due in (secs)......................15
Up Time.......................................0 days 2 hrs 8 mins 46 secs
State.........................................Full/BACKUP-DR
Events........................................4
Retransmission Queue Length...................0

Routing Commands
318

ProSafe Managed Switch

show ip ospf range
This command displays information about the area ranges for the specified . The
 identifies the OSPF area whose ranges are being displayed.
Format

show ip ospf range 

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Area ID

The area id of the requested OSPF area.

IP Address

An IP address which represents this area range.

Subnet Mask

A valid subnet mask for this area range.

Lsdb Type

The type of link advertisement associated with this area range.

Advertisement

The status of the advertisement. Advertisement has two possible settings: enabled or
disabled.

show ip ospf statistics
This command displays information about recent Shortest Path First (SPF) calculations. The
SPF is the OSPF routing table calculation. The output lists the number of times the SPF has
run for each OSPF area. A table follows this information. For each of the 15 most recent SPF
runs, the table lists how long ago the SPF ran, how long the SPF took, and the reasons why
the SPF was scheduled.
Format

show ip ospf statistics

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Delta T

How long ago the SPF ran. The time is in the format hh:mm:ss, giving the hours,
minutes, and seconds since the SPF run.

SPF Duration

How long the SPF took in milliseconds.

Reason

The reason the SPF was scheduled. Reason codes are as follows:
• R - a router LSA has changed
• N - a network LSA has changed
• SN - a type 3 network summary LSA has changed
• SA - a type 4 ASBR summary LSA has changed
• X - a type 5 or type 7 external LSA has changed

Routing Commands
319

ProSafe Managed Switch

show ip ospf stub table
This command displays the OSPF stub table. The information below will only be displayed if
OSPF is initialized on the switch.
Format

show ip ospf stub table

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Area ID

A 32-bit identifier for the created stub area.

Type of Service The type of service associated with the stub metric. Switch CLI only supports Normal
TOS.
Metric Val

The metric value is applied based on the TOS. It defaults to the least metric of the type of
service among the interfaces to other areas. The OSPF cost for a route is a function of
the metric value.

Import
Summary LSA

Controls the import of summary LSAs into stub areas.

show ip ospf traffic
This command displays OSPFv2 packet and LSA statistics and OSPFv2 message queue
statistics. Packet statistics count the packets and LSAs since OSPFv2 counters were last
cleared (using the command clear ip ospf counters).

Note: The clear ip ospf counters command does not clear the
message queue high water marks.

Format

show ip ospf traffic

Mode

Privileged EXEC

Parameter

Description

OSPFv2 Packet
Statistics

The number of packets of each type sent and received since OSPF counters were last
cleared.

LSAs
Retransmitted

The number of LSAs retransmitted by this router since OSPF counters were last cleared.

LS Update Max
Receive Rate

The maximum rate of LS Update packets received during any 5-second interval since OSPF
counters were last cleared. The rate is in packets per second.

LS Update Max
Send Rate

The maximum rate of LS Update packets transmitted during any 5-second interval since
OSPF counters were last cleared. The rate is in packets per second.

Routing Commands
320

ProSafe Managed Switch

Parameter

Description

Number of LSAs
Received

The number of LSAs of each type received since OSPF counters were last cleared.

OSPFv2 Queue
Statistics

For each OSPFv2 message queue, the current count, the high water mark, the number of
packets that failed to be enqueued, and the queue limit. The high water marks are not cleared
when OSPF counters are cleared.

The following shows example CLI display output for the command.
(netgear switch) #show ip ospf traffic
Time Since Counters Cleared: 4000 seconds
OSPFv2 Packet Statistics
Hello
Database Desc LS Request
Recd:
500
10
20
50
Sent:
400
8
16
40
LSAs Retransmitted................0
LS Update Max Receive Rate........20 pps
LS Update Max Send Rate...........10 pps
Number of LSAs Received
T1 (Router).......................10
T2 (Network)......................0
T3 (Net Summary)..................300
T4 (ASBR Summary).................15
T5 (External).....................20
T7 (NSSA External)................0
T9 (Link Opaque)..................0
T10 (Area Opaque).................0
T11 (AS Opaque)...................0
Total.............................345
OSPFv2 Queue Statistics
Current
Max
Drops
Hello
0
10
0
ACK
2
12
0
Data
24
47
0
Event
1
8
0

LS Update
20
16

LS ACK
600
480

Total

Limit
500
1680
500
1000

show ip ospf virtual-link
This command displays the OSPF Virtual Interface information for a specific area and
neighbor. The  parameter identifies the area and the  parameter
identifies the neighbor's Router ID.
Format

show ip ospf virtual-link  

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Area ID

The area id of the requested OSPF area.

Neighbor
Router ID

The input neighbor Router ID.

Routing Commands
321

ProSafe Managed Switch

Term

Definition

Hello Interval

The configured hello interval for the OSPF virtual interface.

Dead Interval

The configured dead interval for the OSPF virtual interface.

Iftransit Delay
Interval

The configured transit delay for the OSPF virtual interface.

Retransmit
Interval

The configured retransmit interval for the OSPF virtual interface.

Authentication
Type

The configured authentication type of the OSPF virtual interface.

State

The OSPF Interface States are: down, loopback, waiting, point-to-point, designated
router, and backup designated router. This is the state of the OSPF interface.

Neighbor State

The neighbor state.

show ip ospf virtual-link brief
This command displays the OSPF Virtual Interface information for all areas in the system.
Format

show ip ospf virtual-link brief

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Area ID

The area id of the requested OSPF area.

Neighbor

The neighbor interface of the OSPF virtual interface.

Hello Interval

The configured hello interval for the OSPF virtual interface.

Dead Interval

The configured dead interval for the OSPF virtual interface.

Retransmit
Interval

The configured retransmit interval for the OSPF virtual interface.

Transit Delay

The configured transit delay for the OSPF virtual interface.

OSPF Graceful Restart Commands
The OSPF protocol can be configured to participate in the checkpointing service, so that
these protocols can execute a graceful restart when the management unit fails. In a graceful
restart, the hardware to continues forwarding IPv4 packets using OSPF routes, while a
backup switch takes over management unit responsibility.
Graceful restart uses the concept of “helpful neighbors.” A fully adjacent router enters helper
mode when it receives a link state announcement (LSA) from the restarting management unit
indicating its intention of performing a graceful restart. In helper mode, a switch continues to
advertise to the rest of the network that they have full adjacencies with the restarting router,

Routing Commands
322

ProSafe Managed Switch

thereby avoiding announcement of a topology change and the potential for flooding of LSAs
and shortest-path-first (SPF) runs, which determine OSPF routes. Helpful neighbors continue
to forward packets through the restarting router. The restarting router relearns the network
topology from its helpful neighbors.
Graceful restart can be enabled for planned or unplanned restarts, or both. A planned restart
is initiated by the operator through the management command initiate failover. The operator
may initiate a failover to take the management unit out of service (for example, to address a
partial hardware failure), to correct faulty system behavior that cannot be corrected through
less severe management actions, or other reasons. An unplanned restart is an unexpected
failover, caused by a fatal hardware failure of the management unit or a software hang or
crash on the management unit.

nsf
Use this command to enable the OSPF graceful restart functionality on an interface. To
disable graceful restart, use the no form of the command.
Default

Disabled

Format

nsf [ietf] [planned-only]

Modes

OSPF Router Configuration

Parameter

Description

ietf

This keyword is accepted but not required.

planned-only

This optional keyword indicates that OSPF should perform only a graceful restart when
the restart is planned (that is, when the restart is a result of the initiate failover
command).

no nsf
Use this command to disable graceful restart for all restarts.
Format

no nsf

Modes

OSPF Router Configuration

nsf restart-interval
Use this command to configure the number of seconds that the restarting router asks its
neighbors to wait before exiting helper mode. This is called the “grace period.” The restarting
router includes the grace period in its grace LSAs. For planned restarts (using the initiate
failover command), the grace LSAs are sent prior to restarting the management unit,
whereas for unplanned restarts, they are sent after reboot begins. The grace period must be

Routing Commands
323

ProSafe Managed Switch

set long enough to allow the restarting router to reestablish all of its adjacencies and
complete a full database exchange with each of those neighbors.
Default

120 seconds

Format

nsf [ietf] restart-interval <1-1800>

Modes

OSPF Router Configuration

Parameter

Description

ietf

This keyword is accepted but not required.

seconds

The number of seconds that the restarting router asks its neighbors to wait before
exiting helper mode. The range is from 1 to 1800 seconds.

no nsfrestart-interval
Use this command to revert the grace period to its default value.
Format

no [ietf] nsf restart-interval

Modes

OSPF Router Configuration

nsf helper
Use this command to enable helpful neighbor functionality for the OSPF protocol. You can
enable this functionality for planned or unplanned restarts, or both.
Default

OSPF may act as a helpful neighbor for both planned and unplanned restarts

Format

nsf [ietf] helper [planned-only]

Modes

OSPF Router Configuration

Parameter

Description

ietf

This keyword is accepted but not required.

planned-only

This optional keyword indicates that OSPF should only help a restarting router
performing a planned restart.

no nsf helper
Use this command to disable helpful neighbor functionality for OSPF.
Format

no nsf [ietf] helper

Modes

OSPF Router Configuration

Routing Commands
324

ProSafe Managed Switch

nsf helper disable
Use this command to disable helpful neighbor functionality for OSPF.

Note: The commands no nsf helper and nsf ietf helper disable
are functionally equivalent. The command nsf ietf helper
disable is supported solely for compatibility with other network
software CLI.

Format

nsf [ietf] helper disable

Modes

OSPF Router Configuration

Parameter

Description

ietf

This keyword is accepted but not required.

nsf [ietf] helper strict-lsa-checking
The restarting router is unable to react to topology changes. In particular, the restarting router
will not immediately update its forwarding table; therefore, a topology change may introduce
forwarding loops or black holes that persist until the graceful restart completes. By exiting the
graceful restart on a topology change, a router tries to eliminate the loops or black holes as
quickly as possible by routing around the restarting router. A helpful neighbor considers a link
down with the restarting router to be a topology change, regardless of the strict LSA checking
configuration. Use this command to require that an OSPF helpful neighbor exit helper mode
whenever a topology change occurs.
Default

Enabled

Format

nsf [ietf] helper strict-lsa-checking

Modes

OSPF Router Configuration

Parameter

Description

ietf

This keyword is accepted but not required.

no nsf [ietf] helper strict-lsa-checking
Use this command to allow OSPF to continue as a helpful neighbor in spite of topology
changes.
Default

Enabled

Routing Commands
325

ProSafe Managed Switch

Format

nsf [ietf] helper strict-lsa-checking

Modes

OSPF Router Configuration

max-metric router-lsa
To configure OSPF to enter stub router mode, use this command in Router OSPF Global
Configuration mode. When OSPF is in stub router mode, as defined by RFC 3137, OSPF
sets the metric in the non-stub links in its router LSA to LsInfinity. Other routers therefore
compute very long paths through the stub router, and prefer any alternate path. Doing so
eliminates all transit traffic through the stub router, when alternate routes are available. Stub
router mode is useful when adding or removing a router from a network or to avoid transient
routes when a router reloads. You can administratively force OSPF into stub router mode.
OSPF remains in stub router mode until you take OSPF out of stub router mode.
Alternatively, you can configure OSPF to start in stub router mode for a configurable period of
time after the router boots up.
If you set the summary LSA metric to 16,777,215, other routers skip the summary LSA when
they compute routes.
If you have configured the router to enter stub router mode on startup (max-metric
router-lsa on-startup), and then enter max-metric router lsa, there is no
change. If OSPF is administratively in stub router mode (the max-metric router-lsa
command has been given), and you configure OSPF to enter stub router mode on startup
(max-metric router-lsa on-startup), OSPF exits stub router mode (assuming the
startup period has expired) and the configuration is updated.
Default

OSPF is not in stub router mode by default

Format

max-metric router-lsa [on-startup seconds] [summary-lsa
{metric}]

Mode

OSPFv2 Router Configuration

Parameter

Description

on-startup

(Optional) OSPF starts in stub router mode after a reboot.

seconds

(Required if on-startup) The number of seconds that OSPF remains in stub router
mode after a reboot. The range is 5 to 86,400 seconds. There is no default value.

summary-lsa

(Optional) Set the metric in type 3 and type 4 summary LSAs to LsInfinity (0xFFFFFF).

metric

(Optional) Metric to send in summary LSAs when in stub router mode. The range is 1
to 16,777,215. The default is 16,711,680 (0xFF0000).

no max-metric router-lsa
Use this command in OSPFv2 Router Configuration mode to disable stub router mode. The
command clears either type of stub router mode (always or on-startup) and resets the
summary-lsa option. If OSPF is configured to enter global configuration mode on startup,
and during normal operation you want to immediately place OSPF in stub router mode, issue

Routing Commands
326

ProSafe Managed Switch

the command no max-metric router-lsa on-startup. The command no
max-metric router-lsa summary-lsa causes OSPF to send summary LSAs with
metrics computed using normal procedures defined in RFC 2328.
Format

no max-metric router-lsa [on-startup] [summary-lsa]

Mode

OSPFv2 Router Configuration

OSPF Interface Flap Dampening Commands
Dampening
Use this command to enable IP event dampening on a routing interface.
Format

dampening [half-life period] [reuse-threshold suppress-threshold
max-suppress-time [restart restart-penalty]]

Mode

Interface Config

Parameter

Description

Half-life period

The number of seconds it takes for the penalty to reduce by half. The configurable range is
1-30 seconds. Default value is 5 seconds.

Reuse Threshold

The value of the penalty at which the dampened interface is restored. The configurable range
is 1-20,000. Default value is 1000.

Suppress
Threshold

The value of the penalty at which the interface is dampened. The configurable range is 120,000. Default value is 2000.

Max Suppress Time The maximum amount of time (in seconds) an interface can be in suppressed state after it
stops flapping. The configurable range is 1-255 seconds. The default value is four times of
half-life period. If half-period value is allowed to default, the maximum suppress time defaults
to 20 seconds.
Restart Penalty

Penalty applied to the interface after the device reloads. The configurable range is 1- 20,000.
Default value is 2000.

no dampening
This command disables IP event dampening on a routing interface.
Format

no dampening

Mode

Interface Config

Routing Commands
327

ProSafe Managed Switch

show dampening interface
This command summarizes the number of interfaces configured with dampening and the
number of interfaces being suppressed.
Format

show dampening interface

Mode

Privileged EXEC

The following shows example CLI display output for the command.
(netgear switch)# show dampening interface
2 interfaces are configured with dampening.
1 interface is being suppressed.

show interface dampening
This command displays the status and configured parameters of the interfaces configured
with dampening.
Format

show interface dampening

Mode

Privileged EXEC

Parameter

Description

Flaps

The number times the link state of an interface changed from UP to DOWN.

Penalty

Accumulated Penalty.

Supp

Indicates whether the interface is suppressed or not.

ReuseTm

Number of seconds until the interface is allowed to come up again.

HalfL

Configured half-life period.

ReuseV

Configured reuse-threshold.

SuppV

Configured suppress threshold.

MaxSTm

Configured maximum suppress time in seconds.

MaxPenalty

Maximum possible penalty.

Restart

Configured restart penalty.

Note: The CLI command clear counters resets the flap count to zero.
The interface CLI command no shutdown resets the suppressed
state to False.

Routing Commands
328

ProSafe Managed Switch

Any change in the dampening configuration resets the current
penalty, reuse time, and suppressed state to their default values,
meaning 0, 0, and FALSE respectively.

The following shows example CLI display output for the command.
(netgear switch)# show interface dampening
Interface 0/2
Flaps
Penalty
Supp
ReuseTm
HalfL
ReuseV
0
0
FALSE
0
5
1000

SuppV
2000

MaxSTm
20

MaxP
16000

Restart
0

Interface 0/3
Flaps
Penalty
6
1865

SuppV
2001

MaxSTm
30

MaxP
2828

Restart
1500

Supp
TRUE

ReuseTm
18

HalfL
20

ReuseV
1000

Routing Information Protocol (RIP) Commands
This section describes the commands you use to view and configure RIP, which is a
distance-vector routing protocol that you use to route traffic within a small network.

router rip
Use this command to enter Router RIP mode.
Format

router rip

Mode

Global Config

enable (RIP)
This command resets the default administrative mode of RIP in the router (active).
Default

enabled

Format

enable

Mode

Router RIP Config

no enable (RIP)
This command sets the administrative mode of RIP in the router to inactive.
Format

no enable

Mode

Router RIP Config

Routing Commands
329

ProSafe Managed Switch

ip rip
This command enables RIP on a router interface.
Default

disabled

Format

ip rip

Mode

Interface Config

no ip rip
This command disables RIP on a router interface.
Format

no ip rip

Mode

Interface Config

auto-summary
This command enables the RIP auto-summarization mode.
Default

disabled

Format

auto-summary

Mode

Router RIP Config

no auto-summary
This command disables the RIP auto-summarization mode.
Format

no auto-summary

Mode

Router RIP Config

default-information originate (RIP)
This command is used to control the advertisement of default routes.
Format

default-information originate

Mode

Router RIP Config

no default-information originate (RIP)
This command is used to control the advertisement of default routes.
Format

no default-information originate

Mode

Router RIP Config

Routing Commands
330

ProSafe Managed Switch

default-metric (RIP)
This command is used to set a default for the metric of distributed routes.
Format

default-metric <0-15>

Mode

Router RIP Config

no default-metric (RIP)
This command is used to reset the default metric of distributed routes to its default value.
Format

no default-metric

Mode

Router RIP Config

distance rip
This command sets the route preference value of RIP in the router. Lower route preference
values are preferred when determining the best route. A route with a preference of 255
cannot be used to forward traffic.
Default

15

Format

distance rip <1-255>

Mode

Router RIP Config

no distance rip
This command sets the default route preference value of RIP in the router.
Format

no distance rip

Mode

Router RIP Config

distribute-list out (RIP)
This command is used to specify the access list to filter routes received from the source
protocol.
Default

0

Format

distribute-list <1-199> out {ospf | static | connected}

Mode

Router RIP Config

Routing Commands
331

ProSafe Managed Switch

no distribute-list out
This command is used to specify the access list to filter routes received from the source
protocol.
Format

no distribute-list <1-199> out {ospf | static | connected}

Mode

Router RIP Config

ip rip authentication
This command sets the RIP Version 2 Authentication Type and Key for the specified
interface. The value of  is either none, simple, or encrypt. The value for
authentication key [key] must be 16 bytes or less. The [key] is composed of standard
displayable, non-control keystrokes from a Standard 101/102-key keyboard. If the value of
 is encrypt, a keyid in the range of 0 and 255 must be specified. Unauthenticated
interfaces do not need an authentication key or authentication key ID.
Default

none

Format

ip rip authentication {none | {simple } | {encrypt 
}}

Mode

Interface Config

no ip rip authentication
This command sets the default RIP Version 2 Authentication Type for an interface.
Format

no ip rip authentication

Mode

Interface Config

ip rip receive version
This command configures the interface to allow RIP control packets of the specified
version(s) to be received.
The value for  is one of: rip1 to receive only RIP version 1 formatted packets, rip2
for RIP version 2, both to receive packets from either format, or none to not allow any RIP
control packets to be received.
Default

both

Format

ip rip receive version {rip1 | rip2 | both | none}

Mode

Interface Config

Routing Commands
332

ProSafe Managed Switch

no ip rip receive version
This command configures the interface to allow RIP control packets of the default version(s)
to be received.
Format

no ip rip receive version

Mode

Interface Config

ip rip send version
This command configures the interface to allow RIP control packets of the specified version
to be sent. The value for  is one of: rip1 to broadcast RIP version 1 formatted
packets, rip1c (RIP version 1 compatibility mode) which sends RIP version 2 formatted
packets via broadcast, rip2 for sending RIP version 2 using multicast, or none to not allow
any RIP control packets to be sent.
Default

ripi2

Format

ip rip send version {rip1 | rip1c | rip2 | none}

Mode

Interface Config

no ip rip send version
This command configures the interface to allow RIP control packets of the default version to
be sent.
Format

no ip rip send version

Mode

Interface Config

hostroutesaccept
This command enables the RIP hostroutesaccept mode.
Default

enabled

Format

hostroutesaccept

Mode

Router RIP Config

no hostroutesaccept
This command disables the RIP hostroutesaccept mode.
Format

no hostroutesaccept

Mode

Router RIP Config

Routing Commands
333

ProSafe Managed Switch

split-horizon
This command sets the RIP split horizon mode. Split horizon is a technique for avoiding
problems caused by including routes in updates sent to the router from which the route was
originally learned. The options are: None - no special processing for this case. Simple - a
route will not be included in updates sent to the router from which it was learned. Poisoned
reverse - a route will be included in updates sent to the router from which it was learned, but
the metric will be set to infinity.
Default

simple

Format

split-horizon {none | simple | poison}

Mode

Router RIP Config

no split-horizon
This command sets the default RIP split horizon mode.
Format

no split-horizon

Mode

Router RIP Config

redistribute (RIP)
This command configures RIP protocol to redistribute routes from the specified source
protocol/routers. There are five possible match options. When you submit the command
redistribute ospf match  the match-type or types specified are added to any
match types presently being redistributed. Internal routes are redistributed by default.
Default

• metric—not-configured
• match—internal

Format for
OSPF as
source
protocol

redistribute ospf [metric <0-15>] [match [internal] [external 1]
[external 2] [nssa-external 1] [nssa-external-2]]

Format for
redistribute {static | connected} [metric <0-15>]
other source
protocol
Mode

Router RIP Config

no redistribute
This command de-configures RIP protocol to redistribute routes from the specified source
protocol/routers.
Format

no redistribute {ospf | static | connected} [metric] [match
[internal] [external 1] [external 2] [nssa-external 1]
[nssa-external-2]]

Mode

Router RIP Config

Routing Commands
334

ProSafe Managed Switch

show ip rip
This command displays information relevant to the RIP router.
Format

show ip rip

Modes

• Privileged EXEC
• User EXEC

Term

Definition

RIP Admin
Mode

Enable or disable.

Split Horizon
Mode

None, simple or poison reverse.

Auto Summary
Mode

Enable or disable. If enabled, groups of adjacent routes are summarized into single
entries, in order to reduce the total number of entries The default is enable.

Host Routes
Accept Mode

Enable or disable. If enabled the router accepts host routes. The default is enable.

Global Route
Changes

The number of route changes made to the IP Route Database by RIP. This does not
include the refresh of a route's age.

Global queries

The number of responses sent to RIP queries from other systems.

Default Metric

The default metric of redistributed routes if one has already been set, or blank if not
configured earlier. The valid values are 1 to 15.

Default Route
Advertise

The default route.

show ip rip interface brief
This command displays general information for each RIP interface. For this command to
display successful results routing must be enabled per interface (i.e., ip rip).
Format

show ip rip interface brief

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Interface

Valid slot and port number separated by forward slashes.

IP Address

The IP source address used by the specified RIP interface.

Send Version

The RIP version(s) used when sending updates on the specified interface. The types are
none, RIP-1, RIP-1c, RIP-2

Receive Version The RIP version(s) allowed when receiving updates from the specified interface. The
types are none, RIP-1, RIP-2, Both

Routing Commands
335

ProSafe Managed Switch

Term

Definition

RIP Mode

The administrative mode of router RIP operation (enabled or disabled).

Link State

The mode of the interface (up or down).

show ip rip interface
This command displays information related to a particular RIP interface.
Format

show ip rip interface { | vlan <1-4093>}

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Interface

Valid slot and port number separated by forward slashes. This is a configured value.

IP Address

The IP source address used by the specified RIP interface. This is a configured value.

Send Version

The RIP version(s) used when sending updates on the specified interface. The types are
none, RIP-1, RIP-1c, RIP-2. This is a configured value.

Receive Version The RIP version(s) allowed when receiving updates from the specified interface. The
types are none, RIP-1, RIP-2, Both. This is a configured value.
RIP Admin
Mode

RIP administrative mode of router RIP operation; enable activates, disable de-activates
it. This is a configured value.

Link State

Indicates whether the RIP interface is up or down. This is a configured value.

Authentication
Type

The RIP Authentication Type for the specified interface. The types are none, simple, and
encrypt. This is a configured value.

Default Metric

A number which represents the metric used for default routes in RIP updates originated
on the specified interface. This is a configured value.

The following information will be invalid if the link state is down.
Term

Definition

Bad Packets
Received

The number of RIP response packets received by the RIP process which were
subsequently discarded for any reason.

Bad Routes
Received

The number of routes contained in valid RIP packets that were ignored for any reason.

Updates Sent

The number of triggered RIP updates actually sent on this interface.

ICMP Throttling Commands
This section describes the commands you use to configure options for the transmission of
various types of ICMP messages.

Routing Commands
336

ProSafe Managed Switch

ip unreachables
Use this command to enable the generation of ICMP Destination Unreachable messages. By
default, the generation of ICMP Destination Unreachable messages is enabled.
Default

enable

Format

ip unreachables

Mode

Interface Config

no ip unreachables
Use this command to prevent the generation of ICMP Destination Unreachable messages.
Format

no ip unreachables

Mode

Interface Config

ip redirects
Use this command to enable the generation of ICMP Redirect messages by the router. By
default, the generation of ICMP Redirect messages is disabled.
Default

disabled

Format

ip redirects

Mode

• Global Config
• Interface Config

no ip redirects
Use this command to prevent the generation of ICMP Redirect messages by the router.
Format

no ip redirects

Mode

• Global Config
• Interface Config

ip icmp echo-reply
Use this command to enable the generation of ICMP Echo Reply messages by the router. By
default, the generation of ICMP Echo Reply messages is enabled.
Default

enabled

Format

ip icmp echo-reply

Mode

Global Config

Routing Commands
337

ProSafe Managed Switch

no ip icmp echo-reply
Use this command to prevent the generation of ICMP Echo Reply messages by the router.
Format

no ip icmp echo-reply

Mode

Global Config

ip icmp error-interval
Use this command to limit the rate at which IPv4 ICMP error messages are sent. The rate
limit is configured as a token bucket, with two configurable parameters, burst-size and
burst-interval.
The burst-interval specifies how often the token bucket is initialized with burst-size tokens.
burst-interval is from 0 to 2147483647 milliseconds (msec).
The burst-size is the number of ICMP error messages that can be sent during one
burst-interval. The range is from 1 to 200 messages.
To disable ICMP rate limiting, set burst-interval to zero (0).
Default

• burst-interval of 1000 msec.
• burst-size of 100 messages

Format

ip icmp error-interval  []

Mode

Global Config

no ip icmp error-interval
Use the no form of the command to return burst-interval and burst-size to their default values.
Format

no ip icmp error-interval

Mode

Global Config

Routing Commands
338

6.

IP Multicast Commands

6

This chapter describes the IP Multicast commands available in the managed switch CLI.

Note: Some commands described in this chapter require a license. For
more information, see Licensing and Command Support on page 8.

This chapter contains the following sections:
•

Multicast Commands

•

DVMRP Commands

•

PIM Commands

•

Internet Group Message Protocol (IGMP) Commands

•

IGMP Proxy Commands

The commands in this chapter are in two functional groups:
•

Show commands display switch settings, statistics, and other information.

•

Configuration commands configure features and options of the switch. For every
configuration command, there is a show command that displays the configuration setting.

Multicast Commands
This section describes the commands you use to configure IP Multicast and to view IP
Multicast settings and statistics.

ip mcast boundary
This command adds an administrative scope multicast boundary specified by
 and  for which this multicast administrative boundary is applicable.
 is a group IP address and  is a group IP mask.
Format

ip mcast boundary  

Mode

Interface Config

339

ProSafe Managed Switch

no ip mcast boundary
This command deletes an administrative scope multicast boundary specified by
 and  for which this multicast administrative boundary is applicable.
 is a group IP address and  is a group IP mask.
Format

no ip mcast boundary  

Mode

Interface Config

ip multicast
This command sets the administrative mode of the IP multicast forwarder in the router to
active.
Default

disabled

Format

ip multicast

Mode

Global Config

no ip multicast
This command sets the administrative mode of the IP multicast forwarder in the router to
inactive.
Format

no ip multicast

Mode

Global Config

ip multicast ttl-threshold
This command is specific to IPv4. Use this command to apply the given Time-to-Live
threshold value  to a routing interface. The  is the TTL
threshold which is to be applied to the multicast Data packets which are to be forwarded from
the interface. This command sets the Time-to-Live threshold value such that any data
packets forwarded over the interface having TTL value below the configured value are
dropped. The value for  ranges from 0 to 255.
Default

1

Format

ip multicast ttl-threshold 

Mode

Interface Config

IP Multicast Commands
340

ProSafe Managed Switch

no ip multicast ttl-threshold
This command applies the default  to a routing interface. The
 is the TTL threshold which is to be applied to the multicast Data packets
which are to be forwarded from the interface.
Format

no ip multicast ttl-threshold

Mode

Interface Config

ip mroute
This command configures an IPv4 Multicast Static Route for a Source.
src-addr is Source IP address of a multicast source or source IP route prefix.
src-mask is Mask associated with the source IP address or source IP route prefix.
rpf-addr is IP address to be used as the RPF address. The interface associated with this
IP address, thus, is used as the incoming interface for the mroute.
preference is Administrative distance for the mroute. The lower values have better
preference. If the static mroute has the same distance as the other RPF sources, the static
mroute will take precedence. The range is from 0 to 255. The default is 0 .
Default

No MRoute is configured on the system

Format

ip mroute    

Mode

Global Config

no ip mroute
This command removes the configured IP Multicast Static Route.
Format

noip mroute 

Mode

Global Config

show ip mcast
This command displays the system-wide multicast information.
Format

show ip mcast

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Admin Mode

The administrative status of multicast. Possible values are enabled or disabled.

Protocol State

The current state of the multicast protocol. Possible values are Operational or
Non-Operational.

IP Multicast Commands
341

ProSafe Managed Switch

Term

Definition

Table Max Size

The maximum number of entries allowed in the multicast table.

Protocol

The multicast protocol running on the router. Possible values are PIM-DM, PIM-SM, or
DVMRP.

Multicast
Forwarding
Cache Entry
Count

The number of entries in the multicast forwarding cache.

show ip mcast boundary
This command displays all the configured administrative scoped multicast boundaries.
Format

show ip mcast boundary { | all}

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Interface

Valid slot and port number separated by forward slashes.

Group Ip

The group IP address.

Mask

The group IP mask.

show ip mcast interface
This command displays the multicast information for the specified interface.
Format

show ip mcast interface 

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Interface

Valid slot and port number separated by forward slashes.

TTL

The time-to-live value for this interface.

show ip mcast mroute
This command displays a summary or all the details of the multicast table.
Format

show ip mcast mroute {detail | summary}

Modes

• Privileged EXEC
• User EXEC

IP Multicast Commands
342

ProSafe Managed Switch

If you use the detail parameter, the command displays the following fields:
Term

Definition

Source IP

The IP address of the multicast data source.

Group IP

The IP address of the destination of the multicast packet.

Expiry Time

The time of expiry of this entry in seconds.

Up Time

The time elapsed since the entry was created in seconds.

RPF Neighbor

The IP address of the RPF neighbor.

Flags

The flags associated with this entry.

If you use the summary parameter, the command displays the following fields:
Term

Definition

Source IP

The IP address of the multicast data source.

Group IP

The IP address of the destination of the multicast packet.

Protocol

The multicast routing protocol by which the entry was created.

Incoming
Interface

The interface on which the packet for the source/group
arrives.

Outgoing
Interface List

The list of outgoing interfaces on which the packet
is forwarded.

show ip mcast mroute group
This command displays the multicast configuration settings such as flags, timer settings,
incoming and outgoing interfaces, RPF neighboring routers, and expiration times of all the
entries in the multicast mroute table containing the given .
Format

show ip mcast mroute group  {detail |summary}

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Source IP

The IP address of the multicast data source.

Group IP

The IP address of the destination of the multicast packet.

Protocol

The multicast routing protocol by which this entry was created.

Incoming
Interface

The interface on which the packet for this group arrives.

Outgoing
Interface List

The list of outgoing interfaces on which this packet is forwarded.

IP Multicast Commands
343

ProSafe Managed Switch

show ip mcast mroute source
This command displays the multicast configuration settings such as flags, timer settings,
incoming and outgoing interfaces, RPF neighboring routers, and expiration times of all the
entries in the multicast mroute table containing the given source IP address or source IP
address and group IP address pair.
Format

show ip mcast mroute source  {summary | detail}

Modes

• Privileged EXEC
• User EXEC

If you use the detail parameter, the command displays the following column headings in
the output table:
Term

Definition

Source IP

The IP address of the multicast data source.

Group IP

The IP address of the destination of the multicast packet.

Expiry Time

The time of expiry of this entry in seconds.

Up Time

The time elapsed since the entry was created in seconds.

RPF Neighbor

The IP address of the RPF neighbor.

Flags

The flags associated with this entry.

If you use the summary parameter, the command displays the following column headings in
the output table:
Term

Definition

Source IP

The IP address of the multicast data source.

Group IP

The IP address of the destination of the multicast packet.

Protocol

The multicast routing protocol by which this entry was created.

Incoming
Interface

The interface on which the packet for this source arrives.

Outgoing
Interface List

The list of outgoing interfaces on which this packet is forwarded.

DVMRP Commands
This section provides a detailed explanation of the Distance Vector Multicast Routing
Protocol (DVMRP) commands.

IP Multicast Commands
344

ProSafe Managed Switch

ip dvmrp(Global Config)
This command sets administrative mode of DVMRP in the router to active.
Default

disabled

Format

ip dvmrp

Mode

Global Config

no ip dvmrp(Global Config)
This command sets administrative mode of DVMRP in the router to inactive.
Format

no ip dvmrp

Mode

Global Config

ip dvmrp metric
This command configures the metric for an interface. This value is used in the DVMRP
messages as the cost to reach this network. This field has a range of 1 to 31.
Default

1

Format

ip dvmrp metric 

Mode

Interface Config

no ip dvmrp metric
This command resets the metric for an interface to the default value. This value is used in the
DVMRP messages as the cost to reach this network.
Format

no ip dvmrp metric

Mode

Interface Config

ip dvmrp trapflags
This command enables the DVMRP trap mode.
Default

disabled

Format

ip dvmrp trapflags

Mode

Global Config

IP Multicast Commands
345

ProSafe Managed Switch

no ip dvmrp trapflags
This command disables the DVMRP trap mode.
Format

no ip dvmrp trapflags

Mode

Global Config

ip dvmrp
This command sets the administrative mode of DVMRP on an interface to active.
Default

disabled

Format

ip dvmrp

Mode

Interface Config

no ip dvmrp
This command sets the administrative mode of DVMRP on an interface to inactive.
Format

no ip dvmrp

Mode

Interface Config

show ip dvmrp
This command displays the system-wide information for DVMRP.
Format

show ip dvmrp

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Admin Mode

Indicates whether DVMRP is enabled or disabled.

Version

The version of DVMRP being used.

Total Number of The number of routes in the DVMRP routing table.
Routes
Reachable
Routes

The number of entries in the routing table with non-infinite metrics.

The following fields are displayed for each interface.
Term

Definition

Interface

Valid slot and port number separated by forward slashes.

IP Multicast Commands
346

ProSafe Managed Switch

Term

Definition

Interface-Mode

The mode of this interface. Possible values are Enabled and Disabled.

Operational-stat The current state of DVMRP on this interface. Possible values are Operational or
us
Non-Operational.

show ip dvmrp interface
This command displays the interface information for DVMRP on the specified interface.
Format

show ip dvmrp interface 

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Interface Mode

Indicates whether DVMRP is enabled or disabled on the specified interface.

Metric

The metric of this interface. This is a configured value.

Local Address

The IP address of the interface.

The following field is displayed only when DVMRP is operational on the interface.
Term

Definition

Generation ID

The Generation ID value for the interface. This is used by the neighboring routers to
detect that the DVMRP table should be resent.

The following fields are displayed only if DVMRP is enabled on this interface.
Term

Definition

Received Bad
Packets

The number of invalid packets received.

Received Bad
Routes

The number of invalid routes received.

Sent Routes

The number of routes that have been sent on this interface.

show ip dvmrp neighbor
This command displays the neighbor information for DVMRP.
Format

show ip dvmrp neighbor

Modes

• Privileged EXEC
• User EXEC

IP Multicast Commands
347

ProSafe Managed Switch

Term

Definition

IfIndex

The value of the interface used to reach the neighbor.

Nbr IP Addr

The IP address of the DVMRP neighbor for which this entry contains information.

State

The state of the neighboring router. The possible value for this field are ACTIVE or
DOWN.

Up Time

The time since this neighboring router was learned.

Expiry Time

The time remaining for the neighbor to age out. This field is not applicable if the State is
DOWN.

Generation ID

The Generation ID value for the neighbor.

Major Version

The major version of DVMRP protocol of neighbor.

Minor Version

The minor version of DVMRP protocol of neighbor.

Capabilities

The capabilities of neighbor.

Received
Routes

The number of routes received from the neighbor.

Rcvd Bad Pkts

The number of invalid packets received from this neighbor.

Rcvd Bad
Routes

The number of correct packets received with invalid routes.

show ip dvmrp nexthop
This command displays the next hop information on outgoing interfaces for routing multicast
datagrams.
Format

show ip dvmrp nexthop

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Source IP

The sources for which this entry specifies a next hop on an outgoing interface.

Source Mask

The IP Mask for the sources for which this entry specifies a next hop on an outgoing
interface.

Next Hop
Interface

The interface in unit/slot/port format for the outgoing interface for this next hop.

Type

The network is a LEAF or a BRANCH.

IP Multicast Commands
348

ProSafe Managed Switch

show ip dvmrp prune
This command displays the table listing the router’s upstream prune information.
Format

show ip dvmrp prune

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Group IP

The multicast Address that is pruned.

Source IP

The IP address of the source that has pruned.

Source Mask

The network Mask for the prune source. It should be all 1s or both the prune source and
prune mask must match.

Expiry Time
(secs)

The expiry time in seconds. This is the time remaining for this prune to age out.

show ip dvmrp route
This command displays the multicast routing information for DVMRP.
Format

show ip dvmrp route

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Source Address The multicast address of the source group.
Source Mask

The IP Mask for the source group.

Upstream
Neighbor

The IP address of the neighbor which is the source for the packets for a specified
multicast address.

Interface

The interface used to receive the packets sent by the sources.

Metric

The distance in hops to the source subnet. This field has a different meaning than the
Interface Metric field.

Expiry Time
(secs)

The expiry time in seconds, which is the time left for this route to age out.

Up Time (secs)

The time when a specified route was learnt, in seconds.

PIM Commands
This section describes the commands you use to configure Protocol Independent Multicast
(PIM). PIM is a multicast routing protocol that provides scalable inter-domain multicast

IP Multicast Commands
349

ProSafe Managed Switch

routing across the Internet, independent of the mechanisms provided by any particular
unicast routing protocol.

ip pim dense (Global Config)
This command enables the administrative mode of PIM-DM in the router.
Default

Disabled

Format

ip pim dense

Mode

Global Config

no ip pim dense (Global Config)
This command disables the administrative mode of PIM-DM in the router.
Format

no ip pim dense

Mode

Global Config

ip pim (Interface Config)
This command sets administrative mode of PIM on an interface to enabled.
Default

disabled

Format

ip pim

Mode

Interface Config

no ip pim (Interface Config)
This command sets administrative mode of PIM on an interface to disabled.
Format

no ip pim

Mode

Interface Config

ip pim hello-interval
This command configures the transmission frequency of PIM Hello messages between PIM
enabled neighbors. This field has a range of 0 to 18000 seconds.
Default

30

Format

ip pim hello-interval <0-18000>

Mode

Interface Config

IP Multicast Commands
350

ProSafe Managed Switch

no ip pim hello-interval
This command resets the transmission frequency of hello messages between PIM enabled
neighbors to its default value.
Format

no ip pim hello-interval

Mode

Interface Config

show ip pim interface
This command displays the PIM Interface status parameters. If the interface number is not
specified, this command displays the status parameters of all the PIM enabled interfaces.
Format

show ip pim interface 

Modes

Privileged EXEC

Term

Definition

Mode

Active PIM protocol

Interface

Interface number.

Hello Interval

Hello interval value. The frequency at which PIM hello messages are transmitted on this
interface. By default, the value is 30 seconds.

Join-prune
Interval

Join-prune interval value.

DR Priority

DR Priority configured on this Interface. This is not applicable if the interface mode is
Dense

BSR Border

Is this interface configured as a BSR Border?

Neighbor Count Number of PIM Neighbors learnt on this interface. This field is displayed only when the
interface is operational.
Designated
-Router

IP Address of the elected DR on the Interface. This field is displayed only when the
interface is Operational.

Example 1:
(Switch) #show ip pim interface
Interface 1/0/1
Mode Sparse
Hello Interval (secs) 30
Join Prune Interval (secs) 60
DR Priority 1
BSR Border Disabled
Neighbor Count 1
Designated Router 192.168.10.1
Example 2:
(Switch) #show ip pim interface
Interface 1/0/1
Mode Dense
Hello Interval (secs) 30

IP Multicast Commands
351

ProSafe Managed Switch

Join Prune Interval (secs) 60
DR Priority NA
BSR Border Disabled
Neighbor Count 1
Designated Router NA

show ip pim neighbor
This command displays the neighbor information for PIM on the specified interface.
Format

show ip pim neighbor 

Modes

Privileged EXEC

Term

Definition

Neighbor
Address

The IP address of the PIM neighbor.

Interface

Interface number. Valid slot and port number separated by forward slashes.

UpTime

The time since this neighbor has become active on this interface.

Expiry Time

Time remaining for the neighbor to expire.

DR Priority

DR Priority configured on this Interface [ PIM -SM only ].

(Switch) #show ip pim neighbor 1/0/1
Neighbor Addr Interface Uptime Expiry Time DR
(hh:mm:ss) (hh:mm:ss) Priority
--------------- --------- ----------- ----------- -------192.168.10.2 1/0/1 00:02:55 00:01:15 NA
(Switch) #show ip pim neighbor
Neighbor Addr Interface Uptime Expiry Time DR
(hh:mm:ss) (hh:mm:ss) Priority
--------------- --------- ----------- ----------- -------192.168.10.2 1/0/1 00:02:55 00:01:15 1
192.168.20.2 1/0/2 00:03:50 00:02:10 1

ip pim sparse(Global Config)
This command is used to administratively enable PIM Sparse Mode (PIM-SM) multicast
routing mode on the router.
Default

disabled

Format

ip pim sparse

Mode

Global Config

IP Multicast Commands
352

ProSafe Managed Switch

no ip pim sparse(Global Config)
This command is used to administratively disable PIM-SM multicast routing mode on the
router.
Format

no ip pim sparse

Mode

Global Config

ip pim bsr-border
Use this command to prevent bootstrap router (BSR) messages from being sent or received
through an interface.
Default

disabled

Format

ip pim bsr-border

Mode

Interface Config

no ip pim bsr-border
Use this command to disable the interface from being the BSR border.
Format

no ip pim bsr-border

Mode

Interface Config

ip pim bsr-candidate
This command is used to configure the router to announce its candidacy as a bootstrap
router (BSR).
Format

ip pim bsr-candidate interface [vlan | ]   [interval ]

Mode

Global Config

Parameters

Description

hash-mask
length

Length of a mask (32 bits maximum) that is to be ANDed with the group address before
the hash function is called. All groups with the same seed hash correspond to the same
RP. For example, if this value was 24, only the first 24 bits of the group addresses matter.
This allows you to get one RP for multiple groups.

bar-priority

Priority of the candidate BSR. The range is an integer from 0 to 255. The BSR with the
larger priority is preferred. If the priority values are the same, the router with the larger IP
address is the BSR. The default value is 0.

interval

The C-BSR advertisement interval. If the interval values are reduced from the default
value of 60 seconds, there could be issues in the network (especially BSR) due to
flooding of these packets. However, it will provide RP fast failover.

IP Multicast Commands
353

ProSafe Managed Switch

no ip pim bsr-candidate
This command is used to disable the router to announce its candidacy as a bootstrap router
(BSR).
Format

no ip pim bsr-candidate interface [vlan | ]

Mode

Global Config

ip pim dr-priority
Use this command to set the priority value for which a router is elected as the designated
router (DR).
Default

1

Format

ip pim dr-priority <0-2147483647>

Mode

Interface Config

no ip pim dr-priority
Use this command to disable the interface from being the BSR border.
Format

no ip pim dr-priority

Mode

Interface Config

ip pim join-prune-interval
This command is used to configure the interface join/prune interval for the PIM router. The
join/prune interval is specified in seconds. This parameter can be configured to a value from
0 to 18000.
Default

60

Format

ip pim join-prune-interval <0-18000>

Mode

Interface Config

no ip pim join-prune-interval
Use this command to set the join/prune interval to the default value.
Format

no ip pim join-prune-interval

Mode

Interface Config

ip pim rp-address
This command is used to statically configure the RP address for one or more multicast
groups. The parameter  is the IP address of the RP. The parameter

IP Multicast Commands
354

ProSafe Managed Switch

 is the group address supported by the RP. The parameter 
is the group mask for the group address. The optional keyword override indicates that if
there is a conflict, the RP configured with this command prevails over the RP learned by
BSR.
Default

disabled

Format

ip pim rp-address   
[override]

Mode

Global Config

no ip pim rp-address
This command is used to statically remove the RP address for one or more multicast groups.
Format

no ip pim rp-address   
[override]

Mode

Global Config

ip pim rp-candidate
This command is used to configure the router to advertise itself as a PIM candidate
rendezvous point (RP) to the bootstrap router (BSR).
Format

ip pim rp-candidate interface  
 {interval }

Mode

Global Config

Parameter

Description

interface-num

The IP address associated with this interface type and number is advertised as a
candidate RP address. This interface must be enabled with PIM.

group-address,
group-mask

The multicast group address and prefix that are advertised in association with the RP
address.

interval

(Optional) Indicates the RP candidate advertisement interval. The range is from 1 to
16383 seconds. The default is 60 seconds.

no ip pim rp-candidate
This command is used to disable the router to advertise itself as a PIM candidate rendezvous
point (RP) to the bootstrap router (BSR).
Format

no ip pim rp-candidate interface 

Mode

Global Config

IP Multicast Commands
355

ProSafe Managed Switch

ip pim ssm
Use this command to define the Source Specific Multicast (SSM) range of IP multicast
addresses.
Default

disabled

Format

ip pim ssm {default |  }

Mode

Global Config

Parameter

Description

default-range

Defines the SSM range access list to 232/8.

no ip pim ssm
This command is used to disable the Source Specific Multicast (SSM) range.
Format

no ip pim ssm {default |  }

Mode

Global Config

ip pim-trapflags
This command enables the PIM trap mode for both Sparse Mode (SM) and Dense Mode.
(DM).
Default

disabled

Format

ip pim-trapflags

Mode

Global Config

no ip pim-trapflags
This command sets the PIM trap mode to the default.
Format

no ip pim-trapflags

Mode

Global Config

show ip pim
This command displays the system-wide information for PIM (global configuration mode and
interface status).
Format

show ip pim

Modes

Privileged EXEC

IP Multicast Commands
356

ProSafe Managed Switch

Term

Definition

PIM Mode

Configured mode of PIM protocol (enabled or disabled).

Interface

Interface number.

Interface-Mode

Enable status of the interface.

Operational-Sta Operational Status of the Interface.
tus

Example 1:
(Switch) #show ip pim
PIM Mode Dense
Interface
--------1/0/1
1/0/3

Interface-Mode
-------------Enabled
Disabled

Operational-Status
-----------------Operational
Non-Operational

Example 2:
(Switch) #show ip pim
PIM Mode Sparse
Interface Interface-Mode
--------- -------------1/0/1
Enabled
1/0/3
Disabled

Operational-Status
-----------------Operational
Non-Operational

show ip pim ssm
This command shows the configured source specific IP multicast addresses.
Format

show ip pim ssm

Mode

Privileged EXEC

Term

Definition

Group Address

The address of the SSM Group.

Prefix Length

Prefix Length of the SSM Group.

(Switch) #show ip pim ssm
Group Address/Prefix Length
---------------------------232.0.0.0/8

IP Multicast Commands
357

ProSafe Managed Switch

show ip pim bsr-router
This command displays the bootstrap router (BSR) information. The output includes elected
BSR information and information about the locally configured candidate rendezvous point
(RP) advertisement.
Format

show ip pim bsr-router [candidate | elected]

Mode

• Privileged EXEC
• User EXEC

Term

Definition

BSR Address

IP address of the BSR.

BSR Priority

For candidate it is the configured priority and for elected BSR it is the learned priority..

BSR Hash Mask
Length

Configured or learned hash mask length of the BSR.

Next Bootstrap
message

Time (in hours, minutes, and seconds) in which to send the next bootstrap message
from this BSR.

Next Candidate RP Time (in hours, minutes, and seconds) in which the next CRP advertisement will be
Advertisement in
sent. This field is applicable only for the elected RP.
(Switch) #show ip pim bsr-router candidate
BSR Address 192.168.10.1
BSR Priority 0
BSR Hash Mask Length 32
Next Bootstrap message (hh:mm:ss) NA
Next Candidate RP Advertisement (hh:mm:ss)NA
(Switch) #show ip pim bsr-router elected
BSR Address 192.168.10.1
BSR Priority 0
BSR Hash Mask Length 32
Next Bootstrap message (hh:mm:ss) 00:00:05
Next Candidate RP Advertisement (hh:mm:ss)00:00:02

show ip pim rp-hash
This command displays the rendezvous point selected for the specified group address..
Format
Modes

show ip pim rp-hash 
Privileged EXEC

Term

Definition

RP Address

Address of the RP for the group specified.

Type

Origin from where this group mapping is learned.

(Switch) # show ip pim rp-hash 224.1.2.0
RP Address 192.168.10.1
Type Static

IP Multicast Commands
358

ProSafe Managed Switch

show ip pim rp mapping
This command displays the mappings for the PIM group to the active rendezvous points..
Format

show ip pim rp mapping [ | candidate | static]

Modes

Privileged EXEC

Term

Definition

RP Address

The IP address of the RP for the group specified.

Group Address

Address of the multicast group

Group Mask

Mask for the group address.

Origin

Origin from where this group mapping is learned.

Expiry Time

Expiry time of the elected RP.

Example 1:
(Switch) #show ip pim rp mapping 192.168.10.1
RP Address 192.168.10.1
Group Address 224.1.2.1
Group Mask 255.255.255.0
Origin Static
Expiry Time (hh:mm:ss) NA

Example 2:
(Switch) #show ip pim rp mapping
RP Address 192.168.10.1
Group Address 224.1.2.1
Group Mask 255.255.255.0
Origin Static
Expiry Time (hh:mm:ss) NA
RP Address 192.168.20.1
Group Address 229.2.0.0
Group Mask 255.255.0.0
Origin Static
Expiry Time (hh:mm:ss) NA

Example 3:
(Switch) #show ip pim rp mapping candidate
RP Address 192.168.10.1
Group Address 224.1.2.1
Group Mask 255.255.255.0
Origin BSR
Expiry Time (hh:mm:ss) 00:00:08

Example 4:
(Switch) #show ip pim rp mapping static
RP Address 192.168.20.1
Group Address 229.2.0.0

IP Multicast Commands
359

ProSafe Managed Switch

Group Mask 255.255.0.0
Origin Static
Expiry Time (hh:mm:ss) NA

Internet Group Message Protocol (IGMP) Commands
This section describes the commands you use to view and configure IGMP settings.

ip igmp
This command sets the administrative mode of IGMP in the system to active.
Default

disabled

Format

ip igmp

Modes

• Global Config
• Interface Config

no ip igmp
This command sets the administrative mode of IGMP in the system to inactive.
Format

no ip igmp

Modes

• Global Config
• Interface Config

ip igmp version
This command configures the version of IGMP for an interface. The value for  is
either 1, 2 or 3.
Default

3

Format

ip igmp version 

Modes

Interface Config

no ip igmp version
This command resets the version of IGMP to the default value.
Format

no ip igmp version

Modes

Interface Config

IP Multicast Commands
360

ProSafe Managed Switch

ip igmp last-member-query-count
This command sets the number of Group-Specific Queries sent before the router assumes
that there are no local members on the interface. The range for  is 1 to 20.
Format

ip igmp last-member-query-count 

Modes

Interface Config

no ip igmp last-member-query-count
This command resets the number of Group-Specific Queries to the default value.
Format

no ip igmp last-member-query-count

Modes

Interface Config

ip igmp last-member-query-interval
This command configures the Maximum Response Time inserted in Group-Specific Queries
which are sent in response to Leave Group messages. The range for  is 0 to 255
tenths of a second.
Default

10 tenths of a second (1 second)

Format

ip igmp last-member-query-interval 

Modes

Interface Config

no ip igmp last-member-query-interval
This command resets the Maximum Response Time to the default value.
Format

no ip igmp last-member-query-interval

Modes

Interface Config

ip igmp query-interval
This command configures the query interval for the specified interface. The query interval
determines how fast IGMP Host-Query packets are transmitted on this interface. The range
for  is 1 to 3600 seconds.
Default

125 seconds

Format

ip igmp query-interval 

Modes

Interface Config

IP Multicast Commands
361

ProSafe Managed Switch

no ip igmp query-interval
This command resets the query interval for the specified interface to the default value. This is
the frequency at which IGMP Host-Query packets are transmitted on this interface.
Format

no ip igmp query-interval

Modes

Interface Config

ip igmp query-max-response-time
This command configures the maximum response time interval for the specified interface,
which is the maximum query response time advertised in IGMPv2 queries on this interface.
The time interval is specified in tenths of a second. The range for  is 0 to
255 tenths of a second.
Default

100

Format

ip igmp query-max-response-time 

Mode

Interface Config

no ip igmp query-max-response-time
This command resets the maximum response time interval for the specified interface, which
is the maximum query response time advertised in IGMPv2 queries on this interface to the
default value. The maximum response time interval is reset to the default time.
Format

no ip igmp query-max-response-time

Mode

Interface Config

ip igmp robustness
This command configures the robustness that allows tuning of the interface. The robustness
is the tuning for the expected packet loss on a subnet. If a subnet is expected to have a lot of
loss, the Robustness variable may be increased for the interface. The range for
 is 1 to 255.
Default

2

Format

ip igmp robustness 

Mode

Interface Config

no ip igmp robustness
This command sets the robustness value to default.
Format

no ip igmp robustness

Mode

Interface Config

IP Multicast Commands
362

ProSafe Managed Switch

ip igmp startup-query-count
This command sets the number of Queries sent out on startup, separated by the Startup
Query Interval on the interface. The range for  is 1 to 20.
Default

2

Format

ip igmp startup-query-count 

Mode

Interface Config

no ip igmp startup-query-count
This command resets the number of Queries sent out on startup, separated by the Startup
Query Interval on the interface to the default value.
Format

no ip igmp startup-query-count

Mode

Interface Config

ip igmp startup-query-interval
This command sets the interval between General Queries sent on startup on the interface.
The time interval value is in seconds. The range for  is 1 to 300 seconds.
Default

31

Format

ip igmp startup-query-interval 

Mode

Interface Config

no ip igmp startup-query-interval
This command resets the interval between General Queries sent on startup on the interface
to the default value.
Format

no ip igmp startup-query-interval

Mode

Interface Config

show ip igmp
This command displays the system-wide IGMP information.
Format

show ip igmp

Modes

• Privileged EXEC
• User EXEC

IP Multicast Commands
363

ProSafe Managed Switch

Term

Definition

IGMP Admin
Mode

The administrative status of IGMP. This is a configured value.

Interface

Valid slot and port number separated by forward slashes.

Interface-Mode

Indicates whether IGMP is enabled or disabled on the interface. This is a configured
value.

Operational-Sta The current state of IGMP on this interface. Possible values are Operational or
tus
Non-Operational.

show ip igmp groups
This command displays the registered multicast groups on the interface. If [detail] is
specified this command displays the registered multicast groups on the interface in detail.
Format

show ip igmp groups  [detail]

Mode

Privileged EXEC

If you do not use the detail keyword, the following fields appear:
Term

Definition

IP Address

The IP address of the interface participating in the multicast group.

Subnet Mask

The subnet mask of the interface participating in the multicast group.

Interface Mode

This displays whether IGMP is enabled or disabled on this interface.

The following fields are not displayed if the interface is not enabled:
Term

Definition

Querier Status

This displays whether the interface has IGMP in Querier mode or Non-Querier mode.

Groups

The list of multicast groups that are registered on this interface.

If you use the detail keyword, the following fields appear:
Term

Definition

Multicast IP
Address

The IP address of the registered multicast group on this interface.

Last Reporter

The IP address of the source of the last membership report received for the specified
multicast group address on this interface.

Up Time

The time elapsed since the entry was created for the specified multicast group address
on this interface.

Expiry Time

The amount of time remaining to remove this entry before it is aged out.

IP Multicast Commands
364

ProSafe Managed Switch

Term

Definition

Version1 Host
Timer

The time remaining until the local router assumes that there are no longer any IGMP
version 1 multicast members on the IP subnet attached to this interface. This could be an
integer value or “-----” if there is no Version 1 host present.

Version2 Host
Timer

The time remaining until the local router assumes that there are no longer any IGMP
version 2 multicast members on the IP subnet attached to this interface. This could be an
integer value or “-----” if there is no Version 2 host present.

Group
Compatibility
Mode

The group compatibility mode (v1, v2 or v3) for this group on the specified interface.

show ip igmp interface
This command displays the IGMP information for the interface.
Format

show ip igmp interface 

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Interface

Valid slot and port number separated by forward slashes.

IGMP Admin
Mode

The administrative status of IGMP.

Interface Mode

Indicates whether IGMP is enabled or disabled on the interface.

IGMP Version

The version of IGMP running on the interface. This value can be configured to create a
router capable of running either IGMP version 1 or 2.

Query Interval

The frequency at which IGMP Host-Query packets are transmitted on this interface.

Query Max
The maximum query response time advertised in IGMPv2 queries on this interface.
Response Time
Robustness

The tuning for the expected packet loss on a subnet. If a subnet is expected to be have a
lot of loss, the Robustness variable may be increased for that interface.

Startup Query
Interval

The interval between General Queries sent by a Querier on startup.

Startup Query
Count

The number of Queries sent out on startup, separated by the Startup Query Interval.

Last Member
Query Interval

The Maximum Response Time inserted into Group-Specific Queries sent in response to
Leave Group messages.

Last Member
Query Count

The number of Group-Specific Queries sent before the router assumes that there are no
local members.

IP Multicast Commands
365

ProSafe Managed Switch

show ip igmp interface membership
This command displays the list of interfaces that have registered in the multicast group.
Format

show ip igmp interface membership  [detail]

Mode

Privileged EXEC

Term

Definition

Interface

Valid unit, slot and port number separated by forward slashes.

Interface IP

The IP address of the interface participating in the multicast group.

State

The interface that has IGMP in Querier mode or Non-Querier mode.

Group
Compatibility
Mode

The group compatibility mode (v1, v2 or v3) for the specified group on this interface.

Source Filter
Mode

The source filter mode (Include/Exclude) for the specified group on this interface. This is
“-----” for IGMPv1 and IGMPv2 Membership Reports.

If you use the detail keyword, the following fields appear:
Term

Definition

Interface

Valid unit, slot and port number separated by forward slashes.

Group
Compatibility
Mode

The group compatibility mode (v1, v2 or v3) for the specified group on this interface.

Source Filter
Mode

The source filter mode (Include/Exclude) for the specified group on this interface. This is
“-----” for IGMPv1 and IGMPv2 Membership Reports.

Source Hosts

The list of unicast source IP addresses in the group record of the IGMPv3 Membership
Report with the specified multicast group IP address. This is “-----” for IGMPv1 and
IGMPv2 Membership Reports.

Expiry Time

The amount of time remaining to remove this entry before it is aged out. This is “-----” for
IGMPv1 and IGMPv2 Membership Reports.

show ip igmp interface stats
This command displays the IGMP statistical information for the interface. The statistics are
only displayed when the interface is enabled for IGMP.
Format

show ip igmp interface stats 

Modes

• Privileged EXEC
• User EXEC

IP Multicast Commands
366

ProSafe Managed Switch

Term

Definition

Querier Status

The status of the IGMP router, whether it is running in Querier mode or Non-Querier
mode.

Querier IP
Address

The IP address of the IGMP Querier on the IP subnet to which this interface is attached.

Querier Up Time The time since the interface Querier was last changed.
Querier Expiry
Time

The amount of time remaining before the Other Querier Present Timer expires. If the
local system is the querier, the value of this object is zero.

Wrong Version
Queries

The number of queries received whose IGMP version does not match the IGMP version
of the interface.

Number of
Joins

The number of times a group membership has been added on this interface.

Number of
Groups

The current number of membership entries for this interface.

IGMP Proxy Commands
The IGMP Proxy is used by IGMP Router (IPv4 system) to enable the system to issue IGMP
host messages on behalf of hosts that the system discovered through standard IGMP router
interfaces. With IGMP Proxy enabled, the system acts as proxy to all the hosts residing on its
router interfaces.

ip igmp-proxy
This command enables the IGMP Proxy on the router. To enable the IGMP Proxy on the
router, you must enable multicast forwarding. Also, make sure that there are no multicast
routing protocols enabled on the router.
Format

ip igmp-proxy

Mode

Interface Config

no ip igmp-proxy
This command disables the IGMP Proxy on the router.
Format

no ip igmp-proxy

Mode

Interface Config

IP Multicast Commands
367

ProSafe Managed Switch

ip igmp-proxy unsolicit-rprt-interval
This command sets the unsolicited report interval for the IGMP Proxy router. This command
is valid only when you enable IGMP Proxy on the interface. The value of  can
be 1-260 seconds.
Default

1

Format

ip igmp-proxy unsolicit-rprt-interval 

Mode

Interface Config

no ip igmp-proxy unsolicit-rprt-interval
This command resets the unsolicited report interval of the IGMP Proxy router to the default
value.
Format

no ip igmp-proxy unsolicit-rprt-interval

Mode

Interface Config

ip igmp-proxy reset-status
This command resets the host interface status parameters of the IGMP Proxy router. This
command is valid only when you enable IGMP Proxy on the interface.
Format

ip igmp-proxy reset-status

Mode

Interface Config

show ip igmp-proxy
This command displays a summary of the host interface status parameters. It displays the
following parameters only when you enable IGMP Proxy.
Format

show ip igmp-proxy

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Interface index

The interface number of the IGMP Proxy.

Admin Mode

States whether the IGMP Proxy is enabled or not. This is a configured value.

Operational
Mode

States whether the IGMP Proxy is operationally enabled or not. This is a status
parameter.

Version

The present IGMP host version that is operational on the proxy interface.

IP Multicast Commands
368

ProSafe Managed Switch

Term

Definition

Number of
Multicast
Groups

The number of multicast groups that are associated with the IGMP Proxy interface.

Unsolicited
Report Interval

The time interval at which the IGMP Proxy interface sends unsolicited group membership
report.

Querier IP
Address on
Proxy Interface

The IP address of the Querier, if any, in the network attached to the upstream interface
(IGMP-Proxy interface).

Older Version 1 The interval used to timeout the older version 1 queriers.
Querier Timeout
Older Version 2 The interval used to timeout the older version 2 queriers.
Querier Timeout
Proxy Start
Frequency

The number of times the IGMP Proxy has been stopped and started.

Example: The following example shows CLI display output for the command.
(Switch) #show ip igmp-proxy
Interface Index............................................. 1/0/1
Admin Mode................................................ Enable
Operational Mode......................................... Enable
Version......................................................... 3
Num of Multicast Groups............................. 0
Unsolicited Report Interval.......................... 1
Querier IP Address on Proxy Interface........ 5.5.5.50
Older Version 1 Querier Timeout................ 0
Older Version 2 Querier Timeout................ 00::00:00
Proxy Start Frequency................................. 1

show ip igmp-proxy interface
This command displays a detailed list of the host interface status parameters. It displays the
following parameters only when you enable IGMP Proxy.
Format

show ip igmp-proxy interface

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Interface Index

The unit/slot/port of the IGMP proxy.

The column headings of the table associated with the interface are as follows:

IP Multicast Commands
369

ProSafe Managed Switch

Term

Definition

Ver

The IGMP version.

Query Rcvd

Number of IGMP queries received.

Report Rcvd

Number of IGMP reports received.

Report Sent

Number of IGMP reports sent.

Leaves Rcvd

Number of IGMP leaves received. Valid for version 2 only.

Leaves Sent

Number of IGMP leaves sent on the Proxy interface. Valid for version 2 only.

Example: The following shows example CLI display output for the command.
(Switch) #show ip igmp-proxy interface
Interface Index................................ 1/0/1
Ver Query Rcvd Report Rcvd Report Sent Leave Rcvd Leave Sent
-----------------------------------------------------------------1
0
0
0
--------2
0
0
0
0
0
3
0
0
0
---------

show ip igmp-proxy groups
This command displays information about the subscribed multicast groups that IGMP Proxy
reported. It displays a table of entries with the following as the fields of each column.
Format

show ip igmp-proxy groups

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Interface

The interface number of the IGMP Proxy.

Group Address

The IP address of the multicast group.

Last Reporter

The IP address of host that last sent a membership report for the current group on the
network attached to the IGMP Proxy interface (upstream interface).

Up Time (in
secs)

The time elapsed since last created.

Member State

The status of the entry. Possible values are IDLE_MEMBER or DELAY_MEMBER.
• IDLE_MEMBER - interface has responded to the latest group membership query for
this group.
• DELAY_MEMBER - interface is going to send a group membership report to respond
to a group membership query for this group.

IP Multicast Commands
370

ProSafe Managed Switch

Term

Definition

Filter Mode

Possible values are Include or Exclude.

Sources

The number of sources attached to the multicast group.

Example: The following shows example CLI display output for the command.
(Switch) #show ip igmp-proxy groups
Interface Index................................ 1/0/1
Group Address
------------225.4.4.4

Last Reporter
Up Time
Member State Filter Mode Sources
-------------- ---------- ------------- ------------- ------5.5.5.48
00:02:21 DELAY_MEMBER
Include
3

226.4.4.4

5.5.5.48

00:02:21

DELAY_MEMBER

Include

3

227.4.4.4

5.5.5.48

00:02:21

DELAY_MEMBER

Exclude

0

228.4.4.4

5.5.5.48

00:02:21

DELAY_MEMBER

Include

3

show ip igmp-proxy groups detail
This command displays complete information about multicast groups that IGMP Proxy
reported. It displays a table of entries with the following as the fields of each column.
Format

show ip igmp-proxy groups detail

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Interface

The interface number of the IGMP Proxy.

Group Address

The IP address of the multicast group.

Last Reporter

The IP address of host that last sent a membership report for the current group, on the
network attached to the IGMP-Proxy interface (upstream interface).

Up Time (in
secs)

The time elapsed since last created.

Member State

The status of the entry. Possible values are IDLE_MEMBER or DELAY_MEMBER.
• IDLE_MEMBER - interface has responded to the latest group membership query for
this group.
• DELAY_MEMBER - interface is going to send a group membership report to respond
to a group membership query for this group.

Filter Mode

Possible values are Include or Exclude.

Sources

The number of sources attached to the multicast group.

IP Multicast Commands
371

ProSafe Managed Switch

Term

Definition

Group Source
List

The list of IP addresses of the sources attached to the multicast group.

Expiry Time

Time left before a source is deleted.

Example: The following shows example CLI display output for the command.
(Switch) #show ip igmp-proxy groups
Interface Index................................ 1/0/1
Group Address
------------225.4.4.4

Last Reporter
Up Time
Member State Filter Mode Sources
-------------- ----------- ------------ ------------ --------5.5.5.48
00:02:21 DELAY_MEMBER
Include
3

Group Source List
----------------5.1.2.3
6.1.2.3
7.1.2.3
226.4.4.4

5.5.5.48

Group Source List
-----------------2.1.2.3
6.1.2.3
8.1.2.3

Expiry Time
----------------00:02:21
00:02:21
00:02:21
00:02:21

DELAY_MEMBER

Include

Expiry Time
--------------00:02:21
00:01:44
00:01:44

227.4.4.4

5.5.5.48

00:02:21

DELAY_MEMBER

Exclude

228.4.4.4

5.5.5.48

00:03:21

DELAY_MEMBER

Include

Group Source List
-----------------9.1.2.3
6.1.2.3
7.1.2.3

3

Expiry Time
--------------00:03:21
00:03:21
00:03:21

IP Multicast Commands
372

0

3

7.

IPv6 Commands

7

This chapter describes the IPv6 commands available in the managed switch CLI.

Note: Some commands described in this chapter require a license. For
more information, see Licensing and Command Support on page 8.

This chapter contains the following sections:
•

Tunnel Interface Commands

•

IPv6 Routing Commands

•

OSPFv3 Commands

•

OSPFv3 Graceful Restart Commands

•

DHCPv6 Commands

The commands in this chapter are in three functional groups:
•

Show commands display switch settings, statistics, and other information.

•

Configuration commands configure features and options of the switch. For every
configuration command, there is a show command that displays the configuration setting.

•

Clear commands clear some or all of the settings to factory defaults.

Note: For information on IPv6 management commands, see IPv6
Management Commands on page 716.

Tunnel Interface Commands
The commands in this section describe how to create, delete, and manage tunnel interfaces.
Several different types of tunnels provide functionality to facilitate the transition of IPv4
networks to IPv6 networks. These tunnels are divided into two classes: configured and
automatic. The distinction is that configured tunnels are explicitly configured with a
destination or endpoint of the tunnel. Automatic tunnels, in contrast, infer the endpoint of the

373

ProSafe Managed Switch

tunnel from the destination address of packets routed into the tunnel. To assign an IP address
to the tunnel interface, see ip address on page 247. To assign an IPv6 address to the tunnel
interface, see ipv6 address on page 377.

interface tunnel
Use this command to enter the Interface Config mode for a tunnel interface. The
 range is 0 to 7.
Format

interface tunnel 

Mode

Global Config

no interface tunnel
This command removes the tunnel interface and associated configuration parameters for the
specified tunnel interface.
Format

no interface tunnel 

Mode

Global Config

tunnel source
This command specifies the source transport address of the tunnel, either explicitly or by
reference to an interface.
Format

tunnel source { | ethernet }

Mode

Interface Config

tunnel destination
This command specifies the destination transport address of the tunnel.
Format

tunnel destination {}

Mode

Interface Config

tunnel mode ipv6ip
This command specifies the mode of the tunnel. With the optional 6to4 argument, the tunnel
mode is set to 6to4 automatic. Without the optional 6to4 argument, the tunnel mode is
configured.
Format

tunnel mode ipv6ip [6to4]

Mode

Interface Config

IPv6 Commands
374

ProSafe Managed Switch

show interface tunnel
This command displays the parameters related to tunnel such as tunnel mode, tunnel source
address and tunnel destination address.
Format

show interface tunnel []

Mode

Privileged EXEC

If you do not specify a tunnel ID, the command shows the following information for each
configured tunnel:
Term

Definition

Tunnel ID

The tunnel identification number.

Interface

The name of the tunnel interface.

Tunnel Mode

The tunnel mode.

Source Address The source transport address of the tunnel.
Destination
Address

The destination transport address of the tunnel.

If you specify a tunnel ID, the command shows the following information for the tunnel:
Term

Definition

Interface Link
Status

Shows whether the link is up or down.

MTU Size

The maximum transmission unit for packets on the interface.

IPv6 Prefix is

If you enable IPv6 on the interface and assign an address, the IPv6 address and prefix
display.

IPv6 Routing Commands
This section describes the IPv6 commands you use to configure IPv6 on the system and on
the interfaces. This section also describes IPv6 management commands and show
commands.

ipv6 hop-limit
This command defines the unicast hop count used in ipv6 packets originated by the node.
The value is also included in router advertisements. Valid values for  are 1-255
inclusive. The default “not configured” means that a value of zero is sent in router

IPv6 Commands
375

ProSafe Managed Switch

advertisements and a value of 64 is sent in packets originated by the node. Note that this is
not the same as configuring a value of 64.
Default

not configured

Format

ipv6 hop-limit 

Mode

Global Config

no ipv6 hop-limit
This command returns the unicast hop count to the default.
Format

no ipv6 hop-limit

Mode

Global Config

ipv6 unicast-routing
Use this command to enable the forwarding of IPv6 unicast datagrams.
Default

disabled

Format

ipv6 unicast-routing

Mode

Global Config

no ipv6 unicast-routing
Use this command to disable the forwarding of IPv6 unicast datagrams.
Format

no ipv6 unicast-routing

Mode

Global Config

ipv6 enable
Use this command to enable IPv6 routing on an interface, including tunnel and loopback
interfaces, that has not been configured with an explicit IPv6 address. When you use this
command, the interface is automatically configured with a link-local address. You do not need
to use this command if you configured an IPv6 global address on the interface.
Default

disabled

Format

ipv6 enable

Mode

Interface Config

IPv6 Commands
376

ProSafe Managed Switch

no ipv6 enable
Use this command to disable IPv6 routing on an interface.
Format

no ipv6 enable

Mode

Interface Config

ipv6 address
Use this command to configure an IPv6 address on an interface, including tunnel and
loopback interfaces, and to enable IPv6 processing on this interface. You can assign multiple
globally reachable addresses to an interface by using this command. You do not need to
assign a link-local address by using this command since one is automatically created. The
 field consists of the bits of the address to be configured. The 
designates how many of the high-order contiguous bits of the address make up the prefix.
You can express IPv6 addresses in eight blocks. Also of note is that instead of a period, a
colon now separates each block. For simplification, leading zeros of each 16 bit block can be
omitted. One sequence of 16 bit blocks containing only zeros can be replaced with a double
colon “::”, but not more than one at a time (otherwise it is no longer a unique representation).
•

Dropping zeros: 3ffe:ffff:100:f101:0:0:0:1 becomes 3ffe:ffff:100:f101::1

•

Local host: 0000:0000:0000:0000:0000:0000:0000:0001 becomes ::1

•

Any host: 0000:0000:0000:0000:0000:0000:0000:0000 becomes ::

The hexadecimal letters in the IPv6 addresses are not case-sensitive. An example of an IPv6
prefix and prefix length is 3ffe:1::1234/64.
The optional [eui-64] field designates that IPv6 processing on the interfaces was enabled
using an EUI-64 interface ID in the low order 64 bits of the address. If you use this option, the
value of  must be 64 bits.
Format

ipv6 address / [eui64]

Mode

Interface Config

no ipv6 address
Use this command to remove all IPv6 addresses on an interface or specified IPv6 address.
The  parameter consists of the bits of the address to be configured. The
 designates how many of the high-order contiguous bits of the address
comprise the prefix. The optional [eui-64] field designates that IPv6 processing on the
interfaces was enabled using an EUI-64 interface ID in the low order 64 bits of the address.
If you do not supply any parameters, the command deletes all the IPv6 addresses on an
interface.
Format

no ipv6 address [/] [eui64]

Mode

Interface Config

IPv6 Commands
377

ProSafe Managed Switch

ipv6 address autoconfig
This command is used to enable stateless address autoconfiguration capability.

Note: When unicast-routing is enabled, autoconfig mode doesn’t work.

Format

ipv6 address autoconfig

Mode

Interface Config

ipv6 address autoconfig
This command disables the stateless autoconfiguration.
Format

no ipv6 address autoconfig

Mode

Interface Config

ipv6 address dhcp
This command is used to enable DHCPv6 client capability.
Format

ipv6 address autoconfig

Mode

Interface Config

no pv6 address dhcp
The "no" form of this command disables the DHCPv6 client capability.
Format

no ipv6 address autoconfig

Mode

Interface Config

ipv6 route
Use this command to configure an IPv6 static route. The  is the IPv6
network that is the destination of the static route. The  is the length of the
IPv6 prefix — a decimal value (usually 0-64) that shows how many of the high-order
contiguous bits of the address comprise the prefix (the network portion of the address). A
slash mark must precede the . The  is the IPv6
address of the next hop that can be used to reach the specified network. Specifying Null0
as nexthop parameter adds a static reject route. The  parameter is a value
the router uses to compare this route with routes from other route sources that have the same
destination. The range for  is 1 - 255, and the default value is 1. You can
specify a  or tunnel  interface to identify direct static
routes from point-to-point and broadcast interfaces. The interface must be specified when

IPv6 Commands
378

ProSafe Managed Switch

using a link-local address as the next hop. A route with a preference of 255 cannot be used to
forward traffic.
Default

disabled

Format

ipv6 route / { | Null0
| interface { | tunnel }
} []

Mode

Global Config

no ipv6 route
Use this command to delete an IPv6 static route. Use the command without the optional
parameters to delete all static routes to the specified destination. Use the 
parameter to revert the preference of a route to the default preference.
Format

no ipv6 route / [{ |
Null0 | interface { | tunnel }
 | }]

Mode

Global Config

ipv6 route distance
This command sets the default distance (preference) for IPv6 static routes. Lower route
distance values are preferred when determining the best route. The ipv6 route command
allows you to optionally set the distance (preference) of an individual static route. The default
distance is used when no distance is specified in this command.
Changing the default distance does not update the distance of existing static routes, even if
they were assigned the original default distance. The new default distance will only be
applied to static routes created after invoking the ipv6 route distance command.
Default

1

Format

ipv6 route distance <1-255>

Mode

Global Config

no ipv6 route distance
This command resets the default static route preference value in the router to the original
default preference. Lower route preference values are preferred when determining the best
route.
Format

no ipv6 route distance

Mode

Global Config

IPv6 Commands
379

ProSafe Managed Switch

ipv6 mtu
This command sets the maximum transmission unit (MTU) size, in bytes, of IPv6 packets on
an interface. This command replaces the default or link MTU with a new MTU value.

Note: The default MTU value for a tunnel interface is 1480. You cannot
change this value.

Default

0 or link speed (MTU value (1500))

Format

ipv6 mtu <1280-1500>

Mode

Interface Config

no ipv6 mtu
This command resets maximum transmission unit value to default value.
Format

no ipv6 mtu

Mode

Interface Config

ipv6 nd dad attempts
This command sets the number of duplicate address detection probes transmitted. Duplicate
address detection verifies that an IPv6 address on an interface is unique.
Default

1

Format

ipv6 nd dad attempts <0 - 600>

Mode

Interface Config

no ipv6 nd dad attempts
This command resets to number of duplicate address detection value to default value.
Format

no ipv6 nd dad attempts

Mode

Interface Config

IPv6 Commands
380

ProSafe Managed Switch

ipv6 nd managed-config-flag
This command sets the “managed address configuration” flag in router advertisements.
When the value is true, end nodes use DHCPv6. When the value is false, end nodes
automatically configure addresses.
Default

false

Format

ipv6 nd managed-config-flag

Mode

Interface Config

no ipv6 nd managed-config-flag
This command resets the “managed address configuration” flag in router advertisements to
the default value.
Format

no ipv6 nd managed-config-flag

Mode

Interface Config

ipv6 nd ns-interval
This command sets the interval between router advertisements for advertised neighbor
solicitations, in milliseconds. An advertised value of 0 means the interval is unspecified.
Default

0

Format

ipv6 nd ns-interval {<1000-4294967295> | 0}

Mode

Interface Config

no ipv6 nd ns-interval
This command resets the neighbor solicit retransmission interval of the specified interface to
the default value.
Format

no ipv6 nd ns-interval

Mode

Interface Config

ipv6 nd other-config-flag
This command sets the “other stateful configuration” flag in router advertisements sent from
the interface.
Default

false

Format

ipv6 nd other-config-flag

Mode

Interface Config

IPv6 Commands
381

ProSafe Managed Switch

no ipv6 nd other-config-flag
This command resets the “other stateful configuration” flag back to its default value in router
advertisements sent from the interface.
Format

no ipv6 nd other-config-flag

Mode

Interface Config

ipv6 nd ra-interval
This command sets the transmission interval between router advertisements.
Default

600

Format

ipv6 nd ra-interval-max <4- 1800>

Mode

Interface Config

no ipv6 nd ra-interval
This command sets router advertisement interval to the default.
Format

no ipv6 nd ra-interval-max

Mode

Interface Config

ipv6 nd ra-lifetime
This command sets the value, in seconds, that is placed in the Router Lifetime field of the
router advertisements sent from the interface. The  value must be zero, or it
must be an integer between the value of the router advertisement transmission interval and
9000. A value of zero means this router is not to be used as the default router.
Default

1800

Format

ipv6 nd ra-lifetime 

Mode

Interface Config

no ipv6 nd ra-lifetime
This command resets router lifetime to the default value.
Format

no ipv6 nd ra-lifetime

Mode

Interface Config

IPv6 Commands
382

ProSafe Managed Switch

ipv6 nd reachable-time
This command sets the router advertisement time to consider a neighbor reachable after
neighbor discovery confirmation. Reachable time is specified in milliseconds. A value of zero
means the time is unspecified by the router.
Default

0

Format

ipv6 nd reachable-time <0–3600000>

Mode

Interface Config

no ipv6 nd reachable-time
This command means reachable time is unspecified for the router.
Format

no ipv6 nd reachable-time

Mode

Interface Config

ipv6 nd suppress-ra
This command suppresses router advertisement transmission on an interface.
Default

disabled

Format

ipv6 nd suppress-ra

Mode

Interface Config

no ipv6 nd suppress-ra
This command enables router transmission on an interface.
Format

no ipv6 nd suppress-ra

Mode

Interface Config

ipv6 nd router-preference
This is used to configure router preference value in IPv6 router advertisements on an
interface. This will indicate whether or not to prefer this router over other default routers.
Default

Medium

Format

ipv6 nd router-preference 

Mode

Interface Config

IPv6 Commands
383

ProSafe Managed Switch

ipv6 nd router-preference
This command will set the router preference to default.
Format

no ipv6 router-preference

Mode

Interface Config

ipv6 unreachables
Use this command to enable the generation of ICMPv6 Destination Unreachable messages.
By default, the generation of ICMPv6 Destination Unreachable messages is enabled.
Default

enable

Format

ipv6 unreachables

Mode

Interface Config

no ipv6 unreachables
Use this command to prevent the generation of ICMPv6 Destination Unreachable messages.
Format

no ipv6 unreachables

Mode

Interface Config

ipv6 icmp error-interval
Use this command to limit the rate at which ICMPv6 error messages are sent. The rate limit is
configured as a token bucket, with two configurable parameters, burst-size and burst-interval.
The burst-interval specifies how often the token bucket is initialized with burst-size tokens.
burst-interval is from 0 to 2147483647 milliseconds (msec).
The burst-size is the number of ICMPv6 error messages that can be sent during one
burst-interval. The range is from 1 to 200 messages.
To disable ICMP rate limiting, set burst-interval to zero (0).
Default

• burst-interval of 1000 msec.
• burst-size of 100 messages

Format

ipv6 icmp error-interval  []

Mode

Global Config

IPv6 Commands
384

ProSafe Managed Switch

no ipv6 icmp error-interval
Use the no form of the command to return burst-interval and burst-size to their default
values.
Format

no ipv6 icmp error-interval

Mode

Global Config

show ipv6 brief
Use this command to display the IPv6 status of forwarding mode and IPv6 unicast routing
mode.
Format

show ipv6 brief

Mode

Privileged EXEC

Term

Definition

IPv6
Forwarding
Mode

Shows whether the IPv6 forwarding mode is enabled.

IPv6 Unicast
Routing Mode

Shows whether the IPv6 unicast routing mode is enabled.

IPv6 Hop Limit

Shows the unicast hop count used in IPv6 packets originated by the node. For more
information, see ipv6 hop-limit on page 375.

ICMPv6 Rate
Limit Error
Interval

Shows how often the token bucket is initialized with burst-size tokens. For more
information, see ipv6 icmp error-interval on page 384.

ICMPv6 Rate
Shows the number of ICMPv6 error messages that can be sent during one burst-interval.
Limit Burst Size
For more information, see ipv6 icmp error-interval on page 384.
Maximum
Routes

Shows the maximum IPv6 route table size.

Example: The following shows example CLI display output for the command.
(Switch) #show ipv6 brief
IPv6 Forwarding Mode...........................
IPv6 Unicast Routing Mode......................
IPv6 Hop Limit.................................
ICMPv6 Rate Limit Error Interval...............
ICMPv6 Rate Limit Burst Size...................
Maximum Routes.................................

Enable
Enable
0
1000 msec
100 messages
3000

IPv6 Commands
385

ProSafe Managed Switch

show ipv6 interface
Use this command to show the usability status of IPv6 interfaces and whether ICMPv6
Destination Unreachable messages may be sent.
Format

show ipv6 interface {brief |  |tunnel <0-7> |
loopback <0-7>}

Mode

Privileged EXEC

If you use the brief parameter, the following information displays for all configured IPv6
interfaces:
Term

Definition

Interface

The interface in unit/slot/port format.

IPv6 Routing
Operational
Mode

Shows whether the mode is enabled or disabled.

IPv6
Shows the IPv6 address and length on interfaces with IPv6 enabled.
Address/Length

If you specify an interface, the following information also appears.
Term

Definition

IPv6 is enabled

Appears if IPv6 is enabled on the interface.

Routing Mode

Shows whether IPv6 routing is enabled or disabled.

Administrative
Mode

Shows whether the interface administrative mode is enabled or disabled.

Bandwidth

Shows bandwidth of the interface.

Interface
Maximum
Transmission
Unit

The MTU size, in bytes.

Router
Duplicate
Address
Detection
Transmits

The number of consecutive duplicate address detection probes to transmit.

Router
Advertisement
NS Interval

The interval, in milliseconds, between router advertisements for advertised neighbor
solicitations.

Router
Advertisement
Lifetime

Shows the router lifetime value of the interface in router advertisements.

Router
The amount of time, in milliseconds, to consider a neighbor reachable after neighbor
Advertisement
discovery confirmation.
Reachable Time

IPv6 Commands
386

ProSafe Managed Switch

Term

Definition

Router
Advertisement
Interval

The frequency, in seconds, that router advertisements are sent.

Router
Advertisement
Managed
Config Flag

Shows whether the managed configuration flag is set (enabled) for router advertisements
on this interface.

Router
Advertisement
Other Config
Flag

Shows whether the other configuration flag is set (enabled) for router advertisements on
this interface.

Router
Advertisement
Suppress Flag

Shows whether router advertisements are suppressed (enabled) or sent (disabled).

IPv6
Destination
Unreachables

Shows whether ICMPv6 Destination Unreachable messages may be sent (enabled) or
not (disabled). For more information, see ipv6 nd router-preference on page 383.

Example: The following shows example CLI display output for the command.
(Switch) #show ipv6 interface 1/0/1
Routing Mode...................................
Administrative Mode............................
IPv6 Routing Operational Mode..................
Bandwidth......................................
Interface Maximum Transmit Unit................
Router Duplicate Address Detection Transmits...
Router Advertisement NS Interval...............
Router Advertisement Lifetime..................
Router Advertisement Reachable Time............
Router Advertisement Interval..................
Router Advertisement Managed Config Flag.......
Router Advertisement Other Config Flag.........
Router Advertisement Suppress Flag.............
IPv6 Destination Unreachables..................

Disabled
Enabled
Disabled
100000 kbps
1500
1
0
1800
0
600
Disabled
Disabled
Disabled
Enabled

No IPv6 prefixes configured.

If an IPv6 prefix is configured on the interface, the following information also appears.
Term

Definition

IFPv6 Prefix is

The IPv6 prefix for the specified interface.

Preferred
Lifetime

The amount of time the advertised prefix is a preferred prefix.

Valid Lifetime

The amount of time the advertised prefix is valid.

Onlink Flag

Shows whether the onlink flag is set (enabled) in the prefix.

Autonomous
Flag

Shows whether the autonomous address-configuration flag (autoconfig) is set (enabled)
in the prefix.

IPv6 Commands
387

ProSafe Managed Switch

show ipv6 neighbor
Use this command to display information about the IPv6 neighbors.
Format

show ipv6 neighbor

Mode

Privileged EXEC

Term

Definition

Interface

The interface in unit/slot/port format.

IPv6 Address

IPV6 address of neighbor or interface.

MAC Address

Link-layer Address.

IsRtr

Shows whether the neighbor is a router. If the value is TRUE, the neighbor is known to
be a router, and FALSE otherwise. A value of FALSE might not mean Note that routers
are not always known to be routers.

Neighbor State

State of neighbor cache entry. Possible values are Incomplete, Reachable, Stale, Delay,
Probe, and Unknown.

Last Updated

The time in seconds that has elapsed since an entry was added to the cache.

clear ipv6 neighbors
Use this command to clear all entries IPv6 neighbor table or an entry on a specific interface.
Use the  parameter to specify the interface.
Format

clear ipv6 neighbors []

Mode

Privileged EXEC

show ipv6 route
This command displays the IPv6 routing table The  specifies a specific
IPv6 address for which the best-matching route would be displayed. The
 specifies a specific IPv6 network for which the
matching route would be displayed. The  specifies that the routes with
next-hops on the  be displayed. The  specifies the protocol that
installed the routes. The  is one of the following keywords: connected, ospf,
static. The all specifies that all routes including best and non-best routes are displayed.
Otherwise, only the best routes are displayed.
A “T” flag appended to an IPv6 route indicates that it is an ECMP route, but only one of its
next hops has been installed in the forwarding table. The forwarding table might limit the
number of ECMP routes or the number of ECMP groups. When an ECMP route cannot be
installed because the limit is reached, the route is installed with a single next hop. Such
truncated routes can be identified by a “T” after the interface name.

IPv6 Commands
388

ProSafe Managed Switch

Note: If you use the connected keyword for , the all option is not
available because there are no best or non-best connected routes.

Format

show ipv6 route [{ [] |
{{ | } []
|  | summary} [all] | all}]

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Route Codes

The key for the routing protocol codes that might appear in the routing table output.

The show ipv6 route command displays the routing tables in the following format:
Codes: C - connected, S - static

O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF Ext 1, OE2 - OSPF Ext 2
ON1 - OSPF NSSA Ext Type 1, ON2 - OSPF NSSA Ext Type 2

The columns for the routing table display the following information:
Term

Definition

Code

The code for the routing protocol that created this routing entry.

IPv6-Prefix/IPv6Prefix-Length

The IPv6-Prefix and prefix-length of the destination IPv6 network corresponding to this
route.

Preference/Metric The administrative distance (preference) and cost (metric) associated with this route. An
example of this output is [1/0], where 1 is the preference and 0 is the metric.
Tag

The decimal value of the tag associated with a redistributed route, if it is not 0.

Next-Hop

The outgoing router IPv6 address to use when forwarding traffic to the next router (if any)
in the path toward the destination.

Route-Timestamp The last updated time for dynamic routes. The format of Route-Timestamp will be
• Days:Hours:Minutes if days > = 1
• Hours:Minutes:Seconds if days < 1
Interface

The outgoing router interface to use when forwarding traffic to the next destination. For
reject routes, the next hop interface would be Null0 interface.

To administratively control the traffic destined to a particular network and prevent it from
being forwarded through the router, you can configure a static reject route on the router. Such
traffic would be discarded and the ICMP destination unreachable message is sent back to the
source. This is typically used for preventing routing loops. The reject route added in the RTO
is of the type OSPF Inter-Area. Reject routes (routes of REJECT type installed by any
protocol) are not redistributed by OSPF/RIP. Reject routes are supported in both OSPFv2
and OSPFv3.

IPv6 Commands
389

ProSafe Managed Switch

Example: The following shows example CLI display output for the command.
(Switch) #show ipv6 route
IPv6 Routing Table - 3 entries
Codes: C - connected, S - static
O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF Ext 1, OE2 - OSPF Ext 2
ON1 - OSPF NSSA Ext Type 1, ON2 - OSPF NSSA Ext Type 2
S
C

2001::/64 [10/0] directly connected,
Null0
2003::/64 [0/0]
via ::,
0/11
S
2005::/64 [1/0]
via 2003::2,
0/11
C 5001::/64 [0/0]
via ::,
0/5
OE1 6001::/64 [110/1]
via fe80::200:42ff:fe7d:2f19,
00h:00m:23s, 0/5
OI 7000::/64 [110/6]
via fe80::200:4fff:fe35:c8bb,
00h:01m:47s, 0/11

show ipv6 route ecmp-groups
This command reports all current ECMP groups in the IPv6 routing table. An ECMP group is
a set of next hops used in one or more routes. The groups are numbered arbitrarily from 1 to
n. The output indicates the number of next hops in the group and the number of routes that
use the set of next hops. The output lists the IPv6 address and outgoing interface of each
next hop in each group.
Format

show ipv6 route ecmp-groups

Mode

Privileged EXEC

Example
(switch) #show ipv6 route ecmp-groups
ECMP Group 1 with 2 next hops (used by 1 route)
2001:DB8:1::1 on interface 2/1
2001:DB8:2::14 on interface 2/2
ECMP Group 2 with 3
2001:DB8:4::15 on
2001:DB8:7::12 on
2001:DB8:9::45 on

next hops
interface
interface
interface

(used by 1 route)
2/32
2/33
2/34

IPv6 Commands
390

ProSafe Managed Switch

show ipv6 route preferences
Use this command to show the preference value associated with the type of route. Lower
numbers have a greater preference. A route with a preference of 255 cannot be used to
forward traffic.
Format

show ipv6 route preferences

Mode

Privileged EXEC

Term

Definition

Local

Preference of directly-connected routes.

Static

Preference of static routes.

OSPF Intra

Preference of routes within the OSPF area.

OSPF Inter

Preference of routes to other OSPF routes that are outside of the area.

OSPF External

Preference of OSPF external routes.

show ipv6 route summary
This command displays the summary of the routing table. Use all to display the count
summary for all routes, including best and non-best routes. Use the command without
parameters to display the count summary for only the best routes.
When the optional keyword all is given, some statistics, such as the number of routes from
each source, include counts for alternate routes. An alternate route is a route that is not the
most preferred route to its destination and therefore is not installed in the forwarding table.
When this keyword is not given, the output reports for only the best routes.
Format

show ipv6 route summary [all]

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Connected
Routes

Total number of connected routes in the routing table.

Static Routes

Total number of static routes in the routing table.

OSPF Routes

Total number of routes installed by OSPFv3 protocol.

Reject Routes

Total number of reject routes installed by all protocols.

Number of
Prefixes

Summarizes the number of routes with prefixes of different lengths.

Total Routes

The total number of routes in the routing table.

Best Routes

The number of best routes currently in the routing table. This number counts only the
best route to each destination.

IPv6 Commands
391

ProSafe Managed Switch

Term

Definition

Alternate
Routes

The number of alternate routes currently in the routing table. An alternate route is a route
that was not selected as the best route to its destination.

Route Adds

The number of routes added to the routing table.

Route Modifies

The number of routes that changed after they were initially added to the routing table.

Route Deletes

The number of routes deleted from the routing table.

Unresolved
Route Adds

The number of route adds that failed because none of the route's next hops were on a
local subnet. Note that static routes can fail to be added to the routing table at startup
because the routing interfaces are not up yet. This counter gets incremented in this case.
The static routes are added to the routing table when the routing interfaces come up.

Invalid Route
Adds

The number of routes that failed to be added to the routing table because the route was
invalid. A log message is written for each of these failures.

Failed Route
Adds

The number of routes that failed to be added to the routing table because of a resource
limitation in the routing table.

Reserved
Locals

The number of routing table entries reserved for a local subnet on a routing interface that
is down. Space for local routes is always reserved so that local routes can be installed
when a routing interface bounces.

Unique Next
Hops

The number of distinct next hops used among all routes currently in the routing table.
These include local interfaces for local routes and neighbors for indirect routes.

Unique Next
Hops High
Water

The highest count of unique next hops since counters were last cleared.

Next Hop
Groups

The current number of next hop groups in use by one or more routes. Each next hop
group includes one or more next hops.

Next Hop
Groups High
Water

The highest count of next hop groups since counters were last cleared.

ECMP Groups

The number of next hop groups with multiple next hops.

ECMP Routes

The number of routes with multiple next hops currently in the routing table.

Truncated
ECMP Routes

The number of ECMP routes that are currently installed in the forwarding table with just
one next hop. The forwarding table might limit the number of ECMP routes or the number
of ECMP groups. When an ECMP route cannot be installed because such a limit is
reached, the route is installed with a single next hop.

ECMP Retries

The number of ECMP routes that have been installed in the forwarding table after initially
being installed with a single next hop.

Routes with n
Next Hops

The current number of routes with each number of next hops.

The following example shows CLI display output for the command.
(switch) #show ipv6 route summary
Connected Routes............................... 4
Static Routes.................................. 0
6To4 Routes.................................... 0

IPv6 Commands
392

ProSafe Managed Switch

OSPF Routes....................................
Intra Area Routes............................
Inter Area Routes............................
External Type-1 Routes.......................
External Type-2 Routes.......................
Reject Routes..................................
Total routes...................................
Best Routes (High).............................
Alternate Routes...............................
Route Adds.....................................
Route Deletes..................................
Unresolved Route Adds..........................
Invalid Route Adds.............................
Failed Route Adds..............................
Reserved Locals................................
Unique Next Hops (High)........................
Next Hop Groups (High).........................
ECMP Groups (High).............................
ECMP Routes....................................
Truncated ECMP Routes..........................
ECMP Retries...................................
Routes with 1 Next Hop.........................
Routes with 2 Next Hops........................
Routes with 3 Next Hops........................
Routes with 4 Next Hops........................
Number of Prefixes:
/64: 17

13
0
13
0
0
0
17
17 (17)
0
44
27
0
0
0
0
8 (8)
8 (8)
3 (3)
12
0
0
5
1
1
10

show ipv6 vlan
This command displays IPv6 VLAN routing interface addresses.
Format

show ipv6 vlan

Modes

• Privileged EXEC
• User EXEC

Term

Definition

MAC Address
Shows the MAC address.
used by
Routing VLANs

The rest of the output for this command is displayed in a table with the following column
headings:
Column
Headings

Definition

VLAN ID

The VLAN ID of a configured VLAN.

IPv6 Commands
393

ProSafe Managed Switch

Column
Headings

Definition

Logical
Interface

The interface in unit/slot/port format that is associated with the VLAN ID.

IPv6
Address/Prefix
Length

The IPv6 prefix and prefix length associated with the VLAN ID.

show ipv6 traffic
Use this command to show traffic and statistics for IPv6 and ICMPv6. Specify a logical,
loopback, or tunnel interface to view information about traffic on a specific interface. If you do
not specify an interface, the command displays information about traffic on all interfaces.
Format

show ipv6 traffic [{ | loopback  |
tunnel }]

Mode

Privileged EXEC

Term

Definition

Total Datagrams
Received

Total number of input datagrams received by the interface, including those
received in error.

Received Datagrams
Locally Delivered

Total number of datagrams successfully delivered to IPv6 user-protocols
(including ICMP). This counter increments at the interface to which these
datagrams were addressed, which might not necessarily be the input interface
for some of the datagrams.

Received Datagrams
Discarded Due To
Header Errors

Number of input datagrams discarded due to errors in their IPv6 headers,
including version number mismatch, other format errors, hop count exceeded,
errors discovered in processing their IPv6 options, etc.

Received Datagrams
Discarded Due To MTU

Number of input datagrams that could not be forwarded because their size
exceeded the link MTU of outgoing interface.

Received Datagrams
Discarded Due To No
Route

Number of input datagrams discarded because no route could be found to
transmit them to their destination.

Received Datagrams
With Unknown Protocol

Number of locally-addressed datagrams received successfully but discarded
because of an unknown or unsupported protocol. This counter increments at
the interface to which these datagrams were addressed, which might not be
necessarily the input interface for some of the datagrams.

Received Datagrams
Number of input datagrams discarded because the IPv6 address in their IPv6
Discarded Due To Invalid
header's destination field was not a valid address to be received at this entity.
Address
This count includes invalid addresses (for example, ::0) and unsupported
addresses (for example, addresses with unallocated prefixes). Forentities
which are not IPv6 routers and therefore do not forward datagrams, this
counter includes datagrams discarded because the destination address was
not a local address.
Received Datagrams
Discarded Due To
Truncated Data

Number of input datagrams discarded because datagram frame didn't carry
enough data.

IPv6 Commands
394

ProSafe Managed Switch

Term

Definition

Received Datagrams
Discarded Other

Number of input IPv6 datagrams for which no problems were encountered to
prevent their continue processing, but which were discarded (e.g., for lack of
buffer space). Note that this counter does not include datagrams discarded
while awaiting re-assembly.

Received Datagrams
Reassembly Required

Number of IPv6 fragments received which needed to be reassembled at this
interface. Note that this counter increments at the interface to which these
fragments were addressed, which might not be necessarily the input interface
for some of the fragments.

Datagrams Successfully Number of IPv6 datagrams successfully reassembled. Note that this counter
Reassembled
increments at the interface to which these datagrams were addressed, which
might not be necessarily the input interface for some of the fragments.
Datagrams Failed To
Reassemble

Number of failures detected by the IPv6 reassembly algorithm (for whatever
reason: timed out, errors, etc.). Note that this is not necessarily a count of
discarded IPv6 fragments since some algorithms (notably the algorithm in by
combining them as they are received. This counter increments at the interface
to which these fragments were addressed, which might not be necessarily the
input interface for some of the fragments.

Datagrams Forwarded

Number of output datagrams which this entity received and forwarded to their
final destinations. In entities which do not act as IPv6 routers, this counter will
include only those packets which were Source-Routed via this entity, and the
Source-Route processing was successful. Note that for a successfully
forwarded datagram the counter of the outgoing interface increments.

Datagrams Locally
Transmitted

Total number of IPv6 datagrams which local IPv6 user-protocols (including
ICMP) supplied to IPv6 in requests for transmission. Note that this counter does
not include any datagrams counted in ipv6IfStatsOutForwDatagrams.

Datagrams Transmit
Failed

Number of output IPv6 datagrams for which no problem was encountered to
prevent their transmission to their destination, but which were discarded (e.g.,
for lack of buffer space). Note that this counter would include datagrams
counted in ipv6IfStatsOutForwDatagrams if any such packets met this
(discretionary) discard criterion.

Fragments Created

Number of output datagram fragments that have been generated as a result of
fragmentation at this output interface.

Datagrams Successfully Number of IPv6 datagrams that have been successfully fragmented at this
Fragmented
output interface.
Datagrams Failed To
Fragment

Number of IPv6 datagrams that have been discarded because they needed to
be fragmented at this output interface but could not be.

Multicast Datagrams
Received

Number of multicast packets received by the interface.

Multicast Datagrams
Transmitted

Number of multicast packets transmitted by the interface.

Total ICMPv6 messages
received

Total number of ICMP messages received by the interface which includes all
those counted by ipv6IfIcmpInErrors. Note that this interface is the interface to
which the ICMP messages were addressed which may not be necessarily the
input interface for the messages.

IPv6 Commands
395

ProSafe Managed Switch

Term

Definition

ICMPv6 Messages with
errors

Number of ICMP messages which the interface received but determined as
having ICMP-specific errors (bad ICMP checksums, bad length, etc.).

ICMPv6 Destination
Unreachable Messages

Number of ICMP Destination Unreachable messages received by the interface.

ICMPv6 Messages
Prohibited
Administratively

Number of ICMP destination unreachable/communication administratively
prohibited messages received by the interface.

ICMPv6 Time Exceeded
Messages

Number of ICMP Time Exceeded messages received by the interface.

ICMPv6 Parameter
Problem Messages

Number of ICMP Parameter Problem messages received by the interface.

ICMPv6 messages with
too big packets

Number of ICMP Packet Too Big messages received by the interface.

ICMPv6 Echo Request
Messages Received

Number of ICMP Echo (request) messages received by the interface.

ICMPv6 Echo Reply
Messages Received

Number of ICMP Echo Reply messages received by the interface.

ICMPv6 Router Solicit
Messages Received

Number of ICMP Router Solicit messages received by the interface.

ICMPv6 Router
Advertisement
Messages Received

Number of ICMP Router Advertisement messages received by the interface.

ICMPv6 Neighbor Solicit Number of ICMP Neighbor Solicit messages received by the interface.
Messages Received
ICMPv6 Neighbor
Advertisement
Messages Received

Number of ICMP Neighbor Advertisement messages received by the interface.

ICMPv6 Redirect
Messages Received

Number of Redirect messages received by the interface.

Transmitted

Number of ICMPv6 Group Membership Query messages received by the
interface.

Total ICMPv6 Messages
Transmitted

Total number of ICMP messages which this interface attempted to send. Note
that this counter includes all those counted by icmpOutErrors.

ICMPv6 Messages Not
Transmitted Due To
Error

Number of ICMP messages which this interface did not send due to problems
discovered within ICMP such as a lack of buffers. This value should not include
errors discovered outside the ICMP layer such as the inability of IPv6 to route
the resultant datagram. In some implementations there may be no types of
error which contribute to this counter's value.

ICMPv6 Destination
Unreachable Messages
Transmitted

Number of ICMP Destination Unreachable messages sent by the interface.

ICMPv6 Messages
Prohibited
Administratively
Transmitted

Number of ICMP destination unreachable/communication administratively
prohibited messages sent.

IPv6 Commands
396

ProSafe Managed Switch

Term

Definition

ICMPv6 Time Exceeded
Messages Transmitted

Number of ICMP Time Exceeded messages sent by the interface.

ICMPv6 Parameter
Problem Messages
Transmitted

Number of ICMP Parameter Problem messages sent by the interface.

ICMPv6 Packet Too Big
Messages Transmitted

Number of ICMP Packet Too Big messages sent by the interface.

ICMPv6 Echo Request
Messages Transmitted

Number of ICMP Echo (request) messages sent by the interface.ICMP echo
messages sent.

ICMPv6 Echo Reply
Messages Transmitted

Number of ICMP Echo Reply messages sent by the interface.

ICMPv6 Router Solicit
Messages Transmitted

Number of ICMP Router Solicitation messages sent by the interface.

ICMPv6 Router
Advertisement
Messages Transmitted

Number of ICMP Router Advertisement messages sent by the interface.

ICMPv6 Neighbor Solicit Number of ICMP Neighbor Solicitation messages sent by the interface.
Messages Transmitted
ICMPv6 Neighbor
Advertisement
Messages Transmitted

Number of ICMP Neighbor Advertisement messages sent by the interface.

ICMPv6 Redirect
Messages Received

Number of Redirect messages sent. For a host, this object will always be zero,
since hosts do not send redirects.

ICMPv6 Group
Membership Query
Messages Received

Number of ICMPv6 Group Membership Query messages sent.

ICMPv6 Group
Membership Response
Messages Received

Number of ICMPv6 Group Membership Response messages sent.

ICMPv6 Group
Membership Reduction
Messages Received

Number of ICMPv6 Group Membership Reduction messages sent.

ICMPv6 Duplicate
Address Detects

Number of duplicate addresses detected by the interface.

clear ipv6 route counters
This command resets to zero the IPv6 routing table counters reported in show ipv6 route
summary. The command resets only the event counters. Counters that report the current
state of the routing table, such as the number of routes of each type, are not reset.
Format

clear ipv6 route counters

Mode

Privileged EXEC

IPv6 Commands
397

ProSafe Managed Switch

clear ipv6 statistics
Use this command to clear IPv6 statistics for all interfaces or for a specific interface, including
loopback and tunnel interfaces. IPv6 statistics display in the output of the show ipv6
traffic command. If you do not specify an interface, the counters for all IPv6 traffic
statistics reset to zero.
Format

clear ipv6 statistics [{ | loopback  |
tunnel }]

Mode

Privileged EXEC

OSPFv3 Commands
This section describes the commands you use to configure OSPFv3, which is a link-state
routing protocol that you use to route traffic within a network.

ipv6 ospf
This command enables OSPF on a router interface or loopback interface.
Default

disabled

Format

ipv6 ospf

Mode

Interface Config

no ipv6 ospf
This command disables OSPF on a router interface or loopback interface.
Format

no ipv6 ospf

Mode

Interface Config

ipv6 ospf area
This command sets the OSPF area to which the specified router interface belongs. The
 is an IPv6 address, formatted as a 4-digit dotted-decimal number or a decimal
value in the range of <0-4294967295>. The  uniquely identifies the area to which
the interface connects. Assigning an area id, which does not exist on an interface, causes the
area to be created with default values.
Format

ipv6 ospf area 

Mode

Interface Config

IPv6 Commands
398

ProSafe Managed Switch

ipv6 ospf cost
This command configures the cost on an OSPF interface. The  parameter has a
range of 1 to 65535.
Default

10

Format

ipv6 ospf cost <1-65535>

Mode

Interface Config

no ipv6 ospf cost
This command configures the default cost on an OSPF interface.
Format

no ipv6 ospf cost

Mode

Interface Config

ipv6 ospf dead-interval
This command sets the OSPF dead interval for the specified interface. The value for
 is a valid positive integer, which represents the length of time in seconds that a
router's Hello packets have not been seen before its neighbor routers declare that the router
is down. The value for the length of time must be the same for all routers attached to a
common network. This value should be some multiple of the Hello Interval (i.e., 4). Valid
values range for  is from 1 to 2147483647.
Default

40

Format

ipv6 ospf dead-interval 

Mode

Interface Config

no ipv6 ospf dead-interval
This command sets the default OSPF dead interval for the specified interface.
Format

no ipv6 ospf dead-interval

Mode

Interface Config

ipv6 ospf hello-interval
This command sets the OSPF hello interval for the specified interface. The value for
 is a valid positive integer, which represents the length of time in seconds. The
value for the length of time must be the same for all routers attached to a network. Valid
values for  range from 1 to 65535.
Default

10

IPv6 Commands
399

ProSafe Managed Switch

Format

ipv6 ospf hello-interval 

Mode

Interface Config

no ipv6 ospf hello-interval
This command sets the default OSPF hello interval for the specified interface.
Format

no ipv6 ospf hello-interval

Mode

Interface Config

ipv6 ospf mtu-ignore
This command disables OSPF maximum transmission unit (MTU) mismatch detection. OSPF
Database Description packets specify the size of the largest IP packet that can be sent
without fragmentation on the interface. When a router receives a Database Description
packet, it examines the MTU advertised by the neighbor. By default, if the MTU is larger than
the router can accept, the Database Description packet is rejected and the OSPF adjacency
is not established.
Default

enabled

Format

ipv6 ospf mtu-ignore

Mode

Interface Config

no ipv6 ospf mtu-ignore
This command enables the OSPF MTU mismatch detection.
Format

no ipv6 ospf mtu-ignore

Mode

Interface Config

ipv6 ospf network
This command changes the default OSPF network type for the interface. Normally, the
network type is determined from the physical IP network type. By default all Ethernet
networks are OSPF type broadcast. Similarly, tunnel interfaces default to point-to-point.
When an Ethernet port is used as a single large bandwidth IP network between two routers,
the network type can be point-to-point since there are only two routers. Using point-to-point
as the network type eliminates the overhead of the OSPF designated router election. It is
normally not useful to set a tunnel to OSPF network type broadcast.
Default

broadcast

Format

ipv6 ospf network {broadcast | point-to-point}

Mode

Interface Config

IPv6 Commands
400

ProSafe Managed Switch

no ipv6 ospf network
This command sets the interface type to the default value.
Format

no ipv6 ospf network {broadcast | point-to-point}

Mode

Interface Config

ipv6 ospf priority
This command sets the OSPF priority for the specified router interface. The priority of the
interface is a priority integer from 0 to 255. A value of 0 indicates that the router is not eligible
to become the designated router on this network.
Default

1, which is the highest router priority

Format

ipv6 ospf priority <0-255>

Mode

Interface Config

no ipv6 ospf priority
This command sets the default OSPF priority for the specified router interface.
Format

no ipv6 ospf priority

Mode

Interface Config

ipv6 ospf retransmit-interval
This command sets the OSPF retransmit Interval for the specified interface. The retransmit
interval is specified in seconds. The value for  is the number of seconds between
link-state advertisement retransmissions for adjacencies belonging to this router interface.
This value is also used when retransmitting database description and link-state request
packets. Valid values range from 0 to 3600 (1 hour).
Default

5

Format

ipv6 ospf retransmit-interval

Mode

Interface Config



no ipv6 ospf retransmit-interval
This command sets the default OSPF retransmit Interval for the specified interface.
Format

no ipv6 ospf retransmit-interval

Mode

Interface Config

IPv6 Commands
401

ProSafe Managed Switch

ipv6 ospf transmit-delay
This command sets the OSPF Transit Delay for the specified interface. The transmit delay is
specified in seconds. In addition, it sets the estimated number of seconds it takes to transmit
a link state update packet over this interface. Valid values for  range from 1 to
3600 (1 hour).
Default

1

Format

ipv6 ospf transmit-delay

Mode

Interface Config



no ipv6 ospf transmit-delay
This command sets the default OSPF Transit Delay for the specified interface.
Format

no ipv6 ospf transmit-delay

Mode

Interface Config

ipv6 router ospf
Use this command to enter Router OSPFv3 Config mode.
Format

ipv6 router ospf

Mode

Global Config

area default-cost (OSPFv3)
This command configures the monetary default cost for the stub area. The operator must
specify the area id and an integer value between 1–16777215.
Format

area  default-cost <1-16777215>

Mode

Router OSPFv3 Config

area nssa (OSPFv3)
This command configures the specified areaid to function as an NSSA.
Format

area  nssa

Mode

Router OSPFv3 Config

IPv6 Commands
402

ProSafe Managed Switch

no area nssa(OSPFv3)
This command disables nssa from the specified area id.
Format

no area  nssa

Mode

Router OSPFv3 Config

area nssa default-info-originate (OSPFv3)
This command configures the metric value and type for the default route advertised into the
NSSA. The optional metric parameter specifies the metric of the default route and is to be in
a range of 1-16777214. If no metric is specified, the default value is 10. The metric type can
be comparable (nssa-external 1) or non-comparable (nssa-external 2).
Format

area  nssa default-info-originate [] [{comparable |
non-comparable}]

Mode

Router OSPFv3 Config

no area nssa default-info-originate (OSPFv3)
This command disables the default route advertised into the NSSA.
Format

no area  nssa default-info-originate [] [{comparable
| non-comparable}]

Mode

Router OSPF Config

area nssa no-redistribute (OSPFv3)
This command configures the NSSA ABR so that learned external routes will not be
redistributed to the NSSA.
Format

area  nssa no-redistribute

Mode

Router OSPFv3 Config

no area nssa no-redistribute (OSPFv3)
This command disables the NSSA ABR so that learned external routes are redistributed to
the NSSA.
Format

no area  nssa no-redistribute

Mode

Router OSPF Config

IPv6 Commands
403

ProSafe Managed Switch

area nssa no-summary (OSPFv3)
This command configures the NSSA so that summary LSAs are not advertised into the
NSSA.
Format

area  nssa no-summary

Mode

Router OSPFv3 Config

no area nssa no-summary (OSPFv3)
This command disables nssa from the summary LSAs.
Format

no area  nssa no-summary

Mode

Router OSPF Config

area nssa translator-role (OSPFv3)
This command configures the translator role of the NSSA. A value of always causes the
router to assume the role of the translator the instant it becomes a border router and a value
of candidate causes the router to participate in the translator election process when it
attains border router status.
Format

area  nssa translator-role {always | candidate}

Mode

Router OSPFv3 Config

no area nssa translator-role (OSPFv3)
This command disables the nssa translator role from the specified area id.
Format

no area  nssa translator-role {always | candidate}

Mode

Router OSPF Config

area nssa translator-stab-intv (OSPFv3)
This command configures the translator  of the NSSA. The
 is the period of time that an elected translator continues to perform
its duties after it determines that its translator status has been deposed by another router.
Format

area  nssa translator-stab-intv 

Mode

Router OSPFv3 Config

IPv6 Commands
404

ProSafe Managed Switch

no area nssa translator-stab-intv (OSPFv3)
This command disables the nssa translator’s  from the specified
area id.
Format

no area  nssa translator-stab-intv 

Mode

Router OSPF Config

area range (OSPFv3)
This command creates a specified area range for a specified NSSA. The  is a valid
IP address. The  is a valid subnet mask. The LSDB type must be specified
by either summarylink or nssaexternallink, and the advertising of the area range can
be allowed or suppressed.
Format

area  range   {summarylink |
nssaexternallink} [advertise | not-advertise]

Mode

Router OSPFv3 Config

no area range(OSPFv3)
This command deletes a specified area range. The  is a valid IP address. The
 is a valid subnet mask.
Format

no area  range  

Mode

Router OSPFv3 Config

area stub (OSPFv3)
This command creates a stub area for the specified area ID. A stub area is characterized by
the fact that AS External LSAs are not propagated into the area. Removing AS External LSAs
and Summary LSAs can significantly reduce the link state database of routers within the stub
area.
Format

area  stub

Mode

Router OSPFv3 Config

no area stub(OSPFv3)
This command deletes a stub area for the specified area ID.
Format

no area  stub

Mode

Router OSPFv3 Config

IPv6 Commands
405

ProSafe Managed Switch

area stub no-summary (OSPFv3)
This command disables the import of Summary LSAs for the stub area identified by
.
Default

enabled

Format

area  stub no-summary

Mode

Router OSPFv3 Config

no area stub no-summary(OSPFv3)
This command sets the Summary LSA import mode to the default for the stub area identified
by .
Format

no area  stub summarylsa

Mode

Router OSPFv3 Config

area virtual-link (OSPFv3)
This command creates the OSPF virtual interface for the specified  and
. The  parameter is the Router ID of the neighbor.
Format

area  virtual-link 

Mode

Router OSPFv3 Config

no area virtual-link(OSPFv3)
This command deletes the OSPF virtual interface from the given interface, identified by
 and . The  parameter is the Router ID of the neighbor.
Format

no area  virtual-link 

Mode

Router OSPFv3 Config

area virtual-link dead-interval (OSPFv3)
This command configures the dead interval for the OSPF virtual interface on the virtual
interface identified by  and . The  parameter is the
Router ID of the neighbor. The range for  is 1 to 65535.
Default

40

Format

area  virtual-link  dead-interval

Mode

Router OSPFv3 Config

IPv6 Commands
406



ProSafe Managed Switch

no area virtual-link dead-interval(OSPFv3)
This command configures the default dead interval for the OSPF virtual interface on the
virtual interface identified by  and . The  parameter is
the Router ID of the neighbor.
Format

no area  virtual-link  dead-interval

Mode

Router OSPFv3 Config

area virtual-link hello-interval (OSPFv3)
This command configures the hello interval for the OSPF virtual interface on the virtual
interface identified by  and . The  parameter is the
Router ID of the neighbor. The range for  is 1 to 65535.
Default

10

Format

area  virtual-link  hello-interval

Mode

Router OSPFv3 Config



no area virtual-link hello-interval(OSPFv3)
This command configures the default hello interval for the OSPF virtual interface on the
virtual interface identified by  and . The  parameter is
the Router ID of the neighbor.
Format

no area  virtual-link  hello-interval

Mode

Router OSPFv3 Config

area virtual-link retransmit-interval (OSPFv3)
This command configures the retransmit interval for the OSPF virtual interface on the virtual
interface identified by  and . The  parameter is the
Router ID of the neighbor. The range for  is 0 to 3600.
Default

5

Format

area  virtual-link  retransmit-interval

Mode

Router OSPFv3 Config

IPv6 Commands
407



ProSafe Managed Switch

no area virtual-link retransmit-interval(OSPFv3)
This command configures the default retransmit interval for the OSPF virtual interface on the
virtual interface identified by  and . The  parameter is
the Router ID of the neighbor.
Format

no area  virtual-link  retransmit-interval

Mode

Router OSPFv3 Config

area virtual-link transmit-delay (OSPFv3)
This command configures the transmit delay for the OSPF virtual interface on the virtual
interface identified by  and . The  parameter is the
Router ID of the neighbor. The range for  is 0 to 3600 (1 hour).
Default

1

Format

area  virtual-link  transmit-delay

Mode

Router OSPFv3 Config



no area virtual-link transmit-delay(OSPFv3)
This command configures the default transmit delay for the OSPF virtual interface on the
virtual interface identified by  and . The  parameter is
the Router ID of the neighbor.
Format

no area  virtual-link  transmit-delay

Mode

Router OSPFv3 Config

auto-cost (OSPFv3)
By default, OSPF computes the link cost of each interface from the interface bandwidth.
Faster links have lower metrics, making them more attractive in route selection. The
configuration parameters in the auto-cost reference bandwidth and bandwidth
commands give you control over the default link cost. You can configure for OSPF an
interface bandwidth that is independent of the actual link speed. A second configuration
parameter allows you to control the ratio of interface bandwidth to link cost. The link cost is
computed as the ratio of a reference bandwidth to the interface bandwidth (ref_bw / interface
bandwidth), where interface bandwidth is defined by the bandwidth command. Because the
default reference bandwidth is 100 Mbps, OSPF uses the same default link cost for all
interfaces whose bandwidth is 100 Mbps or greater. Use the auto-cost command to
change the reference bandwidth, specifying the reference bandwidth in megabits per second
(Mbps). The reference bandwidth range is 1–4294967 Mbps. The different reference
bandwidth can be independently configured for OSPFv2 and OSPFv3.
Default

100Mbps

IPv6 Commands
408

ProSafe Managed Switch

Format

auto-cost reference-bandwidth <1 to 4294967>

Mode

Router OSPFv3 Config

no auto-cost reference-bandwidth (OSPFv3)
Use this command to set the reference bandwidth to the default value.
Format

no auto-cost reference-bandwidth

Mode

Router OSPFv3 Config

clear ipv6 ospf
Use this command to disable and re-enable OSPF.
Format

clear ipv6 ospf

Mode

Privileged EXEC

clear ipv6 ospf configuration
Use this command to reset the OSPF configuration to factory defaults.
Format

clear ipv6 ospf configuration

Mode

Privileged EXEC

clear ipv6 ospf counters
Use this command to reset global and interface statistics.
Format

clear ipv6 ospf counters

Mode

Privileged EXEC

clear ipv6 ospf neighbor
Use this command to drop the adjacency with all OSPF neighbors. On each neighbor’s
interface, send a one-way hello. Adjacencies may then be re-established. To drop all
adjacencies with a specific router ID, specify the neighbor’s Router ID using the optional
parameter [neighbor-id].
Format

clear ipv6 ospf neighbor [neighbor-id]

Mode

Privileged EXEC

IPv6 Commands
409

ProSafe Managed Switch

clear ipv6 ospf neighbor interface
To drop adjacency with all neighbors on a specific interface, use the optional parameter
[unit/slot/port]. To drop adjacency with a specific router ID on a specific interface, use the
optional parameter [neighbor-id].
Format

clear ipv6 ospf neighbor interface [unit/slot/port] [neighbor-id]

Mode

Privileged EXEC

clear ipv6 ospf redistribution
Use this command to flush all self-originated external LSAs. Reapply the redistribution
configuration and re-originate prefixes as necessary.
Format

clear ipv6 ospf redistribution

Mode

Privileged EXEC

default-information originate (OSPFv3)
This command is used to control the advertisement of default routes.
Default

• metric—unspecified
• type—2

Format

default-information originate [always] [metric <1-16777214>]
[metric-type {1 | 2}]

Mode

Router OSPFv3 Config

no default-information originate (OSPFv3)
This command is used to control the advertisement of default routes.
Format

no default-information originate [metric] [metric-type]

Mode

Router OSPFv3 Config

default-metric (OSPFv3)
This command is used to set a default for the metric of distributed routes.
Format

default-metric <1-16777214>

Mode

Router OSPFv3 Config

IPv6 Commands
410

ProSafe Managed Switch

no default-metric (OSPFv3)
This command is used to set a default for the metric of distributed routes.
Format

no default-metric

Mode

Router OSPFv3 Config

distance ospf (OSPFv3)
This command sets the route preference value of OSPF route types in the router. Lower
route preference values are preferred when determining the best route. The type of OSPF
route can be intra, inter, or external. All the external type routes are given the same
preference value. The range of  value is 1 to 255.
Default

110

Format

distance ospf {intra-area <1-255> | inter-area <1-255> | external
<1-255>}

Mode

Router OSPFv3 Config

no distance ospf(OSPFv3)
This command sets the default route preference value of OSPF routes in the router. The type
of OSPF route can be intra, inter, or external. All the external type routes are given the same
preference value.
Format

no distance ospf {intra-area | inter-area | external}

Mode

Router OSPFv3 Config

enable (OSPFv3)
This command resets the default administrative mode of OSPF in the router (active).
Default

enabled

Format

enable

Mode

Router OSPFv3 Config

no enable (OSPFv3)
This command sets the administrative mode of OSPF in the router to inactive.
Format

no enable

Mode

Router OSPFv3 Config

IPv6 Commands
411

ProSafe Managed Switch

exit-overflow-interval (OSPFv3)
This command configures the exit overflow interval for OSPF. It describes the number of
seconds after entering Overflow state that a router will wait before attempting to leave the
overflow state. This allows the router to again originate non-default AS-external-LSAs. When
set to 0, the router will not leave overflow state until restarted. The range for  is 0
to 2147483647 seconds.
Default

0

Format

exit-overflow-interval

Mode

Router OSPFv3 Config



no exit-overflow-interval(OSPFv3)
This command configures the default exit overflow interval for OSPF.
Format

no exit-overflow-interval

Mode

Router OSPFv3 Config

external-lsdb-limit (OSPFv3)
This command configures the external LSDB limit for OSPF. If the value is –1, then there is
no limit. When the number of non-default AS-external-LSAs in a router’s link-state database
reaches the external LSDB limit, the router enters overflow state. The router never holds
more than the external LSDB limit non-default AS-external-LSAs in it database. The external
LSDB limit MUST be set identically in all routers attached to the OSPF backbone and/or any
regular OSPF area. The range for  is –1 to 2147483647.
Default

-1

Format

external-lsdb-limit

Mode

Router OSPFv3 Config



no external-lsdb-limit
This command configures the default external LSDB limit for OSPF.
Format

no external-lsdb-limit

Mode

Router OSPFv3 Config

IPv6 Commands
412

ProSafe Managed Switch

maximum-paths (OSPFv3)
This command sets the number of paths that OSPF can report for a given destination where
maxpaths is platform dependent.
Default

4

Format

maximum-paths 

Mode

Router OSPFv3 Config

no maximum-paths
This command resets the number of paths that OSPF can report for a given destination back
to its default value.
Format

no maximum-paths

Mode

Router OSPFv3 Config

passive-interface default (OSPFv3)
Use this command to enable global passive mode by default for all interfaces. It overrides
any interface level passive mode. OSPF shall not form adjacencies over a passive interface.
Default

disabled

Format

passive-interface default

Mode

Router OSPFv3 Config

no passive-interface default(OSPFv3)
Use this command to disable the global passive mode by default for all interfaces. Any
interface previously configured to be passive reverts to non-passive mode.
Format

no passive-interface default

Mode

Router OSPFv3 Config

passive-interface (OSPFv3)
Use this command to set the interface or tunnel as passive. It overrides the global passive
mode that is currently effective on the interface or tunnel.
Default

disabled

Format

passive-interface { | tunnel }

Mode

Router OSPFv3 Config

IPv6 Commands
413

ProSafe Managed Switch

no passive-interface(OSPFv3)
Use this command to set the interface or tunnel as non-passive. It overrides the global
passive mode that is currently effective on the interface or tunnel.
Format

no passive-interface { | tunnel }

Mode

Router OSPFv3 Config

redistribute (OSPFv3)
This command configures the OSPFv3 protocol to allow redistribution of routes from the
specified source protocol/routers.
Default

• metric—unspecified
• type—2
• tag—0

Format

redistribute {static | connected} [metric <0-16777214>] [metric-type
{1 | 2}] [tag <0-4294967295>]

Mode

Router OSPFv3 Config

no redistribute(OSPFv3)
This command configures OSPF protocol to prohibit redistribution of routes from the
specified source protocol/routers.
Format

no redistribute {static | connected} [metric] [metric-type] [tag]

Mode

Router OSPFv3 Config

router-id (OSPFv3)
This command sets a 4-digit dotted-decimal number uniquely identifying the router ospf id.
The  is a configured value.
Format

router-id 

Mode

Router OSPFv3 Config

IPv6 Commands
414

ProSafe Managed Switch

trapflags (OSPFv3)
Use this command to enable individual OSPF traps, enable a group of trap flags at a time, or
enable all the trap flags at a time. The different groups of trapflags, and each group’s specific
trapflags to enable or disable, are listed in Table 2, Trapflag Groups (OSPFv3).
Table 2. Trapflag Groups (OSPFv3)
Group

Flags

errors

•
•
•
•
•
•

if-rx

ir-rx-packet

lsa

• lsa-maxage
• lsa-originate

overflow

• lsdb-overflow
• lsdb-approaching-overflow

retransmit

• packets
• virt-packets

rtb

• rtb-entry-info

state-change

•
•
•
•

authentication-failure
bad-packet
config-error
virt-authentication-failure
virt-bad-packet
virt-config-error

if-state-change
neighbor-state-change
virtif-state-change
virtneighbor-state-change

•

To enable the individual flag, enter the group name followed by that particular flag.

•

To enable all the flags in that group, give the group name followed by all.

IPv6 Commands
415

ProSafe Managed Switch

•

To enable all the flags, give the command as trapflags all.

Default

disabled

Format

trapflags {
all |
errors {all | authentication-failure | bad-packet | config-error |
virtauthentication-failure | virt-bad-packet | virt-config-error} |
if-rx {all | if-rx-packet} |
lsa {all | lsa-maxage | lsa-originate} |
overflow {all | lsdb-overflow | lsdb-approaching-overflow} |
retransmit {all | packets | virt-packets} |
rtb {all, rtb-entry-info} |
state-change {all | if-state-change | neighbor-state-change |
virtif-statechange | virtneighbor-state-change}
}

Mode

Router OSPFv3 Config

no trapflags(OSPFv3)
Use this command to revert to the default reference bandwidth.
•

To disable the individual flag, enter the group name followed by that particular flag.

•

To disable all the flags in that group, give the group name followed by all.

•

To disable all the flags, give the command as trapflags all.

Format

no trapflags {
all |
errors {all | authentication-failure | bad-packet | config-error |
virtauthentication-failure | virt-bad-packet | virt-config-error} |
if-rx {all | if-rx-packet} |
lsa {all | lsa-maxage | lsa-originate} |
overflow {all | lsdb-overflow | lsdb-approaching-overflow} |
retransmit {all | packets | virt-packets} |
rtb {all, rtb-entry-info} |
state-change {all | if-state-change | neighbor-state-change |
virtif-statechange | virtneighbor-state-change}
}

Mode

Router OSPFv3 Config

show ipv6 ospf
This command displays information relevant to the OSPF router.
Format

show ipv6 ospf

Mode

Privileged EXEC

IPv6 Commands
416

ProSafe Managed Switch

Note: Some of the information below displays only if you enable OSPF
and configure certain features.

Term

Definition

Router ID

A 32 bit integer in dotted decimal format identifying the router, about which information is
displayed. This is a configured value.

OSPF Admin
Mode

Shows whether the administrative mode of OSPF in the router is enabled or disabled.
This is a configured value.

ABR Status

Shows whether the router is an OSPF Area Border Router.

ASBR Status

Reflects whether the ASBR mode is enabled or disabled. Enable implies that the router is
an autonomous system border router. Router automatically becomes an ASBR when it is
configured to redistribute routes learnt from other protocol. The possible values for the
ASBR status is enabled (if the router is configured to re-distribute routes learned by other
protocols) or disabled (if the router is not configured for the same).

Stub Router

When OSPF runs out of resources to store the entire link state database, or any other
state information, OSPF goes into stub router mode. As a stub router, OSPF
re-originates its own router LSAs, setting the cost of all non-stub interfaces to infinity. To
restore OSPF to normal operation, disable and re-enable OSPF.

Exit Overflow
Interval

The number of seconds that, after entering overflow state, a router will attempt to leave
overflow state.

External LSDB
Overflow

When the number of non-default external LSAs exceeds the configured limit, External
LSDB Limit, OSPF goes into LSDB overflow state. In this state, OSPF withdraws all of its
self-originated non-default external LSAs. After the Exit Overflow Interval, OSPF leaves
the overflow state, if the number of external LSAs has been reduced.

External LSA
Count

The number of external (LS type 5) link-state advertisements in the link-state database.

External LSA
Checksum

The sum of the LS checksums of external link-state advertisements contained in the
link-state database.

New LSAs
Originated

The number of new link-state advertisements that have been originated.

LSAs Received

The number of link-state advertisements received determined to be new instantiations.

LSA Count

The total number of link state advertisements currently in the link state database.

Maximum
Number of
LSAs

The maximum number of LSAs that OSPF can store.

LSA High Water The maximum size of the link state database since the system started.
Mark
Retransmit List
Entries

The total number of LSAs waiting to be acknowledged by all neighbors. An LSA may be
pending acknowledgment from more than one neighbor.

IPv6 Commands
417

ProSafe Managed Switch

Term

Definition

Maximum
Number of
Retransmit
Entries

The maximum number of LSAs that can be waiting for acknowledgment at any given
time.

Retransmit
Entries High
Water Mark

The highest number of LSAs that have been waiting for acknowledgment.

External LSDB
Limit

The maximum number of non-default AS-external-LSAs entries that can be stored in the
link-state database.

Default Metric

Default value for redistributed routes.

Default Passive Shows whether the interfaces are passive by default.
Setting
Default Route
Advertise

Indicates whether the default routes received from other source protocols are advertised
or not.

Always

Shows whether default routes are always advertised.

Metric

The metric for the advertised default routes. If the metric is not configured, this field is
blank.

Metric Type

Shows whether the routes are External Type 1 or External Type 2.

Number of
Active Areas

The number of active OSPF areas. An “active” OSPF area is an area with at least one
interface up.

AutoCost Ref
BW

Shows the value of the auto-cost reference bandwidth configured on the router.

Maximum Paths The maximum number of paths that OSPF can report for a given destination.
Redistributing

This field is a heading and appears only if you configure the system to take routes
learned from a non-OSPF source and advertise them to its peers.

Source

Shows source protocol/routes that are being redistributed. Possible values are static,
connected, BGP, or RIP.

Metric

The metric of the routes being redistributed.

Metric Type

Shows whether the routes are External Type 1 or External Type 2.

Tag

The decimal value attached to each external route.

Subnets

For redistributing routes into OSPF, the scope of redistribution for the specified protocol.

Distribute-List

The access list used to filter redistributed routes.

IPv6 Commands
418

ProSafe Managed Switch

show ipv6 ospf abr
This command displays the internal OSPFv3 routes to reach Area Border Routers (ABR).
This command takes no options.
Format

show ipv6 ospf abr

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Type

The type of the route to the destination. It can be either:
• intra — Intra-area route
• inter — Inter-area route

Router ID

Router ID of the destination.

Cost

Cost of using this route.

Area ID

The area ID of the area from which this route is learned.

Next Hop

Next hop toward the destination.

Next Hop Intf

The outgoing router interface to use when forwarding traffic to the next hop.

show ipv6 ospf area
This command displays information about the area. The  identifies the OSPF area
that is being displayed.
Format

show ipv6 ospf area 

Modes

• Privileged EXEC
• User EXEC

Term

Definition

AreaID

The area id of the requested OSPF area.

External
Routing

A number representing the external routing capabilities for this area.

Spf Runs

The number of times that the intra-area route table has been calculated using this area's
link-state database.

Area Border
Router Count

The total number of area border routers reachable within this area.

Area LSA Count Total number of link-state advertisements in this area's link-state database, excluding AS
External LSAs.
Area LSA
Checksum

A number representing the Area LSA Checksum for the specified AreaID excluding the
external (LS type 5) link-state advertisements.

IPv6 Commands
419

ProSafe Managed Switch

Term

Definition

Stub Mode

Represents whether the specified Area is a stub area or not. The possible values are
enabled and disabled. This is a configured value.

Import
Shows whether to import summary LSAs (enabled).
Summary LSAs
OSPF Stub
Metric Value

The metric value of the stub area. This field displays only if the area is a configured as a
stub area.

The following OSPF NSSA specific information displays only if the area is configured as an
NSSA.
Term

Definition

Import
Shows whether to import summary LSAs into the NSSA.
Summary LSAs
Redistribute
into NSSA

Shows whether to redistribute information into the NSSA.

Default
Information
Originate

Shows whether to advertise a default route into the NSSA.

Default Metric

The metric value for the default route advertised into the NSSA.

Default Metric
Type

The metric type for the default route advertised into the NSSA.

Translator Role The NSSA translator role of the ABR, which is always or candidate.
Translator
The amount of time that an elected translator continues to perform its duties after it
Stability Interval
determines that its translator status has been deposed by another router.
Translator State Shows whether the ABR translator state is disabled, always, or elected.

show ipv6 ospf asbr
This command displays the internal OSPFv3 routes to reach Autonomous System Boundary
Routers (ASBR). This command takes no options.
Format

show ipv6 ospf asbr

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Type

The type of the route to the destination. It can be either:
• intra — Intra-area route
• inter — Inter-area route

Router ID

Router ID of the destination.

IPv6 Commands
420

ProSafe Managed Switch

Term

Definition

Cost

Cost of using this route.

Area ID

The area ID of the area from which this route is learned.

Next Hop

Next hop toward the destination.

Next Hop Intf

The outgoing router interface to use when forwarding traffic to the next hop.

show ipv6 ospf database
This command displays information about the link state database when OSPFv3 is enabled.
If you do not enter any parameters, the command displays the LSA headers for all areas. Use
the optional  parameter to display database information about a specific area. Use
the other optional parameters to specify the type of link state advertisements to display. Use
external to display the external LSAs. Use inter-area to display the inter-area LSAs.
Use link to display the link LSAs. Use network to display the network LSAs. Use
nssa-external to display NSSA external LSAs. Use prefix to display intra-area Prefix LSAs.
Use router to display router LSAs. Use unknown area, unknown as, or unknown link
to display unknown area, AS or link-scope LSAs, respectively. Use  to specify the link
state ID (LSID). Use adv-router to show the LSAs that are restricted by the advertising
router. Use self-originate to display the LSAs in that are self originated. The information
below is only displayed if OSPF is enabled.
Format

show ipv6 ospf [] database [{external | inter-area {prefix |
router} | link | network | nssa-external | prefix | router | unknown
{area | as | link}}] [] [{adv-router [] |
self-originate}]

Modes

• Privileged EXEC
• User EXEC

For each link-type and area, the following information is displayed.
Term

Definition

Link Id

A number that uniquely identifies an LSA that a router originates from all other self
originated LSAs of the same LS type.

Adv Router

The Advertising Router. Is a 32 bit dotted decimal number representing the LSDB
interface.

Age

A number representing the age of the link state advertisement in seconds.

Sequence

A number that represents which LSA is more recent.

Checksum

The total number LSA checksum.

Options

An integer indicating that the LSA receives special handling during routing calculations.

Rtr Opt

Router Options are valid for router links only.

IPv6 Commands
421

ProSafe Managed Switch

show ipv6 ospf database database-summary
Use this command to display the number of each type of LSA in the database and the total
number of LSAs in the database.
Format

show ipv6 ospf database database-summary

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Router

Total number of router LSAs in the OSPFv3 link state database.

Network

Total number of network LSAs in the OSPFv3 link state database.

Inter-area Prefix Total number of inter-area prefix LSAs in the OSPFv3 link state database.
Inter-area
Router

Total number of inter-area router LSAs in the OSPFv3 link state database.

Type-7 Ext

Total number of NSSA external LSAs in the OSPFv3 link state database.

Link

Total number of link LSAs in the OSPFv3 link state database.

Intra-area Prefix Total number of intra-area prefix LSAs in the OSPFv3 link state database.
Link Unknown

Total number of link-source unknown LSAs in the OSPFv3 link state database.

Area Unknown

Total number of area unknown LSAs in the OSPFv3 link state database.

AS Unknown

Total number of as unknown LSAs in the OSPFv3 link state database.

Type-5 Ext

Total number of AS external LSAs in the OSPFv3 link state database.

Self-Originated
Type-5

Total number of self originated AS external LSAs in the OSPFv3 link state database.

Total

Total number of router LSAs in the OSPFv3 link state database.

show ipv6 ospf interface
This command displays the information for the IFO object or virtual interface tables.
Format

show ipv6 ospf interface { | loopback 
| tunnel }

Modes

• Privileged EXEC
• User EXEC

Term

Definition

IPv6 Address

The IPv6 address of the interface.

ifIndex

The interface index number associated with the interface.

OSPF Admin
Mode

Shows whether the admin mode is enabled or disabled.

IPv6 Commands
422

ProSafe Managed Switch

Term

Definition

OSPF Area ID

The area ID associated with this interface.

Router Priority

The router priority. The router priority determines which router is the designated router.

Retransmit
Interval

The frequency, in seconds, at which the interface sends LSA.

Hello Interval

The frequency, in seconds, at which the interface sends Hello packets.

Dead Interval

The amount of time, in seconds, the interface waits before assuming a neighbor is down.

LSA Ack
Interval

The amount of time, in seconds, the interface waits before sending an LSA
acknowledgement after receiving an LSA.

Iftransit Delay
Interval

The number of seconds the interface adds to the age of LSA packets before
transmission.

Authentication
Type

The type of authentication the interface performs on LSAs it receives.

Metric Cost

The priority of the path. Low costs have a higher priority than high costs.

Passive Status

Shows whether the interface is passive or not.

OSPF
MTU-ignore

Shows whether to ignore MTU mismatches in database descriptor packets sent from
neighboring routers.

The following information only displays if OSPF is initialized on the interface:
Term

Definition

OSPF Interface
Type

Broadcast LANs, such as Ethernet and IEEE 802.5, take the value broadcast. The OSPF
Interface Type will be 'broadcast'.

State

The OSPF Interface States are: down, loopback, waiting, point-to-point, designated
router, and backup designated router.

Designated
Router

The router ID representing the designated router.

Backup
Designated
Router

The router ID representing the backup designated router.

Number of Link The number of link events.
Events
Metric Cost

The cost of the OSPF interface.

show ipv6 ospf interface brief
This command displays brief information for the IFO object or virtual interface tables.
Format

show ipv6 ospf interface brief

Modes

• Privileged EXEC
• User EXEC

IPv6 Commands
423

ProSafe Managed Switch

Term

Definition

Interface

Valid slot and port number separated by forward slashes.

Admin Mode

States whether OSPF is enabled or disabled on a router interface.

Area ID

The OSPF Area ID for the specified interface.

Router Priority

The router priority. The router priority determines which router is the designated router.

Hello Interval

The frequency, in seconds, at which the interface sends Hello packets.

Dead Interval

The amount of time, in seconds, the interface waits before assuming a neighbor is down.

Retransmit
Interval

The frequency, in seconds, at which the interface sends LSA.

Retransmit
Delay Interval

The number of seconds the interface adds to the age of LSA packets before
transmission.

LSA Ack
Interval

The amount of time, in seconds, the interface waits before sending an LSA
acknowledgement after receiving an LSA.

show ipv6 ospf interface stats
This command displays the statistics for a specific interface. The command only displays
information if OSPF is enabled.
Format

show ipv6 ospf interface stats 

Modes

• Privileged EXEC
• User EXEC

Term

Definition

OSPFv3 Area ID The area id of this OSPF interface.
IPv6 Address

The IP address associated with this OSPF interface.

OSPFv3
The number of times the specified OSPF interface has changed its state, or an error has
Interface Events
occurred.
Virtual Events

The number of state changes or errors that occurred on this virtual link.

Neighbor
Events

The number of times this neighbor relationship has changed state, or an error has
occurred.

Packets
Received

The number of OSPFv3 packets received on the interface.

Packets
Transmitted

The number of OSPFv3 packets sent on the interface.

LSAs Sent

The total number of LSAs flooded on the interface.

IPv6 Commands
424

ProSafe Managed Switch

Term

Definition

LSA Acks
Received

The total number of LSA acknowledged from this interface.

LSA Acks Sent

The total number of LSAs acknowledged to this interface.

Sent Packets

The number of OSPF packets transmitted on the interface.

Received
Packets

The number of valid OSPF packets received on the interface.

Discards

The number of received OSPF packets discarded because of an error in the packet or an
error in processing the packet.

Bad Version

The number of received OSPF packets whose version field in the OSPF header does not
match the version of the OSPF process handling the packet.

Virtual Link Not The number of received OSPF packets discarded where the ingress interface is in a
Found
non-backbone area and the OSPF header identifies the packet as belonging to the
backbone, but OSPF does not have a virtual link to the packet’s sender.
Area Mismatch

The number of OSPF packets discarded because the area ID in the OSPF header is not
the area ID configured on the ingress interface.

Invalid
Destination
Address

The number of OSPF packets discarded because the packet’s destination IP address is
not the address of the ingress interface and is not the AllDrRouters or AllSpfRouters
multicast addresses.

No Neighbor at The number of OSPF packets dropped because the sender is not an existing neighbor or
Source Address
the sender’s IP address does not match the previously recorded IP address for that
neighbor. NOTE: Does not apply to Hellos.
Invalid OSPF
Packet Type

The number of OSPF packets discarded because the packet type field in the OSPF
header is not a known type.

Hellos Ignored

The number of received Hello packets that were ignored by this router from the new
neighbors after the limit has been reached for the number of neighbors on an interface or
on the system as a whole.

See show ip ospf interface stats on page 315 for a sample output of the number of OSPF
packets of each type sent and received on the interface.

show ipv6 ospf neighbor
This command displays information about OSPF neighbors. If you do not specify a neighbor
IP address, the output displays summary information in a table. If you specify an interface or
tunnel, only the information for that interface or tunnel displays. The  is the IP
address of the neighbor, and when you specify this, detailed information about the neighbor
displays. The information below only displays if OSPF is enabled and the interface has a
neighbor.
Format

show ipv6 ospf neighbor [interface { | tunnel
}][]

Modes

• Privileged EXEC
• User EXEC

IPv6 Commands
425

ProSafe Managed Switch

If you do not specify an IP address, a table with the following columns displays for all
neighbors or the neighbor associated with the interface that you specify:
Term

Definition

Router ID

The 4-digit dotted-decimal number of the neighbor router.

Priority

The OSPF priority for the specified interface. The priority of an interface is a priority
integer from 0 to 255. A value of '0' indicates that the router is not eligible to become the
designated router on this network.

Intf ID

The interface ID of the neighbor.

Interface

The interface of the local router in unit/slot/port format.

State

The state of the neighboring routers. Possible values are:
• Down- initial state of the neighbor conversation - no recent information has been
received from the neighbor.
• Attempt - no recent information has been received from the neighbor but a more
concerted effort should be made to contact the neighbor.
• Init - an Hello packet has recently been seen from the neighbor, but bidirectional
communication has not yet been established.
• 2 way - communication between the two routers is bidirectional.
• Exchange start - the first step in creating an adjacency between the two neighboring
routers, the goal is to decide which router is the master and to decide upon the initial
DD sequence number.
• Exchange - the router is describing its entire link state database by sending Database
Description packets to the neighbor.
• Full - the neighboring routers are fully adjacent and they will now appear in
router-LSAs and network-LSAs.

Dead Time

The amount of time, in seconds, to wait before the router assumes the neighbor is
unreachable.

If you specify an IP address for the neighbor router, the following fields display:
Term

Definition

Interface

The interface of the local router in unit/slot/port format.

Area ID

The area ID associated with the interface.

Options

An integer value that indicates the optional OSPF capabilities supported by the neighbor.
These are listed in its Hello packets. This enables received Hello Packets to be rejected
(i.e., neighbor relationships will not even start to form) if there is a mismatch in certain
crucial OSPF capabilities.

Router Priority

The router priority for the specified interface.

Dead Timer Due The amount of time, in seconds, to wait before the router assumes the neighbor is
unreachable.
State

The state of the neighboring routers.

IPv6 Commands
426

ProSafe Managed Switch

Term

Definition

Events

Number of times this neighbor relationship has changed state, or an error has occurred.

Retransmission An integer representing the current length of the retransmission queue of the specified
Queue Length
neighbor router Id of the specified interface.

show ipv6 ospf range
This command displays information about the area ranges for the specified . The
 identifies the OSPF area whose ranges are being displayed.
Format

show ipv6 ospf range 

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Area ID

The area id of the requested OSPF area.

IP Address

An IP address which represents this area range.

Lsdb Type

The type of link advertisement associated with this area range.

Advertisement

The status of the advertisement: enabled or disabled.

show ipv6 ospf stub table
This command displays the OSPF stub table. The information below will only be displayed if
OSPF is initialized on the switch.
Format

show ipv6 ospf stub table

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Area ID

A 32-bit identifier for the created stub area.

Type of Service Type of service associated with the stub metric. For this release, Normal TOS is the only
supported type.
Metric Val

The metric value is applied based on the TOS. It defaults to the least metric of the type of
service among the interfaces to other areas. The OSPF cost for a route is a function of
the metric value.

Import
Summary LSA

Controls the import of summary LSAs into stub areas.

IPv6 Commands
427

ProSafe Managed Switch

show ipv6 ospf virtual-link
This command displays the OSPF Virtual Interface information for a specific area and
neighbor. The  parameter identifies the area and the  parameter
identifies the neighbor’s Router ID.
Format

show ipv6 ospf virtual-link  

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Area ID

The area id of the requested OSPF area.

Neighbor
Router ID

The input neighbor Router ID.

Hello Interval

The configured hello interval for the OSPF virtual interface.

Dead Interval

The configured dead interval for the OSPF virtual interface.

Iftransit Delay
Interval

The configured transit delay for the OSPF virtual interface.

Retransmit
Interval

The configured retransmit interval for the OSPF virtual interface.

Authentication
Type

The type of authentication the interface performs on LSAs it receives.

State

The OSPF Interface States are: down, loopback, waiting, point-to-point, designated
router, and backup designated router. This is the state of the OSPF interface.

Neighbor State

The neighbor state.

show ipv6 ospf virtual-link brief
This command displays the OSPFV3 Virtual Interface information for all areas in the system.
Format

show ipv6 ospf virtual-link brief

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Area ID

The area id of the requested OSPFV3 area.

Neighbor

The neighbor interface of the OSPFV3 virtual interface.

Hello Interval

The configured hello interval for the OSPFV3 virtual interface.

Dead Interval

The configured dead interval for the OSPFV3 virtual interface.

IPv6 Commands
428

ProSafe Managed Switch

Term

Definition

Retransmit
Interval

The configured retransmit interval for the OSPFV3 virtual interface.

Transit Delay

The configured transit delay for the OSPFV3 virtual interface.

OSPFv3 Graceful Restart Commands
The managed switch implementation of OSPFv3 supports graceful restart as specified in
RFC 5187 and RFC 3623. Graceful restart works together with managed switch non-stop
forwarding (nsf) to enable the hardware to continue forwarding IPv6 packets using OSPFv3
routes while a backup unit takes over management unit responsibility. When OSPF executes
a graceful restart, it informs its neighbors that the OSPF control plane is restarting but will be
back shortly. Helpful neighbors continue to advertise to the network that they have full
adjacencies with the restarting router, avoiding announcement of a topology change and
related events (for example, flooding of LSAs and SPF runs). Helpful neighbors continue to
forward packets through the restarting router. The restarting router relearns the network
topology from its helpful neighbors.
Graceful restart implements both the restarting router and helpful neighbor features
described in RFC 3623.

nsf (OSPFv3)
This command enables OSPF graceful restart. The ietf parameter is used to distinguish the
IETF standard implementation of graceful restart from other implementations. Since the IETF
implementation is not the only one supported, this parameter is optional. The planned-only
parameter indicates that OSPF performs a graceful restart only when the restart is planned
(that is, when the restart results from the initiate failover command).
Default

disabled

Format

nsf [ ietf ] [ planned-only ]

Mode

OSPFv3 Router Configuration mode

no nsf [ietf] (OSPFv3)
This command disables OSPF graceful restart.
Format

no nsf [ ietf ]

Mode

OSPFv3 Router Configuration mode

nsf helper (OSPFv3)
This command allows OSPF to act as a helpful neighbor for a restarting router. The
planned-only parameter indicates that OSPF should only help a restarting router
performing a planned restart.

IPv6 Commands
429

ProSafe Managed Switch

The grace LSA announcing the graceful restart includes the reason for the restart. Reasons 1
(software restart) and 2 (software reload/upgrade) are considered planned restarts. Reasons
0 (unknown) and 3 (switch to redundant control processor) are considered unplanned
restarts.
Default

OSPF acts as a helpful neighbor for both planned and unplanned restarts

Format

nsf helper [ planned-only ]

Mode

OSPFv3 Router Configuration mode

nsf ietf helper disable (OSPFv3)
This command is functionally equivalent to no nsf helper and is supported solely for IS-CLI
compatibility.
Format

nsf ietf helper disable

Mode

OSPFv3 Router Configuration mode

no nsf helper (OSPFv3)
This command prevents OSPF from acting as a helpful neighbor.
Format

no nsf helper

Mode

OSPFv3 Router Configuration mode

nsf helper strict-lsa-checking (OSPFv3)
This command requires that an OSPF helpful neighbor exit helper mode when a topology
change occurs. The restarting router is unable to react to topology changes. In particular, the
restarting router will not immediately update its forwarding table. Therefore, a topology
change might introduce forwarding loops or black holes that persist until the graceful restart is
completed. By exiting graceful restart when a topology change occurs, a router tries to
eliminate the loops or black holes as quickly as possible by routing around the restarting
router.
The ietf parameter is used to distinguish the IETF standard implementation of graceful
restart from other implementations. Since the IETF implementation is not the only one
supported, this parameter is optional.
A helpful neighbor considers a link down with the restarting router to be a topology change,
regardless of the strict LSA checking configuration.
Default

A helpful neighbor exits helper mode when a topology change occurs.

Format

nsf [ietf] helper strict-lsa-checking

Mode

OSPFv3 Router Configuration mode

IPv6 Commands
430

ProSafe Managed Switch

no nsf [ietf] helper strict-lsa-checking (OSPFv3)
This command allows OSPF to continue as a helpful neighbor in spite of topology changes.

nsf restart-interval (OSPFv3)
This command configures the length of the grace period on the restarting router. The grace
period must be set long enough to allow the restarting router to reestablish all of its
adjacencies and complete a full database exchange with each of its neighbors.
The ietf parameter is used to distinguish the IETF standard implementation of graceful
restart from other implementations. Since the IETF implementation is not the only one
supported, this parameter is optional. The seconds parameter represents the number of
seconds that the restarting router asks its neighbors to wait before exiting helper mode. The
restarting router includes the restart interval in its grace LSAs (range 1–1800 seconds).
Default

120s

Format

nsf [ietf] restart-interval seconds

Mode

OSPFv3 Router Configuration mode

no [ietf] nsf restart-interval (OSPFv3)
This command reverts the grace period to its default.

DHCPv6 Commands
This section describes the command you use to configure the DHCPv6 server on the system
and to view DHCPv6 information.

service dhcpv6
This command enables DHCPv6 configuration on the router.
Default

disabled

Format

service dhcpv6

Mode

Global Config

no service dhcpv6
This command disables DHCPv6 configuration on router.
Format

no service dhcpv6

Mode

Global Config

IPv6 Commands
431

ProSafe Managed Switch

ipv6 dhcp server
Use this command to configure DHCPv6 server functionality on an interface. The
 is the DHCPv6 pool containing stateless and/or prefix delegation parameters,
rapid-commit is an option that allows for an abbreviated exchange between the client and
server, and  is a value used by clients to determine preference between
multiple DHCPv6 servers. For a particular interface DHCPv6 server and DHCPv6 relay
functions are mutually exclusive.
Format

ipv6 dhcp server  [rapid-commit] [preference ]

Mode

Interface Config

ipv6 dhcp relay destination
Use this command to configure an interface for DHCPv6 relay functionality. Use the
destination keyword to set the relay server IPv6 address. The 
parameter is an IPv6 address of a DHCPv6 relay server. Use the interface keyword to set
the relay server interface. The  parameter is an interface
(unit/slot/port) to reach a relay server. The optional remote-id is the Relay Agent
Information Option “remote ID” sub-option to be added to relayed messages. This can either
be the special keyword duid-ifid, which causes the “remote ID” to be derived from the
DHCPv6 server DUID and the relay interface number, or it can be specified as a user-defined
string.

Note: If  is an IPv6 global address, then 
is not required. If  is a link-local or multicast
address, then  is required. Finally, if you do not
specify a value for , then you must specify a value
for  and the DHCPV6-ALL-AGENTS multicast
address (i.e. FF02::1:2) is used to relay DHCPv6 messages to the
relay server.

Format

ipv6 dhcp relay {destination [] interface
[]| interface []} [remote-id
(duid-ifid | )]

Mode

Interface Config

ipv6 dhcp pool
Use this command from Global Config mode to enter IPv6 DHCP Pool Config mode. Use the
exit command to return to Global Config mode. To return to the User EXEC mode, enter
CTRL+Z. The  should be less than 31 alpha-numeric characters. DHCPv6
pools are used to specify information for DHCPv6 server to distribute to DHCPv6 clients.

IPv6 Commands
432

ProSafe Managed Switch

These pools are shared between multiple interfaces over which DHCPv6 server capabilities
are configured.
Format

ipv6 dhcp pool 

Mode

Global Config

no ipv6 dhcp pool
This command removes the specified DHCPv6 pool.
Format

no ipv6 dhcp pool 

Mode

Global Config

domain-name (IPv6)
This command sets the DNS domain name provided to the DHCPv6 client by the DHCPv6
server. The DNS domain name is configured for stateless server support and consists of no
more than 31 alpha-numeric characters. The DHCPv6 pool can have up to eight domain
names.
Format

domain-name 

Mode

IPv6 DHCP Pool Config

no domain-name
This command removes the DHCPv6 domain name from the DHCPv6 pool.
Format

no domain-name 

Mode

IPv6 DHCP Pool Config

dns-server (IPv6)
This command sets the ipv6 DNS server address, which is provided to dhcpv6 client by
dhcpv6 server. DNS server address is configured for stateless server support. DHCPv6 pool
can have multiple number of domain names with maximum of 8.
Format

dns-server 

Mode

IPv6 DHCP Pool Config

no dns-server
This command will remove DHCPv6 server address from DHCPv6 server.
Format

no dns-server 

Mode

IPv6 DHCP Pool Config

IPv6 Commands
433

ProSafe Managed Switch

prefix-delegation (IPv6)
Multiple IPv6 prefixes can be defined within a pool for distributing to specific DHCPv6 Prefix
delegation clients. Prefix is the delegated IPv6 prefix. DUID is the client’s unique DUID value
(Example: 00:01:00:09:f8:79:4e:00:04:76:73:43:76'). Name is 31 characters textual client’s
name, which is useful for logging or tracing only. Valid lifetime is the valid lifetime for the
delegated prefix in seconds and preferred lifetime is the preferred lifetime for the delegated
prefix in seconds.
Default

• valid-lifetime—2592000
• preferred-lifetime—604800

Format

prefix-delegation   [name ]
[valid-lifetime <0-4294967295>][preferred-lifetime < 0-4294967295>]

Mode

IPv6 DHCP Pool Config

no prefix-delegation
This command deletes a specific prefix-delegation client.
Format

no prefix-delegation  

Mode

IPv6 DHCP Pool Config

show ipv6 dhcp
This command displays the DHCPv6 server name and status.
Format

show ipv6 dhcp

Mode

Privileged EXEC

Term

Definition

DHCPv6 is
Enabled
(Disabled)

The status of the DHCPv6 server.

Server DUID

If configured, shows the DHCPv6 unique identifier.

show ipv6 dhcp statistics
This command displays the IPv6 DHCP statistics for all interfaces.
Format

show ipv6 dhcp statistics

Mode

Privileged EXEC

IPv6 Commands
434

ProSafe Managed Switch

Term

Definition

DHCPv6 Solicit Packets
Received

Number of solicit received statistics.

DHCPv6 Request Packets
Received

Number of request received statistics.

DHCPv6 Confirm Packets
Received

Number of confirm received statistics.

DHCPv6 Renew Packets
Received

Number of renew received statistics.

DHCPv6 Rebind Packets
Received

Number of rebind received statistics.

DHCPv6 Release Packets
Received

Number of release received statistics.

DHCPv6 Decline Packets
Received

Number of decline received statistics.

DHCPv6 Inform Packets
Received

Number of inform received statistics.

DHCPv6 Relay-forward
Packets Received

Number of relay forward received statistics.

DHCPv6 Relay-reply Packets Number of relay-reply received statistics.
Received
DHCPv6 Malformed Packets Number of malformed packets statistics.
Received
Received DHCPv6 Packets
Discarded

Number of DHCP discarded statistics.

Total DHCPv6 Packets
Received

Total number of DHCPv6 received statistics

DHCPv6 Advertisement
Packets Transmitted

Number of advertise sent statistics.

DHCPv6 Reply Packets
Transmitted

Number of reply sent statistics.

DHCPv6 Reconfig Packets
Transmitted

Number of reconfigure sent statistics.

DHCPv6 Relay-reply Packets Number of relay-reply sent statistics.
Transmitted
DHCPv6 Relay-forward
Packets Transmitted

Number of relay-forward sent statistics.

Total DHCPv6 Packets
Transmitted

Total number of DHCPv6 sent statistics.

IPv6 Commands
435

ProSafe Managed Switch

show ipv6 dhcp interface
This command displays DHCPv6 information for all relevant interfaces or the specified
interface. If you specify an interface, you can use the optional statistics parameter to
view statistics for the specified interface.
Format

show ipv6 dhcp interface  [statistics]

Mode

Privileged EXEC

Term

Definition

IPv6 Interface

The interface name in  format.

Mode

Shows whether the interface is a IPv6 DHCP relay or server.

If the interface mode is server, the following information displays.
Term

Definition

Pool Name

The pool name specifying information for DHCPv6 server distribution to DHCPv6 clients.

Server
Preference

The preference of the server.

Option Flags

Shows whether rapid commit is enabled.

If the interface mode is relay, the following information displays.
Term

Definition

Relay Address

The IPv6 address of the relay server.

Relay Interface
Number

The relay server interface in  format.

Relay Remote
ID

If configured, shows the name of the relay remote.

Option Flags

Shows whether rapid commit is configured.

If you use the statistics parameter, the command displays the IPv6 DHCP statistics for the
specified interface. See show ipv6 dhcp statistics on page 434 for information about the
output.

clear ipv6 dhcp
Use this command to clear DHCPv6 statistics for all interfaces or for a specific interface. Use
the  parameter to specify the interface.
Format

clear ipv6 dhcp {statistics | interface  statistics}

Mode

Privileged EXEC

IPv6 Commands
436

ProSafe Managed Switch

show ipv6 dhcp pool
This command displays configured DHCP pool.
Format

show ipv6 dhcp pool 

Mode

Privileged EXEC

Term

Definition

DHCP Pool
Name

Unique pool name configuration.

Client DUID

Client’s DHCP unique identifier. DUID is generated using the combination of the local
system burned-in MAC address and a timestamp value.

Host

Name of the client.

Prefix/Prefix
Length

IPv6 address and mask length for delegated prefix.

Preferred
Lifetime

Preferred lifetime in seconds for delegated prefix.

Valid Lifetime

Valid lifetime in seconds for delegated prefix.

DNS Server
Address

Address of DNS server address.

Domain Name

DNS domain name.

show ipv6 dhcp binding
This command displays configured DHCP pool.
Format

show ipv6 dhcp binding []

Mode

Privileged EXEC

Term

Definition

DHCP Client
Address

Address of DHCP Client.

DUID

String that represents the Client DUID.

IAID

Identity Association ID.

Prefix/Prefix
Length

IPv6 address and mask length for delegated prefix.

Prefix Type

IPV6 Prefix type (IAPD, IANA, or IATA).

Client Address

Address of DHCP Client.

Client Interface

IPv6 Address of DHCP Client.

Expiration

Address of DNS server address.

IPv6 Commands
437

ProSafe Managed Switch

Term

Definition

Valid Lifetime

Valid lifetime in seconds for delegated prefix.

Preferred
Lifetime

Preferred lifetime in seconds for delegated prefix.

IPv6 Commands
438

8.

IPv6 Multicast Commands

8

This chapter describes the IPv6 multicast commands available in the managed switch CLI.

Note: Some commands described in this chapter require a license. For
more information, see Licensing and Command Support on page 8.

This chapter contains the following sections:
•

IPv6 Multicast Forwarder Commands on page 439

•

IPv6 PIM Commands on page 442

•

IPv6 MLD Commands on page 449

•

IPv6 MLD-Proxy Commands on page 455

The commands in this chapter are in three functional groups:
•

Show commands display switch settings, statistics, and other information.

•

Configuration commands configure features and options of the switch. For every
configuration command, there is a show command that displays the configuration setting.

•

Clear commands clear some or all of the settings to factory defaults.

Note: There is no specific IP multicast enable for IPv6. Enabling of
multicast at global config is common for both IPv4 and IPv6.

IPv6 Multicast Forwarder Commands
Note: There is no specific IP multicast enable for IPv6. Enabling of
multicast at global config is common for both IPv4 and IPv6.

439

ProSafe Managed Switch

show ipv6 mroute
Use this command to show the mroute entries specific for IPv6. (This command is the IPv6
equivalent of the IPv4 show ip mcaste mroute command.)
Format

show ipv6 mroute {detail | summary}

Modes

• Privileged EXEC
• User EXEC

If you use the detail parameter, the command displays the following Multicast Route Table
fields:
Term

Definition

Source IP

The IP address of the multicast data source.

Group IP

The IP address of the destination of the multicast packet.

Expiry Time

The time of expiry of this entry in seconds.

Up Time

The time elapsed since the entry was created in seconds.

RPF Neighbor

The IP address of the RPF neighbor.

Flags

The flags associated with this entry.

If you use the summary parameter, the command displays the following fields:
Term

Definition

Source IP

The IP address of the multicast data source.

Group IP

The IP address of the destination of the multicast packet.

Protocol

The multicast routing protocol by which the entry was created.

Incoming
Interface

The interface on which the packet for the source/group arrives.

Outgoing
Interface List

The list of outgoing interfaces on which the packet is forwarded.

show ipv6 mroute group
This command displays the multicast configuration settings specific to IPv6 such as flags,
timer settings, incoming and outgoing interfaces, RPF neighboring routers, and expiration
times of all the entries in the multicast mroute table containing the given group IPv6 address
.
Format

show ipv6 mroute group  {detail | summary}

Modes

• Privileged EXEC
• User EXEC

IPv6 Multicast Commands
440

ProSafe Managed Switch

Term

Definition

Source IP

The IP address of the multicast data source.

Group IP

The IP address of the destination of the multicast packet.

Protocol

The multicast routing protocol by which this entry was created.

Incoming
Interface

The interface on which the packet for this group arrives.

Outgoing
Interface List

The list of outgoing interfaces on which this packet is forwarded.

show ipv6 mroute source
This command displays the multicast configuration settings specific to IPv6 such as flags,
timer settings, incoming and outgoing interfaces, RPF neighboring routers, and expiration
times of all the entries in the multicast mroute table containing the given source IP address or
source IP address and group IP address pair.
Format

show ipv6 mroute source  {detail | summary}

Modes

• Privileged EXEC
• User EXEC

If you use the detail parameter, the command displays the following column headings in
the output table:
Term

Definition

Source IP

The IP address of the multicast data source.

Group IP

The IP address of the destination of the multicast packet.

Expiry Time

The time of expiry of this entry in seconds.

Up Time

The time elapsed since the entry was created in seconds.

RPF Neighbor

The IP address of the RPF neighbor.

Flags

The flags associated with this entry.

If you use the summary parameter, the command displays the following column headings in
the output table:
Term

Definition

Source IP

The IP address of the multicast data source.

Group IP

The IP address of the destination of the multicast packet.

Protocol

The multicast routing protocol by which this entry was created.

IPv6 Multicast Commands
441

ProSafe Managed Switch

Term

Definition

Incoming
Interface

The interface on which the packet for this source arrives.

Outgoing
Interface List

The list of outgoing interfaces on which this packet is forwarded.

IPv6 PIM Commands
This section describes the Protocol Independent Multicast (PIM) commands that support the
PIM version of IPv6.

ipv6 pim dense(Global Config)
Use this command to administratively enable PIM-DM Multicast Routing Mode across the
router (Global Config).
Default

disabled

Format

ipv6 pim dense

Mode

• Global Config
• Interface Config

no ipv6 pim dense (Global Config)
Use this command to administratively disable PIM-DM Multicast Routing Mode either across
the router (Global Config) or on a particular router (Interface Config).
Format

no ipv6 pim dense

Mode

Global Config

ipv6 pim (Interface Config)
Use this command to set the administrative mode of PIM on an interface to enabled.
Default

disabled

Format

ipv6 pim

Mode

Interface Config

no ipv6 pim (Interface Config)
Use this command to set the administrative mode of PIM on an interface to disabled.
Format

no ipv6 pim

Mode

Interface Config

IPv6 Multicast Commands
442

ProSafe Managed Switch

ipv6 pim hello-interval
Use this command to configure the PIM hello interval for the specified router interface. The
hello-interval is specified in seconds and is in the range 10–18000.
Default

30

Format

ipv6 pim hello-interval <10-18000>

Mode

Interface Config

no ipv6 pim hello-interval
Use this command to set the PIM hello interval to the default value.
Format

no ipv6 pim hello-interval

Mode

Interface Config

show ipv6 pim
Use this command to display PIM Global Configuration parameters and PIM interface status.
Format

show ipv6 pim

Mode

• Privileged EXEC
• User EXEC

Term

Definition

PIM Mode

Configured mode of PIM protocol

Data Threshold Rate

Rate (in kbps) of SPT Threshold

Register Rate-limit

Rate (in kbps) of Register Threshold

Interface

Valid unit, slot, and port number separated by forward slashes

Interface-Mode

Indicates whether PIM-DM is enabled or disabled on this interface

Operational-Status

The current state of PIM-DM on this interface. Possible values are Operational or
Non-Operational.

Example: The following shows example CLI display output for the command.
(Switch) #show ipv6 pim
PIM Mode..................................... Dense
Data Threshold Rate (Kbps)................... 0
Register Rate-limit (Kbps)................... 0
Interface
--------1/0/1

Interface Mode
-------------Enabled

Operational-Status
---------------Non-Operational

IPv6 Multicast Commands
443

ProSafe Managed Switch

show ipv6 pim neighbor
Use this command to display the PIM neighbor information for all interfaces or for the
specified interface.

Format

show ipv6 pim neighbor [|vlan]

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Interface

Valid slot and port number separated by forward slashes.

Neighbor
Address

The IP address of the neighbor on an interface.

Up Time

The time since this neighbor has become active on this interface.

Expiry Time

The expiry time of the neighbor on this interface.

DR Priority

DR Priority configured on this interface (PM-SM only).

Example: The following shows example CLI display output for the command.
(Switch) #show ipv6 pim neighbor 0/1
Interface

Neighbor
Address

Up Time
(hh:mm:ss)

Expiry Time
(hh:mm:ss)

show ipv6 pim interface
Use this command to display PIM configuration information for all interfaces or for the
specified interface. If no interface is specified, configuration of all interfaces is displayed.
Format

show ipv6 pim interface [|vlan]

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Mode

Active PIM protocol.

Interface

Interface number.

Hello Interval

Hello interval value. The frequency at which PIM hello messages are transmitted on
this interface. By default, the value is 30 seconds.

Join-prune Interval Join-prune interval value.
DR Priority

DR priority configured on this interface. This is not applicable if the interface mode is
Dense.

BSR Border

Indicates whether the interface is configured as a BSR border.

IPv6 Multicast Commands
444

ProSafe Managed Switch

Term

Definition

Neighbor Count

Number of PIM neighbors discovered on the interface. This field is displayed only
when the interface is operational.

Designated-Router IP address of the elected DR on the interface. This field is displayed only when the
interface is operational.
(Switch) #show ipv6 pim interface 1/0/1
Interface......................................
Mode...........................................
Hello Interval (secs)..........................
Join Prune Interval (secs).....................
DR Priority....................................
BSR Border.....................................

1/0/1
Dense
30
60
1
Disabled

ipv6 pim bsr-border
Use this command to prevent bootstrap router (BSR) messages from being sent or received
through an interface.
Default

disabled

Format

ipv6 pim bsr-border

Mode

Interface Config

no ipv6 pim bsr-border
Use this command to disable the interface from being the BSR border.
Format

no ipv6 pim bsr-border

Mode

Interface Config

ipv6 pim bsr-candidate
Use this command to configure the router to announce its candidacy as a bootstrap router
(BSR).
Default

None

Format

ipv6 pim bsr-candidate interface [ | vlan <1-4093>]
[hash-mask-length] [priority] [interval interval]

Mode

Global Config

IPv6 Multicast Commands
445

ProSafe Managed Switch

Parameters

Description

hash-mask-length Length of a mask (32 bits maximum) that is to be ANDed with the group address before
the hash function is called. All groups with the same seed hash correspond to the same
RP. For example, if this value was 24, only the first 24 bits of the group addresses
matter. This allows you to get one RP for multiple groups.
priority

Priority of the candidate BSR. The range is an integer from 0 to 255. The BSR with the
larger priority is preferred. If the priority values are the same, the router with the larger
IP address is the BSR. The default value is 0.

interval

(Optional) Indicates the BSR candidate advertisement interval. The range is from 1 to
16383 seconds. The default value is 60 seconds.

no ipv6 pim bsr-candidate
Use this command to disable the router to announce its candidacy as a bootstrap router
(BSR).
Format

no ipv6 pim bsr-candidate interface [ | vlan
<1-4093>] [hash-mask-length] [priority]

Mode

Global Config

ipv6 pim dr-priority
Use this command to set the priority value for which a router is elected as the designated
router (DR).
Default

1

Format

ipv6 pim dr-priority <0-2147483647>

Mode

Interface Config

no ipv6 pim dr-priority
Use this command to disable the interface from being the BSR border.
Format

no ipv6 pim dr-priority

Mode

Interface Config

ipv6 pim join-prune-interval
Use this command to configure the interface join/prune interval for the PIM-SM router. The
join/prune interval is specified in seconds. This parameter can be configured to a value from
0 to 18000.
Default

60

IPv6 Multicast Commands
446

ProSafe Managed Switch

Format

ipv6 pim join-prune-interval <0-18000>

Mode

Interface Config

no ipv6 pim join-prune-interval
Use this command to set the join/prune interval to the default value.
Format

no ipv6 pim join-prune-interval

Mode

Interface Config

ipv6 pim rp-address
Use this command to statically configure the RP address for one or more multicast groups.
The parameter  is the IP address of the RP. The parameter
 is the group address supported by the RP. The parameter 
is the group mask for the group address. The optional keyword override indicates that if
there is a conflict, the RP configured with this command prevails over the RP learned by
BSR.
Default

0

Format

ipv6 pim rp-address   
[override]

Mode

Global Config

no ipv6 pim rp-address
Use this command to statically remove the RP address for one or more multicast groups.
Format

no ipv6 pim rp-address   

Mode

Global Config

ipv6 pim rp-candidate
Use this command to configure the router to advertise itself as a PIM candidate rendezvous
point (RP) to the bootstrap router (BSR).
Default

None

Format

ipv6 pim rp-candidate interface  


Mode

Global Config

IPv6 Multicast Commands
447

ProSafe Managed Switch

no ipv6 pim rp-candidate
Use this command to disable the router to advertise itself as a PIM candidate rendezvous
point (RP) to the bootstrap router (BSR).
Format

no ipv6 pim rp-candidate interface  


Mode

Global Config

ipv6 pim ssm
Use this command to define the Source Specific Multicast (SSM) range of IP multicast
addresses.
Default

disabled

Format

ipv6 pim ssm {default |  }

Mode

Global Config

Parameter

Description

default

Defines the SSM range access list to 232/8.

no ipv6 pim ssm
Use this command to disable the Source Specific Multicast (SSM) range.
Format

no ipv6 pim ssm

Mode

Global Config

show ipv6 pim bsr-router
Use command to display the bootstrap router (BSR) information. The output includes elected
BSR information and information about the locally configured candidate rendezvous point
(RP) advertisement.
Format

show ipv6 pim bsr-router [candidate | elected]

Mode

• Privileged EXEC
• User EXEC

Term

Definition

BSR Address

IP address of the BSR.

Uptime

Length of time that this router has been up (in hours, minutes, and seconds).

BSR Priority

Priority as configured in the ip pim bsr-candidate command.

IPv6 Multicast Commands
448

ProSafe Managed Switch

Term

Definition

Hash Mask
Length

Length of a mask (maximum 32 bits) that is to be ANDed with the group address
before the hash function is called. This value is configured in the ip pim
bsr-candidate command.

Next Bootstrap
Message In

Time (in hours, minutes, and seconds) in which the next bootstrap message is due
from this BSR.

Next Candidate
Time (in hours, minutes, and seconds) in which the next candidate RP advertisement
RP advertisement
will be sent.
in

show ipv6 pim rp-hash
Use this command to display which rendezvous point (RP) is being used for a specified
group.
Format

show ipv6 pim rp-hash 

Modes

• Privileged EXEC
• User EXEC

Term

Definition

RP

The IP address of the RP for the group specified.

Origin

Indicates the mechanism (BSR or static) by which the RP was selected.

show ipv6 pim rp mapping
Use this command to display all group-to-RP mappings of which the router is aware (either
configured or learned from the bootstrap router (BSR)). If no RP is specified, all active RPs
are displayed.
Format

show ipv6 pim rp mapping [rp address]

Modes

• Privileged EXEC
• User EXEC

IPv6 MLD Commands
IGMP/MLD Snooping is Layer 2 functionality but IGMP/MLD are Layer 3 multicast protocols.
It requires that in a network setup there should be a multicast router (which can act as a
querier) to be present to solicit the multicast group registrations. However some network
setup does not need a multicast router as multicast traffic is destined to hosts within the same
network. In this situation, the 7000 series has an IGMP/MLD Snooping Querier running on
one of the switches and Snooping enabled on all the switches. For more information, see
IGMP Snooping Configuration Commands on page 166 and MLD Snooping Commands on
page 180.

IPv6 Multicast Commands
449

ProSafe Managed Switch

ipv6 mld router
Use this command, in the administrative mode of the router, to enable MLD in the router.
Default

Disabled

Format

ipv6 mld router

Mode

• Global Config
• Interface Config

no ipv6 mld router
Use this command, in the administrative mode of the router, to disable MLD in the router.
Default

Disabled

Format

no ipv6 mld router

Mode

• Global Config
• Interface Config

ipv6 mld query-interval
Use this command to set the MLD router’s query interval for the interface. The query-interval
is the amount of time between the general queries sent when the router is the querier on that
interface. The range for  is 1 to 3600 seconds.
Default

125

Format

ipv6 mld query-interval 

Mode

Interface Config

no ipv6 mld query-interval
Use this command to reset the MLD query interval to the default value for that interface.
Format

no ipv6 mld query-interval

Mode

Interface Config

ipv6 mld query-max-response-time
Use this command to set the MLD querier’s maximum response time for the interface and this
value is used in assigning the maximum response time in the query messages that are sent
on that interface. The range for  is 0 to 65535 milliseconds.
Default

10000 milliseconds

Format

ipv6 mld query-max-response-time 

Mode

Interface Config

IPv6 Multicast Commands
450

ProSafe Managed Switch

no ipv6 mld query-max-response-time
This command resets the MLD query max response time for the interface to the default
value.
Format

no ipv6 mld query-max-response-time

Mode

Interface Config

ipv6 mld last-member-query-interval
Use this command to set the last member query interval for the MLD interface, which is the
value of the maximum response time parameter in the group specific queries sent out of this
interface. The range for  is 1 to 65535 milliseconds.
Default

1000 milliseconds

Format

ipv6 mld last-member-query-interval 

Mode

Interface Config

no ipv6 mld last-member-query-interval
Use this command to reset the  parameter of the
interface to the default value.
Format

no ipv6 mld last-member-query-interval

Mode

Interface Config

ipv6 mld last-member-query-count
Use this command to set the number of listener-specific queries sent before the router
assumes that there are no local members on the interface. The range for
 is 1 to 20.
Default

2

Format

ipv6 mld last-member-query-count 

Mode

Interface Config

no ipv6 mld last-member-query-count
Use this command to reset the  parameter of the interface
to the default value.
Format

no ipv6 mld last-member-query-count

Mode

Interface Config

IPv6 Multicast Commands
451

ProSafe Managed Switch

show ipv6 mld groups
Use this command to display information about multicast groups that MLD reported. The
information is displayed only when MLD is enabled on at least one interface. If MLD was not
enabled on even one interface, there is no group information to be displayed.
Format

show ipv6 mld groups { | }

Mode

• Privileged EXEC
• User EXEC

The following fields are displayed as a table when  is specified.
Field

Description

Group Address

The address of the multicast group.

Interface

Interface through which the multicast group is reachable.

Up Time

Time elapsed in hours, minutes, and seconds since the multicast group has been known.

Expiry Time

Time left in hours, minutes, and seconds before the entry is removed from the MLD
membership table.

When  is specified, the following fields are displayed for each multicast
group and each interface.
Field

Description

Interface

Interface through which the multicast group is reachable.

Group Address

The address of the multicast group.

Last Reporter

The IP Address of the source of the last membership report received for this multicast
group address on that interface.

Filter Mode

The filter mode of the multicast group on this interface. The values it can take are
include and exclude.

Version 1 Host
Timer

The time remaining until the router assumes there are no longer any MLD version-1
Hosts on the specified interface.

Group Compat
Mode

The compatibility mode of the multicast group on this interface. The values it can take are
MLDv1 and MLDv2.

The following table is displayed to indicate all the sources associated with this group.
Field

Description

Source Address The IP address of the source.
Uptime

Time elapsed in hours, minutes, and seconds since the source has been known.

Expiry Time

Time left in hours, minutes, and seconds before the entry is removed.

IPv6 Multicast Commands
452

ProSafe Managed Switch

Example: The following shows examples of CLI display output for the commands.
(Switch) #show ipv6 mld groups ?



Enter Group Address Info.
Enter interface in unit/slot/port format.

(Switch) #show ipv6 mld groups 1/0/1
Group Address..................................
Interface......................................
Up Time (hh:mm:ss).............................
Expiry Time (hh:mm:ss).........................

FF43::3
1/0/1
00:03:04
------

(Switch) #show ipv6 mld groups ff43::3
Interface......................................
Group Address..................................
Last Reporter..................................
Up Time (hh:mm:ss).............................
Expiry Time (hh:mm:ss).........................
Filter Mode....................................
Version1 Host Timer............................
Group compat mode..............................
Source Address
ExpiryTime
----------------- ----------2003::10
00:04:17
2003::20
00:04:17

1/0/1
FF43::3
FE80::200:FF:FE00:3
00:02:53
-----Include
-----v2

show ipv6 mld interface
Use this command to display MLD-related information for the interface.
Format

show ipv6 mld interface []

Mode

• Privileged EXEC
• User EXEC

The following information is displayed for each of the interfaces or for only the specified
interface.
Field

Description

Interface

The interface number in unit/slot/port format.

MLD Global
Mode

Displays the configured administrative status of MLD.

MLD
Operational
Mode

The operational status of MLD on the interface.

MLD Version

Indicates the version of MLD configured on the interface.

Query Interval

Indicates the configured query interval for the interface.

IPv6 Multicast Commands
453

ProSafe Managed Switch

Field

Description

Query Max
Indicates the configured maximum query response time (in seconds) advertised in MLD
Response Time
queries on this interface.
Robustness

Displays the configured value for the tuning for the expected packet loss on a subnet
attached to the interface.

Startup Query
interval

This valued indicates the configured interval between General Queries sent by a Querier
on startup.

Startup Query
Count

This value indicates the configured number of Queries sent out on startup, separated by
the Startup Query Interval.

Last Member
Query Interval

This value indicates the configured Maximum Response Time inserted into
Group-Specific Queries sent in response to Leave Group messages.

Last Member
Query Count

This value indicates the configured number of Group-Specific Queries sent before the
router assumes that there are no local members.

The following information is displayed if the operational mode of the MLD interface is
enabled.
Field

Description

Querier Status

This value indicates whether the interface is an MLD querier or non-querier on the
subnet it is associated with.

Querier
Address

The IP address of the MLD querier on the subnet the interface is associated with.

Querier Up Time Time elapsed in seconds since the querier state has been updated.
Querier Expiry
Time

Time left in seconds before the Querier loses its title as querier.

Wrong Version
Queries

Indicates the number of queries received whose MLD version does not match the MLD
version of the interface.

Number of
Joins

The number of times a group membership has been added on this interface.

Number of
Leaves

The number of times a group membership has been removed on this interface.

Number of
Groups

The current number of membership entries for this interface.

show ipv6 mld traffic
Use this command to display MLD statistical information for the router.
Format

show ipv6 mld traffic

Mode

• Privileged EXEC
• User EXEC

IPv6 Multicast Commands
454

ProSafe Managed Switch

Field

Description

Valid MLD Packets Received The number of valid MLD packets received by the router.
Valid MLD Packets Sent

The number of valid MLD packets sent by the router.

Queries Received

The number of valid MLD queries received by the router.

Queries Sent

The number of valid MLD queries sent by the router.

Reports Received

The number of valid MLD reports received by the router.

Reports Sent

The number of valid MLD reports sent by the router.

Leaves Received

The number of valid MLD leaves received by the router.

Leaves Sent

The number of valid MLD leaves sent by the router.

Bad Checksum MLD Packets The number of bad checksum MLD packets received by the router.
Malformed MLD Packets

The number of malformed MLD packets received by the router.

IPv6 MLD-Proxy Commands
MLD-Proxy is the IPv6 equivalent of IGMP-Proxy. MLD-Proxy commands allow you to
configure the network device as well as to view device settings and statistics using either
serial interface or telnet session. The operation of MLD-Proxy commands is the same as for
IGMP-Proxy: MLD is for IPv6 and IGMP is for IPv4.MGMD is a term used to refer to both
IGMP and MLD.

ipv6 mld-proxy
Use this command to enable MLD-Proxy on the router. To enable MLD-Proxy on the router,
you must enable multicast forwarding. Also, make sure that there are no other multicast
routing protocols enabled n the router.
Format

ipv6 mld-proxy

Mode

Interface Config

no ipv6 mld-proxy
Use this command to disable MLD-Proxy on the router.
Format

no ipv6 mld-proxy

Mode

Interface Config

IPv6 Multicast Commands
455

ProSafe Managed Switch

ipv6 mld-proxy unsolicit-rprt-interval
Use this command to set the unsolicited report interval for the MLD-Proxy router. This
command is only valid when you enable MLD-Proxy on the interface. The value of 
is 1-260 seconds.
Default

1

Format

ipv6 mld-proxy unsolicit-rprt-interval 

Mode

Interface Config

no ipv6 mld-proxy unsolicited-report-interval
Use this command to reset the MLD-Proxy router’s unsolicited report interval to the default
value.
Format

no ipv6 mld-proxy unsolicit-rprt-interval

Mode

Interface Config

ipv6 mld-proxy reset-status
Use this command to reset the host interface status parameters of the MLD-Proxy router.
This command is only valid when you enable MLD-Proxy on the interface.
Format

ipv6 mld-proxy reset-status

Mode

Interface Config

show ipv6 mld-proxy
Use this command to display a summary of the host interface status parameters.
Format

show ipv6 mld-proxy

Mode

• Privileged EXEC
• User EXEC

The command displays the following parameters only when you enable MLD-Proxy.
Field

Description

Interface Index

The interface number of the MLD-Proxy.

Admin Mode

Indicates whether MLD-Proxy is enabled or disabled. This is a configured
value.

Operational Mode

Indicates whether MLD-Proxy is operationally enabled or disabled. This is a
status parameter.

Version

The present MLD host version that is operational on the proxy interface.

IPv6 Multicast Commands
456

ProSafe Managed Switch

Field

Description

Number of Multicast Groups The number of multicast groups that are associated with the MLD-Proxy
interface.
Unsolicited Report Interval

The time interval at which the MLD-Proxy interface sends unsolicited group
membership report.

Querier IP Address on Proxy The IP address of the Querier, if any, in the network attached to the
Interface
upstream interface (MLD-Proxy interface).
Older Version 1 Querier
Timeout

The interval used to timeout the older version 1 queriers.

Proxy Start Frequency

The number of times the MLD-Proxy has been stopped and started.

Example: The following shows example CLI display output for the command.
(Switch) #show ipv6 mld-proxy
Interface Index............................................. 1/0/3
Admin Mode................................................ Enable
Operational Mode......................................... Enable
Version......................................................... 3
Num of Multicast Groups............................. 0
Unsolicited Report Interval.......................... 1
Querier IP Address on Proxy Interface........ fe80::1:2:5
Older Version 1 Querier Timeout................ 00:00:00
Proxy Start Frequency.................................

show ipv6 mld-proxy interface
This command displays a detailed list of the host interface status parameters. It displays the
following parameters only when you enable MLD-Proxy.
Format

show ipv6 mld-proxy interface

Modes

• Privileged EXEC
• User EXEC

Term

Definition

Interface Index

The unit/slot/port of the MLD-proxy.

The column headings of the table associated with the interface are as follows:
Term

Definition

Ver

The MLD version.

Query Rcvd

Number of MLD queries received.

Report Rcvd

Number of MLD reports received.

Report Sent

Number of MLD reports sent.

IPv6 Multicast Commands
457

ProSafe Managed Switch

Term

Definition

Leaves Rcvd

Number of MLD leaves received. Valid for version 2 only.

Leaves Sent

Number of MLD leaves sent on the Proxy interface. Valid for version 2 only.

Example: The following shows example CLI display output for the command.
(Switch) #show ipv6 mld-proxy interface
Interface Index................................ 1/0/1
Ver Query Rcvd Report Rcvd Report Sent Leave Rcvd Leave Sent
-----------------------------------------------------------------1
2
0
0
0
2
2
3
0
4
---------

show ipv6 mld-proxy groups
Use this command to display information about multicast groups that the MLD-Proxy
reported.
Format

show ipv6 mld-proxy groups

Mode

• Privileged EXEC
• User EXEC

Field

Description

Interface

The interface number of the MLD-Proxy.

Group Address

The IP address of the multicast group.

Last Reporter

The IP address of the host that last sent a membership report for the current group,
on the network attached to the MLD-Proxy interface (upstream interface).

Up Time (in secs)

The time elapsed in seconds since last created.

Member State

Possible values are:
• Idle_Member. The interface has responded to the latest group membership query
for this group.
• Delay_Member. The interface is going to send a group membership report to
respond to a group membership query for this group.

Filter Mode

Possible values are Include or Exclude.

Sources

The number of sources attached to the multicast group.

Example: The following shows example CLI display output for the command.
(Switch) #show ipv6 mld-proxy groups
Interface Index................................ 1/0/3
Group Address

Last Reporter

Up Time

Member State

IPv6 Multicast Commands
458

Filter Mode

Sources

ProSafe Managed Switch

------------FF1E::1

-------------- ---------- ----------------- -------------- ------FE80::100:2.3
00:01:40 DELAY_MEMBER
Exclude
2

FF1E::2

FE80::100:2.3

00:02:40

DELAY_MEMBER

Include

1

FF1E::3

FE80::100:2.3

00:01:40

DELAY_MEMBER

Exclude

0

FF1E::4

FE80::100:2.3

00:02:44

DELAY_MEMBER

Include

4

show ipv6 mld-proxy groups detail
Use this command to display information about multicast groups that MLD-Proxy reported.
Format

show ipv6 mld-proxy groups detail

Mode

• Privileged EXEC
• User EXEC

Field

Description

Interface

The interface number of the MLD-Proxy.

Group Address

The IP address of the multicast group.

Last Reporter

The IP address of the host that last sent a membership report for the current group,
on the network attached to the MLD-Proxy interface (upstream interface).

Up Time (in secs)

The time elapsed in seconds since last created.

Member State

Possible values are:
• Idle_Member. The interface has responded to the latest group membership query
for this group.
• Delay_Member. The interface is going to send a group membership report to
respond to a group membership query for this group.

Filter Mode

Possible values are Include or Exclude.

Sources

The number of sources attached to the multicast group.

Group Source List

The list of IP addresses of the sources attached to the multicast group.

Expiry Time

The time left for a source to get deleted.

Example: The following shows example CLI display output for the command.
(Switch) #show ipv6 igmp-proxy groups
Interface Index................................ 1/0/3
Group Address
------------FF1E::1

Last Reporter
Up Time
Member State
Filter Mode Sources
---------------- ----------- ----------------- ------------- ------FE80::100:2.3
244
DELAY_MEMBER
Exclude
2

Group Source List
-----------------2001::1

Expiry Time
--------------00:02:40

IPv6 Multicast Commands
459

ProSafe Managed Switch

2001::2

FF1E::2

--------

FE80::100:2.3

Group Source List
-----------------3001::1
3002::2

FF1E::3
FF1E::4

243

Group Source List
-----------------4001::1
5002::2
4001::2
5002::2

Include

DELAY_MEMBER

Exclude

1

Expiry Time
--------------00:03:32
00:03:32

FE80::100:2.3
FE80::100:2.3

DELAY_MEMBER

328
255

DELAY_MEMBER

Expiry Time
--------------00:03:40
00:03:40
00:03:40
00:03:40

IPv6 Multicast Commands
460

Include

0
4

9.

Quality of Service (QoS) Commands

9

This chapter describes the Quality of Service (QoS) commands available in the managed
switch CLI.
This chapter contains the following sections:
•

Class of Service (CoS) Commands

•

Differentiated Services (DiffServ) Commands

•

DiffServ Class Commands

•

DiffServ Policy Commands

•

DiffServ Service Commands

•

DiffServ Show Commands

•

MAC Access Control List (ACL) Commands

•

IP Access Control List (ACL) Commands

•

IPv6 Access Control List (ACL) Commands

•

Time Range Commands for Time-Based ACLs

•

AutoVOIP

•

iSCSI Commands

The commands in this chapter are in two functional groups:
•

Show commands display switch settings, statistics, and other information.

•

Configuration commands configure features and options of the switch. For every
configuration command, there is a show command that displays the configuration setting.

Class of Service (CoS) Commands
This section describes the commands you use to configure and view Class of Service (CoS)
settings for the switch. The commands in this section allow you to control the priority and
transmission rate of traffic.

461

ProSafe Managed Switch

Note: Commands you issue in the Interface Config mode only affect a
single interface. Commands you issue in the Global Config mode
affect all interfaces.

classofservice dot1p-mapping
This command maps an 802.1p priority to an internal traffic class. The 
values can range from 0-7. The  values range from 0-6, although the
actual number of available traffic classes depends on the platform. For more information
about 802.1p priority, see Voice VLAN Commands on page 80.
Format

classofservice dot1p-mapping  

Modes

• Global Config
• Interface Config

no classofservice dot1p-mapping
This command maps each 802.1p priority to its default internal traffic class value.
Format

no classofservice dot1p-mapping

Modes

• Global Config
• Interface Config

classofservice ip-dscp-mapping
This command maps an IP DSCP value to an internal traffic class. The  value is
specified as either an integer from 0 to 63, or symbolically through one of the following
keywords: af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1,
cs2, cs3, cs4, cs5, cs6, cs7, ef.
The  values can range from 0-6, although the actual number of available
traffic classes depends on the platform.
Format

classofservice ip-dscp-mapping  

Modes

Global Config

no classofservice ip-dscp-mapping
This command maps each IP DSCP value to its default internal traffic class value.
Format

no classofservice ip-dscp-mapping

Modes

Global Config

Quality of Service (QoS) Commands
462

ProSafe Managed Switch

classofservice trust
This command sets the class of service trust mode of an interface. You can set the mode to
trust one of the Dot1p (802.1p), IP DSCP, or IP Precedence packet markings. You can also
set the interface mode to untrusted. If you configure an interface to use Dot1p, the mode
does not appear in the output of the show running config command because Dot1p is
the default.

Note: The classofservice trust dot1p command will not be supported in
future releases of the software because Dot1p is the default value.
Use the no classofservice trust command to set the mode to the
default value.

Default

dot1p

Format

classofservice trust {dot1p | ip-dscp | ip-precedence | untrusted}

Modes

• Global Config
• Interface Config

no classofservice trust
This command sets the interface mode to the default value.
Format

no classofservice trust

Modes

• Global Config
• Interface Config

cos-queue min-bandwidth
This command specifies the minimum transmission bandwidth guarantee for each interface
queue. The total number of queues supported per interface is platform specific. A value from
0-100 (percentage of link rate) must be specified for each supported queue, with 0 indicating
no guaranteed minimum bandwidth. The sum of all values entered must not exceed 100.
Format

cos-queue min-bandwidth  

Modes

• Global Config
• Interface Config

Quality of Service (QoS) Commands
463

ProSafe Managed Switch

no cos-queue min-bandwidth
This command restores the default for each queue's minimum bandwidth value.
Format

no cos-queue min-bandwidth

Modes

• Global Config
• Interface Config

cos-queue strict
This command activates the strict priority scheduler mode for each specified queue.
Format

cos-queue strict  []

Modes

• Global Config
• Interface Config

no cos-queue strict
This command restores the default weighted scheduler mode for each specified queue.
Format

no cos-queue strict  []

Modes

• Global Config
• Interface Config

cos-queue random-detect
This command activates weighted random early discard (WRED) for each specified queue on
the interface. Specific WRED parameters are configured using the randomdetect
queue-parms and the random-detect exponential-weighting-constant commands. When
specified in Interface Config' mode, this command affects a single interface only, whereas in
Global Config mode, it applies to all interfaces. At least one, but no more than n, queue-id
values are specified with this command.
Duplicate queue-id values are ignored. Each queue-id value ranges from 0 to (n-1), where n
is the total number of queues supported per interface. The number n is platform dependant
and corresponds to the number of supported queues (traffic classes).
Format

cos-queue random-detect queue-id-1 [queue-id-2 … queue-id-n]

Modes

• Global Config
• Interface Config

Quality of Service (QoS) Commands
464

ProSafe Managed Switch

no cos-queue random-detect
Use this command to disable WRED and restore the default tail drop operation for the
specified queues on all interfaces or one interface.
Format

cos-queue random-detect queue-id-1 [queue-id-2 … queue-id-n]

Modes

• Global Config
• Interface Config

random-detect exponential weighting-constant
Use this command to configure the WRED decay exponent for a CoS queue interface.
Format

random-detect exponential-weighting-constant 0-15

Modes

• Global Config
• Interface Config

Default

9

no random-detect exponential weighting-constant
Use this command to reset the WRED decay exponent to the default value on all interfaces
or one interface.
Format

no random-detect exponential-weighting-constant 0-15

Modes

• Global Config
• Interface Config

random-detect queue-parms
Use this command to configure WRED parameters for each drop precedence level supported
by a queue. Use it only when per-COS queue configuration is enabled (using the cos-queue
random-detect command).
min-thresh is the minimum threshold the queue depth (as a percentage) where WRED starts
marking and dropping traffic.
max-thresh is the maximum threshold is the queue depth (as a percentage) above which
WRED marks / drops all traffic.
drop-probability is the percentage probability that WRED will mark/drop a packet, when the
queue depth is at the maximum threshold. (The drop probability increases linearly from 0 just
before the minimum threshold, to this value at the maximum threshold, then goes to 100% for
larger queue depths). Each parameter is specified for each possible drop precedence ("color"
of TCP traffic).

Quality of Service (QoS) Commands
465

ProSafe Managed Switch

The last precedence applies to all non-TCP traffic. For example, in a 3-color system, four of
each parameter specified: green TCP, yellow TCP, red TCP, and non-TCP, respectively.
Format

random-detect queue-parms queue-id-1 [queue-id-2 … queue-id-n]
minthresh thresh-prec-1 … thresh-prec-n max-thresh thresh-prec-1 …
threshprec-n drop-probability prob-prec-1 … prob-prec-n

Modes

• Global Config
• Interface Config

no random-detect queue-parms
Use this command to set the WRED configuration back to the default.
Format
Modes

no random-detect queue-parms queue-id-1 [queue-id-2 … queue-id-n]
• Global Config
• Interface Config

traffic-shape
This command specifies the maximum transmission bandwidth limit for the interface as a
whole. Also known as rate shaping, traffic shaping has the effect of smoothing temporary
traffic bursts over time so that the transmitted traffic rate is bounded.
Format

traffic-shape 

Modes

• Global Config
• Interface Config

no traffic-shape
This command restores the interface shaping rate to the default value.
Format

no traffic-shape

Modes

• Global Config
• Interface Config

show classofservice dot1p-mapping
This command displays the current Dot1p (802.1p) priority mapping to internal traffic classes
for a specific interface. The  parameter is optional and is only valid on
platforms that support independent per-port class of service mappings. If specified, the
802.1p mapping table of the interface is displayed. If omitted, the most recent global
configuration settings are displayed. For more information, see Voice VLAN Commands on
page 80.
Format

show classofservice dot1p-mapping []

Mode

Privileged EXEC

Quality of Service (QoS) Commands
466

ProSafe Managed Switch

The following information is repeated for each user priority.
Term

Definition

User Priority

The 802.1p user priority value.

Traffic Class

The traffic class internal queue identifier to which the user priority value is mapped.

show classofservice ip-precedence-mapping
This command displays the current IP Precedence mapping to internal traffic classes for a
specific interface. The unit/slot/port parameter is optional and is only valid on platforms that
support independent per-port class of service mappings. If specified, the IP Precedence
mapping table of the interface is displayed. If omitted, the most recent global configuration
settings are displayed.
Format

show classofservice ip-precedence-mapping []

Mode

Privileged EXEC

The following information is repeated for each user priority.
Term

Definition

IP Precedence

The IP Precedence value.

Traffic Class

The traffic class internal queue identifier to which the IP Precedence value is mapped.

show classofservice ip-dscp-mapping
This command displays the current IP DSCP mapping to internal traffic classes for the global
configuration settings.
Format

show classofservice ip-dscp-mapping

Mode

Privileged EXEC

The following information is repeated for each user priority.
Term

Definition

IP DSCP

The IP DSCP value.

Traffic Class

The traffic class internal queue identifier to which the IP DSCP value is mapped.

show classofservice trust
This command displays the current trust mode setting for a specific interface. The
 parameter is optional and is only valid on platforms that support
independent per-port class of service mappings. If you specify an interface, the command

Quality of Service (QoS) Commands
467

ProSafe Managed Switch

displays the port trust mode of the interface. If you do not specify an interface, the command
displays the most recent global configuration settings.
Format

show classofservice trust []

Mode

Privileged EXEC

Term

Definition

Non-IP Traffic
Class

The traffic class used for non-IP traffic. This is only displayed when the COS trust mode
is set to trust IP Precedence or IP DSCP (on platforms that support IP DSCP).

Untrusted
Traffic Class

The traffic class used for all untrusted traffic. This is only displayed when the COS trust
mode is set to 'untrusted'.

show interfaces cos-queue
This command displays the class-of-service queue configuration for the specified interface.
The unit/slot/port parameter is optional and is only valid on platforms that support
independent per-port class of service mappings. If specified, the class-of-service queue
configuration of the interface is displayed. If omitted, the most recent global configuration
settings are displayed.
Format

show interfaces cos-queue []

Mode

Privileged EXEC

Term

Definition

Queue Id

An interface supports n queues numbered 0 to (n-1). The specific n value is platform
dependent.

Minimum
Bandwidth

The minimum transmission bandwidth guarantee for the queue, expressed as a
percentage. A value of 0 means bandwidth is not guaranteed and the queue operates
using best-effort. This is a configured value.

Scheduler Type Indicates whether this queue is scheduled for transmission using a strict priority or a
weighted scheme. This is a configured value.
Queue
Management
Type

The queue depth management technique used for this queue (tail drop).

If you specify the interface, the command also displays the following information.
Term

Definition

Interface

The unit/slot/port of the interface. If displaying the global configuration, this output line is
replaced with a Global Config indication.

Interface
Shaping Rate

The maximum transmission bandwidth limit for the interface as a whole. It is independent
of any per-queue maximum bandwidth value(s) in effect for the interface. This is a
configured value.

Quality of Service (QoS) Commands
468

ProSafe Managed Switch

Differentiated Services (DiffServ) Commands
This section describes the commands you use to configure QOS Differentiated Services
(DiffServ).
You configure DiffServ in several stages by specifying three DiffServ components:
1. Class
a. Creating and deleting classes.
b. Defining match criteria for a class.
2. Policy
a. Creating and deleting policies
b. Associating classes with a policy
c. Defining policy statements for a policy/class combination
3. Service
a. Adding and removing a policy to/from an inbound or outbound interface
The DiffServ class defines the packet filtering criteria. The attributes of a DiffServ policy
define the way the switch processes packets. You can define policy attributes on a per-class
instance basis. The switch applies these attributes when a match occurs.
Packet processing begins when the switch tests the match criteria for a packet. The switch
applies a policy to a packet when it finds a class match within that policy.
The following rules apply when you create a DiffServ class:
•

Each class can contain a maximum of one referenced (nested) class

•

Class definitions do not support hierarchical service policies

A given class definition can contain a maximum of one reference to another class. You can
combine the reference with other match criteria. The referenced class is truly a reference and
not a copy since additions to a referenced class affect all classes that reference it. Changes
to any class definition currently referenced by any other class must result in valid class
definitions for all derived classes, otherwise the switch rejects the change. You can remove a
class reference from a class definition.
The only way to remove an individual match criterion from an existing class definition is to
delete the class and re-create it.

Note: The mark possibilities for policing include CoS, IP DSCP, and IP
Precedence. While the latter two are only meaningful for IP packet
types, CoS marking is allowed for both IP and non-IP packets, since
it updates the 802.1p user priority field contained in the VLAN tag of
the layer 2 packet header.

Quality of Service (QoS) Commands
469

ProSafe Managed Switch

diffserv
This command sets the DiffServ operational mode to active. While disabled, the DiffServ
configuration is retained and can be changed, but it is not activated. When enabled, DiffServ
services are activated.
Format

diffserv

Mode

Global Config

no diffserv
This command sets the DiffServ operational mode to inactive. While disabled, the DiffServ
configuration is retained and can be changed, but it is not activated. When enabled, DiffServ
services are activated.
Format

no diffserv

Mode

Global Config

DiffServ Class Commands
Use the DiffServ class commands to define traffic classification. To classify traffic, you specify
Behavior Aggregate (BA), based on DSCP and Multi-Field (MF) classes of traffic (name,
match criteria)
This set of commands consists of class creation/deletion and matching, with the class match
commands specifying Layer 3, Layer 2, and general match criteria. The class match criteria
are also known as class rules, with a class definition consisting of one or more rules to
identify the traffic that belongs to the class.

Note: Once you create a class match criterion for a class, you cannot
change or delete the criterion. To change or delete a class match
criterion, you must delete and re-create the entire class.

The CLI command root is class-map.

class-map
This command defines a DiffServ class of type match-all. When used without any match
condition, this command enters the class-map mode. The  is a case
sensitive alphanumeric string from 1 to 31 characters uniquely identifying an existing DiffServ
class.

Quality of Service (QoS) Commands
470

ProSafe Managed Switch

Note: The class-map-name default is reserved and must not be used.

The class type of match-all indicates all of the individual match conditions must be true for
a packet to be considered a member of the class. This command may be used without
specifying a class type to enter the Class-Map Config mode for an existing DiffServ class.

Note: The optional keywords [{ipv4 | ipv6}] specify the Layer 3
protocol for this class. If not specified, this parameter defaults to
ipv4. This maintains backward compatibility for configurations
defined on systems before IPv6 match items were supported.

Note: The CLI mode is changed to Class-Map Config or Ipv6-Class-Map
Config when this command is successfully executed depending on
the [{ipv4 | ipv6}] keyword specified.

Format

class-map match-all  [{ipv4 | ipv6}]

Mode

Global Config

no class-map
This command eliminates an existing DiffServ class. The  is the name
of an existing DiffServ class. (The class name ‘default’ is reserved and is not allowed here.)
This command may be issued at any time; if the class is currently referenced by one or more
policies or by any other class, the delete action fails.
Format

no class-map 

Mode

Global Config

class-map rename
This command changes the name of a DiffServ class. The  is the
name of an existing DiffServ class. The  parameter is a
case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the class.
Default

none

Format

class-map rename  

Mode

Global Config

Quality of Service (QoS) Commands
471

ProSafe Managed Switch

match ethertype
This command adds to the specified class definition a match condition based on the value of
the ethertype. The  value is specified as one of the following keywords:
appletalk, arp, ibmsna, ipv4, ipv6, ipx, mplsmcast, mplsucast, netbios,
novell, pppoe, rarp or as a custom ethertype value in the range of 0x0600-0xFFFF.
Format

match ethertype { | custom <0x0600-0xFFFF>}

Mode

Class-Map Config
Ipv6-Class-Map Config

match any
This command adds to the specified class definition a match condition whereby all packets
are considered to belong to the class.
Default

none

Format

match any

Mode

Class-Map Config
Ipv6-Class-Map Config

match class-map
This command adds to the specified class definition the set of match conditions defined for
another class. The  is the name of an existing DiffServ class whose match
conditions are being referenced by the specified class definition.
Default

none

Format

match class-map 

Mode

Class-Map Config
Ipv6-Class-Map Config

Note the following:
•

The parameters  and  can not be the same.

•

Only one other class may be referenced by a class.

•

Any attempts to delete the  class while the class is still referenced by any
 fails.

•

The combined match criteria of  and  must be an
allowed combination based on the class type.

•

Any subsequent changes to the  class match criteria must maintain this
validity, or the change attempt fails.

•

The total number of class rules formed by the complete reference class chain (including
both predecessor and successor classes) must not exceed a platform-specific maximum.

Quality of Service (QoS) Commands
472

ProSafe Managed Switch

In some cases, each removal of a refclass rule reduces the maximum number of
available rules in the class definition by one.
no match class-map
This command removes from the specified class definition the set of match conditions
defined for another class. The  is the name of an existing DiffServ class
whose match conditions are being referenced by the specified class definition.
Format

no match class-map 

Mode

Class-Map Config
Ipv6-Class-Map Config

match cos
This command adds to the specified class definition a match condition for the Class of
Service value (the only tag in a single tagged packet or the first or outer 802.1Q tag of a
double VLAN tagged packet). The value may be from 0 to 7.
Default

none

Format

match cos <0-7>

Mode

Class-Map Config
Ipv6-Class-Map Config

match secondary cos
This command adds to the specified class definition a match condition for the secondary
Class of Service value (the only tag in a single tagged packet or the first or outer 802.1Q tag
of a double VLAN tagged packet). The value may be from 0 to 7.
Default

none

Format

match secondary-cos <0-7>

Mode

Class-Map Config

match ip6flowlbl
This command adds to the specified class definition a match condition based on the
IP6flowlbl of a packet. The label is the value to match in the Flow Label field of the IPv6
header (range 0-1048575).
Format

match ip6flowlbl