Ruckus FastIron Command Reference, 08.0.20c Fast Iron 08.0.20 Reference 08020c Commandref
FastIron 08.0.20 Command Reference fastiron-08020c-commandref
2017-12-14
User Manual: Ruckus FastIron 08.0.20 Command Reference
Open the PDF directly: View PDF 
.
Page Count: 436
| Download | |
| Open PDF In Browser | View PDF |
53-1003389-04
22 January 2016
FastIron
Command Reference
Supporting FastIron Software Release 08.0.20c
© 2016, Brocade Communications Systems, Inc. All Rights Reserved.
Brocade, Brocade Assurance, the B-wing symbol, ClearLink, DCX, Fabric OS, HyperEdge, ICX, MLX, MyBrocade, OpenScript, VCS, VDX,
Vplane, and Vyatta are registered trademarks, and Fabric Vision is a trademark of Brocade Communications Systems, Inc., in the United
States and/or in other countries. Other brands, products, or service names mentioned may be trademarks of others.
Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any
equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document
at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be
currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in
this document may require an export license from the United States government.
The authors and Brocade Communications Systems, Inc. assume no liability or responsibility to any person or entity with respect to the
accuracy of this document or any loss, cost, liability, or damages arising from the information contained herein or the computer programs that
accompany it.
The product described by this document may contain open source software covered by the GNU General Public License or other open
source license agreements. To find out which open source software is included in Brocade products, view the licensing terms applicable to
the open source software, and obtain a copy of the programming source code, please visit http://www.brocade.com/support/oscd.
Contents
Preface...................................................................................................................................11
Document conventions....................................................................................11
Text formatting conventions................................................................ 11
Command syntax conventions............................................................ 11
Notes, cautions, and warnings............................................................ 12
Brocade resources.......................................................................................... 13
Contacting Brocade Technical Support...........................................................13
Document feedback........................................................................................ 14
About This Document.............................................................................................................. 15
What's new in this document...........................................................................15
Supported hardware and software.................................................................. 15
Using the FastIron command-line interface..............................................................................17
Accessing the CLI........................................................................................... 17
Command modes................................................................................17
Command help....................................................................................18
Command completion......................................................................... 18
Scroll control....................................................................................... 19
Line editing commands....................................................................... 20
Searching and filtering command output.........................................................20
Searching and filtering output at the --More-- prompt......................... 20
Searching and filtering show command output................................... 21
Creating an alias for a CLI command..............................................................25
Configuration notes for creating a command alias..............................25
Specifying stack-unit, slot number, and port number...................................... 26
Specifying a port on a modular device................................................ 26
Specifying a port on stackable devices .............................................. 26
Commands F - J...................................................................................................................... 27
failover.............................................................................................................29
filter-strict-security enable............................................................................... 30
flash.................................................................................................................31
flow-control......................................................................................................32
force-up ethernet.............................................................................................33
graft-retransmit-timer.......................................................................................34
hardware-drop-disable.................................................................................... 35
hello-interval....................................................................................................36
hello-timer....................................................................................................... 37
hitless-failover enable..................................................................................... 38
inactivity-timer................................................................................................. 39
inline power .................................................................................................... 40
inline power install-firmware scp..................................................................... 43
ip arp inspection validate.................................................................................45
ip bootp-use-intf-ip.......................................................................................... 46
ip dscp-remark ............................................................................................... 47
ip igmp group-membership-time..................................................................... 48
FastIron Command Reference
53-1003389-04
3
ip igmp max-response-time...........................................................................49
ip igmp port-version.......................................................................................50
ip igmp proxy.................................................................................................51
ip igmp query-interval....................................................................................52
ip igmp tracking.............................................................................................53
ip igmp version..............................................................................................54
ip max-mroute............................................................................................... 55
ip mroute....................................................................................................... 56
ip mroute (next hop)......................................................................................57
ip mroute next-hop-enable-default................................................................ 58
ip mroute next-hop-recursion........................................................................ 59
ip multicast.................................................................................................... 60
ip multicast age-interval................................................................................ 61
ip multicast disable-flooding..........................................................................62
ip multicast leave-wait-time........................................................................... 63
ip multicast max-response-time.................................................................... 64
ip multicast mcache-age............................................................................... 65
ip multicast query-interval............................................................................. 66
ip multicast report-control..............................................................................67
ip multicast verbose-off................................................................................. 68
ip multicast version........................................................................................69
ip multicast-nonstop-routing..........................................................................70
ip pcp-remark ............................................................................................... 71
ip pim.............................................................................................................72
ip pim border................................................................................................. 73
ip pim dr-priority............................................................................................ 74
ip pim neighbor-filter......................................................................................75
ip pimsm-snooping........................................................................................76
ip pim-sparse.................................................................................................77
ip ssh encryption disable-aes-cbc................................................................. 78
ip ssl min-version.......................................................................................... 79
ipv6 max-mroute........................................................................................... 80
ipv6 mld group-membership-time..................................................................81
ipv6 mld llqi .................................................................................................. 82
ipv6 mld max-group-address.........................................................................83
ipv6 mld max-response-time......................................................................... 84
ipv6 mld port-version.....................................................................................85
ipv6 mld query-interval.................................................................................. 86
ipv6 mld robustness...................................................................................... 87
ipv6 mld static-group..................................................................................... 88
ipv6 mld tracking........................................................................................... 89
ipv6 mroute................................................................................................... 90
ipv6 mroute (next hop).................................................................................. 91
ipv6 mroute next-hop-enable-default............................................................ 92
ipv6 mroute next-hop-recursion.................................................................... 93
ipv6 multicast age-interval.............................................................................94
ipv6 multicast disable-flooding...................................................................... 95
ipv6 multicast leave-wait-time....................................................................... 96
ipv6 multicast mcache-age............................................................................97
ipv6 multicast query-interval..........................................................................98
ipv6 multicast report-control.......................................................................... 99
ipv6 multicast verbose-off........................................................................... 100
ipv6 multicast version..................................................................................101
ipv6 multicast-boundary.............................................................................. 102
ipv6 nd router-preference............................................................................103
ipv6 nd skip-interface-ra..............................................................................104
ipv6 neighbor inspection............................................................................. 105
ipv6 neighbor inspection vlan......................................................................106
4
FastIron Command Reference
53-1003389-04
ipv6 pim border............................................................................................. 107
ipv6 pim dr-priority.........................................................................................108
ipv6 pim neighbor-filter..................................................................................109
ipv6 pim-sparse.............................................................................................110
ipv6 raguard policy ....................................................................................... 111
ipv6 raguard vlan ..........................................................................................112
ipv6 raguard whitelist ................................................................................... 113
ipv6 router pim.............................................................................................. 114
ipv6-address auto-gen-link-local................................................................... 115
ipv6-neighbor inspection trust....................................................................... 116
jitc enable...................................................................................................... 117
jitc show........................................................................................................ 118
Commands A - E................................................................................................................... 119
aaa authorization coa enable........................................................................ 119
aaa authorization coa ignore ........................................................................120
accept-mode................................................................................................. 121
access-list enable accounting....................................................................... 122
acl-logging.....................................................................................................123
alias...............................................................................................................124
anycast-rp..................................................................................................... 125
arp-internal-priority........................................................................................ 127
authentication................................................................................................128
authentication auth-default-vlan.................................................................... 129
authentication auth-order.............................................................................. 130
authentication disable-aging......................................................................... 131
authentication dos-protection........................................................................ 132
authentication fail-action............................................................................... 133
authentication filter-strict-security..................................................................134
authentication max-sessions.........................................................................135
authentication reauth-timeout........................................................................136
authentication source-guard-protection enable.............................................137
authentication timeout-action........................................................................ 138
auth-default-vlan........................................................................................... 139
auth-fail-action...............................................................................................140
auth-order dot1x mac-auth............................................................................141
auth-order mac-auth dot1x............................................................................142
bsr-candidate................................................................................................ 143
clear access-list accounting.......................................................................... 145
clear cable diagnostics tdr.............................................................................146
clear dot1x sessions......................................................................................147
clear dot1x statistics .....................................................................................148
clear dot1x-mka statistics..............................................................................149
clear ip mroute.............................................................................................. 150
clear ip pim counters..................................................................................... 151
clear ip pim hw-resource............................................................................... 152
clear ip pim rp-map....................................................................................... 153
clear ip pimsm-snoop.................................................................................... 154
clear ipv6 mroute...........................................................................................155
clear ipv6 neighbor........................................................................................156
clear ipv6 pim cache..................................................................................... 157
clear ipv6 pim counters................................................................................. 158
clear ipv6 pim hw-resource........................................................................... 159
clear ipv6 pim rp-map....................................................................................160
clear ipv6 pim traffic...................................................................................... 161
clear ipv6 pimsm-snoop................................................................................ 162
clear ipv6 raguard ........................................................................................ 163
FastIron Command Reference
53-1003389-04
5
clear macsec ethernet ................................................................................164
clear mac-authentication sessions.............................................................. 165
clear notification-mac statistics................................................................... 166
clear openflow ............................................................................................167
clear stack ipc............................................................................................. 168
clear statistics openflow ............................................................................. 169
connect........................................................................................................170
copy flash scp............................................................................................. 171
copy running-config scp.............................................................................. 173
copy scp flash............................................................................................. 174
copy scp license..........................................................................................176
copy scp running-config.............................................................................. 178
copy scp startup-config............................................................................... 180
copy startup-config scp............................................................................... 181
critical-vlan.................................................................................................. 182
default-ports................................................................................................ 183
disable-aging...............................................................................................184
disable authentication md5......................................................................... 185
dlb-internal-trunk-hash................................................................................ 186
dot1x auth-filter........................................................................................... 187
dot1x enable................................................................................................188
dot1x guest-vlan..........................................................................................189
dot1x max-reauth-req .................................................................................190
dot1x-mka-enable....................................................................................... 191
dot1x timeout ..............................................................................................192
egress-buffer-profile....................................................................................193
enable-accounting.......................................................................................194
enable-mka................................................................................................. 195
errdisable packet-inerror-detect.................................................................. 196
Commands K - S................................................................................................................. 197
key-server-priority....................................................................................... 198
link-config gig copper autoneg-control........................................................ 199
logging ........................................................................................................200
logging cli-command................................................................................... 201
loop-detection shutdown-disable ............................................................... 202
loop-detection-syslog-interval .................................................................... 203
mac filter enable-accounting....................................................................... 204
mac-auth auth-filter..................................................................................... 205
mac-auth dot1x-override............................................................................. 206
mac-auth enable......................................................................................... 207
mac-auth password-format ........................................................................ 208
mac-auth password-override.......................................................................209
mac-notification interval ............................................................................. 210
macsec cipher-suite.................................................................................... 211
macsec confidentiality-offset....................................................................... 212
macsec frame-validation............................................................................. 213
macsec replay-protection............................................................................214
max-hw-age................................................................................................ 215
maximum-preference ................................................................................. 216
max-mcache................................................................................................217
max-sw-age.................................................................................................218
mesh-group.................................................................................................219
message-interval.........................................................................................220
mka-cfg-group ............................................................................................221
mstp instance..............................................................................................223
mstp scope..................................................................................................224
6
FastIron Command Reference
53-1003389-04
multicast disable-pimsm-snoop.....................................................................225
multicast fast-convergence........................................................................... 226
multicast fast-leave-v2.................................................................................. 227
multicast pimsm-snooping prune-wait...........................................................228
multicast port-version.................................................................................... 229
multicast proxy-off......................................................................................... 230
multicast router-port...................................................................................... 231
multicast static-group.................................................................................... 232
multicast tracking.......................................................................................... 233
multicast version........................................................................................... 234
multicast6 disable-mld-snoop........................................................................235
multicast6 disable-pimsm-snoop...................................................................236
multicast6 fast-convergence......................................................................... 237
multicast6 port-version.................................................................................. 238
multicast6 proxy-off....................................................................................... 239
multicast6 router-port.................................................................................... 240
multicast6 static-group.................................................................................. 241
multicast6 tracking........................................................................................ 242
multicast6 version......................................................................................... 243
nbr-timeout.................................................................................................... 244
openflow enable ........................................................................................... 245
originator-id................................................................................................... 246
packet-inerror-detect..................................................................................... 247
pass-through................................................................................................. 248
phy cable diagnostics tdr...............................................................................249
prefix-list .......................................................................................................250
pre-shared-key.............................................................................................. 251
priority........................................................................................................... 252
priority-flow-control........................................................................................253
priority-flow-control enable............................................................................ 254
prune-timer....................................................................................................255
prune-wait..................................................................................................... 256
qos egress-buffer-profile............................................................................... 257
qos ingress-buffer-profile.............................................................................. 259
qos priority-to-pg........................................................................................... 261
qos scheduler-profile.....................................................................................263
qos-internal-trunk-queue .............................................................................. 266
radius-client coa host.................................................................................... 268
radius-client coa port ....................................................................................269
raguard .........................................................................................................270
register-probe-time........................................................................................271
register-suppress-time.................................................................................. 272
restricted-vlan................................................................................................273
route-precedence.......................................................................................... 274
route-precedence admin-distance.................................................................276
router msdp................................................................................................... 277
router pim...................................................................................................... 278
rp-address..................................................................................................... 279
rp-adv-interval............................................................................................... 280
rp-candidate.................................................................................................. 281
rp-embedded.................................................................................................283
scheduler-profile............................................................................................284
Show Commands..................................................................................................................285
show cable-diagnostics tdr............................................................................286
show default values.......................................................................................287
show dlb-internal-trunk-hash.........................................................................288
FastIron Command Reference
53-1003389-04
7
show dot1x ip-acl........................................................................................ 289
show dot1x mac-filter.................................................................................. 290
show dot1x sessions...................................................................................291
show dot1x statistics................................................................................... 293
show dot1x-mka config............................................................................... 295
show dot1x-mka config-group..................................................................... 297
show dot1x-mka sessions...........................................................................299
show dot1x-mka statistics........................................................................... 302
show interface ethernet...............................................................................303
show interfaces stack-ports.........................................................................305
show ip mroute............................................................................................307
show ip msdp mesh-group.......................................................................... 309
show ip multicast group...............................................................................311
show ip multicast mcache........................................................................... 313
show ip multicast optimization ...............................................................315
show ip multicast pimsm-snooping............................................................. 316
show ip multicast vlan................................................................................. 317
show ip pim interface.................................................................................. 321
show ip pim traffic....................................................................................... 322
show ip pimsm-snooping cache.................................................................. 325
show ip ssl...................................................................................................327
show ip static mroute.................................................................................. 328
show ipv6 mroute........................................................................................329
show ipv6 multicast mcache....................................................................... 330
show ipv6 multicast group...........................................................................331
show ipv6 multicast mcache....................................................................... 333
show ipv6 multicast optimization ...........................................................334
show ipv6 multicast pimsm-snooping..........................................................335
show ipv6 multicast vlan............................................................................. 336
show ipv6 neighbor .................................................................................... 337
show ipv6 pim interface...............................................................................340
show ipv6 pim traffic....................................................................................341
show ipv6 pimsm-snooping cache.............................................................. 343
show ipv6 static mroute...............................................................................345
show loop-detect no-shutdown-status........................................................ 346
show mac-auth configuration...................................................................... 347
show mac-auth ip-acl.................................................................................. 350
show mac-auth sessions.............................................................................351
show mac-auth statistics............................................................................. 352
show macsec statistics ethernet................................................................. 353
show notification-mac..................................................................................355
show openflow............................................................................................ 356
show openflow controller.............................................................................358
show openflow flows................................................................................... 359
show openflow groups................................................................................ 360
show openflow interfaces............................................................................361
show openflow meters................................................................................ 363
show packet-inerror-detect..........................................................................365
show priority-flow-control............................................................................ 366
show qos egress-buffer-profile....................................................................367
show qos ingress-buffer-profile................................................................... 368
show qos-internal-trunk-queue................................................................... 369
show qos priority-to-pg................................................................................370
show qos-profiles........................................................................................ 372
show qos scheduler-profile......................................................................... 373
show rmon...................................................................................................375
show running interface................................................................................380
show span designated-protect.................................................................... 381
8
FastIron Command Reference
53-1003389-04
show stack.................................................................................................... 382
show stack connection.................................................................................. 384
show stack detail...........................................................................................385
show stack failover........................................................................................387
show stack flash............................................................................................388
show stack link-sync..................................................................................... 389
show stack neighbors....................................................................................390
show stack rel-ipc stats ................................................................................ 391
show stack resource..................................................................................... 398
show stack stack-ports..................................................................................399
show statistics l2-tunnel ............................................................................... 401
show statistics stack-ports............................................................................ 402
Commands Sn - Z..................................................................................................................403
snmp-server enable traps mac-notification .................................................. 404
snmp-server group........................................................................................ 405
spanning-tree designated-protect................................................................. 407
stack disable................................................................................................. 408
stack enable.................................................................................................. 409
stack mac...................................................................................................... 410
stack-port...................................................................................................... 411
stack secure-setup........................................................................................ 412
stack stack-port-resiliency.............................................................................413
stack suggested-id........................................................................................ 415
stack suppress-warning................................................................................ 416
stack switch-over...........................................................................................417
stack-trunk.....................................................................................................418
stack unconfigure.......................................................................................... 419
store-and-forward..........................................................................................422
symmetrical-flow-control enable....................................................................423
system-max igmp-snoop-group-addr............................................................ 424
system-max igmp-snoop-mcache................................................................. 425
system-max mac-notification-buffer.............................................................. 426
system-max mld-snoop-group-addr.............................................................. 427
system-max mld-snoop-mcache................................................................... 428
traffic-policy count......................................................................................... 429
traffic-policy rate-limit adaptive......................................................................430
traffic-policy rate-limit fixed............................................................................432
use-v2-checksum.......................................................................................... 434
version...........................................................................................................435
vxlan vlan...................................................................................................... 436
FastIron Command Reference
53-1003389-04
9
10
FastIron Command Reference
53-1003389-04
Preface
● Document conventions....................................................................................................11
● Brocade resources.......................................................................................................... 13
● Contacting Brocade Technical Support...........................................................................13
● Document feedback........................................................................................................ 14
Document conventions
The document conventions describe text formatting conventions, command syntax conventions, and
important notice formats used in Brocade technical documentation.
Text formatting conventions
Text formatting conventions such as boldface, italic, or Courier font may be used in the flow of the text
to highlight specific words or phrases.
Format
Description
bold text
Identifies command names
Identifies keywords and operands
Identifies the names of user-manipulated GUI elements
Identifies text to enter at the GUI
italic text
Identifies emphasis
Identifies variables and modifiers
Identifies paths and Internet addresses
Identifies document titles
Courier font
Identifies CLI output
Identifies command syntax examples
Command syntax conventions
Bold and italic text identify command syntax components. Delimiters and operators define groupings of
parameters and their logical relationships.
Convention
Description
bold text
Identifies command names, keywords, and command options.
italic text
Identifies a variable.
FastIron Command Reference
53-1003389-04
11
Notes, cautions, and warnings
Convention
Description
value
In Fibre Channel products, a fixed value provided as input to a command
option is printed in plain text, for example, --show WWN.
[]
Syntax components displayed within square brackets are optional.
Default responses to system prompts are enclosed in square brackets.
{x|y|z}
A choice of required parameters is enclosed in curly brackets separated by
vertical bars. You must select one of the options.
In Fibre Channel products, square brackets may be used instead for this
purpose.
x|y
A vertical bar separates mutually exclusive elements.
<>
Nonprinting characters, for example, passwords, are enclosed in angle
brackets.
...
Repeat the previous element, for example, member[member...].
\
Indicates a “soft” line break in command examples. If a backslash separates
two lines of a command input, enter the entire command at the prompt without
the backslash.
Notes, cautions, and warnings
Notes, cautions, and warning statements may be used in this document. They are listed in the order of
increasing severity of potential hazards.
NOTE
A Note provides a tip, guidance, or advice, emphasizes important information, or provides a reference
to related information.
ATTENTION
An Attention statement indicates a stronger note, for example, to alert you when traffic might be
interrupted or the device might reboot.
CAUTION
A Caution statement alerts you to situations that can be potentially hazardous to you or cause
damage to hardware, firmware, software, or data.
DANGER
A Danger statement indicates conditions or situations that can be potentially lethal or
extremely hazardous to you. Safety labels are also attached directly to products to warn of
these conditions or situations.
12
FastIron Command Reference
53-1003389-04
Brocade resources
Brocade resources
Visit the Brocade website to locate related documentation for your product and additional Brocade
resources.
You can download additional publications supporting your product at www.brocade.com. Select the
Brocade Products tab to locate your product, then click the Brocade product name or image to open the
individual product page. The user manuals are available in the resources module at the bottom of the
page under the Documentation category.
To get up-to-the-minute information on Brocade products and resources, go to MyBrocade. You can
register at no cost to obtain a user ID and password.
Release notes are available on MyBrocade under Product Downloads.
White papers, online demonstrations, and data sheets are available through the Brocade website.
Contacting Brocade Technical Support
As a Brocade customer, you can contact Brocade Technical Support 24x7 online, by telephone, or by email. Brocade OEM customers contact their OEM/Solutions provider.
Brocade customers
For product support information and the latest information on contacting the Technical Assistance
Center, go to http://www.brocade.com/services-support/index.html.
If you have purchased Brocade product support directly from Brocade, use one of the following methods
to contact the Brocade Technical Assistance Center 24x7.
Online
Telephone
E-mail
Preferred method of contact for nonurgent issues:
Required for Sev 1-Critical and Sev
2-High issues:
support@brocade.com
• My Cases through MyBrocade
•
Continental US: 1-800-752-8061
• Software downloads and licensing •
tools
Europe, Middle East, Africa, and
Asia Pacific: +800-AT FIBREE
(+800 28 34 27 33)
• Knowledge Base
•
For areas unable to access toll
free number: +1-408-333-6061
•
Toll-free numbers are available in
many countries.
Please include:
•
Problem summary
•
Serial number
•
Installation details
•
Environment description
Brocade OEM customers
If you have purchased Brocade product support from a Brocade OEM/Solution Provider, contact your
OEM/Solution Provider for all of your product support needs.
• OEM/Solution Providers are trained and certified by Brocade to support Brocade® products.
• Brocade provides backline support for issues that cannot be resolved by the OEM/Solution Provider.
FastIron Command Reference
53-1003389-04
13
Document feedback
• Brocade Supplemental Support augments your existing OEM support contract, providing direct
access to Brocade expertise. For more information, contact Brocade or your OEM.
• For questions regarding service levels and response times, contact your OEM/Solution Provider.
Document feedback
To send feedback and report errors in the documentation you can use the feedback form posted with
the document or you can e-mail the documentation team.
Quality is our first concern at Brocade and we have made every effort to ensure the accuracy and
completeness of this document. However, if you find an error or an omission, or you think that a topic
needs further development, we want to hear from you. You can provide feedback in two ways:
• Through the online feedback form in the HTML documents posted on www.brocade.com.
• By sending your feedback to documentation@brocade.com.
Provide the publication title, part number, and as much detail as possible, including the topic heading
and page number if applicable, as well as your suggestions for improvement.
14
FastIron Command Reference
53-1003389-04
About This Document
● What's new in this document...........................................................................................15
● Supported hardware and software.................................................................................. 15
What's new in this document
This document is a revision to the first release of the FastIron Command Reference.
In this initial release of the FastIron command reference, not all commands supported on the FastIron
devices are represented. All new commands supported in the FastIron Release 08.0.20 and later
releases are included.
For new commands introduced since Release 08.0.01, the history table is shown. For legacy
commands the history table is not shown unless an update has been added in recent releases.
The following sections list the updates to FastIron Release 08.0.20c.
Modified commands
The following command has been modified.
• mac-auth password-format on page 208
Deprecated commands
The following command has been deprecated.
• authentication voice-timeout-action
Supported hardware and software
This guide supports the following product families for FastIron release 08.0.20:
•
•
•
•
•
•
•
•
FCX Series
FastIron X Series (FSX 800 and FSX 1600)
ICX 6610 Series
ICX 6430 Series (ICX 6430, ICX 6430-C12)
ICX 6450 Series (ICX 6450, ICX 6450-C12-PD)
ICX 6650 Series
ICX 7750 Series
ICX 7450 Series
NOTE
The Brocade ICX 6430-C switch supports the same feature set as the Brocade ICX 6430 switch unless
otherwise noted.
FastIron Command Reference
53-1003389-04
15
About This Document
NOTE
The Brocade ICX 6450-C12-PD switch supports the same feature set as the Brocade ICX 6450 switch
unless otherwise noted.
For information about the specific models and modules supported in a product family, refer to the
hardware installation guide for that product family.
16
FastIron Command Reference
53-1003389-04
Using the FastIron command-line interface
● Accessing the CLI........................................................................................................... 17
● Searching and filtering command output.........................................................................20
● Creating an alias for a CLI command..............................................................................25
● Specifying stack-unit, slot number, and port number...................................................... 26
Accessing the CLI
Once an IP address is assigned to a Brocade device running Layer 2 software or to an interface on the
Brocade device running Layer 3 software, you can access the CLI either through a direct serial
connection or through a local or remote Telnet session.
You can initiate a local Telnet or SNMP or SSH connection by attaching a cable to a port and specifying
the assigned management station IP address.
Command modes
The FastIron CLI uses an industry-standard hierarchical shell familiar to Ethernet/IP networking
administrators. You can use one of three major command modes to enter commands and access subconfiguration modes on the device.
User EXEC mode
User EXEC mode is the default mode for the device; it supports the lowest level of user permissions. In
this mode, you can execute basic commands such as ping and traceroute, but only a subset of clear,
show, and debug commands can be entered in this mode. The following example shows the User
EXEC prompt after login. The enable command enters privileged EXEC mode.
device> enable
device#
Privileged EXEC mode
Privileged EXEC mode supports all clear, show, and debug commands. In addition, you can enter some
configuration commands that do not make changes to the system configuration. The following example
shows the privileged EXEC prompt. At this prompt, you issue the configure terminal command to enter
global configuration mode.
device# configure terminal
device(config)#
Global configuration mode
Global configuration mode supports commands that can change the device configuration. For any
changes to be persistent, you must save the system configuration before rebooting the device. The
global configuration mode provides access to sub-configuration modes for individual interfaces, VLANs,
FastIron Command Reference
53-1003389-04
17
Command help
routing protocols, and other configuration areas. The following example shows how you access the
interface sub-configuration mode by issuing the interface command with a specified interface.
device(config)# interface ethernet 1/1/1
device(config-if-e1000-1/1/1)#
Command help
You can display commands and syntax information in any mode and from any point in the command
hierarchy.
Enter a question mark (?) or a tab in any command mode to display the list of commands available in
that mode.
device(config)#?
aaa
access-list
aggregated-vlan
alias
all-client
arp
arp-internal-priority
arp-subnet-only
authentication
banner
batch
boot
(output truncated)
Define authentication method list
Define Access Control List (ACL)
Support for larger Ethernet frames up to 1536 bytes
Configure alias or display configured alias
Restrict all remote management to a host
Enter a static IP ARP entry
Set packet priority
Only learn ARP in the subnet of this device
Configure flexible authentication
Define a login banner
Define a group of commands
Set system boot options
To display a list of commands that start with a specified character, type the character followed by a
question mark (?) or a tab.
device(config)#e ?
ICX6450-48P Switch(config)#e
enable
end
errdisable
exit
extern-config-file
Password, page-mode and other options
End Configuration level and go to Privileged level
Set Error Disable Attributions
Exit current level
Extern configuration file
To display keywords and arguments associated with a command, enter the command followed by a
question mark (?) or a tab.
deviceh(config)#qos ?
egress-buffer-profile
mechanism
name
profile
scheduler-profile
tagged-priority
User defined QoS egress profile
Change mechanism
Change name
Change bandwidth allocation
User defined QoS profile
Change tagged frame priority to profile mapping
Command completion
Command completion allows you to execute a command by entering a partial string.
NOTE
Command completion is not supported in the boot loader prompt of ICX 6430 and the ICX 6450
devices.
To complete the spelling of commands or keywords automatically, begin typing the command or
keyword and then press Tab. For example, at the CLI command prompt, type te and press Tab. For
18
FastIron Command Reference
53-1003389-04
Scroll control
example, entering conf t in privileged EXEC mode auto-completes the keyword and executes the
configure terminal as shown.
device#conf t
terminal
Configure thru terminal
deviceh#conf terminal
device(config)#
If there is more than one command or keyword associated with the characters typed, the CLI displays
all choices matching the characters. Type another character to identify the keyword you are looking for.
device(config)#show li
license
Show
link-error-disable
Link
link-keepalive
Link
device(config)#show lic
license
Show
device(config)#show license
software license information
Debouncing Control
Layer Keepalive
software license information
If you enter an invalid command or partial string that cannot be completed, an error message is
displayed.
device(config)#shw
Unrecognized command
device(config)#shw
Scroll control
By default, the CLI uses a page mode to paginate displays that are longer than 24 lines to 24-line page
increments.
If you use the question mark (?) to display a listing of available in a given mode, the display stops at
each 24-line increment and lists your choices for continuing the display.
aaa
all-client
appletalk
arp
boot
some lines omitted for brevity...
ipx
lock-address
logging
mac
--More--, next page: Space, next line:
Return key, quit: Control-c
Use one of the following scrolling options to display additional information:
•
•
•
•
Press the Space bar to display the next page (one screen at a time).
Press the Return or Enter key to display the next line (one line at a time).
Press Ctrl+C or Ctrl+Q to cancel the display.
Use ths skip command in privileged EXEC mode to disable page display mode. Use the page
command to re-enable page display mode
The following example toggles between page display modes.
Brocade#skip
Disable page display mode
Brocade#page
Enable page display mode
FastIron Command Reference
53-1003389-04
19
Line editing commands
Line editing commands
The CLI supports the following line editing commands. To enter a line-editing command, use the CTRL
+key combination for the command by pressing and holding the CTRL key, then pressing the letter
associated with the command.
TABLE 1 CLI line editing commands
Ctrl+Key combination Description
Ctrl+A
Moves to the first character on the command line.
Ctrl+B
Moves the cursor back one character.
Ctrl+C
Escapes and terminates command prompts and ongoing tasks (such as lengthy
displays), and displays a fresh command prompt.
Ctrl+D
Deletes the character at the cursor.
Ctrl+E
Moves to the end of the current command line.
Ctrl+F
Moves the cursor forward one character.
Ctrl+K
Deletes all characters from the cursor to the end of the command line.
Ctrl+L; Ctrl+R
Repeats the current command line on a new line.
Ctrl+N
Enters the next command line in the history buffer.
Ctrl+P
Enters the previous command line in the history buffer.
Ctrl+U; Ctrl+X
Deletes all characters from the cursor to the beginning of the command line.
Ctrl+W
Deletes the last word you typed.
Ctrl+Z
Moves from any CONFIG level of the CLI to the Privileged EXEC level; at the Privileged
EXEC level, moves to the User EXEC level.
Searching and filtering command output
You can filter the output from show commands at the --More-- prompt. You can search for characters
strings, or you can construct complex regular expressions to filter the output.
Searching and filtering output at the --More-- prompt
The --More-- prompt displays when output extends beyond a single page. At this prompt, you can
press the Space bar to display the next page, the Return or Enter key to display the next line, or Ctrl
+C or Q to cancel the display. In addition, you can search and filter output from this prompt.
20
FastIron Command Reference
53-1003389-04
Searching and filtering show command output
At the --More-- prompt, enter a forward slash ( / ) followed by a search string. The Brocade device
displays output starting from the first line that contains the search string as shown in the following
example. The search feature is similar to the begin option for show commands.
--More--, next page: Space, next line: Return key, quit: Control-c
/telnet
The results of the search are displayed.
searching...
telnet
temperature
terminal
traceroute
undebug
undelete
whois
write
Telnet by name or IP address
temperature sensor commands
display syslog
TraceRoute to IP node
Disable debugging functions (see also 'debug')
Undelete flash card files
WHOIS lookup
Write running configuration to flash or terminal
To display lines containing only a specified search string (similar ) press the plus key (+) at the --More-prompt followed by a search string. This option is similar to the include option supported with show
commands.
--More--, next page: Space, next line: Return key, quit: Control-c
+telnet
The filtered results are displayed.
filtering...
telnet
Telnet by name or IP address
To display lines that do not contain a specified search string, press the minus key (-) at the --More-prompt followed by a search string. This option is similar to the exclude option supported with show
commands.
--More--, next page: Space, next line: Return key, quit: Control-c
-telnet
The filtered results are displayed.
filtering...
temperature
terminal
traceroute
undebug
undelete
whois
write
temperature sensor commands
display syslog
TraceRoute to IP node
Disable debugging functions (see also 'debug')
Undelete flash card files
WHOIS lookup
Write running configuration to flash or terminal
As with the commands for filtering output from show commands, the search string is a regular
expression consisting of a single character or string of characters. You can use special characters to
construct complex regular expressions. See the next section for information on special characters used
with regular expressions.
Searching and filtering show command output
You can filter output from show commands to display lines containing a specified string, lines that do
not contain a specified string, or output starting with a line containing a specified string. The search
string is a regular expression consisting of a single character or a string of characters. You can use
special characters to construct complex regular expressions.
FastIron Command Reference
53-1003389-04
21
Using the FastIron command-line interface
Using special characters to construct complex regular expressions
Special characters allow you to construct complex regular expressions to filter output from show
commands. You can use a regular expression to specify a single character or multiple characters as a
search string. In addition, you can include special characters that influence the way the software
matches the output against the search string. Supported special characters are listed in the following
table.
TABLE 2 Special characters for regular expressions
Character Operation
.
The period matches on any single character, including a blank space.
For example, the following regular expression matches "aaz", "abz", "acz", and so on, but not just
"az":
a.z
*
The asterisk matches on zero or more sequential instances of a pattern.
For example, the following regular expression matches output that contains the string "abc", followed
by zero or more Xs:
abcX*
+
The plus sign matches on one or more sequential instances of a pattern.
For example, the following regular expression matches output that contains "de", followed by a
sequence of "g"s, such as "deg", "degg", "deggg", and so on:
deg+
?
The question mark matches on zero occurrences or one occurrence of a pattern.
For example, the following regular expression matches output that contains "dg" or "deg":
de?g
NOTE
Normally when you type a question mark, the CLI lists the commands or options at that CLI level that
begin with the character or string you entered. However, if you enter Ctrl+V and then type a question
mark, the question mark is inserted into the command line, allowing you to use it as part of a regular
expression.
^
A caret (when not used within brackets) matches on the beginning of an input string.
For example, the following regular expression matches output that begins with "deg":
^deg
$
A dollar sign matches on the end of an input string.
For example, the following regular expression matches output that ends with "deg":
deg$
22
FastIron Command Reference
53-1003389-04
Using the FastIron command-line interface
TABLE 2 Special characters for regular expressions (Continued)
Character Operation
_
An underscore matches on one or more of the following:
• , (comma)
• { (left curly brace)
• } (right curly brace)
• ( (left parenthesis)
• ) (right parenthesis)
• The beginning of the input string
• The end of the input string
• A blank space
For example, the following regular expression matches on "100" but not on "1002", "2100", and so
on.
_100_
[]
Square brackets enclose a range of single-character patterns.
For example, the following regular expression matches output that contains "1", "2", "3", "4", or "5":
[1-5]
You can use the following expression symbols within the brackets. These symbols are allowed only
inside the brackets.
• ^ - The caret matches on any characters except the ones in the brackets. For example, the
following regular expression matches output that does not contain "1", "2", "3", "4", or "5":[^1-5]
• - The hyphen separates the beginning and ending of a range of characters. A match occurs if any
of the characters within the range is present. See the example above.
|
A vertical bar separates two alternative values or sets of values. The output can match one or the
other value.
For example, the following regular expression matches output that contains either "abc" or "defg":
abc|defg
()
Parentheses allow you to create complex expressions.
For example, the following complex expression matches on "abc", "abcabc", or "defg", but not on
"abcdefgdefg":
((abc)+)|((defg)?)
If you want to filter for a special character instead of using the special character as described in the
table above, enter a backslash ( \ ) before the character. For example, to filter on output containing an
asterisk, enter the asterisk portion of the regular expression as "\*".
device#show ip route bgp | include \*
FastIron Command Reference
53-1003389-04
23
Using the FastIron command-line interface
Displaying lines containing a specified string
The following command filters the output of the show interface command for port 3/11 to display only
lines containing the word "Internet". This command can be used to display the IP address of the
interface.
device#show interface e 3/11 | include Internet
Internet address is 10.168.1.11/24, MTU 1518 bytes, encapsulation ethernet
Syntax: show-command | include regular-expression
NOTE
The vertical bar ( | ) is part of the command.
Note that the regular expression specified as the search string is case sensitive. In the example
above, a search string of "Internet" would match the line containing the IP address, but a search string
of "internet" would not.
Displaying lines that do not contain a specified string
The following command filters the output of the show who command to display only the lines that do
not contain the word "closed". This command can be used to display open connections to the Brocade
device.
device#show who | exclude closed
Console connections:
established
you are connecting to this session
2 seconds in idle
Telnet connections (inbound):
1
established, client ip address 10.168.9.37
27 seconds in idle
Telnet connection (outbound):
SSH connections:
Syntax: show-command | exclude regular-expression
Displaying lines starting with a specified string
The following command filters the output of the show who command to display output starting with the
first line that contains the word "SSH". This command can be used to display information about SSH
connections to the Brocade device.
device#show who | begin SSH
SSH connections:
1
established, client ip address 10.168.9.210
7 seconds in idle
2
closed
3
closed
4
closed
5
closed
Syntax: show-command | begin regular-expression
24
FastIron Command Reference
53-1003389-04
Creating an alias for a CLI command
Creating an alias for a CLI command
An alias serves as a shorthand version of a longer CLI command. For example, you can create an alias
called shoro for the show ip route command. You can then enter te shoro alias at the command
prompt and the show ip route command is issued.
To create an alias called shoro for the CLI command show ip route, enter the alias shoro = show ip
route command.
device(config)# alias shoro = show ip route
Syntax: [no] alias alias-name = cli-command
The alias-name must be a single word, without spaces.
After the alias is configured, entering shoro in the privileged EXEC mode or in the global configuration
mode issues the show ip route command.
Enter the command copy running-config with the appropriate parameters to create an alias called
wrsbc.
device(config)#alias wrsbc = copy running-config tftp 10.10.10.10 test.cfg
To remove the wrsbc alias from the configuration, enter one of the following commands.
device(config)#no alias wrsbc
or
device(config)#unalias wrsbc
Syntax: unalias alias-name
The specified alias-name must be the name of an alias already configured on the Brocade device.
To display the aliases currently configured on the Brocade device, enter the following command in the
Privileged EXEC mode or in the global configuration mode.
device# alias
wrsbc
shoro
copy running-config tftp 10.10.10.10 test.cfg
show ip route
Syntax: alias
Configuration notes for creating a command alias
The following configuration notes apply to this feature:
• You cannot include additional parameters with the alias at the command prompt. For example, after
you create the shoro alias, shoro bgp would not be a valid command.
• If configured on the Brocade device, authentication, authorization, and accounting is performed on
the actual command, not on the alias for the command.
• To save an alias definition to the startup-config file, use the write memory command.
FastIron Command Reference
53-1003389-04
25
Specifying stack-unit, slot number, and port number
Specifying stack-unit, slot number, and port number
Many CLI commands require users to enter port numbers as part of the command syntax, and many
show command outputs display port numbers. Port numbers are entered and displayed in one of the
following formats:
• port number only
• slot number and port number
• stack-unit, slot number, and port number
Not all formats are supported on all devices. To identify a port, refer to the labels on the front panel of
the device.
Specifying a port on a modular device
On modular devices such as the FSX 800 and FSX 1600, you must specify the port number in the
following format when you issue a command that requires a port parameter: slot/port.
The following example enters the ethernet interface sub-configuraton mode for the first port on a
modular device.
device(config)#interface e 1/1
device(config-if-1/1)#
Specifying a port on stackable devices
On stackable devices (FCX and ICX) you must specify the port in the following format when you issue
a command that requires a port parameter: stack-unit /slot/port.
The following example enters the ethernet interface sub-configuraton mode for the first port on a
stackable device.
device(config)#interface e 1/1/1
device(config-if-e1000-1/1/1)#
Refer to "Brocade Stackable Devices" in the FastIron Ethernet Switch Stacking Configuration Guide
for more information on stackable devices.
26
FastIron Command Reference
53-1003389-04
Commands F - J
● failover.............................................................................................................................29
● filter-strict-security enable............................................................................................... 30
● flash.................................................................................................................................31
● flow-control......................................................................................................................32
● force-up ethernet.............................................................................................................33
● graft-retransmit-timer.......................................................................................................34
● hardware-drop-disable.................................................................................................... 35
● hello-interval....................................................................................................................36
● hello-timer....................................................................................................................... 37
● hitless-failover enable..................................................................................................... 38
● inactivity-timer................................................................................................................. 39
● inline power .................................................................................................................... 40
● inline power install-firmware scp..................................................................................... 43
● ip arp inspection validate.................................................................................................45
● ip bootp-use-intf-ip.......................................................................................................... 46
● ip dscp-remark ............................................................................................................... 47
● ip igmp group-membership-time..................................................................................... 48
● ip igmp max-response-time.............................................................................................49
● ip igmp port-version.........................................................................................................50
● ip igmp proxy...................................................................................................................51
● ip igmp query-interval......................................................................................................52
● ip igmp tracking............................................................................................................... 53
● ip igmp version................................................................................................................ 54
● ip max-mroute................................................................................................................. 55
● ip mroute......................................................................................................................... 56
● ip mroute (next hop)........................................................................................................ 57
● ip mroute next-hop-enable-default.................................................................................. 58
● ip mroute next-hop-recursion.......................................................................................... 59
● ip multicast...................................................................................................................... 60
● ip multicast age-interval.................................................................................................. 61
● ip multicast disable-flooding............................................................................................ 62
● ip multicast leave-wait-time............................................................................................. 63
● ip multicast max-response-time...................................................................................... 64
● ip multicast mcache-age................................................................................................. 65
● ip multicast query-interval............................................................................................... 66
● ip multicast report-control................................................................................................67
● ip multicast verbose-off................................................................................................... 68
● ip multicast version..........................................................................................................69
● ip multicast-nonstop-routing............................................................................................ 70
● ip pcp-remark ................................................................................................................. 71
● ip pim...............................................................................................................................72
● ip pim border................................................................................................................... 73
● ip pim dr-priority.............................................................................................................. 74
FastIron Command Reference
53-1003389-04
27
Commands F - J
● ip pim neighbor-filter......................................................................................................75
● ip pimsm-snooping........................................................................................................ 76
● ip pim-sparse.................................................................................................................77
● ip ssh encryption disable-aes-cbc................................................................................. 78
● ip ssl min-version.......................................................................................................... 79
● ipv6 max-mroute........................................................................................................... 80
● ipv6 mld group-membership-time..................................................................................81
● ipv6 mld llqi .................................................................................................................. 82
● ipv6 mld max-group-address.........................................................................................83
● ipv6 mld max-response-time......................................................................................... 84
● ipv6 mld port-version.....................................................................................................85
● ipv6 mld query-interval.................................................................................................. 86
● ipv6 mld robustness...................................................................................................... 87
● ipv6 mld static-group..................................................................................................... 88
● ipv6 mld tracking........................................................................................................... 89
● ipv6 mroute................................................................................................................... 90
● ipv6 mroute (next hop).................................................................................................. 91
● ipv6 mroute next-hop-enable-default............................................................................ 92
● ipv6 mroute next-hop-recursion.................................................................................... 93
● ipv6 multicast age-interval.............................................................................................94
● ipv6 multicast disable-flooding...................................................................................... 95
● ipv6 multicast leave-wait-time....................................................................................... 96
● ipv6 multicast mcache-age............................................................................................97
● ipv6 multicast query-interval..........................................................................................98
● ipv6 multicast report-control.......................................................................................... 99
● ipv6 multicast verbose-off........................................................................................... 100
● ipv6 multicast version..................................................................................................101
● ipv6 multicast-boundary.............................................................................................. 102
● ipv6 nd router-preference............................................................................................103
● ipv6 nd skip-interface-ra..............................................................................................104
● ipv6 neighbor inspection............................................................................................. 105
● ipv6 neighbor inspection vlan......................................................................................106
● ipv6 pim border........................................................................................................... 107
● ipv6 pim dr-priority.......................................................................................................108
● ipv6 pim neighbor-filter................................................................................................109
● ipv6 pim-sparse...........................................................................................................110
● ipv6 raguard policy ..................................................................................................... 111
● ipv6 raguard vlan ........................................................................................................112
● ipv6 raguard whitelist ................................................................................................. 113
● ipv6 router pim............................................................................................................ 114
● ipv6-address auto-gen-link-local................................................................................. 115
● ipv6-neighbor inspection trust..................................................................................... 116
● jitc enable.................................................................................................................... 117
● jitc show...................................................................................................................... 118
28
FastIron Command Reference
53-1003389-04
failover
failover
Enables or disables LAG (Link Aggregation Group) hardware failover on the next port in LAG or on all
ports in LAG.
Syntax
failover {next | all}
no failover {next | all}
Command Default
Parameters
LAG hardware failover is disabled.
next
Specifies that failover is to be enabled or disabled on the next port in LAG.
all
Specifies that failover is to be enabled or disabled on all ports in LAG.
Modes
Usage Guidelines
Dynamic LAG configuration mode
The no form of this command disables LAG hardware failover.
LAG hardware failover is supported only on Brocade ICX 7750 devices.
Examples
The following example enables LAG failover on the next port in LAG:
device(config)# lag one dynamic
device(config-lag-one)# failover next
The following example enables LAG failover on all ports in LAG:
device(config)# lag one dynamic
device(config-lag-one)# failover all
History
Release version
Command history
08.0.10
This command was introduced.
FastIron Command Reference
53-1003389-04
29
filter-strict-security enable
filter-strict-security enable
Enables or disables strict filter security for MAC authentication and dot1x authentication.
Syntax
filter-strict-security
no filter-strict-security
Command Default
MAC addresses are blocked.
Strict filter security is enabled for all 802.1X-enabled interfaces.
Modes
Usage Guidelines
Authentication mode
The no form of the command disables strict filter security.
When strict filter security is enabled, authentication fails if the filters contain invalid information.
Use the filter-strict-security enable command at the configuration authentication level and the auth
filter-strict-security enable command at the interface level.
When strict filter security is disabled:
• If the Filter-ID attribute in the Access-Accept message contains a value that does not refer to an
existing filter (a MAC address filter or IP ACL is configured on the device), then the port is
authenticated but no filter is dynamically applied to it.
• If the Vendor-Specific attribute specifies the syntax for a filter, but there are insufficient system
resources to implement the filter, then the port is authenticated but the filter specified in the VendorSpecific attribute is not applied to the port.
• By default, strict security mode is enabled for all 802.1X-enabled interfaces, but you can manually
disable or enable it, either globally or for specific interfaces.
Examples
The following example enables strict filter security.
device(config)# authentication
device(config-authen)# filter-strict-security enable
History
30
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
flash
flash
Use the flash command to perform basic flash file maintenance.
Syntax
Command Default
Parameters
flash { copy source-file destination-file | dbgflock | delete flash-file | files directory-name | rename
source-file destination-file }
N/A
copy source-file destination-file
Copy the source flash file to a new file
dbgflock
Display the flash access lock holder
delete flash-file
Delete the flash file
files directory-name
Display flash files in a particular directory
rename source-file destination-file
Rename a flash file
Modes
Usage Guidelines
Examples
Exec mode
The command is useful in flash file maintenance.
In the following example, flash files are displayed.
device# flash files
Type
Size
Name
---------------------F
24108665 primary
F
24108665 secondary
F
610 startup-config.backup
F
2052 startup-config.txt
48219992 bytes 4 File(s) in FI root
1768706048 bytes free in FI root
1768706048 bytes free in /
The show flash command also displays flash file information but with different results.
device# show flash
Stack unit 1:
Compressed Pri Code size = 24108665, Version:08.0.40qT213 (SPR08040q074.bin)
Compressed Sec Code size = 24108665, Version:08.0.40qT213 (SPR08040q074.bin)
Compressed Boot-Monitor Image size = 786944, Version:10.1.05T215
Code Flash Free Space = 1768706048
History
Release version
Command history
8.0.10
This command was introduced.
FastIron Command Reference
53-1003389-04
31
flow-control
flow-control
Enables or disables flow control and flow control negotiation, and advertises flow control.
Syntax
flow-control [ neg-on ]
no flow-control [ neg-on ]
Command Default
Parameters
Flow control is enabled.
neg-on
Enables negotiation on an interface.
Modes
Global configuration mode
Interface configuration mode
Usage Guidelines
The no form of this command disables flow control.
On ICX 7750 devices the default packet-forwarding method is cut-through, in which port flow control
(IEEE 802.3x) is not supported but priority-based flow control (PFC) is supported. You can configure the
store-and- forward command in global configuration mode to enable the store-and-forward method for
packet-forwarding.
By default, when flow control is enabled globally and auto-negotiation is on, flow control is enabled and
advertised on 10/100/1000M ports. If auto-negotiation is off or if the port speed was configured
manually, flow control is neither negotiated with nor advertised to the peer.
NOTE
Enabling only port auto-negotiation does not enable flow control negotiation. You must use the flowcontrol neg-on command to enable flow-control negotiation.
Examples
The following example disables flow control globally.
Device(config)#no flow-control
The following example enables flow control on Ethernet ports 0/1/11 to 0/1/15.
Device(config)#interface ethernet 0/1/11 to 0/1/15
device(config-mif-0/1/11-0/1/15)#flow-control
The following example disables flow control on Ethernet port 1/1/9.
Device(config)# interface ethernet 1/1/9
Device(config-if-e1000-1/1/9)no flow-control
The following example enables flow-control negotiation on Ethernet interface 1/1/2.
Device(config)# interface ethernet 1/1/2
Device(config-if-e1000-1/1/2)flow-control neg-on
History
32
Release version
Command history
08.0.20
This command was modified. Enabling only auto-negotiation does not enable
flow-control negotiation.
FastIron Command Reference
53-1003389-04
force-up ethernet
force-up ethernet
Forces the member port of a dynamic LAG (Link Aggregation Group) to be logically operational even if
the dynamic LAG is not operating.
Syntax
force-up ethernet port
no force-up ethernet port
Command Default
Parameters
The member ports of a dynamic LAG are logically operational only if the dynamic LAG is operating.
port
Specifies the port.
Modes
Usage Guidelines
Dynamic LAG configuration mode
The no form of the command causes the specified port to be logically operational only when the
dynamic LAG is operating.
When the dynamic LAG is not operational, the port goes to "force-up" mode. In this mode, the port is
logically operational, which enables a PXE-capable host to boot from the network using this port. Once
the host successfully boots from the network, the dynamic LAG can connect the host to the network
with the LAG link. Even if the dynamic LAG fails later, this port is brought back to "force-up" mode and
remains logically operational.
A port that is in "force-up" mode has the operational status ("Ope" ) of "Frc". Use the show lag
command to display the operational status.
If any port in a dynamic LAG receives an LACPDU, the port in force-up mode leaves force-mode and
becomes a member port in the dynamic LAG.
Examples
The following example enables PXE boot support on member port 3/1/1 of a dynamic LAG R4-dyn.
device(config)# lag R4-dyn
device(config-lag-R4-dyn)# force-up ethernet 3/1/1
History
Release version
Command history
08.0.01
This command was introduced.
FastIron Command Reference
53-1003389-04
33
graft-retransmit-timer
graft-retransmit-timer
Configures the time between the transmission of graft messages sent by a device to cancel a prune
state.
Syntax
graft-retransmit-timer seconds
no graft-retransmit-timer seconds
Command Default
Parameters
The graft retransmission time is 180 seconds.
seconds
Specifies the time in seconds. The range is 60 through 3600 seconds. The
default is 180 seconds.
Modes
Usage Guidelines
PIM router configuration mode
The no form of this command restores the default graft retransmission time, 180 seconds.
Messages sent by a device to cancel a prune state are called graft messages. When it receives a graft
message, the device responds with a Graft Ack (acknowledge) message. If this Graft Ack message is
lost, the device that sent it resends it.
Examples
This example configures a graft retransmission timer to 90 seconds.
device(config)# router pim
device(config-pim-router)# graft-retransmit-timer 90
34
FastIron Command Reference
53-1003389-04
hardware-drop-disable
hardware-drop-disable
Disables passive multicast route insertion (PMRI).
Syntax
hardware-drop-disable
no hardware-drop-disable
Command Default
Modes
Usage Guidelines
PMRI is enabled.
PIM router configuration mode
The no form of this command restores the default and enables PMRI.
To prevent unwanted multicast traffic from being sent to the CPU, PIM routing and PMRI can be used
together to ensure that multicast streams are forwarded out only on ports with interested receivers and
unwanted traffic is dropped in hardware on Layer 3 switches. To disable this process, use the
hardware-drop-disable command.
NOTE
Disabling hardware-drop does not immediately take away existing hardware-drop entries, they will go
through the normal route aging processing when the traffic stops.
Examples
This example disables PMRI.
device(config)#router pim
device(config-pim-router)# hardware-drop-disable
FastIron Command Reference
53-1003389-04
35
hello-interval
hello-interval
Sets the hello-interval in seconds or milliseconds for IPv4 VRRP and IPv6 VRRP.
Syntax
hello-interval { seconds l milliseconds }
hello-interval msec milliseconds
no hello-interval
Command Default
Parameters
The hello-interval is 1 second.
seconds
Specifies the hello-interval in seconds from 1 through 40 seconds for IPv4
VRRP, IPv4 VRRPv3, VRRP-E, and IPv6 VRRP-E. The default is 1 second.
milliseconds
Specifies the hello-interval in seconds from 1 through 84 seconds for IPv4
VRRP, VRRP-E, and IPv6 VRRP-E and 1 through 40 seconds for IPv4
VRRPv3. The default is 1 second.
Modes
Usage Guidelines
Examples
VRRP virtual router ID configuration
IPv4 VRRPv2 supports the hello-interval configuration in seconds, while IPv6 VRRP supports this
configuration in milliseconds; both use the CLI hello-interval . However, IPv4 VRRPv3 supports both
the seconds and milliseconds configuration using the hello-interval command and the hello-interval
command with the msec option.
The following example configures the hello-interval on IPv4 VRRPv2 to 20 seconds.
device Router1(config)# interface ethernet 1/6
device Router1(config-if-1/6)# ipv4 vrrp vrid 1
device Router1(config-if-1/6-vrid-1)# hello-interval 20
The following example configures the hello-interval on IPv4 VRRPv3 to 200 milliseconds.
device Router1(config)# interface ethernet 1/6
device Router1(config-if-1/6)# ipv4 vrrp vrid 1
device Router1(config-if-1/6-vrid-1)# hello-interval msec 200
History
36
Release version
Command history
08.0.10
This command was introduced.
FastIron Command Reference
53-1003389-04
hello-timer
hello-timer
Configures the interval at which hello messages are sent out of Protocol Independent Multicast (PIM)
interfaces.
Syntax
hello-timer seconds
no hello-timer seconds
Command Default
Parameters
The hello interval is 30 seconds.
seconds
Specifies the interval in seconds. The range is 10 through 3600 seconds. The
default is 30 seconds.
Modes
Usage Guidelines
PIM router configuration mode
The no form of this command restores the default hello interval, 30 seconds.
Devices use hello messages to inform neighboring devices of their presence.
Examples
This example configures a hello interval of 120 seconds on all ports on a device operating with PIM.
device(config)# router pim
device(config-pim-router)# hello-timer 120
FastIron Command Reference
53-1003389-04
37
hitless-failover enable
hitless-failover enable
Enables hitless stacking failover and switchover. The standby controller is allowed to take over the
active role without reloading the stack when failover occurs.
Syntax
hitless-failover enable
no hitless-failover enable
Command Default
Modes
Usage Guidelines
Hitless stacking failover is enabled. In earlier releases, failover and switchover were disabled by default.
Global configuration mode
Use the no form of the command to disable hitless stacking failover. The change takes effect
immediately.
The hitless-failover enable and no hitless-failover enable commands must be executed from the
active stack controller.
You must assign a stack mac address to the device using the stack mac address command before
you can execute the hitless-failover enable command.
Examples
The following example enables hitless stacking switchover and failover on the active controller for the
stack.
device(config)# hitless-failover enable
History
38
Release version
Command history
08.0.00a
This command was introduced.
08.0.20
Hitless failover is enabled by default.
FastIron Command Reference
53-1003389-04
inactivity-timer
inactivity-timer
Configures the time a forwarding entry can remain unused before the device deletes it.
Syntax
inactivity-timer seconds
no inactivity-timer seconds
Command Default
Parameters
The default inactive time is 180 seconds.
seconds
Specifies the time in seconds. The range is 60 through 3600 seconds. The
default is 180 seconds.
Modes
Usage Guidelines
PIM router configuration mode
The no form of this command restores the default inactive time, 180 seconds.
A device deletes a forwarding entry if the entry is not used to send multicast packets. The Protocol
Independent Multicast (PIM) inactivity timer defines how long a forwarding entry can remain unused
before the device deletes it.
Examples
This example configures an inactive time to 90 seconds.
device(config)# router pim
device(config-pim-router)# inactivity-timer 90
FastIron Command Reference
53-1003389-04
39
inline power
inline power
Configures inline power on Power over Ethernet (PoE) ports in interface configuration mode and link
aggregation group (LAG) secondary ports in global configuration mode.
Syntax
inline power ethernet interface [ decouple-datalink ] [ power-by-class power-class ] [ power-limit
power-limit ] [ priority priority -value ]
no inline power ethernet interface [ decouple-datalink ] [ power-by-class power-class ] [ powerlimit power-limit ] [ priority priority -value ]
NOTE
The ethernetinterface pair of parameters is required only if you want to configure inline power on
secondary ports (you must use global configuration mode to do this).
Parameters
ethernet
Specifies an ethernet interface. You can configure the ethernet keyword only in
global configuration mode.
interface
Specifies the number of the ethernet interface. This is used only with the
ethernet keyword.
decouple-datalink
Specifies decoupling of datalink and PoE so that datalink state changes do not
affect the PoE state. You can configure the decouple-datalink keyword in
global and interface configuration modes.
power-by-class
Specifies the power limit based on class value. The range is 0-4. The default is
0.
power-limit
Specifies the power limit based on actual power value in mW. The range is
1000-15400|30000mW. The default is 15400|30000mW. For PoH ports, the
range is 1000-95000mW, and the default is 95000mW. The power-limit value is
rounded to the nearest multiple of 5 on PoH ports.
priority
Specifies the priority for power management. The range is 1 (highest) to 3
(lowest). The default is 3.
Modes
Global configuration mode
Interface configuration mode
Usage Guidelines
You cannot configure inline power on PoE LAG ports in interface configuration mode because the
interface-level configuration is not available in the CLI for LAG secondary ports. The inline power
ethernet command enables you to configure inline power on secondary ports in global configuration
mode.
The decouple-datalink keyword was introduced in Release 08.0.01 to support the inline-power
functionality. The decouple-datalink functionality is not supported in releases earlier than Release
08.0.01.
40
FastIron Command Reference
53-1003389-04
Commands F - J
WARNING
If you want to keep decoupling in place on a PoE port when you configure the inline power ethernet
command to change its other parameters, (for example, priority) you must also configure the decoupledatalink keyword.
WARNING
If you downgrade to a release earlier than 08.0.01, you cannot use inline power commands that have
the decouple-datalink keyword. Any inline power commands in the startup config will not be effective.
Examples
Configuring inline power on LAG ports
The following example configures inline power on LAG ports.
Device(config)# lag "mylag" static id 5
Device(config-lag-mylag)# ports ethernet 1/1/1 to 1/1/4
Device(config-lag-mylag)# primary-port 1/1/1
Device(config-lag-mylag)# deploy
LAG mylag deployed successfully!
Device(config)#inline power ethernet 1/1/1 power-by-class 3
Device(config)#inline power ethernet 1/1/2
Device(config)#inline power ethernet 1/1/3 priority 2
Device(config)#inline power ethernet 1/1/4 power-limit 12000
Decoupling of inline power and datalink operations on PoE LAG ports
The following example decouples the behavior of the PoE and the datalink operations for PoE LAG
ports. After the optional decouple-datalink keyword in the inline power ethernet command is entered,
the datalink operational behavior on a PoE port does not affect the power state of the powered device
(PD) that is connecting to the port.
Device(config)#inline power ethernet 1/1/1 decouple-datalink power-by-class 3
Device(config)#inline power ethernet 1/1/2 decoupledatalink
Device(config)#inline power ethernet 1/1/3 decouple-datalink priority 2
Device(config)#inline power ethernet 1/1/4 decouple-datalink power-limit 12000
Device(config)# lag "mylag" static id 5
Device(config-lag-mylag)# ports ethernet 1/1/1 to 1/1/4
Device(config-lag-mylag)# primary-port 1/1/1
Device(config-lag-mylag)# deploy
LAG mylag deployed successfully!
Decoupling of inline power and datalink operations on regular PoE ports
The following example decouples the behavior of the PoE and the datalink operations for regular PoE
ports. After the optional decouple-datalink keyword in the inline power command is entered, the
datalink operational behavior on a PoE port does not affect the power state of the powered device (PD)
that is connecting to the port.
Device(config)# interface ethernet 1/1/1
Device(config-if-e1000-1/1/1)# inline power decouple-datalink power-by-class 3
Device(config-if-e1000-1/1/1)# interface ethernet 1/1/2
Device(config-if-e1000-1/1/2)# inline power decouple-datalink
Device(config-if-e1000-1/1/2)# interface ethernet
1/1/3
Device(config-if-e1000-1/1/3)# inline power decouple-datalink priority 2
Device(config-if-e1000-1/1/3)# interface ethernet 1/1/4
Device(config-if-e1000-1/1/4)# inline power decouple-datalink power-limit 12000
FastIron Command Reference
53-1003389-04
41
Commands F - J
History
42
Release
Command History
08.0.01
This command was modified to run in global
configuration mode using the ethernet keyword. The
decouple-datalink keyword was also introduced.
08.0.20
This command was modified to allow requisite PoH
power limits.
FastIron Command Reference
53-1003389-04
inline power install-firmware scp
inline power install-firmware scp
Upgrades the PoE firmware of a Brocade SX module or FastIron stacking device by downloading a
firmware file from an SCP server.
Syntax
Parameters
inline power install-firmware { stack-unit unit-id | module module-id } scp { ipv4-address- | ipv4hostname- | ipv6 { ipv6-address- | ipv6-hostname- } outgoing-interface { ethernet stackid/slot/port | ve
ve-number } } [ public-key { dsa | rsa } ] [ remote-port ] remote-filename
stack-unit unit-id
Specifies the unit ID of the FastIron device in the stack to copy the PoE
firmware. You must specify the stack unit when you configure the inline power
install-firmware command to upgrade PoE firmware on a stacking device.
module module-id
Specifies the module ID of the Brocade SX device to copy the PoE firmware.
You must specify the module when you configure the inline power installfirmware command to upgrade PoE firmware on a Brocade SX device.
ipv4-addressSpecifies the IPV4 address of the SCP server, using 8-bit values in dotted
decimal notation.
ipv4-hostnameSpecifies the IP hostname of the SCP server.
ipv6
Specifies the IPV6 address method for SCP file transfer.
ipv6-address-prefix/prefix-length
Specifies the IPV6 address of the SCP server. You must specify this address in
hexadecimal using 16-bit values between colons, as documented in RFC 2373.
ipv6-hostnameSpecifies the IPv6 hostname of the SCP server.
outgoing-interface
Specifies the interface to be used to reach the remote host.
ethernet stackid/slot/port
Configures an Ethernet interface as the outgoing interface.
ve ve-number
Configures a virtual interface (VE) as the outgoing interface.
public-key
Specifies the type of public key authentication to use for the connection, either
digital signature algorithm (DSA) or Rivest, Shamir, and Adelman (RSA) . If you
do not configure this parameter, the default authentication type is password.
dsa
Specifies DSA as the public key authentication.
rsa
Specifies RSA as the public key authentication.
remote-port
Specifies the remote port number for the TCP connection.
remote-filename
Specifies the name of the file in the SCP server that is be transferred. You can
specify up to 127 characters for the filename.
Modes
Usage Guidelines
Privileged EXEC mode
You are prompted for username and password when you configure this command.
FastIron Command Reference
53-1003389-04
43
Commands F - J
If you do not configure the type of public key authentication, the default authentication type is password.
You must specify the stack unit and module when you configure the inline power install-firmware
command to upgrade PoE firmware on a stacking device.
Examples
This example upgrades the PoE firmware of a FastIron device by downloading a firmware file from an
SCP server:
Device#inline power install-firmware stack-unit 2 scp 2.2.2.2
icx64xx_poeplus_02.1.0.b004.fw
History
44
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
ip arp inspection validate
ip arp inspection validate
Enables validation of the ARP packet destination MAC, ARP Packet IP, and source MAC addresses.
Syntax
Command Default
Parameters
ip arp inspection validate [dst-mac | ip | src-mac]
IP ARP packet destination address validation is disabled.
dst-mac
Checks the destination MAC address in the Ethernet header against the target
MAC address in the ARP body for ARP responses. When enabled, packets with
different MAC addresses are classified as invalid and are dropped.
ip
Checks the ARP body for invalid and unexpected IP addresses. Addresses
include 0.0.0.0, 255.255.255.255, and all IP multicast addresses. Sender IP
addresses are checked in all ARP requests and responses, and target IP
addresses are checked only in ARP responses.
src-mac
Checks the source MAC address in the Ethernet header against the sender
MAC address in the ARP body for ARP requests and responses. When
enabled, packets with different MAC addresses are classified as invalid and are
dropped.
Modes
Usage Guidelines
Global configuration mode
You can enable validation of ARP packet destination addresses for a single destination address or for
all destination addresses.
You must execute the command once for each type of ARP packet destination address you want to
validate.
Examples
The following example enables validation of the MAC, ARP Packet IP, and source MAC ARP packet
destination addresses.
device(config)#
device(config)#
device(config)#
device(config)#
History
configure terminal
ip arp inspection validate dst-mac
ip arp inspection validate src-mac
ip arp inspection validate ip
Release version
Command history
08.0.10a
This command was introduced.
FastIron Command Reference
53-1003389-04
45
ip bootp-use-intf-ip
ip bootp-use-intf-ip
Configures a Dynamic Host Configuration Protocol (DHCP) relay agent to set the source IP address of
a DHCP-client packet with the IP address of the interface in which the DHCP-client packet is received.
Syntax
ip bootp-use-intf-ip
no ip bootp-use-intf-ip
Command Default
Modes
The DHCP relay agent sets the source IP address of a DHCP-client packet with the IP address of the
outgoing interface to the DHCP server.
Global configuration mode
Usage Guidelines
You can configure ACLs on a DHCP server to permit or block access to the DHCP server from
particular subnets or networks. You can then use this command on the DHCP relay agent to reveal the
source subnet or network of a DHCP packet to the DHCP server, which enables the DHCP server to
process or discard the DHCP traffic according to the configured ACLs.
Examples
The following example configures a FastIron DHCP relay agent so that it sets the source IP address of
a DHCP-client packet with the IP address of the interface on which the DHCP-client packet is received.
device(config)# ip bootp-use-intf-ip
46
FastIron Command Reference
53-1003389-04
ip dscp-remark
ip dscp-remark
Enables remarking of the differentiated services code point (DSCP) field for all IPv4 packets.
Syntax
ip dscp-remark dscp-value
no ip dscp-remark dscp-value
Command Default
Parameters
DSCP remarking is disabled.
dscp-value
Specifies the DSCP value ranges you are remarking.
Modes
Global configuration mode
Interface configuration mode
Usage Guidelines
The no form of this command disables DSCP remarking.
In interface configuration mode, the command enables DSCP remarking for the given port. The
configuration can be done on a physical port, LAG, and VE port.
Examples
The following example globally enables DSCP remarking on all IPv4 packets when the DSCP bit value
is 40:
Device(config)# ip dscp-remark 40
The following example enables DSCP remarking on all IPv4 packets received on a specific port when
the DSCP bit value is 50:
Device(config)# interface ethernet1/1/1
Device(config-if-e1000-1/1/1)# ip dscp-remark 50
FastIron Command Reference
53-1003389-04
47
ip igmp group-membership-time
ip igmp group-membership-time
Specifies how long an IGMP group remains active on an interface in the absence of a group report.
Syntax
ip igmp group-membership-time num
no ip igmp group-membership-time num
Command Default
Parameters
By default, a group will remain active on an interface for 260 seconds in the absence of a group report.
num
Number in seconds, from 5 through 26000.
Modes
Usage Guidelines
Global configuration mode.
The no form of this command resets the group membership time interval to the default of 260 seconds.
Group membership time defines how long a group will remain active on an interface in the absence of a
group report.
Examples
This example specifies an IGMP (V1 and V2) membership time of 240 seconds.
Device(config)# ip igmp group-membership-time 240
48
FastIron Command Reference
53-1003389-04
ip igmp max-response-time
ip igmp max-response-time
Defines how long a device waits for an IGMP response from an interface before determining that the
group member on that interface is down and removing the interface from the group.
Syntax
ip igmp max-response-time num
no ip igmp max-response-time num
Command Default
Parameters
The device waits 10 seconds.
num
Number, in seconds, from 1 through 25. The default is 10.
Modes
Usage Guidelines
Examples
Global configuration mode.
The no form of this command resets the maximum response time interval to the default of 10 seconds.
To define
This example changes the IGMP (V1 and V2) maximum response time to 8 seconds.
Device(config)# ip igmp max-response-time 8
FastIron Command Reference
53-1003389-04
49
ip igmp port-version
ip igmp port-version
Configures an IGMP version recognized by a physical port that is a member of a virtual routing
interface.
Syntax
ip igmp port-version version-number ethernet port-number [ to ethernet port-number[ ethernet portnumber... ] ]
no ip igmp port-version version-number ethernet port-number [ to ethernet port-number[ ethernet
port-number... ] ]
Command Default
Parameters
IGMP Version 2 is enabled.
version-number
Specifies the version number: 1, 2, or 3. Version 2 is the default.
ethernet port-number
Specifies the physical port within a virtual routing interface.
Modes
Usage Guidelines
Examples
Interface configuration mode
The no form of this command restores the default; IGMP Version 2 is enabled.
This example enables IGMP Version 3 on a physical port that is a member of a virtual routing interface.
It first enables IGMP Version 2 globally, then enables Version 3 on ports 1/3 through 1/7 and port e2/9.
All other ports in this virtual routing interface are configured with IGMP Version 2.
device(config)#interface ve 3
device(config-vif-3)# ip igmp version 2
device(config-vif-3)# ip igmp port-version 3 e1/3 to e1/7 e2/9
50
FastIron Command Reference
53-1003389-04
ip igmp proxy
ip igmp proxy
Configures IGMP proxy on an interface
Syntax
ip igmp proxy [ group-filteraccess-list ]
no ip igmp proxy [ group-filteraccess-list ]
Command Default
Parameters
IGMP proxy is not enabled.
group-filter
Specifies filtering out groups in proxy report messages.
access-list
Specifies the access list name or number you want filtered out.
Modes
Usage Guidelines
Interface configuration mode.
The no form of this command disables IGMP proxy on an interface.
IGMP proxy is supported only in PIM dense environments where there are IGMP clients connected to
the Brocade device. PIM DM must be enabled in passive mode.
IGMP proxy is not supported on interfaces on which PIM sparse mode (SM) or Source Specific
Multicast (SSM) is enabled.
Enter the ip igmp proxy command without the group-filter keyword to remove the group-filter
association without disabling the proxy.
Examples
This example enables IGMP proxy on an interface. It first shows how to configure PIM globally,
configure an IP address that will serve as the IGMP proxy for an upstream device on interface 1/3,
enable PIM passive on the interface, and then enable IGMP proxy.
device(config)#router pim
device(config)#interface ethernet 1/3/3
device(config-if-e1000-1/3)#ip address 10.95.5.1/24
device(config-if-e1000-1/3)#ip pim passive
device(config-if-e1000-1/3)#ip igmp proxy
The following example filters out the ACL1 group in proxy report messages.
device(config)#router pim
device(config)#interface ethernet 1/3/3
device(config-if-e1000-1/3)#ip address 10.95.5.1/24
device(config-if-e1000-1/3)#ip pim passive
device(config-if-e1000-1/3)#ip igmp proxy group-filter ACL1
FastIron Command Reference
53-1003389-04
51
ip igmp query-interval
ip igmp query-interval
Defines how often a device queries an interface for IGMP group membership.
Syntax
ip igmp query-interval num
no ip igmp query-interval num
Command Default
Parameters
The query interval is 125 seconds
num
Number in seconds, from 2 through 3600. The default is 125.
Modes
Usage Guidelines
Global configuration mode.
The no form of this command resets the query interval to the default of 125 seconds.
You must specify a query-interval value that is a little more than twice the group membership time. You
can configure the ip igmp group-membership-time command to specify the IGMP group
membership time.
Examples
This example sets the IGMP query interval to 120 seconds.
Device(config)# ip igmp query-interval 120
52
FastIron Command Reference
53-1003389-04
ip igmp tracking
ip igmp tracking
Enables tracking and fast leave on an interface.
Syntax
ip igmp tracking
no ip igmp tracking
Command Default
Modes
Usage Guidelines
Tracking and fast leave are disabled.
Interface configuration mode.
The no form of this command restores the default; tracking and fast leave are disabled.
The IGMP Version 3 fast leave feature is supported in include mode but does not work in exclude
mode.
Examples
This example enables tracking and fast leave on a virtual routing interface.
Device(config)# interface ve 13
Device(config-vif-13)# ip igmp tracking
This example enables tracking and fast leave on a physical interface.
Device(config)# i(config)#interface ethernet 1/2/2
Device(config-if-e10000-1/2/2)# ip igmp tracking
FastIron Command Reference
53-1003389-04
53
ip igmp version
ip igmp version
Specifies the IGMP version on a device.
Syntax
ip igmp version version-number
no ip igmp version version-number
Command Default
Parameters
IGMP Version 2 is enabled.
version-number
Specifies the version number: 1, 2, or 3. Version 2 is the default.
Modes
Global configuration mode.
Interface configuration mode
Usage Guidelines
If this no form of this command restores the default; IGMP Version 2 is enabled.
Configure the ip igmp port-version command to configure an IGMP version recognized by a physical
port that is a member of a virtual routing interface
Examples
The following example enables IGMP Version 3 globally.
device#configure terminal
device(config)#ip igmp version 3
The following example, in interface configuration mode, enables IGMP Version 3 for a physical port.
device#configure terminal
device(config)#interface ethernet 1/5
device(config-if-1/5)#ip igmp version 3
The following example, in interface configuration mode, enables IGMP Version 3 for a virtual routing
interface on a physical port.
device#configure terminal
device(config)#interface ve 3
device(config-vif-1)#ip igmp version 3
54
FastIron Command Reference
53-1003389-04
ip max-mroute
ip max-mroute
Configures the maximum number of IPv4 multicast routes that are supported.
Syntax
ip max-mroute num
no ip max-mroute num
Command Default
Parameters
No maximum number of supported routes is configured.
num
Configures the maximum number of multicast routes supported.
Modes
Usage Guidelines
Examples
VRF configuration mode
The no form of this command restores the default (no maximum number of supported routes is
configured).
The following example configures the maximum number of 20 supported IPv4 multicast routes on the
VRF named my_vrf.
Device(config)# vrf my_vrf
Device(config)# address-family ipv4
Device(config-vrf)# ip max-mroute 20
History
Release version
Command history
8.0.10a
This command was introduced.
FastIron Command Reference
53-1003389-04
55
ip mroute
ip mroute
Configures a directly connected static IPv4 multicast route.
Syntax
ip mroute [ vrf vrf-name ] ip-address ip-address mask { ethernet stackid / slot / portnum | ve num |
tunnel num } [cost ] [ distance distance-value ] [ name name ]
no ip mroute [ vrf vrf-name ] ip-address ip-address mask { ethernet stackid / slot / portnum| ve num |
tunnel num } [cost ] [ distance distance-value ] [ name name ]
Command Default
Parameters
No static IPv4 multicast route is configured.
vrf vrf-name
Configures a static mroute for this virtual routing and forwarding (VRF) route.
ip-address ip-address mask
Configures the destination IPv4 address and prefix for which the route should
be added.
ethernet stackid / slot /portnum
Configures an Ethernet interface as the route path.
ve num
Configures a virtual interface as the route path.
tunnel num
Configures a tunnel interface as the route path.
cost
Configures a metric for comparing the route to other static routes in the static
route table that have the same destination. The range is 1-16; the default is 1.
distance distance-value
Configures the route's administrative distance. The range is 1-255; the default
is 1.
name name
Name for this static route.
Modes
Usage Guidelines
VRF configuration mode
The no form of this command deletes a previously configured directly connected static multicast route.
Connected routes on PIM enabled interfaces are automatically added to the mRTM table.
Examples
The following example configures a directly connected mroute to network 10.1.1.0/24 on interface ve
10.
Device(config-vrf)# ip mroute 10.1.1.0 255.255.255.0 ve 10
History
56
Release version
Command history
8.0.10a
This command was introduced.
FastIron Command Reference
53-1003389-04
ip mroute (next hop)
ip mroute (next hop)
Configures a static IPv4 multicast route (mroute) with a next hop..
Syntax
ip mroute [ vrf vrf-name ] ip-address ip-address mask next-hop address [ cost ] [ distance distancevalue ] [ name name ]
no ip mroute [ vrf vrf-name ] ip-address ip-address mask next-hop address [ cost ] [ distance distancevalue ] [ name name ]
Command Default
Parameters
No next-hop static IPv4 multicast route is configured.
vrf vrf-name
Configures a static mroute for this virtual routing and forwarding (VRF) route.
ip-address ip-address mask
Configures the destination IPv4 address and prefix for which the route should
be added.
next-hop address
Configures a next-hop address as the route path.
cost
Configures a metric for comparing the route to other static routes in the static
route table that have the same destination. The range is 1-16; the default is 1.
distance distance-value
Configures the route's administrative distance. The range is 1 through 255; the
default is 1.
name name
Name for this static route.
Modes
Usage Guidelines
Examples
VRF configuration mode
The no form of this command deletes a previously configured next-hop static IPv4 multicast route.
The following example configures a next-hop static multicast IPv4 route to network 10.1.1.0/24 with next
hop 10.2.1.1.
Device(config-vrf)# ip mroute 10.1.1.0 255.255.255.0 10.2.1.1
History
Release version
Command history
8.0.10a
This command was introduced.
FastIron Command Reference
53-1003389-04
57
ip mroute next-hop-enable-default
ip mroute next-hop-enable-default
Enables the option to use the default multicast route (mroute) to resolve a static IPv4 mroute next hop.
Syntax
ip mroute [ vrf vrf-name ] next-hop-enable-default
no ip mroute [ vrf vrf-name ] next-hop-enable-default
Command Default
Parameters
Static mroutes are not resolved using the default mroute.
vrf vrf-name
Configures a static mroute for this virtual routing and forwarding (VRF) route.
Modes
Usage Guidelines
Examples
VRF configuration mode
The no form of this command disables the default IPv4 mroute option for next hops.
The following example enables the use of the default mroute to resolve a static IPv4 mroute next hop:
Device(config-vrf)# ip mroute next-hop-enable-default
History
58
Release version
Command history
8.0.10a
This command was introduced.
FastIron Command Reference
53-1003389-04
ip mroute next-hop-recursion
ip mroute next-hop-recursion
Configures the recursion level when using static mroutes to resolve a static mroute next hop.
Syntax
ip mroute [ vrf vrf-name ] next-hop-recursion num
no ip mroute [ vrf vrf-name ] next-hop-recursion
Command Default
Parameters
The recursion level for resolving a static mroute next hop is 3.
vrf vrf-name
Configures a static mroute for this virtual routing and forwarding (VRF) route.
num
Specifies the recursion level used to resolve a static mroute next hop. The
range of possible values is from 1 to 10. This is not used in the no form.
Modes
Usage Guidelines
Examples
VRF configuration mode
The no form restores the default recursion level for resolving a static mroute next hop, which is 3. You
do not specify a value for the recursion level.
The following example configures the recursion level for resolving a static mroute next hop to 7:
device(config)# vrf vrf2
device(config-vrf-vrf2)# ip mroute next-hop-recursion 7
The following example configures the recursion level for resolving a static mroute next hop to 2:
device(config)# vrf vrf2
device(config-vrf-vrf2)# ip mroute next-hop-recursion 2
The following example restores the default recursion level of 3 for resolving a static mroute next hop:
device(config)# vrf vrf2
device(config-vrf-vrf2)# no ip mroute next-hop-recursion
History
Release version
Command history
8.0.10a
This command was introduced.
FastIron Command Reference
53-1003389-04
59
ip multicast
ip multicast
Configures the IGMP mode on a specific VLAN or on all VLANs on a device as active or passive.
Syntax
ip multicast [ vlan | vlan-id ] [ active | passive ]
no ip multicast
Command Default
Parameters
IGMP mode is passive.
vlan vlan-id
Specifies a VLAN.
active
Configures IGMP active mode, that is, the device actively sends out IGMP
queries to identify multicast groups on the network and makes entries in the
IGMP table based on the group membership reports it receives.
passive
Configures IGMP passive mode, that is, the device does not send queries but
forwards reports to the router ports that receive queries. When passive mode is
configured on a VLAN, queries are forwarded to the entire VLAN.
Modes
Global configuration mode
VLAN configuration mode
Usage Guidelines
The no form of this command returns the device to the previous IGMP mode.
When entered without the vlan keyword, this command configures active or passive IGMP mode on all
VLANs.
Routers in the network generally handle mode. Configure active IGMP mode only on a device is in a
standalone Layer 2 Switched network with no external IP multicast router attachments. If you want to
configure active IGMP mode on a device in such a network, you should do so on only one device and
leave the others configured as passive.
The IGMP mode configured on a VLAN overrides the mode configured globally.
Examples
The following example globally configures IGMP mode as active.
device#configure terminal
device(config)#ip multicast active
This example configures IGMP mode as active on VLAN 20.
device#configure terminal
device(config)#config vlan 20
device(config-vlan-20)#ip multicast active
60
FastIron Command Reference
53-1003389-04
ip multicast age-interval
ip multicast age-interval
Configures the time that group entries can remain in an IGMP group table on a specific VLAN or on all
VLANs.
Syntax
ip multicast age-interval [ vlan vlan-id ] interval
no ip multicast age-interval [ vlan vlan-id ] interval
Command Default
Parameters
Group entries can remain in the IGMP group table for up to 260 seconds.
vlan vlan-id
Specifies a VLAN.
interval
Specifies time, in seconds, that group entries can remain in the IGMP group
table. The range is 20 through 26000 seconds. The default is 260 seconds.
Modes
Usage Guidelines
Global configuration mode
The no form of this command restores the default age interval to 260 seconds.
When entered without the vlan keyword, this command configures the time that group entries can
remain in an IGMP group table on all VLANs.
When a device receives a group membership report it makes an entry for that group in the IGMP group
table. You can configure the ip multicast age-interval to specify how long the entry can remain in the
table before the device receives another group membership report. When multiple devices are
connected, they must all be configured for the same age interval, which must be at least twice the
length of the query interval, so that missing one report does not stop traffic.
Non-querier age intervals must be the same as the age interval of the querier.
Examples
This example configures the IGMP group-table age interval to 280 seconds.
device#configure terminal
device(config)#ip multicast age-interval 280
FastIron Command Reference
53-1003389-04
61
ip multicast disable-flooding
ip multicast disable-flooding
Disables the flooding of unregistered IPv4 multicast frames in an IGMP-snooping-enabled VLAN.
Syntax
ip multicast disable-flooding
no ip multicast disable-flooding
Command Default
Modes
The device floods unregistered IPv4 multicast frames in an IGMP-snooping-enabled VLAN.
Global configuration mode
Usage Guidelines
NOTE
This command is supported as follows:
• On ICX 6650 devices
• From Release 8.0.10d, on ICX 7750 devices
• From Release 8.0.30, on ICX 7450 and ICX 7250 devices
NOTE
In Release 8.0.20, the ip multicast disable-flooding command is supported only on standalone ICX
7750 devices. In Release 8.0.30 and later releases, the ip multicast disable-flooding command is
supported on both standalone and stacking ICX 7750 devices.
The no form of this command enables the flooding of unregistered IPv4 multicast frames in an IGMPsnooping-enabled VLAN.
After the hardware forwarding database (FDB) entry is made, the multicast traffic is switched only to the
VLAN hosts that are members of the multicast group. This can avoid congestion and loss of traffic on
the ports that have not subscribed to this IPv4 multicast traffic.
Examples
The following example disables flooding of unregistered IPv4 multicast frames.
Brocade(config)# ip multicast disable-flooding
History
62
Release version
Command history
08.0.01
This command was introduced.
08.0.30
This command was modified to support ICX 7450 and ICX 7250 devices.
FastIron Command Reference
53-1003389-04
ip multicast leave-wait-time
ip multicast leave-wait-time
Configures the wait time before stopping traffic to a port when a leave message is received.
Syntax
ip multicast leave-wait-time num
no ip multicast leave-wait-time num
Command Default
Parameters
The wait time is 2 seconds.
num
Specifies the time, in seconds, the device should wait before stopping traffic to
a port when a leave message is received The range is 1 through 5 seconds.
The default is 2 seconds.
Modes
Usage Guidelines
Global configuration mode
The no form of this command restores the default wait time.
The device sends group-specific queries once per second to ask if any client in the same port still needs
this group. Because of internal timer granularity, the actual wait time is between n and (n+1) seconds (n
is the configured value).
Examples
This example configures the maximum time a client can wait before responding to a query to 1 second.
Device(config)#ip multicast leave-wait-time 1
FastIron Command Reference
53-1003389-04
63
ip multicast max-response-time
ip multicast max-response-time
Sets the maximum number of seconds a client can wait before responding to a query sent by the
device.
Syntax
ip multicast max-response-time interval
no ip multicast max-response-time interval
Command Default
Parameters
The wait time is 10 seconds.
interval
Specifies the maximum time, in seconds, a client can wait before responding to
a query sent by the switch. The range is 1 through 10 seconds. The default is
10 seconds.
Modes
Usage Guidelines
Examples
Global configuration mode
The no form of this command restores the default maximum interval.
This example configures the maximum time a client can wait before responding to a query to 5 seconds.
Device(config)#ip multicast max-response-time 5
64
FastIron Command Reference
53-1003389-04
ip multicast mcache-age
ip multicast mcache-age
Configures the time for an mcache to age out when it does not receive traffic.
Syntax
ip multicast mcache-age num
no ip multicast mcache-age
Command Default
Parameters
The mcache ages out in 60 seconds.
num
Specifies the time, in multiples of 60 seconds, the device should wait before
stopping traffic to a port when a leave message is received The range is 60
through 3600 seconds, in multiples of 60. The default is 60 seconds.
Modes
Usage Guidelines
Global configuration mode
The no form of this command restores the default mcache age-out time.
Multicast traffic is hardware switched. One minute before aging out an mcache, the device mirrors a
packet of this mcache to CPU to reset the age. If no data traffic arrives within 60 seconds, this mcache
is deleted. Configuring a lower age-out time removes resources consumed by idle streams quickly, but
it mirrors packets to CPU often. Configure a higher value only when data streams are arriving
consistently.
Examples
This example configures the time for an mcache to age out to 180 seconds.
Device(config)#ip multicast mcache-age 180
FastIron Command Reference
53-1003389-04
65
ip multicast query-interval
ip multicast query-interval
Configures how often the device sends general queries when IP multicast traffic reduction is set to
active mode.
Syntax
ip multicast query-interval interval
no ip multicast query-interval interval
Command Default
Parameters
The query interval is 125 seconds.
interval
Specifies the time, in seconds, between queries. The range is 10 through 3600
seconds. The default is 125 seconds.
Modes
Usage Guidelines
Global configuration mode
The no form of this command restores the query interval to 125 seconds.
You can configure this command only when IP multicast traffic reduction is set to active IGMP snooping
mode.
When multiple queries are connected, they must all be configured for the same interval.
Examples
This example configures the time between queries to 120 seconds.
Device(config)#ip multicast query-interval 120
66
FastIron Command Reference
53-1003389-04
ip multicast report-control
ip multicast report-control
Limits report forwarding within the same multicast group to no more than once every 10 seconds.
Syntax
ip multicast report-control
no ip multicast report-control
Command Default
Modes
Usage Guidelines
A device in passive mode forwards reports and leave messages from clients to the upstream router
ports that are receiving queries.
Global configuration mode
The no form of this command restores the default.
NOTE
This feature applies to IGMP V2 only. The leave messages are not rate limited.
This rate-limiting does not apply to the first report answering a group-specific query.
Configure this command to alleviate report storms from many clients answering the upstream router
query.
The ip multicast report-control command was formerly named ip igmp-report-control . You can still
configure the command as ip igmp-report-control ; however, it is renamed when you configure the
show configuration command.
Examples
This example limits the rate of report forwarding within the same multicast group.
Device(config)#ip multicast report-control
FastIron Command Reference
53-1003389-04
67
ip multicast verbose-off
ip multicast verbose-off
Turns off the error or warning messages displayed by the device when it runs out of software
resources or when it receives packets with the wrong checksum or groups.
Syntax
ip multicast verbose-off
no ip multicast verbose-off
Command Default
Modes
Usage Guidelines
Error and warning messages are displayed.
Global configuration mode
The no form of this command restores display of error and warning messages .
Error and warning messages are rate-limited.
Examples
This example turns off error or warning messages .
Device(config)#ip multicast verbose-off
68
FastIron Command Reference
53-1003389-04
ip multicast version
ip multicast version
Configures the IGMP version for snooping globally.
Syntax
ip multicast version [ 2 | 3 ]
no ip multicast version
Command Default
Parameters
IGMP version 2 is configured.
2
Configures IGMP version 2.
3
Configures IGMP version 3.
Modes
Usage Guidelines
Global configuration mode
The no form of this command restores the version to IGMP version 2.
If Layer 3 multicast routing is enabled on the device, Layer 2 IGMP snooping is automatically enabled.
See the description of the multicast version command for information on how to configure the IGMP
version on a VLAN.
See the description of the multicast port-version command for information on how to configure the
IGMP version on an individual port
Examples
This example specifies IGMP version 3 on a device.
Device(config)#ip multicast version 3
FastIron Command Reference
53-1003389-04
69
ip multicast-nonstop-routing
ip multicast-nonstop-routing
Globally enables multicast non-stop routing for all virtual routing and forwarding (VRF) instances.
Syntax
ip multicast-nonstop-routing
no ip multicast-nonstop-routing
Command Default
Modes
Usage Guidelines
Examples
Multicast non-stop routing is not enabled on VRFs.
Global configuration mode
The no form of this command restores the default non-stop routing.
The following example globally enables multicast non-stop routing for all VRFs.
device#configure terminal
device(config)#ip multicast-nonstop-routing
70
FastIron Command Reference
53-1003389-04
ip pcp-remark
ip pcp-remark
Enables remarking of the priority code point (PCP) field in the VLAN header for all received tagged
packets.
Syntax
ip pcp-remark pcp-value
no ip pcp-remark pcp-value
Command Default
Parameters
PCP remarking is disabled.
pcp-value
Specifies the PCP value ranges you are remarking.
Modes
Global configuration mode
Interface configuration mode
Usage Guidelines
The no form of this command disables PCP remarking.
In Interface configuration mode, the command enables PCP remarking for each port. The command can
be configured only on Layer 2 ports. The configuration can be done on a physical port, LAG, and VE
port.
Examples
The following example globally enables remarking of received tagged packets when the PCP bit value
is 4.
Device(config)# ip pcp-remark 4
The following example enables remarking of received tagged packets on a specific port when the PCP
bit value is 5.
Device(config)# interface ethernet1/1/1
Device(config-if-e1000-1/1/1)# ip pcp-remark 5
FastIron Command Reference
53-1003389-04
71
ip pim
ip pim
Configures PIM in Dense mode on an interface.
Syntax
ip pim [ passive ]
no ip pim [ passive ]
Command Default
Parameters
PIM is not enabled.
passive
Specifies PIM passive mode on the interface.
Modes
Usage Guidelines
Interface configuration mode
The no form of this command disables PIM.
You must enable PIM globally before you enable it on an interface.
You must enable PIM on an interface before you can configure PIM passive on it.
Support for the ip pim passive command is implemented at Layer 3 interface (Ethernet or virtual
Ethernet) level.
Because the loopback interfaces are never used to form PIM neighbors, the ip pim passive command
is not supported on loopback interfaces.
The sent and received statistics of a PIM Hello message are not changed for an interface while it is
configured as PIM passive.
Examples
This example enables PIM globally, then enables it on interface 3.
Device(config)# router pim
Device(config-pim-router)# interface ethernet 1/1/3
Device(config-if-e10000-1/1/3)# ip address 207.95.5.1/24
Device(config-if-e10000-1/1/3)# ip pim
This example enables PIM passive on an interface.
Device(config)# router pim
device(config-pim-router)#exit
Device(config)#interface ethernet 2
Device(config-if-e1000-2)#ip pim
Device(config-if-e1000-2)#ip pim passive
Device(config-if-e1000-2)#exit
Device(config)#interface ve 2
Device(config-vif-2)#ip pim-sparse
Device(config-vif-2)#ip pim passive
Device(config-vif-2)#exit
72
FastIron Command Reference
53-1003389-04
ip pim border
ip pim border
Configures PIM parameters on an interface on a PIM Sparse border.
Syntax
ip pim border
no ip pim border
Command Default
Modes
Usage Guidelines
The interface is not configured as a border device.
Interface configuration mode
The no form of this command removes the boundary on a PIM-enabled interface.
You can configure this command only in a PIM Sparse domain, that is, you must configure the ip pimsparse command before you configure the ip pim border command.
Examples
This example adds an IPv4 interface to port 1/2/2, enables PIM Sparse on the interface and configures
it as a border device.
Device(config)# interface ethernet
Device(config-if-e10000-1/2/2)# ip
Device(config-if-e10000-1/2/2)# ip
Device(config-if-e10000-1/2/2)# ip
FastIron Command Reference
53-1003389-04
1/2/2
address 207.95.7.1 255.255.255.0
pim-sparse
pim border
73
ip pim dr-priority
ip pim dr-priority
Configures the designated router (DR) priority on IPv4 interfaces.
Syntax
ip pim dr-priority priority-value
no ip pim dr-priority priority-value
Command Default
Parameters
The DR priority value is 1.
priority-value
Specifies the DR priority value as an integer. The range is 0 through 65535.
The default is 1.
Modes
Usage Guidelines
Interface configuration mode
The no form of this command restores the default DR priority value, 1.
You must enable PIM globally before you enable it on an interface.
You can configure the ip pim dr-priority command in either Dense mode (DM) or Sparse mode (SM).
If more than one device has the same DR priority on a subnet (as in the case of default DR priority on
all), the device with the numerically highest IP address on that subnet is elected as the DR.
The DR priority information is used in the DR election only if all the PIM devices connected to the
subnet support the DR priority option. If at least one PIM device on the subnet does not support this
option, the DR election falls back to the backwards compatibility mode in which the device with the
numerically highest IP address on the subnet is declared the DR regardless of the DR priority values.
Examples
This example configures a DR priority value of 50.
Device(config)# interface ethernet 1/3/24
Device(config-if-e10000-1/3/24)# ip pim dr-priority 50
74
FastIron Command Reference
53-1003389-04
ip pim neighbor-filter
ip pim neighbor-filter
Determines which devices can become PIM neighbors.
Syntax
ip pim neighbor-filter { acl-name | acl-id }
no ip pim neighbor-filter { acl-name | acl-id }
Command Default
Parameters
Neighbor filtering is not applied on the interface.
acl-name
Specifies an ACL as an ASCII string.
acl-id
Specifies either a standard ACL as a number in the range 1 to 99 or an
extended ACL as a number in the range 100 to 199.
Modes
Usage Guidelines
Interface configuration mode
The no form of this command removes any neighbor filtering applied on the interface.
You must enable PIM globally before you enable it on an interface.
You can configure the ip pim neighbor-filter command in either Dense mode (DM) or Sparse mode
(SM).
Configure the access-list command to create an access-control list (ACL)that specifies the devices you
want to permit and deny participation in PIM
Examples
This example prevents the host from becoming a PIM neighbor on interface Ethernet 1/3/24.
Device(config)# interface ethernet 1/3/24
Device(config-if-e10000-1/3/24)# ip pim neighbor-filter
This example configures an ACL named 10 to deny a host and then prevents that host, 10.10.10.2,
identified in that ACL from becoming a PIM neighbor on interface Ethernet 1/3/24.
Device(config)# access-list 10 deny host 10.10.10.2
Device(config)# access-list 10 permit any
Device(config)# interface ethernet 1/3/24
Device(config-if-e10000-1/3/24)# ip pim neighbor-filter 10
History
Release version
Command history
8.0.20a
This command was introduced.
FastIron Command Reference
53-1003389-04
75
ip pimsm-snooping
ip pimsm-snooping
Enables PIM Sparse mode (SM) traffic snooping globally.
Syntax
ip pimsm-snooping
no ip pimsm-snooping
Command Default
Modes
PIM SM traffic snooping is disabled.
Global configuration mode
VLAN configuration mode
Usage Guidelines
The no form of this command disables PIM SM traffic snooping.
The device must be in passive mode before it can be configured for PIM SM snooping.
Use PIM SM snooping only in topologies where multiple PIM sparse routers connect through a device.
PIM SM snooping does not work on a PIM dense mode router that does not send join messages and on
which traffic to PIM dense ports is stopped. A PIM SM snooping-enabled device displays a warning if it
receives PIM dense join or prune messages.
When PIM SM snooping is enabled globally, you can override the global setting and disable it for a
specific VLAN.
Examples
This example shows how to enable PIM SM traffic snooping.
Device(config)# ip pimsm-snooping
This example overrides the global setting and disable PIM SM traffic snooping on VLAN 20.
Device(config)# vlan 20
Device(config-vlan-20)# no ip pimsm-snooping
76
FastIron Command Reference
53-1003389-04
ip pim-sparse
ip pim-sparse
Enables PIM Sparse on an interface that is connected to the PIM Sparse network.
Syntax
ip pim-sparse [ passive ]
no ip pim-sparse [ passive ]
Command Default
Parameters
PIM Sparse is not enabled on the interface.
passive
Specifies PIM passive mode on the interface.
Modes
Usage Guidelines
Interface configuration mode
The no ip pim-sparse command disables PIM Sparse.
The no ip pim-sparse passive command disables PIM passive mode on the interface.
You must enable PIM Sparse globally before you enable it on an interface.
If the interface is on the border of the PIM Sparse domain, you also must configure the ip pim border
command.
Examples
This example adds an IP interface to port 1/2/2, then enable PIM Sparse on the interface.
Device(config)# interface ethernet 1/2/2
Device(config-if-e10000-2/2)# ip address 207.95.7.1 255.255.255.0
Device(config-if-e10000-2/2)# ip pim-sparse
FastIron Command Reference
53-1003389-04
77
ip ssh encryption disable-aes-cbc
ip ssh encryption disable-aes-cbc
Disables the Advanced Encryption Standard - Cipher-Block Chaining (AES-CBC) encryption mode for
the Secure Shell (SSH) protocol.
Syntax
ip ssh encryption disable-aes-cbc
no ip ssh encryption disable-aes-cbc
Command Default
Modes
Usage Guidelines
Examples
If JITC is enabled, only AES-CTR encryption mode is supported and AES-CBC mode is disabled by
default. In the standard mode, the AES-CBC encryption mode is enabled.
Global configuration mode
The no form of the command enables the AES-CBC encryption mode.
The following example disables the AES-CBC encryption mode.
device(config)#
History
78
ip ssh encryption disable-aes-cbc
Release version
Command history
08.0.20a
This command was introduced.
FastIron Command Reference
53-1003389-04
ip ssl min-version
ip ssl min-version
Configures the minimum TLS version to be used to establish the TLS connection.
Syntax
ip ssl min-version { tls_1_0 | tls_1_1 | tls_1_2 }
no ip ssl min-version { tls_1_0 | tls_1_1 | tls_1_2 }
Command Default
For devices which act as an SSL server or HTTPS server, the default connection is with TLS1.2.
For the Brocade device which acts as the SSL client or the syslog, OpenFlow, or secure AAA client, the
TLS version is decided based on the server support.
Parameters
tls_1_0
Specifies TLS 1.0 as the minimum version.
tls_1_1
Specifies TLS 1.1 as the minimum version.
tls_1_2
Specifies TLS 1.2 as the minimum version.
Modes
Usage Guidelines
Global configuration mode
If tls_1_1 is set as the minimum version, TLS 1.1 and later versions are supported.
The no form of the command removes the minimum TLS version configuration and supports all TLS
versions.
Examples
The following example establishes the TLS connection using the TLS 1.1 version and above.
device(config)# ip ssl min-version tls_1_1
History
Release version
Command history
08.0.20a
This command was introduced.
FastIron Command Reference
53-1003389-04
79
ipv6 max-mroute
ipv6 max-mroute
Configures the maximum number of IPv6 multicast routes that are supported.
Syntax
ipv6 max-mroute num
no ipv6 max-mroute num
Command Default
Parameters
No maximum number of supported routes is configured.
num
Configures the maximum number of multicast routes supported.
Modes
Usage Guidelines
Examples
VRF configuration mode
The no form of this command restores the default (no maximum number of supported routes is
configured).
The following example configures the maximum number of 20 supported IPv6 multicast routes on the
VRF named my_vrf.
Device(config)# vrf my_vrf
Device(config)# address-family ipv6
Device(config-vrf)# ipv6 max-mroute 20
History
80
Release version
Command history
8.0.10a
This command was introduced.
FastIron Command Reference
53-1003389-04
ipv6 mld group-membership-time
ipv6 mld group-membership-time
Specifies the multicast listener discovery (MLD) group membership time for the default VRF or for a
specified VRF.
Syntax
ipv6 mld group-membership-time num
no ipv6 mld group-membership-time num
Command Default
Parameters
An MLD group will remain active on an interface in the absence of a group report for 260 seconds, by
default.
num
Number in seconds, from 5 through 26000.
Modes
Global configuration mode.
VRF configuration mode.
Usage Guidelines
The no form of this command resets the group membership time interval to the default of 260 seconds.
Group membership time defines how long a group will remain active on an interface in the absence of a
group report.
Examples
This example specifies an MLD group membership time of 2000 seconds for the default VRF.
device# configure terminal
device(config)# ipv6 mld group-membership-time 2000
This example specifies an MLD group membership time of 2000 seconds for a specified VRF.
device# configure terminal
device(config)# ipv6 router pim vrf blue
device(config-ipv6-pim-router-vrf-blue)# ipv6 mld group-membership-time 2000
FastIron Command Reference
53-1003389-04
81
ipv6 mld llqi
ipv6 mld llqi
Configures the multicast listener discovery (MLD) last listener query interval.
Syntax
ipv6 mld llqi seconds
no ipv6 mld llqi seconds
Command Default
Parameters
The MLD last listener query interval is 1 second.
seconds
specifies the number in seconds, of MLD group addresses available for all
VRFs. The range is 1 through 25; the default is 1.
Modes
Global configuration mode
VRF configuration mode
Usage Guidelines
The no form of this command restores the default MLD last listener query interval.
Any MLD group memberships exceeding the group limit are not processed.
The last listener query interval is the maximum response delay inserted into multicast address-specific
queries sent in response to Done messages, and is also the amount of time between multicast addressspecific query messages. When a device receives an MLD Version 1 leave message or an MLD
Version 2 state-change report, it sends out a query and expects a response within the time specified by
the last listener query interval. Configuring a lower value for the last listener query interval allows
members to leave groups faster.
Examples
This example configures a last listener query interval of 5 seconds.
Device(config)# ipv6 mld llqi 5
This example configures a last listener query interval of 5 seconds for a VRF.
Device(config)# ipv6 router pim vrf blue
Device(config-ipv6-pim-router-vrf-blue)# ipv6 mld llqi 5
82
FastIron Command Reference
53-1003389-04
ipv6 mld max-group-address
ipv6 mld max-group-address
Configures the maximum number of MLD addresses for the default virtual routing and forwarding (VRF)
instance or for a specified VRF.
Syntax
ipv6 mld max-group-address num
no ipv6 mld max-group-address num
Command Default
Parameters
If this command is not configured, the maximum number of MLD addresses is determined by available
system resources.
num
specifies the maximum number of MLD group addresses available for all VRFs.
The range is 1 through 8192; the default is 4096.
Modes
Global configuration mode
VRF configuration mode
Usage Guidelines
If the no form of this command is configured, the maximum number of MLD addresses is determined by
available system resources.
Any MLD group memberships exceeding the group limit are not processed.
Examples
This example configures a maximum of 1000 IGMP addresses for the default VRF.
Device(config)# ipv6 mld max-group-address 1000
This example configures a maximum of 1000 IGMP addresses for the VRF named vpn1.
Device(config)# vrf vpn1
Device(config-vrf-vpn1)# address-family ipv4
Device(config-vrf-vpn1-ipv4)# ip igmp max-group-address 1000
FastIron Command Reference
53-1003389-04
83
ipv6 mld max-response-time
ipv6 mld max-response-time
Configures the maximum time a multicast listener has to respond to queries for the default virtual
routing and forwarding (VRF) instance or for a specified VRF.
Syntax
ipv6 mld max-response-time num
no ipv6 mld max-response-time num
Command Default
Parameters
If this command is not configured, the maximum time a multicast listener has to respond to queries is 10
seconds.
num
specifies the maximum time, in seconds, a multicast listener has to respond.
The range is 1 through 25; the default is 10.
Modes
Global configuration mode
VRF configuration mode
Usage Guidelines
Examples
If the no form of this command is configured, the maximum time a multicast listener has to respond to
queries is 10 seconds.
The following example configures the maximum time a multicast listener has to respond to queries to 20
seconds.
device# configure terminal
device(config)# ipv6 mld max-response-time 20
The following example configures the maximum time a multicast listener has to respond to queries to 20
seconds for the VRF named vpn1.
device# configure terminal
device(config)# vrf vpn1
Device(config-vrf-vpn1)# address-family ipv6
device(config)# ipv6 mld max-response-time 20
84
FastIron Command Reference
53-1003389-04
ipv6 mld port-version
ipv6 mld port-version
Configures the multicast listening discovery (MLD) version on a virtual Ethernet interface.
Syntax
ipv6 mld port-version version-number
no ipv6 mld port-version
Command Default
Parameters
The port uses the MLD version configured globally.
version-number
Specifies the MLD version, 1 or 2.
Modes
Usage Guidelines
Examples
Interface configuration mode
The no form of this command restores the MLD version configured globally.
This example configures MLD version 2 on virtual Ethernet interface 10.
device# configure terminal
device(config)# interface ve 10
device(config-vif-10)# ipv6 mld port-version 2
FastIron Command Reference
53-1003389-04
85
ipv6 mld query-interval
ipv6 mld query-interval
Configures the frequency at which multicast listening discovery (MLD) query messages are sent.
Syntax
ipv6 mld query-interval num
no ipv6 mld query-interval num
Command Default
Parameters
125 seconds
num
Number in seconds, from 2 through 3600. The default is 125.
Modes
Global configuration mode.
VRF configuration mode.
Usage Guidelines
The no form of this command resets the query interval to the default of 125 seconds.
You must specify a query-interval value that is greater than the interval configured by the ipv6 mld
max-response-time command.
Examples
This example sets the MLD query interval to 50 seconds.
Device(config)# ipv6 mld query-interval 50
This example sets the MLD query interval for a VRF to 50 seconds.
Device(config)# ipv6 router pim vrf blue
Device(config-ipv6-pim-router-vrf-blue)# ipv6 mld query-interval 50
86
FastIron Command Reference
53-1003389-04
ipv6 mld robustness
ipv6 mld robustness
Configures the number of times that the device sends each multicast listening discovery (MLD)
message from an interface.
Syntax
ipv6 mld robustness num
no ipv6 mld robustness num
Command Default
Parameters
The MLD robustness is 2 seconds.
num
Number in seconds, from 2 through 7. The default is 2.
Modes
Global configuration mode.
VRF configuration mode.
Usage Guidelines
The no form of this command resets the query interval to the default of 2 seconds.
Configure a higher value to ensure high MLD reliability.
Examples
This example configures the MLD robustness to 3 seconds.
Device(config)# ipv6 mld robustness 3
This example configures the MLD robustness for a VRF to 3 seconds.
Device(config)# ipv6 router pim vrf blue
Device(config-ipv6-pim-router-vrf-blue)# ipv6 mld robustness 3
FastIron Command Reference
53-1003389-04
87
ipv6 mld static-group
ipv6 mld static-group
Configures one or more physical ports to be a permanent (static) member of a multicast listening
discovery (MLD) group based on the range or count.
Syntax
ipv6 mld static-group multicast-group-addr [ count count-number | to multicast-group-addr ] [
ethernet stackid/slot/portnum ] [ ethernet stackid/slot/portnum to ethernet stackid/slot/portnum ] ]
no ipv6 mld static-group multicast-group-addr [ count count-number | to multicast-group-addr ] [
ethernet stackid/slot/portnum ] [ ethernet stackid/slot/portnum to ethernet stackid/slot/portnum ] ]
Command Default
Parameters
The port is not added to MLD group.
ip-addr
The address of the static MLD group.
count count-number
Specifies the number of static MLD groups The range is 2 through 256.
to
Specifies a range of addresses.
ethernet stackid/slot/portnum
Specifies the ID of the physical port that will be a member of the MLD group.
On standalone devices specify the interface ID in the format slot/port-id; on
stacked devices you must also specify the stack ID, in the format stack-id/slot/
port-id. You can configure a single port or a list of ports, separated by a space.
Modes
Usage Guidelines
Interface configuration mode.
The no form of this command removes the port or ports from the MLD group.
You can specify as many port numbers as you want to include in the static group.
For a virtual routing interface (ve), specify the physical Ethernet ports on which to add the group
address.
Examples
The following example configures two static groups, starting from ff0d::1, without having to receive an
MLDv1 report on a virtual Ethernet interface,
device# configure terminal
device(config)# interface ethernet 10000 1/1/2
device(config-if-e10000-1/1/2)# ipv6 mld static-group ff0d::1 count 2
The following example configures two static MLD groups, starting from ff0d::1, using the to keyword.
device# configure terminal
device(config)# interface ethernet 10000 1/1/2
device(config-if-e10000-1/1/2)# ipv6 mld static-group ff0d::1 to ff0d::2
The following example configures two static MLD groups on virtual ports starting from ff0d::1 using the
count keyword.
device# configure terminal
device(config)# interface ve 10
device(config-vif-10)# ipv6 mld static-group ff0d::1 count 2 ethernet 1/5/2
The following example configures two static groups on virtual ports starting from ff0d::1 using the to
keyword.
device# configure terminal
device(config)# interface ve 10
device(config-vif-10)# ipv6 mld static-group ff0d::1 to ff0d::2 ethernet 1/5/2
88
FastIron Command Reference
53-1003389-04
ipv6 mld tracking
ipv6 mld tracking
Enables multicast listening discovery (MLD) tracking on a virtual interface.
Syntax
ipv6 mld tracking
no ipv6 mld tracking
Command Default
Modes
Usage Guidelines
Multicast tracking is disabled on the virtual interface.
Virtual interface configuration mode
The no form of this command restores the default; tracking is disabled.
When MLD tracking is enabled, a Layer 3 device tracks all clients that send membership reports. When
a Leave message is received from the last client, the device immediately stops forwarding to the
physical port, without waiting 3 seconds to confirm that no other clients still want the traffic.
Examples
This example enables multicast tracking on a virtual interface.
device# configure terminal
device(config)# interface ve 13
device(config-vif-13)# ipv6 mld tracking
FastIron Command Reference
53-1003389-04
89
ipv6 mroute
ipv6 mroute
Configures a static IPv6 route to direct multicast traffic along a specific path.
Syntax
ipv6 mroute [ vrf vrf-name ] ipv6-address-prefix/prefix-length { ethernet stackid / slot / portnum | ve
num | tunnel num } [cost ] [ distance distance-value ] [ name name ]
no ipv6 mroute [ vrf vrf-name ] ipv6-address-prefix/prefix-length { ethernet stackid / slot / portnum | ve
num | tunnel num } [cost ] [ distance distance-value ] [ name name ]
Command Default
Parameters
No static IPv6 multicast route is configured.
vrf vrf-name
Configures a static mroute for this virtual routing and forwarding (VRF) route.
ipv6-address-prefix/prefix-length
Configures the destination IPv6 address and prefix for which the route should
be added.
ethernet stackid / slot /portnum
Configures an Ethernet interface as the route path.
ve num
Configures a virtual interface as the route path.
tunnel num
Configures a tunnel interface as the route path.
cost
Configures a metric for comparing the route to other static routes in the IPv6
static route table that have the same destination. The range is 1 to 16; the
default is 1.
distance distance-value
Configures the route's administrative distance. The range is 1 to 255; the
default is 1.
name name
Name for this static route.
Modes
Usage Guidelines
VRF configuration mode
The no form of this command deletes a previously configured static multicast route.
Connected routes on PIM enabled interfaces are automatically added to the mRTM table.
Examples
The following example configures a static IPv6 mroute to directly connected network 2020::0/120 on
virtual interface ve 130.
Device(config-vrf)# ipv6 mroute 2020::0/120 ve 130
History
90
Release version
Command history
8.0.10a
This command was introduced.
FastIron Command Reference
53-1003389-04
ipv6 mroute (next hop)
ipv6 mroute (next hop)
Configures a static IPv6 multicast route (mroute) with a next hop.
Syntax
ipv6 mroute [ vrf vrf-name ] ipv6-address-prefix/prefix-length next-hop address [ cost ] [ distance
distance-value ] [ name name ]
no ipv6 mroute [ vrf vrf-name ] ipv6-address-prefix/prefix-length next-hop address [ cost ] [ distance
distance-value ] [ name name ]
Command Default
Parameters
No next-hop static IPv6 multicast route is configured.
vrf vrf-name
Configures a static mroute for this virtual routing and forwarding (VRF) route.
ipv6-address-prefix/prefix-length
Configures the destination IPv6 address and prefix for which the route should
be added.
next-hop address
Configures a next-hop address as the route path.
cost
Configures a metric for comparing the route to other static routes in the static
route table that have the same destination. The range is 1-16; the default is 1.
distance distance-value
Configures the route's administrative distance. The range is 1 to 255; the
default is 1.
name name
Name for this static route.
Modes
Usage Guidelines
Examples
VRF configuration mode
The no form of this command deletes a previously configured next-hop static IPv6 multicast route.
The following example configures a next-hop static multicast IPv6 route to network 2020::0/120 with
2022::0/120 as the next hop.
Device(config-vrf)# ipv6 mroute 2020::0/120 2022::0/120
History
Release version
Command history
8.0.10a
This command was introduced.
FastIron Command Reference
53-1003389-04
91
ipv6 mroute next-hop-enable-default
ipv6 mroute next-hop-enable-default
Enables the option to use the default multicast route (mroute) to resolve a static IPv6 mroute next hop.
Syntax
ipv6 mroute [ vrf vrf-name ] next-hop-enable-default
no ipv6 mroute [ vrf vrf-name ] next-hop-enable-default
Command Default
Parameters
Static mroutes are not resolved using the default mroute.
vrf vrf-name
Configures a static mroute for this virtual routing and forwarding (VRF) route.
Modes
Usage Guidelines
Examples
VRF configuration mode
The no form of this command disables the default IPv6 mroute option for next hops.
The following example enables the use of the default mroute to resolve a static IPv6 mroute next hop:
Device(config-vrf)# ipv6 mroute next-hop-enable-default
History
92
Release version
Command history
8.0.10a
This command was introduced.
FastIron Command Reference
53-1003389-04
ipv6 mroute next-hop-recursion
ipv6 mroute next-hop-recursion
Configures the recursion level when using static mroutes to resolve a static mroute next hop.
Syntax
ipv6 mroute [ vrf vrf-name ] next-hop-recursion num
no ipv6 mroute [ vrf vrf-name ] next-hop-recursion
Command Default
Parameters
The recursion level for resolving a static mroute next hop is 3.
vrf vrf-name
Configures a static mroute for this virtual routing and forwarding (VRF) route.
num
Specifies the recursion level used to resolve a static mroute next hop. The
range of possible values is from 1 to 10. This is not used in the no form.
Modes
Usage Guidelines
Examples
VRF configuration mode
The no form restores the default recursion level for resolving a static mroute next hop, which is 3. You
do not specify a value for the recursion level.
The following example configures the recursion level for resolving a static mroute next hop to 7:
device(config)# vrf vrf2
device(config-vrf-vrf2)# ipv6 mroute next-hop-recursion 7
The following example configures the recursion level for resolving a static mroute next hop to 2:
device(config)# vrf vrf2
device(config-vrf-vrf2)# ipv6 mroute next-hop-recursion 2
The following example restores the default recursion level of 3 for resolving a static mroute next hop:
device(config)# vrf vrf2
device(config-vrf-vrf2)# no ipv6 mroute next-hop-recursion
History
Release version
Command history
8.0.10a
This command was introduced.
FastIron Command Reference
53-1003389-04
93
ipv6 multicast age-interval
ipv6 multicast age-interval
Configures the time that group entries can remain in a multicast listening discovery (MLD) group table.
Syntax
ipv6 multicast age-interval interval
no ipv6 multicast age-interval interval
Command Default
Parameters
Group entries can remain in the MLD group table for up to 260 seconds.
interval
Specifies the time, in seconds, that group entries can remain in the MLD group
table. The range is 20 through 7200 seconds. The default is 260 seconds.
Modes
Usage Guidelines
Global configuration mode
The no form of this command restores the default age interval to 260 seconds.
When a device receives a group membership report it makes an entry for that group in the MLD group
table. You can configure the ipv6 multicast age-interval to specify how long the entry can remain in
the table before the device receives another group membership report. When multiple devices are
connected, they must all be configured for the same age interval, which must be at least twice the
length of the query interval, so that missing one report does not stop traffic.
Non-querier age intervals must be the same as the age interval of the querier.
Examples
This example configures the MLD group-table age interval to 280 seconds.
Device(config)#ipv6 multicast age-interval 280
94
FastIron Command Reference
53-1003389-04
ipv6 multicast disable-flooding
ipv6 multicast disable-flooding
Disables the flooding of unregistered IPv6 multicast frames in an MLD-snooping-enabled VLAN.
Syntax
ipv6 multicast disable-flooding
no ipv6 multicast disable-flooding
Command Default
Modes
The device floods unregistered IPv6 multicast frames in an MLD-snooping-enabled VLAN.
Global configuration mode
Usage Guidelines
NOTE
This command is supported only on ICX 6650 devices and, in Release 8.0.10d and later releases, on
ICX 7750 devices.
NOTE
In Release 8.0.20, the ipv6 multicast disable-flooding command is supported only on standalone ICX
7750 devices. In Release 8.0.30 and later releases, the ipv6 multicast disable-flooding command is
supported on both standalone and stacking ICX 7750 devices.
The no form of this command enables the flooding of unregistered IPv6 multicast frames in an MLDsnooping-enabled VLAN.
After the hardware forwarding database (FDB) entry is made, the multicast traffic is switched only to the
VLAN hosts that are members of the multicast group. This can avoid congestion and loss of traffic on
the ports that have not subscribed to this IPv6 multicast traffic.
Examples
The following example disables flooding of unregistered IPv6 multicast frames.
Brocade(config)# ipv6 multicast disable-flooding
History
Release version
Command history
08.0.01
This command was introduced.
08.0.10d
This command was modified to support ICX 7750 devices.
FastIron Command Reference
53-1003389-04
95
ipv6 multicast leave-wait-time
ipv6 multicast leave-wait-time
Configures the wait time before stopping traffic to a port when a leave message is received.
Syntax
ipv6 multicast leave-wait-time num
no ipv6 multicast leave-wait-time num
Command Default
Parameters
The wait time is 2 seconds.
num
Specifies the time, in seconds, the device should wait before stopping traffic to
a port when a leave message is received The range is 1 through 5 seconds.
The default is 2 seconds.
Modes
Usage Guidelines
Global configuration mode
The no form of this command restores the default wait time.
The device sends group-specific queries once per second to ask if any client in the same port still needs
the group. Because of internal timer granularity, the actual wait time is between n and (n+1) seconds (n
is the configured value).
Examples
This example configures the maximum time a client can wait before responding to a query as 1 second.
Device(config)#ipv6 multicast leave-wait-time 1
96
FastIron Command Reference
53-1003389-04
ipv6 multicast mcache-age
ipv6 multicast mcache-age
Configures the time for an mcache to age out when it does not receive traffic.
Syntax
ipv6 multicast mcache-age num
no ipv6 multicast mcache-age num
Command Default
Parameters
The mcache ages out in 60 seconds.
num
Specifies the time, in seconds, the device should wait before stopping traffic to
a port when a leave message is received The range is 60 through 3600
seconds. The default is 60 seconds.
Modes
Usage Guidelines
Global configuration mode
The no form of this command restores the default mcache age-out time.
You can set the time for a multicast cache (mcache) to age out when it does not receive traffic. Two
seconds before an mcache is aged out, the device mirrors a packet of the mcache to the CPU to reset
the age. If no data traffic arrives within two seconds, the mcache is deleted.
NOTE
On devices like FSX and ICX 7750, on which MAC-based MLD snooping is supported, more than one
mcache can be mapped to the same destination MAC. Therefore, when an mcache entry is deleted the
MAC entry may not be deleted. If you configure a lower value, the resource consumed by idle streams
is quickly removed, but packets are mirrored to the CPU more frequently. Configure a higher value only
when data streams are arriving consistently.
Examples
This example configures the time for an mcache to age out to 180 seconds.
Device(config)#ipv6 multicast mcache-age 180
FastIron Command Reference
53-1003389-04
97
ipv6 multicast query-interval
ipv6 multicast query-interval
Configures how often the device sends group membership queries when the multicast listening
discovery (MLD) mode is set to active.
Syntax
ipv6 multicast query-interval interval
no ipv6 multicast query-interval interval
Command Default
Parameters
Queries are sent every 125 seconds.
interval
Specifies the time, in seconds, between queries. The range is 10 through 3600
seconds. The default is 125 seconds.
Modes
Usage Guidelines
Global configuration mode
The no form of this command restores the query interval to 125 seconds.
If the MLD mode is set to active, you can modify the query interval, which specifies how often the
Brocade device sends group membership queries. When multiple queriers connect together, all queriers
should be configured with the same interval.
Examples
The following example configures the query interval to 120 seconds.
device#configure terminal
device(config)#ipv6 multicast query-interval 120
98
FastIron Command Reference
53-1003389-04
ipv6 multicast report-control
ipv6 multicast report-control
Limits report forwarding within the same group to no more than once every 10 seconds.
Syntax
ipv6 multicast report-control
no ipv6 multicast report-control
Command Default
Modes
Usage Guidelines
A device in passive mode forwards reports and leave messages from clients to the upstream router
ports that are receiving queries.
Global configuration mode
The no form of this command restores the default.
NOTE
This feature applies only to multicast listening discovery (MLD) version 1. The leave messages are not
rate limited.
This rate-limiting does not apply to the first report answering a group-specific query.
Configure this command to alleviate report storms from many clients answering the upstream router
query.
Examples
This example limits the rate that reports are forwarded.
Device(config)#ipv6 multicast-report-control
FastIron Command Reference
53-1003389-04
99
ipv6 multicast verbose-off
ipv6 multicast verbose-off
Turns off error or warning messages that are displayed when the device runs out of software
resources or when it receives packets with the wrong checksum or groups.
Syntax
ipv6 multicast verbose-off
no ipv6 multicast verbose-off
Command Default
Modes
Usage Guidelines
Examples
Messages are displayed.
Global configuration mode
The no form of this command restores the default display of messages.
This example turns off the display of messages.
device# configure terminal
device(config)# ipv6 multicast verbose-off
100
FastIron Command Reference
53-1003389-04
ipv6 multicast version
ipv6 multicast version
Configures the multicast listening discovery (MLD) version for snooping globally.
Syntax
ipv6 multicast version [ 1 | 2 ]
no ipv6 multicast version
Command Default
Parameters
MLD version 1 is configured.
1
Configures MLD version 1.
2
Configures MLD version 2.
Modes
Usage Guidelines
Global configuration mode
The no form of this command restores the version to MLD version 1.
You can configure the MLD version for individual VLANs, or individual ports within VLANs. If no MLD
version is specified for a VLAN, the globally configured MLD version is used. If an MLD version is
specified for individual ports in a VLAN, those ports use that version instead of the version specified for
the VLAN or the globally specified version. The default is MLD version 1.
Examples
This example specifies MLD version 2 on a device.
Device(config)#ipv6 multicast version 2
FastIron Command Reference
53-1003389-04
101
ipv6 multicast-boundary
ipv6 multicast-boundary
Defines multicast boundaries for PIM-enabled interfaces.
Syntax
ipv6 multicast-boundary acl-spec
no ipv6 multicast-boundary acl-spec
Command Default
Parameters
Boundaries are not defined.
acl-spec
Specifies the number or name identifying an access control list (ACL) that
controls the range of group addresses affected by the boundary.
Modes
Usage Guidelines
Interface configuration mode
The no form of this command removes the boundary on a PIM-enabled interface.
You can use standard ACL syntax to configure an access list.
Examples
This example defines a boundary named MyAccessList for a PIM-enabled interface.
Device(config)# interface ethernet 1/2/2
Device(config-if-e1000-1/2)#ipv6 multicast-boundary MyAccessList
102
FastIron Command Reference
53-1003389-04
ipv6 nd router-preference
ipv6 nd router-preference
Configures the IPv6 router advertisement preference value to low or high (medium is the default). IPv6
router advertisement preference enables IPv6 router advertisement (RA) messages to communicate
default router preferences from IPv6 routers to IPv6 hosts in network topologies where the host has
multiple routers on its Default Router List.
Syntax
ipv6 nd router-preference [ low | medium | high ]
no ipv6 nd router-preference [ low | medium | high ]
Command Default
Parameters
The IPv6 router advertisement preference value is set to medium.
low
The two-bit signed integer (11) indicating the preference value ''low".
medium
The two-bit signed integer (00) indicating the preference value "medium". This
is the default preference value.
high
The two-bit signed integer (01) indicating the preference value "high".
Modes
Usage Guidelines
Examples
Interface configuration mode
The no form disables IPv6 router preference.
The following example configures IPv6 RA preference for IPv6 routers:
device #configure terminal
device (config)# interface ethernet 2/3
device (config-if-eth2/3)# ipv6 nd router-preference low
History
Release version
Command history
08.0.10
This command was introduced.
FastIron Command Reference
53-1003389-04
103
ipv6 nd skip-interface-ra
ipv6 nd skip-interface-ra
Disables the default interface-level IPv6 RA messages on an interface configured with IPv6 VRRP or
VRRP-E.
Syntax
ipv6 nd skip-interface-ra
no ipv6 nd skip-interface-ra
Command Default
Modes
The IPv6-enabled interface sends the default IPv6 Router Advertisement (RA) messages. The IPv6
VRRP or VRRP-E instance configured on the interface also sends its virtual-IPv6 RA messages on the
same interface. A connected IPv6 host receives these two different IPv6 RA messages with the same
source address from this IPv6 router interface.
Interface configuration mode
Usage Guidelines
NOTE
This command is valid only on an interface configured with IPv6 VRRP or VRRP-E.
The no form of this command enables the default interface-level IPv6 RA messages on an interface
configured with IPv6 VRRP or VRRP-E.
By default, all IPv6-enabled interfaces send IPv6 Router Advertisement (RA) messages. If you
configure an IPv6 VRRP or VRRP-E instance on an interface, the VRRP/ VRRP-E instance also sends
its IPv6 RA messages for the virtual IPv6 address on the same interface with the same source address.
An IPv6 host cannot identify the valid IPv6 address for this router interface because of these two
different IPv6 RA messages with the same source address from the same IPv6 router interface. To
avoid this, run this command to disable the default interface-level IPv6 RA messages on an interface
configured with IPv6 VRRP or VRRP-E.
Examples
The following example disables the default interface-level IPv6 RA messages on an ethernet interface
1/1/7 configured with IPv6 VRRP or VRRP-E.
device(config)# interface ethernet 1/1/7
device(config-if-e1000-1/1/7)# ipv6 address 2002:AB3::2/64
device(config-if-e1000-1/1/7)# ipv6 nd skip-interface-ra
History
104
Release version
Command history
08.0.01
This command was introduced.
FastIron Command Reference
53-1003389-04
ipv6 neighbor inspection
ipv6 neighbor inspection
Configures the static neighbor discovery (ND) inspection entries.
Syntax
ipv6 neighbor inspection ipv6-address mac-address
no ipv6 neighbor inspection ipv6-address mac-address
Command Default
Parameters
Static ND inspection entries are not configured.
ipv6-address
Configures the IPv6 address of the host.
mac-address
Configures the MAC address of the host.
Modes
Global configuration mode
VRF configuration mode
Usage Guidelines
Use the ipv6 neighbor inspection command to manually configure static ND inspection entries for
hosts on untrusted ports. During ND inspection, the IPv6 address and MAC address entries in the ND
inspection table are used to validate the packets received on untrusted ports.
The no form of the command disables static ND inspection entries.
Examples
The following example displays the configuration of a static ND inspection entry.
device(config)# ipv6 neighbor inspection 2001::1 0000.1234.5678
The following example displays the configuration of a static ND inspection entry for VRF 3.
device(config)# vrf 3
device(config-vrf-3)# ipv6 neighbor inspection 2001::100 0000.0000.4567
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
105
ipv6 neighbor inspection vlan
ipv6 neighbor inspection vlan
Configures and enables neighbor discovery (ND) inspection on a VLAN to inspect the IPv6 packets
from untrusted ports.
Syntax
ipv6 neighbor inspection vlan vlan-number
no ipv6 neighbor inspection vlan vlan-number
Command Default
Parameters
IPv6 neighbor inspection is not enabled.
vlan-number
Configures the ID of the VLAN.
Modes
Global configuration mode
VRF configuration mode
Usage Guidelines
When you configure this command, IPv6 packets from untrusted ports on the VLAN undergo ND
inspection.
The no form of the command disables ND inspection.
Examples
The following example enables ND inspection on VLAN 10.
device(config)# ipv6 neighbor inspection vlan 10
The following example enables ND inspection on VLAN 10 of VRF 3.
device(config)# vrf 3
device(config-vrf-3)# ipv6 neighbor inspection vlan 10
History
106
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
ipv6 pim border
ipv6 pim border
Configures an interface to be on a PIM Sparse domain border.
Syntax
ipv6 pim border
no ipv6 pim border
Command Default
Modes
Usage Guidelines
The interface is not configured as a border device.
Interface configuration mode
The no form of this command removes the boundary on a PIM-enabled interface.
You must enable PIM globally before you enable it on an interface.
Examples
This example configures Ethernet interface 3/2/4 to be on a PIM Sparse domain border.
device(config) interface ethernet 3/2/4
Device(config-if-e10000-3/2/4)# ipv6 pim border
FastIron Command Reference
53-1003389-04
107
ipv6 pim dr-priority
ipv6 pim dr-priority
Configures the designated router (DR) priority on IPv6 interfaces.
Syntax
ipv6 pim dr-priority priority-value
no ipv6 pim priority-value
Command Default
Parameters
The DR priority value is 1.
priority-value
Specifies the DR priority value as an integer. The range is 0 through 65535.
The default is 1.
Modes
Usage Guidelines
Interface configuration mode
The no form of this command restores the default DR priority value, 1.
You must enable PIM globally before you enable it on an interface.
If more than one device has the same DR priority on a subnet (as in the case of default DR priority on
all), the device with the numerically highest IPv6 address on that subnet is elected as the DR.
The DR priority information is used in the DR election only if all the PIM devices connected to the
subnet support the DR priority option. If at least one PIM device on the subnet does not support this
option, the DR election falls back to the backwards compatibility mode in which the device with the
numerically highest IPv6 address on the subnet is declared the DR regardless of the DR priority values.
Examples
This example configures a DR priority value of 50 on Ethernet interface 3/2/4.
device(config) interface ethernet 3/2/4
Device(config-if-e10000-3/2/4)# ipv6 pim dr-priority 50
This example configures a DR priority value of 50 on a virtual Ethernet interface.
Device(config)# interface ve 10
Device(config-vif-10)# ipv6 pim dr-priority 50
108
FastIron Command Reference
53-1003389-04
ipv6 pim neighbor-filter
ipv6 pim neighbor-filter
Determines which devices can become PIM neighbors.
Syntax
ipv6 pim neighbor-filter acl-name
no ipv6 pim acl-name
Command Default
Parameters
Neighbor filtering is not applied on the interface.
acl-name
Specifies the access-control list (ACL)that identifies the devices you want to
permit and deny participation in PIM.
Modes
Usage Guidelines
Interface configuration mode
The no form of this command removes any neighbor filtering applied on the interface.
You must enable PIM globally before you enable it on an interface.
You can configure the ipv6 pim neighbor-filter command in either Dense mode (DM) or Sparse mode
(SM).
Configure the access-list command to create an ACL defining the devices you want to permit and deny
participation in PIM.
Examples
This example prevents the host from becoming a PIM neighbor on interface Ethernet 1/3/24.
Device(config)# interface ethernet 1/3/24
Device(config-if-e10000-1/3/24)# ipv6 pim neighbor-filter
This example configures an ACL named 10 to deny a host and then prevents that host, 1001::1/96,
identified in that ACL from becoming a PIM neighbor on interface Ethernet 1/3/24.
Device(config)# access-list 10 deny host 1001::1/96
Device(config)# access-list 10 permit any
Device(config)# interface ethernet 1/3/24
Device(config-if-e10000-1/3/24)# ipv6 pim neighbor-filter 10
History
Release version
Command history
8.0.20a
This command was introduced.
FastIron Command Reference
53-1003389-04
109
ipv6 pim-sparse
ipv6 pim-sparse
Enables PIM Sparse on an IPv6 interface.
Syntax
ipv6 pim-sparse
no ipv6 pim-sparse
Command Default
Modes
Usage Guidelines
Examples
PIM Sparse is not enabled on the IPv6 interface.
Interface configuration mode
The no ipv6 pim-sparse command removes the PIM sparse configuration from the IPv6 interface.
This example adds an IPv6 interface to port 1/2/2, then enables PIM Sparse on the interface.
Device(config)# interface ethernet 1/2/2
Device(config-if-e10000-2/2)# ipv6 address a000:1111::1/64
Device(config-if-e10000-2/2)# ipv6 pim-sparse
110
FastIron Command Reference
53-1003389-04
ipv6 raguard policy
ipv6 raguard policy
Configures the specified Router Advertisement (RA) guard policy and enters RA guard policy
configuration mode.
Syntax
ipv6 raguard policy name
no ipv6 raguard policy name
Parameters
name
An ASCII string indicating the name of the RA guard policy to configure.
Modes
Global configuration mode
RA guard policy configuration mode
Usage Guidelines
You can configure up to 256 RA guard policies.
The no form of this command deletes the specified RA guard policy.
Examples
The following example configures an RA guard policy and enters RA guard policy configuration mode:
Brocade(config)# ipv6 raguard policy policy1
Brocade(ipv6-RAG-policy policy1)#
FastIron Command Reference
53-1003389-04
111
ipv6 raguard vlan
ipv6 raguard vlan
Associates a Router Advertisement (RA) guard policy with a VLAN.
Syntax
ipv6 raguard vlan vlan-number policy name
no ipv6 raguard vlan vlan-number policy name
Parameters
vlan-number
Configures the ID number of the VLAN to which the specified RA guard policy
should be associated. Valid range is from 1 to 4095.
policy
Associates a RA guard policy to the VLAN.
name
Specifies the name of the RA guard policy to be associated with the VLAN.
Modes
Usage Guidelines
Examples
Global configuration mode
A VLAN can have only one association with a RA guard policy. If you try to associate a new RA guard
policy with a VLAN that is already associated with a policy, the new RA guard policy replaces the old
one.
The following example associates RA guard policy named p1 with VLAN 1:
Brocade(config)# ipv6 raguard vlan 1 policy p1
112
FastIron Command Reference
53-1003389-04
ipv6 raguard whitelist
ipv6 raguard whitelist
Configures the Router Advertisement (RA) guard whitelist and adds the IPv6 address as the allowed
source IP address.
Syntax
ipv6 raguard whitelist whitelist-number permit ipv6-address
no ipv6 raguard whitelist whitelist-number permit ipv6-address
Parameters
whitelist-number
Configures the unique identifier for the RA guard whitelist. Valid values are 0 to
255.
permit
Configures the specified IPv6 address as the allowed source IP address to the
RA guard whitelist.
ipv6-address
Configures the source IPv6 address. The address should be in the format
X:X::X:X or X:X::X:X/M.
Modes
Usage Guidelines
Global configuration mode
You can configure source IP addresses from which RAs are permitted.
You can configure up to 64 RA guard whitelists, and each whitelist can have a maximum of 128 entries.
To remove the RA guard whitelist, use the no form the command without the permit keyword.
To remove a particular IPv6 address from the whitelist, use the no form of the command with the
permitipv6-address keyword-variable pair.
When a whitelist associated with an RA guard policy is removed, all the entries in the whitelist are also
removed. All the RAs are dropped because there is no whitelist associated with the RA guard policy.
Examples
The following example configures an RA guard whitelist with the allowed source IP address:
Brocade(config)# ipv6 raguard whitelist 1 permit fe80:db8::db8:10
The following example removes an RA guard whitelist:
Brocade(config)# no ipv6 raguard whitelist 1
The following example removes a particular IPv6 address from the RA guard whitelist:
Brocade(config)# no ipv6 raguard whitelist 1 permit fe80:db8::db8:10
FastIron Command Reference
53-1003389-04
113
ipv6 router pim
ipv6 router pim
Enables IPv6 PIM-Sparse mode for IPv6 routing globally or on a specified VRF.
Syntax
ipv6 router pim [ vrf vrf-name ]
no ipv6 router pim [ vrf vrf-name ]
Command Default
Parameters
IPv6 PIM-Sparse mode is not enabled.
vrf vrf-name
Specifies a VRF instance.
Modes
Global configuration mode.
VRF configuration mode.
Usage Guidelines
Examples
The no form of this command removes the IPv6 PIM-Sparse mode configuration.
The following example enables IPv6 PIM-Sparse mode on a VRF named blue.
Device(config)# ipv6 router pim vrf blue
114
FastIron Command Reference
53-1003389-04
ipv6-address auto-gen-link-local
ipv6-address auto-gen-link-local
Generates a virtual link-local IPv6 address and assigns it as the virtual IPv6 address for a VRRPv3
instance.
Syntax
ipv6-address auto-gen-link-local
no ipv6-address auto-gen-link-local
Modes
Usage Guidelines
VRRP sub-configuration mode
The no form of this command deletes the auto-generated virtual link-local IPv6 address for the VRRP
v3 instance.
The default VRRPv3 implementation allows only the link-local address that is configured on a physical
interface to be used as the virtual IPv6 address of a VRRPv3 instance. This limits configuring a linklocal address for each VRRP instance on the same physical interface because there can be only one
link-local address per physical interface. You can use this command on the owner or backup router to
generate a virtual link-local IPv6 address from the virtual MAC address of a VRRPv3 instance and
assign it as the virtual IPv6 address for the VRRPv3 instance. This auto-generated link-local IPv6
address is not linked to any physical interface on the router.
Examples
The following example generates a virtual link-local IPv6 address and its allocation as the virtual IPv6
address of a VRRPv3 cluster on an owner router.
device(config)# interface ve 3
device(config-vif-3)# ipv6 vrrp vrid 2
device(config-vif-3-vrid-2)# owner
device(config-vif-3-vrid-2)# ipv6-address auto-gen-link-local
device(config-vif-3-vrid-2)# activate
History
Release version
Command history
08.0.01
This command was introduced.
FastIron Command Reference
53-1003389-04
115
ipv6-neighbor inspection trust
ipv6-neighbor inspection trust
Enables trust mode for specific ports.
Syntax
ipv6-neighbor inspection trust [ vrf vrf-name ]
no ipv6-neighbor inspection trust [ vrf vrf-name ]
Command Default
Parameters
Trust mode is not enabled. When you enable ND inspection on a VLAN, by default, all the interfaces
and member ports are considered as untrusted.
vrf
Specifies the VRF instance.
vrf-name
Specifies the ID of the VRF instance.
Modes
Interface configuration mode
VRF configuration mode
Usage Guidelines
Examples
The no form of the command disables trust mode on ports.
The following example displays the trust mode configuration for ports.
device(config)# interface ethernet 1/1/3
device(config-if-e1000-1/1/3)# ipv6-neighbor inspection trust
The following example displays the trust mode configuration on a port on VRF 3.
device(config-if-e1000-1/1/1)# ipv6-neighbor inspection trust vrf 3
History
116
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
jitc enable
jitc enable
Enables the Joint Interoperability Test Command (JITC) mode.
Syntax
jitc enable
no jitc enable
Command Default
Modes
Usage Guidelines
JITC is not enabled.
Global configuration mode
When JITC is enabled, the Advanced Encryption Standard - Cipher-Block Chaining (AES-CBC)
encryption mode for the Secure Shell (SSH) protocol is disabled and the AES-CTR (Counter) encryption
mode is enabled.
When JITC is enabled, the MD5 authentication scheme for NTP is disabled.
The no form of the command disables the JITC mode and puts the system back to the standard mode
and enables both AES-CBC encryption mode and MD5 authentication configuration.
Examples
The following example enables the JITC mode.
device(config)# jitc enable
History
Release version
Command history
08.0.20a
This command was introduced.
FastIron Command Reference
53-1003389-04
117
jitc show
jitc show
Displays the status of the JITC mode.
Syntax
jitc show
Modes
Global configuration mode
Privileged EXEC mode
Command Output
Examples
The jitc show command displays the following information.
Output field
Description
JITC mode
Displays the status of the JITC mode.
SSH AES-CTR mode
Displays the status of the SSH AES-CTR mode.
SSH AES-CBC mode
Displays the status of the SSH AES-CBC mode.
The following example shows the output of the jitc show command.
device(config)#jitc show
JITC mode : Enabled
Management Protocol Specific:
SSH AES-CTR mode : Enabled
SSH AES-CBC mode : Disabled
History
118
Release version
Command history
08.0.20a
This command was introduced.
FastIron Command Reference
53-1003389-04
Commands A - E
aaa authorization coa enable
Enables RADIUS Change of Authorization (CoA).
Syntax
aaa authorization coa enable
no aaa authorization coa enable
Command Default
Parameters
Modes
Usage Guidelines
RADIUS CoA is not enabled.
None
Global configuration mode
Use this command to enable RADIUS CoA authorization. The no form of the command disables the
CoA functionality. A change of authorization request packet can be sent by the Dynamic Authorization
Client (DAC) to change the session authorizations on the Network Access Server (NAS). This is used to
change the filters, such as Layer 3 ACLs.
Before RFC 5176 when a user or device was authenticated on the RADIUS server, the session could
only be ended if the user or device logs out. RFC 5176 addresses this issue by adding two more packet
types to the current RADIUS standard: Disconnect Message and Change of Authorization. The
Dynamic Authorization Client (DAC) server makes the requests to either delete the previously
established sessions or replace the previous configuration or policies. Currently, these new extensions
can be used to dynamically terminate or authorize sessions that are authenticated through multi-deviceport-authentication or dot1x authentication.
Examples
The following example enables RADIUS CoA.
device(config)# aaa authorization coa enable
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
119
aaa authorization coa ignore
aaa authorization coa ignore
Discards the specified RADIUS Change of Authorization (CoA) messages.
Syntax
aaa authorization coa ignore { dm-request | modify-acl }
no aaa authorization coa ignore { dm-request | modify-acl }
Command Default
Parameters
The default state is maintained and the packets are not discarded.
dm-request
Disconnects the message request.
modify-acl
Modifies the access control list.
Modes
Usage Guidelines
Global configuration mode
Use this command to discard the specified RADIUS messages. A CoA request packet can be sent by
the Dynamic Authorization Client (DAC) to change the session authorizations on the Network Access
Server (NAS). This is used to change the filters, such as Layer 3 ACLs.
Before RFC 5176 when a user or device was authenticated on the RADIUS server, the session could
only be ended if the user or device logs out. RFC 5176 addresses this issue by adding two more packet
types to the current RADIUS standard: Disconnect Message and Change of Authorization. The
Dynamic Authorization Client (DAC) server makes the requests to either delete the previously
established sessions or replace the previous configuration or policies. Currently, these new extensions
can be used to dynamically terminate or authorize sessions that are authenticated through multi-deviceport-authentication or dot1x authentication.
The no form of the command honors the dm-request message.
Examples
The following example ignores the disconnect message request.
device(config)# aaa authorization coa ignore dm-request
History
120
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
accept-mode
accept-mode
Enables a non-owner master router to respond to ping, traceroute, and Telnet packets destined for the
virtual IPv4 or IPv6 address of a VRRP session.
Syntax
accept-mode
no accept-mode
Command Default
Modes
Usage Guidelines
A VRRP non-owner master router does not respond to any packet destined for the virtual IPv4 or IPv6
address.
VRRP configuration mode
The no form of this command causes the non-owner master router to not respond to any packet
destined for the virtual IPv4 or IPv6 address of the VRRP session.
A VRRP non-owner master router does not respond to any packet destined for the virtual IPv4 or IPv6
address. This prevents troubleshooting of network connections to this router using ping, traceroute, or
Telnet. To resolve this, you can use this command to enable this router to respond to ping, traceroute,
and Telnet packets destined for the virtual IPv4 or IPv6 address of a VRRP cluster. The router drops all
other packets destined for the virtual IPv4 or IPv6 address of the VRRP session.
NOTE
The accept-mode command enables the device to respond to ping, traceroute, and Telnet packets, but
the device will not respond to ssh packets.
Examples
The following example shows the configuration of accept mode on an IPv6 VRRP backup router.
Brocade(config)# interface ve 3
Brocade(config-vif-3)# ipv6 vrrp vrid 2
Brocade(config-vif-3-vrid-2)# backup
Brocade(config-vif-3-vrid-2)# advertise backup
Brocade(config-vif-3-vrid-2)# ipv6-address 2001:DB8::1
Brocade(config-vif-3-vrid-2)# accept-mode
Brocade(config-vif-3-vrid-2)# activate
History
Release version
Command history
8.0.01
This command was introduced.
8.0.30b
This command was modified.
FastIron Command Reference
53-1003389-04
121
access-list enable accounting
access-list enable accounting
Enables Access Control List (ACL) accounting for IPv4 numbered ACLs.
Syntax
access-list number enable-accounting
no access-list number enable-accounting
Command Default
Parameters
This option is disabled.
number
Defines the IPv4 ACL ID.
enable-accounting
Enables ACL accounting on the specified interface.
Modes
Usage Guidelines
Global configuration mode
This command is only applicable to numbered ACLs.
The no form of this command disables ACL accounting for IPv4 numbered ACLs.
Examples
The following example enables ACL accounting for a numbered ACL.
device(config)# access-list 10 permit host 10.10.10.1
device(config)# access-list 10 enable-accounting
device(config)# interface ethernet 1/1
device(config-if-1/1)# ip access-group 10 in
The following example enables ACL accounting for an extended ACL.
device(config)# ip access-list extended 101
device(config-ip-access-list-101)# enable-accounting
History
122
Release version
Command history
08.0.10
This command was introduced.
FastIron Command Reference
53-1003389-04
acl-logging
acl-logging
Enables logging of entries in the syslog for packets that are denied by ACL filters.
Syntax
acl-logging
no acl-logging
Command Default
Modes
Usage Guidelines
ACL logging is disabled by default.
Interface configuration mode
Brocade devices support ACL logging of inbound packets that are sent to the CPU for processing
(denied packets). ACL logging is not supported for outbound packets or any packets that are processed
in hardware (permitted packets).
When you enable logging for ACL entries, statistics for packets that match the deny conditions of the
ACL entries are logged. For example, if you configure a standard ACL entry to deny all packets from
source address 10.157.22.26, statistics for packets that are explicitly denied by the ACL entry are
logged in the Syslog buffer and in SNMP traps sent by the device.
You can enable ACL logging on physical and virtual interfaces.
ACL logging is not supported for dynamic ACLs with MAC authentication or 802.1X enabled.
NOTE
The acl-logging command is applicable to IPv4 devices only. For IPv6 devices, use the loggingenable command.
The no form of the command disables ACL logging.
Examples
The following example displays an ACL logging configuration on an IPv4 device.
device(config)# access-list 1 deny host 10.157.22.26 log
device(config)# access-list 1 deny 10.157.29.12 log
device(config)# access-list 1 deny host IPHost1 log
device(config)# access-list 1 permit any
device(config)# interface e 1/1/4
device(config-if-e1000-1/1/4)# acl-logging
device(config-if-e1000-1/1/4)# ip access-group 1 in
FastIron Command Reference
53-1003389-04
123
alias
alias
An alias serves as a shorthand version of a longer CLI command.
Syntax
alias
alias alias-name = cli-command
no alias alias-name
unalias alias-name
Command Default
Parameters
No aliases are defined.
alias-name
Alias name. Must be a single word, without spaces.
=
Operator representing "equals."
cli-command
Command string for which the alias is created.
Modes
Privileged EXEC mode.
Global configuration mode.
Usage Guidelines
To remove an alias you can enter the no alias or the unalias command followed by the alias-name.
An alias saves typing in a longer command that you commonly use. For example, you can create an
alias called shoro for the CLI command show ip route. Then when you enter shoro at the command
prompt, the show ip route command is issued.
Entering the alias command with no parameters displays the currently configured aliases on the device.
Examples
The following example creates an alias called shoro for the CLI command show ip route, enter the
alias shoro = show ip route command:
device(config)# alias shoro = show ip route
The following example uses the command copy running-config with the appropriate parameters to
create an alias called wrsbc:
device(config)# alias wrsbc = copy running-config tftp 10.10.10.10 test.cfg
The following example removes the wrsbc alias from the configuration:
device(config)# no alias wrsbc
An alternate method of removing the alias is shown below:
device(config)# unalias wrsbc
To display the aliases currently configured on the Brocade device, enter the following command at
either the Privileged EXEC or global configuration modes of the CLI.
device# alias
wrsbc
shoro
124
copy running-config tftp 10.10.10.10 test.cfg
show ip route
FastIron Command Reference
53-1003389-04
anycast-rp
anycast-rp
Configures PIM anycast rendezvous points (RPs) in IPv4 and IPv6 multicast domains.
Syntax
anycast-rp rp-address anycast-rp-set-acl
no anycast-rp rp-address anycast-rp-set-acl
Command Default
Parameters
PIM anycast RPs are not configured.
rp-address
Specifies a shared RP address used among multiple PIM routers.
anycast-rp-set-acl
Specifies a host-based simple access -control list (ACL) used to specify the
address of the anycast RP set, including a local address.
Modes
Usage Guidelines
PIM router configuration mode
The no form of this command removes the anycast RP configuration.
PIM anycast RP is a way provide load balancing and fast convergence to PIM RPs in an IPv4 or IPv6
multicast domain. The RP address of the anycast RP is a shared address used among multiple PIM
routers, known as PIM RP.
The PIM software supports up to eight PIM anycast RP routers. All deny statements in the my-anycastrp-set-acl ACL are ignored.
Examples
This example shows how to configure a PIM anycast RP.
Device(config)# router pim
Device(config-pim-router)#rp-address 100.1.1.1
Device(config-pim-router)#anycast-rp 100.1.1.1 my-anycast-rp-set-acl
This example shows how to configure PIM anycast RP 100.1.1.1.The example avoids using loopback 1
interface when configuring PIM Anycast RP because the loopback 1 address could be used as a routerid. A PIM first-hop router registers the source with the closest RP. The first RP that receives the register
re-encapsulates the register to all other anycast RP peers.
Device(config)# interface loopback 2
Device(config-lbif-2)#ip address 100.1.1.1/24
Device(config-lbif-2)#ip pim-sparse
Device(config-lbif-2)#interface loopback 3
Device(config-lbif-3)#ip address 1.1.1.1/24
Device(config-lbif-3)#ip pim-sparse
Device(config-lbif-3)#router pim
Device(config-pim-router)#rp-address 100.1.1.1
Device(config-pim-router)#anycast-rp 100.1.1.1 my-anycast-rp-set
Device(config-pim-router)#ip access-list standard my-anycast-rp-set
Device(config-std-nacl)#permit host 1.1.1.1
Device(config-std-nacl)#permit host 2.2.2.2
Device(config-std-nacl)#permit host 3.3.3.
This example shows how to configure a PIM anycast RP for a VRF.
Device(config)# ipv6 router pim vrf blue
Device(config-ipv6-pim-router-vrf-blue)# rp-address 1001::1
Device(config-ipv6-pim-router-vrf-blue)# anycast-rp 1001::1 my-anycast-rp-set-acl
FastIron Command Reference
53-1003389-04
125
Commands A - E
This example shows how to configure PIM anycast RP 1001:1 so that it avoids using loopback 1.
Device(config)# interface loopback 2
Device(config-lbif-2)# ipv6 address 1001::1/96
Device(config-lbif-2)# ipv6 pim-sparse
Device(config-lbif-2)# interface loopback 3
Device(config-lbif-3)# ipv6 address 1:1:1::1/96
Device(config-lbif-3)# ipv6 pim-sparse
Device(config-lbif-3)# ipv6 router pim
Device(config-ipv6-pim-router)# rp-address 1001::1
Device(config-ipv6-pim-router)# anycast-rp 1001::1 my-anycast-rp-set
Device(config-ipv6-pim-router)# ipv6 access-list my-anycast-rp-set
Device(config-std-nacl)# permit ipv6 host 1:1:1::1 any
Device(config-std-nacl)# permit ipv6 host 2:2:2::2 any
Device(config-std-nacl)# permit ipv6 host 3:3:3::3 any
126
FastIron Command Reference
53-1003389-04
arp-internal-priority
arp-internal-priority
Configures the priority of ingress ARP packets.
Syntax
Command Default
Parameters
arp-internal-priority priority-value
The default priority of ingress ARP packets is 4.
priority-value
Specifies the priority value of the ingress ARP packets. It can take a value in
the inclusive range of 0 to 7, where 7 is the highest priority.
Modes
Usage Guidelines
Global configuration mode
High traffic volume or non-ARP packets with a higher priority may cause ARP packets to be dropped,
thus causing devices to become temporarily unreachable. You can use this command to increase the
priority of ingress ARP packets. However, if the priority of ARP traffic is increased, a high volume of
ARP traffic might cause drops in control traffic, possibly causing traffic loops in the network.
Stacking packets have a priority value of 7 and have higher precedence over ARP packets. If the ARP
packets have priority value 7 in a stack system, they will be treated as priority value 6 packets when
compared to stacking packets.
This command does not affect the priority of egress ARP packets.
You cannot change the priority of ingress ARP packets on the management port.
Examples
The following example sets the priority of ingress ARP packets to a value of 7.
Brocade(config)# arp-internal-priority 7
History
Release version
Command history
FastIron 08.0.01
This command was introduced.
FastIron Command Reference
53-1003389-04
127
authentication
authentication
Enters the authentication mode.
Syntax
authentication
no authentication
Command Default
Modes
Usage Guidelines
Authentication mode is not enabled.
Global configuration mode
The no form of the command will disable the authentication functionality.
Use this command to enter the authentication mode from global configuration mode. After entering
authentication mode, you can configure additional authentication functionality that applies globally.
Authentication functionality is also available for configuration at the interface configuration mode using
different commands that apply only to the specified interface.
Examples
The following example enables authentication.
device(config)#authentication
device(config-authen)#
History
128
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
authentication auth-default-vlan
authentication auth-default-vlan
Specifies the default VLAN ID in interface configuration mode.
Syntax
authentication auth-default-vlan vlan-id
no authentication auth-default-vlan vlan-id
Command Default
Parameters
The default VLAN is not specified.
vlan-id
Specifies the VLAN ID of the default VLAN.
Modes
Usage Guidelines
Interface configuration
The no form of the command disables the default VLAN.
The authentication auth-default-vlan command must be enabled before enabling dot1x or MACauthentication. When any port is enabled for dot1x or MAC authentication, the port is moved into this
VLAN by default as a MAC-based VLAN member.
Examples
The following example creates a default VLAN with VLAN 3 at the interface level.
device(config)# authentication
device(config-authen)# interface ethernet 1/1/1
device(config-if-e1000-1/1/1)# authentication auth-default-vlan 3
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
129
authentication auth-order
authentication auth-order
Specifies the order of authentication methods, 802.1x (dot1x) and MAC authentication, at the interface
level.
Syntax
authentication auth-order {dot1x mac-auth | mac-auth dot1x }
no authentication auth-order {dot1x mac-auth | mac-auth dot1x }
Command Default
Parameters
The authentication order is not configured.
dot1x mac-auth
Specifies dot1x authentication followed by MAC authentication as the order of
authentication methods on the interface.
mac-auth dot1x
Specifies MAC authentication followed by dot1x authentication as the order of
authentication methods on the interface.
Modes
Usage Guidelines
Interface configuration mode.
The no form of the command disables the authentication order functionality.
The authentication auth-order command entered at the interface level overrides the global
configuration commands, auth-order dot1x mac-auth and auth-order mac-auth dot1x.
Examples
The following example specifies dot1x authentication followed by MAC authentication as the order of
authentication methods on Ethernet interface 1/1/3.
device(config)# authentication
device(config-authen)# interface ethernet 1/1/3
device(config-if-e1/1/3)# authentication auth-order dot1x mac-auth
The following example specifies MAC authentication followed by dot1x authentication as the order of
authentication methods on Ethernet interface 1/1/3.
device(config)# authentication
device(config-authen)# interface ethernet 1/1/3
device(config-if-e1/1/3)# authentication auth-order mac-auth dot1x
History
130
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
authentication disable-aging
authentication disable-aging
Disables aging of MAC sessions at the interface level.
Syntax
authentication disable-aging { permitted-mac | denied-mac }
no authentication disable-aging { permitted-mac | denied-mac }
Command Default
Parameters
Aging of MAC sessions is not disabled.
permitted-mac
Prevents permitted (authenticated and restricted) sessions from being aged out
and ages denied sessions.
denied-mac
Prevents denied sessions from being aged out, but ages out permitted
sessions.
Modes
Usage Guidelines
Interface configuration mode
The no form of the command does not disable aging.
Use this command to disable the aging of MAC sessions. Use the authentication disable-aging
command at the interface level and the disable-aging command in the authentication configuration
mode. Entered at the interface level, this command overrides the command entered at the
authentication configuration level.
Examples
The following example disables aging for permitted MAC addresses.
device(config)# authentication
device(config-authen)# interface ethernet 1/1/1
device(config-if-e1000-1/1/1)# authentication disable-aging denied-mac
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
131
authentication dos-protection
authentication dos-protection
Enables denial of service (DoS) authentication protection on the interface.
Syntax
authentication dos-protection mac-limit
no authentication dos-protection mac-limit
Command Default
Parameters
Denial of service is disabled by default.
mac-limit
Specifies the rate limit for dos protection. You can specify a rate from 1 - 65535
authentication attempts per second. The default is a rate of 512 authentication
attempts per second.
Modes
Usage Guidelines
Interface configuration mode
The no form of the command disables DoS protection.
To limit the susceptibility of the Brocade device to DoS attacks, you can configure the device to use
multiple RADIUS servers, which can share the load when there are a large number of MAC addresses
that need to be authenticated. The Brocade device can run a maximum of 10 RADIUS clients per server
and will attempt to authenticate with a new RADIUS server if current one times out.
In addition, you can configure the Brocade device to limit the rate of authentication attempts sent to the
RADIUS server. When the multi-device port authentication feature is enabled, the number of RADIUS
authentication attempts made per second is tracked. When you also enable the DoS protection feature,
if the number of RADIUS authentication attempts for MAC addresses learned on an interface per
second exceeds a configurable rate (by default 512 authentication attempts per second), the device
considers this a possible DoS attack and disables the port. You must then manually re-enable the port.
Examples
The example specifies the DoS protection count as 256.
device(config)# authentication
device(config-authen)# interface ethernet 3/1
device(config-if-e1000-3/1)# authentication dos-protection mac-limit 256
History
132
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
authentication fail-action
authentication fail-action
Specifies the action to be performed after a MAC or dot1x authentication failure at the interface.
Syntax
authentication fail-action restricted-vlan id
no authentication fail-action restricted-vlan id
Command Default
Parameters
The default action is to block MAC addresses.
restricted-vlan id
Specifies the ID of the restricted VLAN.
Modes
Usage Guidelines
Interface configuration mode
The no form of the command disables the authentication failure action.
If you configure the authentication failure action to place the client port in a restricted VLAN, you can
specify the ID of the restricted VLAN. If you do not specify a VLAN ID, the default VLAN is used. If a
previous authentication failed, and as a result the port was placed in the restricted VLAN, but a
subsequent authentication attempt was successful, the RADIUS Access-Accept message may specify a
VLAN for the port. The device moves the port out of the restricted VLAN and into the RADIUS specified
VLAN. If a previous authentication was successful and the RADIUS Access-Accept message specifies
a VLAN for the port and then the device moves into the RADIUS-specified VLAN, but a subsequent
authentication failed, the port will not be placed in the restricted VLAN. But the non-authenticated client
will be blocked.
Examples
The example specifies a restricted VLAN 1 for the authentication failure action.
device(config)# authentication
device(config-authen)# interface ethernet 1/1/1
device(config-if-e1000-1/1/1)# auth-fail-action restricted-vlan 1
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
133
authentication filter-strict-security
authentication filter-strict-security
Enables or disables strict filter security for dot1x and MAC-authentication on the interface.
Syntax
authentication filter-strict-security
no authentication filter-strict-security
Command Default
Modes
Usage Guidelines
Strict filter security is not enabled.
Interface configuration
The no form of the command disables strict filter security.
When enabled, if the filters contain invalid information, the authentication fails.
Examples
The following example enables strict filter security.
device(config)# authentication
device(config-authen)# interface ethernet 1/1/1
device(config-if-e1000-1/1/1)# authentication filter-strict-security
History
134
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
authentication max-sessions
authentication max-sessions
Specifies the maximum number of authenticated MAC sessions for MAC authentication and 802.1x
(dot1x) authentication.
Syntax
authentication max-sessions count
no authentication max-sessions count
Command Default
Parameters
The default maximum number of MAC sessions is 10.
count
Specifies the maximum number of authenticated MAC sessions; a value from 1
through 32.
Modes
Usage Guidelines
Examples
Interface configuration mode
The no form of this command disables this functionality. This command is not supported on the FastIron
ICX 7450 and ICX 7750 devices.
The example specifies the maximum number of authenticated MAC sessions.
device(config)# authentication
device(config)# interface ethernet 1/1/1
device(config-if-e1000-1/1/1)# auth max-sessions 30
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
135
authentication reauth-timeout
authentication reauth-timeout
Sets the time to re-authenticate a client after a timeout-action has been applied. This command is
applicable for MAC authentication and dot1x authentication.
Syntax
authentication reauth-timeout seconds
no authentication reauth-timeout seconds
Command Default
Parameters
The default re-authentication timeout is 60 seconds.
seconds
Sets the re-authentication timeout, in seconds. The range is from 60 to
4294967295.
Modes
Usage Guidelines
Interface configuration.
The no form disables re-authentication timeout.
Use this command to specify an authentication timeout action for MAC authentication or dot1x
authentication enabled clients. This command sets the re-authentication timeout at the interface level
after the timeout action is specified as success, restricted VLAN or critical VLAN.
Examples
The example shows specifying a re-authentication timeout of 100 seconds.
device(config)# authentication
device(config-authen)# interface ethernet 1/1/2
device(config-if-e1000-1/1/1)# authentication reauth-timeout 100
History
136
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
authentication source-guard-protection enable
authentication source-guard-protection enable
Enables Source Guard Protection along with authentication on a specified interface.
Syntax
authentication source-guard-protection enable
no authentication source-guard-protection enable
Command Default
Modes
Usage Guidelines
Source Guard Protection is not enabled.
Interface configuration mode
The no form of the command disables source guard protection.
When a new MAC session begins on a port that has Source Guard Protection enabled, the session
either applies a dynamically created Source Guard ACL entry or it uses the dynamic IP ACL assigned
by the RADIUS server. If a dynamic IP ACL is not assigned, the session uses the Source Guard ACL
entry. The Source Guard ACL entry is permit ip secure-ip any, where secure-ip is obtained from the
ARP Inspection table or from the DHCP Secure table. The DHCP Secure table is comprised of DHCP
Snooping and Static ARP Inspection entries. The Source Guard ACL permit entry is added to the
hardware table after all of the following events occur:
• The MAC address is authenticated
• The IP address is learned
• The MAC-to-IP mapping is checked against the Static ARP Inspection table or the DHCP Secure
table
The Source Guard ACL entry is not written to the running configuration file. However, you can view the
configuration using the show auth-mac-addresses authorized-mac command.
NOTE
The secure MAC-to-IP mapping is assigned at the time of authentication and remains in effect as long
as the MAC session is active. The existing MAC session doesn't get affected if the DHCP Secure table
is updated after the session is authenticated and while the session is still active.
The Source Guard ACL permit entry is removed when the MAC session expires or is cleared.
Examples
The following example enables source guard protection on an interface.
device(config)# authentication
device(config-authen)# interface ethernet 1/1/1
device(config-if-e1000-1/1/1)# authentication source-guard-protection enable
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
137
authentication timeout-action
authentication timeout-action
Specifies the action for the RADIUS server if an authentication timeout occurs.
Syntax
authentication timeout-action { success | failure | critical-vlan }
no authentication timeout-action { success | failure | critical-vlan }
Command Default
Parameters
The default action is failure.
success
Specifies the RADIUS timeout action as a success. After the successful timeout
action is enabled, use the no form of the command to set the RADIUS timeout
behavior to retry.
failure
Specifies the RADIUS timeout action as failure. Once the failure timeout action
is enabled, use the no form of the command to reset the RADIUS timeout
behavior to retry.
critical-vlan
Specifies the RADIUS timeout action as critical-VLAN. This command applies
only to data traffic.
Modes
Usage Guidelines
Examples
Interface configuration mode
The no form of this command will disable this functionality.
The following example sets the authentication timeout-action command to success.
device(config)# authentication
device(config)# interface ethernet 1/1/1
device(config-if-e1000-1/1/1)# authentication timeout-action success
History
138
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
auth-default-vlan
auth-default-vlan
Specifies the default VLAN globally.
Syntax
auth-default-vlan vlan-id
no auth-default-vlan vlan-id
Command Default
Parameters
The default VLAN is not specified.
vlan-id
Specifies the VLAN ID of the default VLAN.
Modes
Usage Guidelines
Authentication mode
The no form of the command disables the default VLAN.
The auth-default-vlan command must be enabled before enabling dot1x or MAC-authentication. When
any port is enabled for dot1x or MAC authentication, the port is moved into this VLAN by default as a
MAC-based VLAN member.
Examples
The following example creates a default VLAN with VLAN 2 at the authentication configuration mode.
device(config)# authentication
device(config-authen)# auth-default-vlan 2
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
139
auth-fail-action
auth-fail-action
Specifies the authentication failure action as a restricted VLAN for both MAC authentication and dot1x
authentication globally.
Syntax
auth-fail-action restricted-vlan id
no auth-fail-action restricted-vlan id
Command Default
Parameters
The default action is to block MAC addresses.
restricted-vlan id
Specifies the ID of the restricted VLAN.
Modes
Usage Guidelines
Authentication mode
The no form of this command disables the authentication failure action.
If you configure the authentication failure action to place the client port in a restricted VLAN, you can
specify the ID of the restricted VLAN. If you do not specify a VLAN ID, the default VLAN is used. If a
previous authentication failed, and as a result the port was placed in the restricted VLAN, but a
subsequent authentication attempt was successful, the RADIUS Access-Accept message may specify a
VLAN for the port. The device moves the port out of the restricted VLAN and into the RADIUS specified
VLAN. If a previous authentication was successful and the RADIUS Access-Accept message specifies
a VLAN for the port and then the device moves into the RADIUS-specified VLAN, but a subsequent
authentication failed, the port will not be placed in the restricted VLAN. But the non-authenticated client
will be blocked.
Examples
The following example specifies restricted VLAN 1 for the authentication failure action.
device(config)# authentication
device(config-authen)# auth-fail-action restricted-vlan 1
History
140
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
auth-order dot1x mac-auth
auth-order dot1x mac-auth
Specifies the order of authentication methods to be 802.1x (dot1x) authentication before MAC
authentication at the global level.
Syntax
auth-order dot1x mac-auth
no auth-order dot1x mac-auth
Command Default
Modes
Usage Guidelines
The authentication order is not configured.
Authentication mode
The no form of the command disables the authentication order functionality.
This command specifies the dot1x authentication followed by mac authentication as the order of
authentication methods on the device. Use the auth-order mac-auth dot1x command to reverse this
order of authentication.
Examples
The following example specifies dot1x authentication followed by mac authentication as the order of
authentication methods.
device(config)# authentication
device(config-authen)# auth-order dot1x mac-auth
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
141
auth-order mac-auth dot1x
auth-order mac-auth dot1x
Specifies the order of authentication methods to be MAC authentication before 802.1x (dot1x)
authentication at the global level.
Syntax
auth-order mac-auth dot1x
no auth-order mac-auth dot1x
Command Default
Modes
Usage Guidelines
The authentication order is not configured.
Authentication mode
The no form of the command disables the authentication order functionality.
This command specifies the MAC authentication followed by dot1x authentication as the order of
authentication methods on the device. Use the auth-order dot1x mac-auth command to reverse this
order of authentication.
Examples
The following example specifies MAC authentication followed by dot1x authentication as the order of
authentication methods.
device(config)# authentication
device(config-authen)# auth-order mac-auth dot1x
History
142
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
bsr-candidate
bsr-candidate
Configures a bootstrap router (BSR) as a candidate to distribute rendezvous point (RP) information to
the other PIM Sparse devices within a PIM Sparse domain.
Syntax
bsr-candidate ethernet stackid/slot/portnum hash-mask-length [ priority ]
bsr-candidate loopback num hash-mask-length [ priority ]
bsr-candidate ve num hash-mask-length [ priority ]
bsr-candidate tunnel num hash-mask-length [ priority ]
no bsr-candidate
Command Default
Parameters
The PIM router does not participate in BSR election.
ethernet stackid/slot/portnum
Specifies the physical interface for the candidate BSR. On standalone devices
specify the interface ID in the format slot/port-id; on stacked devices you must
also specify the stack ID, in the format stack-id/slot/port-id.
loopback num
Specifies the loopback interface for the candidate BSR.
ve num
Specifies the virtual interface for the candidate BSR.
tunnel num
Specifies a GRE tunnel interface.
hash-mask-length
Specifies the number of bits in a group address that are significant when
calculating the group-to-RP mapping. The range is 1 to 32.
NOTE
It is recommended that you specify 30 for IPv4 networks.
priority
Specifies the BSR priority. The range is from 0 to 255, from low to high. The
default is 0.
Modes
Usage Guidelines
Router configuration mode
The no form of this command makes the PIM router cease to act as a candidate BSR.
Each PIM Sparse domain has one active BSR. For redundancy, you can configure ports on multiple
devices as candidate BSRs. The PIM Sparse protocol uses an election process to select one of the
candidate BSRs as the BSR for the domain. The BSR with the highest BSR priority is elected. If the
priorities result in a tie, the candidate BSR interface with the highest IP address is elected.
Although you can configure the device as only a candidate BSR or an RP, it is recommended that you
configure the same interface on the same device as both a BSR and an RP.
Examples
The following example uses a physical interface to configure a device as a candidate BSR.
Device(config)# router pim
Device(config-pim-router)# bsr-candidate ethernet 2/2 30 255
FastIron Command Reference
53-1003389-04
143
Commands A - E
The following example uses a loopback interface to configure a device as a candidate BSR.
Device(config)# router pim
Device(config-pim-router)# bsr-candidate loopback 1 30 240
The following example uses a virtual interface to configure a device as a candidate BSR.
Device(config)# router pim
Device(config-pim-router)# bsr-candidate ve 120 30 250
History
144
Release version
Command history
8.0.20
This command was modified to add the tunnel keyword.
FastIron Command Reference
53-1003389-04
clear access-list accounting
clear access-list accounting
Clears Access Control List (ACL) accounting statistics for IPv4 ACLs, IPv6 ACLs, and Layer 2 MAC
filters.
Syntax
clear access-list accounting all
clear access-list accounting interface-type interface-name in
clear access-list accounting traffic-policy { all | name }
Parameters
all
Clears all statistics for all ACLs.
interface-type interface-name
Specifies the ID of the Ethernet or virtual interface. Clears the accounting
statistics for ACLs bound to a physical port or clears statistics for all ACLs
bound to ports that are members of a virtual routing interface.
in
Clears statistics of the inbound ACLs.
traffic-policy
Clears traffic-policy statistics.
all
Clears all traffic-policy statistics.
name
Clears statistics of a specific traffic-policy.
Modes
Usage Guidelines
Examples
Privileged EXEC mode
To clear accounting statistics for all configured ACLs, use the all keyword.
The following example clears ACL accounting statistics for all configured ACLs.
device# clear access-list accounting all
The following example clears ACL accounting statistics for a specific port.
device# clear access-list accounting ethernet 1/5 in
The following example clears all traffic-policy statistics.
device#clear access-list accounting traffic-policy all
History
Release version
Command history
08.0.10
This command was introduced.
FastIron Command Reference
53-1003389-04
145
clear cable diagnostics tdr
clear cable diagnostics tdr
Clears the results of Virtual Cable Test (VCT) TDR testing (if any) conducted on the specified port
Syntax
Command Default
Parameters
clear cable-diagnostics tdr stackid/slot/port
By default, the results of the previous test (if any) are present and are displayed in response to the
show cable-diagnostics tdr command for the specified port.
stackid/slot/port
Identifies the specific interface (port), by device, slot, and port number in the
format shown.
Modes
Usage Guidelines
Privileged EXEC mode
Use this command to clear TDR test registers before every TDR cable diagnostic test. Most Brocade
devices support VCT technology. VCT technology enables the diagnosis of a conductor (wire or cable)
by sending a pulsed signal into the conductor, then examining the reflection of that pulse. This method
of cable analysis is referred to as Time Domain Reflectometry (TDR). By examining the reflection, the
Brocade device can detect and report cable statistics such as local and remote link pair, cable length,
and link status.
Use the command in conjunction with the phy cable-diagnostics tdr stackid/slot/port command to
test the interface.
Show diagnostic test results using the show cable-diagnostics tdr stackid/slot/port command.
This command is supported only on the Brocade ICX 6610, ICX 6430, ICX 6430-C, ICX 6450, ICX6450C, and FCX Series devices.
Examples
In the following example, results from the previous test are cleared from the third interface on the
second slot of the first device in the stack.
device# clear cable-diagnostics tdr 1/2/3
History
146
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
clear dot1x sessions
clear dot1x sessions
Clears 802.1x (dot1x) authentication sessions.
Syntax
Parameters
clear dot1x sessions { mac-address | ethernet device/slot/port }
mac-address
Specifies the mac-address from which the dot1x authentication sessions are to
be cleared.
ethernet device/slot/port
Specifies the interface from which the dot1x authentication sessions are to be
cleared.
Modes
Usage Guidelines
Examples
Privileged EXEC mode.
Use this command to clear the dot1x authentication sessions.
The following example clears the dot1x authentication session for the specified MAC address.
device(config)# clear dot1x sessions 0000.0034.abd4
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
147
clear dot1x statistics
clear dot1x statistics
Clears dot1x authentication statistics.
Syntax
Parameters
clear dot1x statistics { ethernet device/slot/port | all }
ethernet device/slot/port
Specifies the interface on which the dot1x authentication statistics are to be
cleared.
all
Specifies that dot1x authentication statistics are to be cleared for all interfaces.
Modes
Usage Guidelines
Examples
Privileged EXEC mode.
Use this command to clear dot1x authentication statistics on all or one specified interface.
The following example clears dot1x statistics on all interfaces.
device(config)# clear dot1x statistics all
History
148
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
clear dot1x-mka statistics
clear dot1x-mka statistics
Clears current MACsec Key Agreement (MKA) statistics.
Syntax
Parameters
clear dot1x-mka statistics ethernet device/slot/port
ethernet device/slot/port
Specifies an Ethernet interface by device position in stack, slot on the device,
and interface on the slot.
Modes
Usage Guidelines
Examples
EXEC or Privileged EXEC mode
This command is supported only on the Brocade ICX 6610.
In the following example, MKA statistics are cleared for Ethernet interface 1/3/3 (port 3 of slot 3 on the
first device in the stack).
device# clear dot1x-mka statistics ethernet 1/3/3
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
149
clear ip mroute
clear ip mroute
Removes multicast routes from the IP multicast routing table .
Syntax
Parameters
clear ip mroute [ vrf vrf-name ] [ ip-address {ip-mask | mask-bits } ]
vrf vrf-name
Specifies a VRF.
ip-address
Specifies an IP address.
ip-mask
Specifies an IP subnet mask.
mask-bits
Specifies a subnet mask in bits.
Modes
Usage Guidelines
Global configuration mode
After multicast routes are cleared from an IP multicast routing table, the best static multicast routes are
added back to the routing table.
When used without specifying a vrf vrf-name this command clears multicast routes from the multicast
routing table.
Examples
The following example removes all mroutes from the IP multicast routing table:
Device# configure terminal
Device(config)# clear ip mroute
The following example removes all mroutes from the vrf green IP multicast routing table:
Device# configure terminal
Device(config)# clear ip mroute vrf green
The following example removes mroute 10.0.0.2/24 from the IP multicast routing table:
Device# configure terminal
Device(config)# clear ip mroute 10.0.0.2/24
History
150
Release version
Command history
8.0.10a
This command was introduced.
FastIron Command Reference
53-1003389-04
clear ip pim counters
clear ip pim counters
Clears PIM message counters.
Syntax
Parameters
clear ip pim [ vrf vrf-name ] counters
vrf vrf-name
Specifies a VRF instance.
counters
Specifies PIM message counters.
Modes
Usage Guidelines
Examples
Privileged EXEC mode
When entered without the vrf keyword, this command clears the PIM message counters for all VRFs.
The following example clears the PIM message counters.
Device# clear ip pim counters
The following example clears the PIM message counters on a XRF named blue.
Device# clear ip pim vrf blue counters
FastIron Command Reference
53-1003389-04
151
clear ip pim hw-resource
clear ip pim hw-resource
Clears the PIM hardware resource fail count for a specific VRF instance or for all VRFs.
Syntax
Parameters
clear ip pim [ vrf vrf-name ] hw-resource
vrf vrf-name
Specifies a VRF instance.
hw-resource
Specifies hardware resource fail count.
Modes
Usage Guidelines
Examples
Privileged EXEC mode
When entered without the vrf keyword, this command clears the PIM hardware resource fail count for
all VRFs.
The following example clears the PIM hardware resource fail count.
Device# clear ip pim hw-resource
152
FastIron Command Reference
53-1003389-04
clear ip pim rp-map
clear ip pim rp-map
Updates the entries in the static multicast forwarding table for a specific VRF instance or for all VRFs.
Syntax
Parameters
clear ip pim [ vrf vrf-name ] rp-map
vrf vrf-name
Specifies a VRF instance.
rp-map
Specifies the entries in a PIM sparse static multicast forwarding table.
Modes
Usage Guidelines
Privileged EXEC mode
When entered without the vrf keyword, this command clears the PIM forwarding cache for all VRFs.
Configure this command to update the entries in the static multicast forwarding table immediately after
making rendezvous point (RP) configuration changes. This command is meant to be used with the rpaddress command.
Examples
The following example clears the entries in a PIM sparse static multicast forwarding table on a VRF
instance named blue.
Device# clear ip pim vrf blue rp-map
FastIron Command Reference
53-1003389-04
153
clear ip pimsm-snoop
clear ip pimsm-snoop
Clears PIM sparse mode (SM) information.
Syntax
Parameters
clear ip pimsm-snoop [ vlanvlan-id ] { cache [ ip-address ] | stats}
vlanvlan-id
Specifies clearing information on a specific VLAN.
cache
Specifies clearing the PIM SM snooping cache.
ip-address
Specifies clearing PIM SM snooping-cache information on a specific source or
group.
stats
Specifies clearing traffic and error counters.
Modes
Examples
Global configuration mode
The following example clears PIM SM information from all VLANs.
Device(config)#clear ip pimsm-snoop cache
The following example clears PIM SM information from a specific VLAN.
Device(config)#clear ip pimsm-snoop vlan 10 cache
The following example clears PIM SM information from a specific source.
Device(config)#clear ip pimsm-snoop cache 10.1.1.1
The following example clears traffic and error counters from all VLANs.
Device(config)#clear ip pimsm-snoop stats
History
154
Release version
Command history
8.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
clear ipv6 mroute
clear ipv6 mroute
Removes IPv6 multicast routes from the IPv6 multicast routing table.
Syntax
Parameters
clear ipv6 mroute [ vrf vrf-name] [ ipv6-address-prefix/prefix-length ]
vrf vrf-name
Specifies a VRF route.
ipv6-address-prefix/prefix-length
Specifies an IPv6 address prefix in hexadecimal using 16-bit values between
colons as documented in RFC 2373 and a prefix length as a decimal value.
Modes
Usage Guidelines
Examples
Privileged EXEC mode
After mroutes are removed from an IPv6 multicast routing table, the best static mroutes are added back
to it.
The following example removes all mroutes from the IPv6 multicast routing table:
Device(config)# clear ipv6 mroute
The following example removes all mroutes from the vrf green IPv6 multicast routing table:
Device(config)# clear ipv6 mroute vrf green
The following example removes mroute 2000:7838::/32 from the IPv6 multicast routing table:
Device(config)# clear ipv6 mroute 2000:7838::/32
History
Release version
Command history
8.0.10a
This command was introduced.
FastIron Command Reference
53-1003389-04
155
clear ipv6 neighbor
clear ipv6 neighbor
Clears the static neighbor discovery (ND) inspect entries and ND inspection statistics.
Syntax
Parameters
clear ipv6 neighbor [ vrf vrf-name ] inspection [ static-entry | statistics ]
vrf
Specifies the VRF instance (optional).
vrf-name
Specifies the ID of the VRF instance required with vrf .
inspection
Specifies that the neighbor discovery messages are verified against the static
ND inspection entries or dynamically learned DHCPv6 snoop entries.
static-entry
Clears the manually configured static ND inspect entries that are used to
validate the packets received on untrusted ports.
statistics
Clears the total number of neighbor discovery messages received and the
number of packets discarded after ND inspection.
Modes
Privileged EXEC mode
Global configuration mode
VRF configuration mode
Usage Guidelines
Examples
This command can be used in three different modes as shown in the examples. If used without
specifying a VRF, this command clears data from the default VRF.
The following example removes the manually configured static ND inspect entries.
device# clear ipv6 neighbor inspection static-entry
The following example removes the manually configured static ND inspect entries on a VRF.
device# configure terminal
device(config)# vrf vrf2
device(config-vrf-vrf2)# clear ipv6 neighbor vrf vrf2 inspection static-entry
The following example deletes the ND inspection statistics.
device# configure terminal
device(config)# clear ipv6 neighbor inspection statistics
The following example deletes the ND inspection statistics on a VRF.
device# configure terminal
device(config)# clear ipv6 neighbor vrf vrf2 inspection statistics
History
156
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
clear ipv6 pim cache
clear ipv6 pim cache
Clears the IPv6 PIM forwarding cache.
Syntax
Parameters
clear ipv6 pim [ vrf vrf-name ] cache ipv6-address
vrf vrf-name
Specifies a VRF instance.
cache ipv6-address
Specifies group or address of the PIM forwarding cache to clear.
Modes
Usage Guidelines
Examples
Privileged EXEC mode
When entered without the vrf keyword, this command clears information for all VRF instances.
This example shows how to clear the IPv6 PIM forwarding cache:
Device#clear ipv6 pim cache 2001:0DB8:0:1::1/120 5100::192:1:1:1
FastIron Command Reference
53-1003389-04
157
clear ipv6 pim counters
clear ipv6 pim counters
Clears IPv6 PIM message counters.
Syntax
Parameters
clear ipv6 pim [ vrf vrf-name ] counters
vrf vrf-name
Specifies a VRF instance.
counters
Specifies the IPv6 PIM message counters.
Modes
Usage Guidelines
Examples
Privileged EXEC mode
When entered without the vrf keyword, this command clears information for all VRF instances.
Thi example shows how to clear the IPv6 PIM message counters:
Device#clear ipv6 pim counters
158
FastIron Command Reference
53-1003389-04
clear ipv6 pim hw-resource
clear ipv6 pim hw-resource
Clears the IPv6 PIM hardware resource fail count for a specific VRF instance or for all VRFs.
Syntax
Parameters
clear ipv6 pim hw-resource
vrf vrf-name
Specifies a VRF instance.
hw-resource
Specifies hardware resource fail count.
Modes
Usage Guidelines
Examples
Privileged EXEC mode
When entered without the vrf keyword, this command clears the PIM hardware resource fail count for
all VRFs.
The following example clears the IPv6 PIM hardware resource fail count.
Device# clear ipv6 pim hw-resource
FastIron Command Reference
53-1003389-04
159
clear ipv6 pim rp-map
clear ipv6 pim rp-map
Clears the entries in an IPv6 PIM Sparse static multicast forwarding table, allowing a new rendezvous
point (RP) configuration to be effective immediately.
Syntax
Parameters
clear ipv6 pim [ vrf vrf-name ] rp-map
vrf vrf-name
Specifies a VRF instance.
rp-map
Specifies the entries in a PIM sparse static multicast forwarding table.
Modes
Usage Guidelines
Privileged EXEC mode
Configuring this command clears and overwrites the static RP configuration. If you change the static RP
configuration, the entries in the IPv6 PIM Sparse multicast forwarding table continue to use the old RP
configuration until they are aged out. You can configure the clear ipv6 pim rp-map command to update
the entries in the static multicast forwarding table immediately after making RP configuration changes.
This command is meant to be used with the rp-address command.
Examples
This example shows how to clear the entries in an IPv6 PIM Sparse static multicast forwarding table
after you change the RP configuration:
Device#clear ipv6 pim rp-map
160
FastIron Command Reference
53-1003389-04
clear ipv6 pim traffic
clear ipv6 pim traffic
Clears counters on IPv6 PIM traffic.
Syntax
Parameters
clear ipv6 pim [ vrf vrf-name ] traffic
vrf vrf-name
Specifies a VRF instance.
traffic
Specifies counters on IPv6 PIM traffic.
Modes
Usage Guidelines
Examples
Privileged EXEC mode
When entered without the vrf keyword, this command clears counters for all VRF instances.
This example shows how to clear IPv6 PIM traffic counters on all VRF instances:
Device#clear ipv6 pim traffic
FastIron Command Reference
53-1003389-04
161
clear ipv6 pimsm-snoop
clear ipv6 pimsm-snoop
Clears PIM sparse mode (SM) information.
Syntax
Parameters
clear ipv6 pimsm-snoop [ vlanvlan-id ] { cache [ ipv6-address ] | stats}
vlanvlan-id
Specifies clearing information on a specific VLAN.
cache
Specifies clearing the PIM SM snooping cache.
ipv6-address
Specifies clearing PIM SM snooping-cache information on a specific source or
group.
stats
Specifies clearing traffic and error counters.
Modes
Examples
Global configuration mode
The following example clears PIM SM information from all VLANs.
Device(config)#clear ipv6 pimsm-snoop cache
The following example clears PIM SM information from a specific VLAN.
Device(config)#clear ipv6 pimsm-snoop vlan 10 cache
The following example clears PIM SM information from a specific source.
Device(config)#clear ipv6 pimsm-snoop cache ff05::100
The following example clears traffic and error counters from all VLANs.
Device(config)#clear ipv6 pimsm-snoop stats
History
162
Release version
Command history
8.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
clear ipv6 raguard
clear ipv6 raguard
Resets the drop or permit packet counters for Router Advertisement (RA) guard policies.
Syntax
Parameters
clear ipv6 raguard { name | all }
name
An ASCII string indicating the name of the RA guard policy of which the packet
counters must be cleared.
all
Clears the packet counters of all RA guard policies.
Modes
Usage Guidelines
Examples
Global configuration mode
To clear RA guard packet counters for all RA guard policies, use the all keyword. To clear the RA guard
packet counters for a specific RA guard policy, specify the name of the policy.
The following example clears the packet count for an RA guard policy:
Brocade(config)# clear ipv6 raguard policy1
The following example clears the packet counters for all RA guard policies:
Brocade(config)# clear ipv6 raguard all
FastIron Command Reference
53-1003389-04
163
clear macsec ethernet
clear macsec ethernet
Clears the MACsec traffic statistics for the specified interface.
Syntax
Parameters
clear macsec ethernet device/slot/port
device/slot/port
Specifies an interface by device position in stack, slot on the device, and
interface on the slot.
Modes
Usage Guidelines
Examples
Privileged EXEC mode.
This command is supported only on the Brocade ICX 6610.
In the following example, MACsec traffic statistics are cleared for interface 1/3/3 (port 3 of slot 3 on the
first device in the stack).
device(config-dot1x-mka-1/3/3)# clear macsec ethernet 1/3/3
History
164
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
clear mac-authentication sessions
clear mac-authentication sessions
Clears MAC authentication sessions.
Syntax
Parameters
clear mac-authentication sessions { mac-address mac-address | ethernet device/slot/port }
mac-address
Specifies the mac-address from which the MAC authentication sessions are to
be cleared.
ethernet device/slot/port
Specifies the interface from which the MAC authentication sessions are to be
cleared.
Modes
Usage Guidelines
Examples
Privileged EXEC mode.
Use this command to clear the MAC authentication sessions for either a specified MAC address or an
ethernet interface.
The following example clears the MAC authentication session for the specified MAC address.
device# clear mac-authentication sessions 0000.0034.abd4
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
165
clear notification-mac statistics
clear notification-mac statistics
Clears the MAC-notification statistics, such as the number of trap messages and number of MAC
notification events sent.
Syntax
Command Default
Modes
clear notification-mac statistics
The MAC-notification statistics are available on the device.
Global configuration
Privileged EXEC
Usage Guidelines
Examples
MAC notification statistics can be viewed using the show notification-mac display command.
The following example clears the MAC notification statistics:
device(config)# clear notification-mac statistics
History
166
Release version
Command history
08.0.10
This command was introduced.
FastIron Command Reference
53-1003389-04
clear openflow
clear openflow
Clears flows from the flow table.
Syntax
Parameters
clear openflow { flowid flow-id | all }
flowid flow-id
Clears the given flow ID that you want to delete from the flow table.
all
Deletes all flows from the flow table.
Modes
User EXEC mode
Privileged EXEC mode
Global configuration mode
Usage Guidelines
Examples
When an OpenFlow rule or all flows in the flow table need to be deleted you can use the clear
openflow command with the all option. To delete a single OpenFlow rule based on a flow-id, use the
clear openflow command with the flowid flow-id options.
The following example clears the flow with an ID of 6.
device# clear openflow flowid 6
The following example clears all flows in the flow table.
device# clear openflow all
History
Release
Command History
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
167
clear stack ipc
clear stack ipc
Clears stack traffic statistics.
Syntax
Command Default
Modes
Usage Guidelines
clear stack ipc
Stack traffic statistics are collected and retained.
Privileged EXEC mode
Use the clear stack ipc command before issuing the show stack ipc command. This helps to ensure
that the data are the most recent traffic statistics for the stack.
This command must be executed from the active stack controller.
Examples
The following example clears stack traffic statistics prior to using the show stack ipc command to
display current stack traffic statistics.
device# clear stack ipc
device# show stack ipc
V15, G1, Recv: SkP0:3749372, P1:3756064, MAIL:184291175, sum:191796611, t=457152.2
Message types have callbacks:
1 :Reliable IPC message 2 :Reliable IPC atomic 4 :fragmentation, jumbo
5 :probe by mailbox 6 :rel-mailbox 7 :test ipc
8 :disable keep-alive 9 :register cache 10:ipc dnld stk
11:chassis operation 12:ipc stk boot 13:Rconsole IPC message
14:auth msg 15:ipc erase flash 16:unconfigure
17:ipc stk boot 18:ss set 19:sFlow IPC message
21:SYNC download reques 23:SYNC download 1 spec 28:SYNC client hello
30:SYNC dy chg error 32:active-uprintf 33:test auth msg
34:probe KA 39:unrel-mailbox 40:trunk-probe
Send message types:
[1]=2342639, [4]=44528, [5]=961830, [6]=37146,
[9]=73104634, [11]=137082, [14]=487007, [20]=2304,
[22]=1395, [25]=23, [26]=1901701, [29]=415888,
[34]=1827543, [39]=30451, [40]=289420,
Recv message types:
[1]=2016251, [4]=1352759, [5]=470884, 475144,
[6]=114459, 114572, [9]=367644144, [11]=1785229,
[14]=973285, 974177, [21]=1395, [30]=25,
[34]=912972, 914086, [39]=973492, 973440, [40]=700313,
Statistics:
send pkt num : 34068433, recv pkt num : 191796609,
send msg num : 79756048, recv msg num : 379902767,
send frag pkt num : 22264, recv frag pkt num : 493860,
pkt buf alloc : 34068433,
Reliable-mail send success receive duplic
target ID 1 1 0 0
target MAC 15230 15230 0 0
unrel target ID 7615 0
There is 1 current jumbo IPC session
Possible errors:
*** recv from non-exist unit 2 times: unit 5
History
168
Release version
Command history
08.0.00a
This command was introduced.
FastIron Command Reference
53-1003389-04
clear statistics openflow
clear statistics openflow
Clears OpenFlow statistics.
Syntax
Parameters
clear statistics openflow { group | meter | controller }
group
Clears statistics for all groups.
meter
Clears statistics for all meters.
controller
Clears statistics for all controllers.
Modes
EXEC and Privileged EXEC mode
Global configuration mode
Usage Guidelines
Examples
This command can be entered in three configuration modes as shown in the examples below.
The following example, entered in User EXEC mode, clears statistics for all groups in User EXEC
mode.
device> clear statistics openflow group
The following example, entered in Privileged EXEC mode, clears statistics for all meters in Privileged
EXEC mode.
device> enable
device# clear statistics openflow meter
The following examples, entered in global configuration mode, clears statistics for all controllers.
device# configure terminal
device(config) # clear statistics openflow controller
History
Release
Command History
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
169
connect
connect
Specifies the devices to which a peripheral device connects in a mixed stack.
Syntax
connect stack-unit/slotnum/portnum
no connect stack-unit/slotnum/portnum
Parameters
stack-unit
Specifies the stack unit ID.
slotnum
Specifies the slot number.
portnum
Specifies the port number in the slot. If the port is part of a trunk, specify only
the first port number (the odd-numbered port) in the trunk.
Modes
Usage Guidelines
Stack unit configuration mode
The connect command can only be used on the ICX 6610.
The no form of this command removes the connection configuration.
The active controller always generates a connect for live peripheral units during stack construction.
This command is optional and can be specified only for peripheral units. You cannot override the
physical connections using the connect command. However, you can use this command on peripheral
devices to make sure that a peripheral device has the unit ID you want if a unit is replaced.
You can use this command when configuring a mixed stack with the automatic configuration method.
Examples
The following example connects stack unit 3 (a peripheral device) to stack unit 1 (the active controller)
and to stack unit 4 (another peripheral device).
Brocade(config-unit-3)# connect 1/3/1
Brocade(config-unit-3)# connect 4/2/3
History
170
Release
Command History
08.0.00a
This command was introduced.
FastIron Command Reference
53-1003389-04
copy flash scp
copy flash scp
Uploads a copy of an OS image file from a FastIron device’s primary or secondary flash memory to an
SCP server. The syntax for copying an image between two devices under test (DUTs) is different from
the syntax for uploading from a Brocade device to a Linux or a Windows server.
Syntax
Syntax for copying an image between two DUTs:
copy flash scp { ipv4-address- | ipv4-hostname- | ipv6 { ipv6-address-prefix/prefix-length | ipv6hostname- } outgoing-interface { ethernet stackid/slot/port | ve ve-number } } [ public-key { dsa |
rsa } ] [ remote-port ] remote-filename { flash:primary | secondary }
Syntax for uploading from a Brocade device to a Linux or a Windows server:
copy flash scp { ipv4-address- | ipv4-hostname- | ipv6 { ipv6-address-prefix/prefix-length | ipv6hostname- } outgoing-interface { ethernet stackid/slot/port | ve ve-number } } [ public-key { dsa |
rsa } ] [ remote-port ] remote-filename { primary | secondary }
Parameters
ipv4-addressSpecifies the IPV4 address of the SCP server.
ipv4-hostnameSpecifies the IP hostname of the SCP server.
ipv6
Specifies the IPV6 address method for SCP file transfer.
ipv6-address-prefix/prefix-length
Specifies the IPV6 address of the SCP server. You must specify this address in
hexadecimal using 16-bit values between colons, as documented in RFC 2373.
ipv6-hostnameSpecifies the IPv6 hostname of the SCP server.
outgoing-interface
Specifies the interface to be used to reach the remote host.
ethernet stackid/slot/port
Configures an Ethernet interface as the outgoing interface.
ve ve-number
Configures a virtual interface (VE) as the outgoing interface.
public-key
Specifies the type of public key authentication to use for the connection, either
digital signature algorithm (DSA) or Rivest, Shamir, and Adelman (RSA) . If you
do not configure this parameter, the default authentication type is password.
dsa
Specifies DSA as the public key authentication.
rsa
Specifies RSA as the public key authentication.
remote-port
Specifies the remote port number for the TCP connection.
remote-filename
Specifies the name of the file in the SCP server that is be transferred. You can
specify up to 127 characters for the filename.
flash:primary
Specifies the binary image in primary flash memory. Configure the
flash:primary keyword when transferring files between DUTs,. See the usage
note regarding using this keyword when transferring files between DUTs.
primary
FastIron Command Reference
53-1003389-04
171
Commands A - E
Specifies the binary image in primary flash memory.
secondary
Specifies the binary image in secondary flash memory.
Modes
Usage Guidelines
Privileged EXEC mode
You are prompted for username and password when you configure this command.
NOTE
When transferring files between DUTs, you should configure the flash:primary keyword instead of the
primary keyword because the SCP server does not support remote-filename aliases.
Examples
The following example uploads a copy of an OS image file from the primary flash memory on a Brocade
device to the SCP server:
device# copy flash scp 10.20.1.1 FCXR08011-scp.bin primary
device# copy flash scp 10.20.1.1 FCXR08011-scp.bin secondary
The following example uploads a copy of an OS image file from the primary flash memory on a Brocade
device to an SCP server with the IP address of 172.26.51.180 :
device# copy flash scp 172.26.51.180 filename primary
The following example specifies that the SCP connection is established using SSH public key
authentication:
device# copy flash scp 172.26.51.180 public-key dsa filename primary
History
172
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
copy running-config scp
copy running-config scp
Uploads a copy of the running configuration file from a FastIron device to an SCP server.
Syntax
Parameters
copy running-config scp { ipv4-address | ipv4-hostname | ipv6 { ipv6-address | ipv6-hostname }
outgoing-interface { ethernet stackid/slot/port | ve ve-number } } [ public-key { dsa | rsa } ] [ remoteport ] remote-filename
ipv4-address
Specifies the IPV4 address of the SCP server.
ipv4-hostname
Specifies the IP hostname of the SCP server.
ipv6
Specifies the IPV6 address method for SCP file transfer.
ipv6-address
Specifies the IPV6 address of the SCP server. You must specify this address in
hexadecimal using 16-bit values between colons, as documented in RFC 2373.
ipv6-hostname
Specifies the IPv6 hostname of the SCP server.
outgoing-interface
Specifies the interface to be used to reach the remote host.
ethernet stackid/slot/port
Configures an Ethernet interface as the outgoing interface.
ve ve-number
Configures a virtual interface (VE) as the outgoing interface.
public-key
Specifies the type of public key authentication to use for the connection, either
digital signature algorithm (DSA) or Rivest, Shamir, and Adelman (RSA) . If you
do not configure this parameter, the default authentication type is password.
dsa
Specifies DSA as the public key authentication.
rsa
Specifies RSA as the public key authentication.
remote-port
Specifies the remote port number for the TCP connection.
remote-filename
Specifies the name of the file in the SCP server that is going to be uploaded.
You can specify up to 127 characters for the filename.
Modes
Usage Guidelines
Examples
Privileged EXEC mode
You are prompted for username and password when you configure this command.
The following example uploads a copy of the running configuration file from a FastIron device to a
172.26.51.180 SCP server:
device# copy running-config scp 172.26.51.180 runConfig
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
173
copy scp flash
copy scp flash
Downloads from an SCP server a copy of the OS image file to a FastIron's device's primary or
secondary flash memory or a copy of the boot file or the signature file to the FastIron device. The
syntax for copying an image between two devices under test (DUTs) is different from the syntax for
downloading from a DUT to a Linux or a Windows server.
Syntax
Syntax for copying an image between two DUTs:
copy scp flash { ipv4-address | ipv4-hostname | ipv6 { ipv6-address | ipv6-hostname } outgoinginterface { ethernet stackid/slot/port | ve ve-number } } [ public-key { dsa | rsa } ] [ remote-port ]
remote-filename { { flash:primary | secondary } | bootrom | { fips-primary-sig | fips-secondary-sig |
fips-bootrom-sig } } [ icx6450 | icx6610 ]
Syntax for downloading from a DUT to a Linux or a Windows server:
copy scp flash { ipv4-address | ipv4-hostname | ipv6 { ipv6-address | ipv6-hostname- } outgoinginterface { ethernet stackid/slot/port | ve ve-number } } [ public-key { dsa | rsa } ] [ remote-port ]
remote-filename { { primary | secondary } | bootrom | { fips-primary-sig | fips-secondary-sig | fipsbootrom-sig } } [ icx6450 | icx6610 ]
Parameters
ipv4-address
Specifies the IPV4 address of the SCP server.
ipv4-hostname
Specifies the IP hostname of the SCP server.
ipv6
Specifies the IPV6 address method for SCP file transfer.
ipv6-address
Specifies the IPV6 address of the SCP server.
ipv6-hostname
Specifies the IPv6 hostname of the SCP server.
outgoing-interface
Specifies the interface to be used to reach the remote host.
ethernet stackid/slot/port
Configures an Ethernet interface as the outgoing interface.
ve ve-number
Configures a virtual interface (VE) as the outgoing interface.
public-key
Specifies the type of public key authentication to use for the connection, either
digital signature algorithm (DSA) or Rivest, Shamir, and Adelman (RSA) . If you
do not configure this parameter, the default authentication type is password.
dsa
Specifies DSA as the public key authentication.
rsa
Specifies RSA as the public key authentication.
remote-port
Specifies the remote port number for the TCP connection.
remote-filename
Specifies the name of the file in the SCP server that is be transferred. You can
specify up to 127 characters for the filename.
flash:primary
174
FastIron Command Reference
53-1003389-04
Commands A - E
Specifies the binary image in primary flash memory. Configure the
flash:primary keyword when transferring files between DUTs,. See the usage
note regarding using this keyword when transferring files between DUTs.
primary
Specifies the binary image in primary flash memory. Configure the primary
keyword when transferring files between DUTs. See the usage note regarding
using this keyword when transferring files between DUTs.
secondary
Specifies the binary image in secondary flash memory.
bootrom
Specifies the boot file image in the SCP server.
fips-primary-sig
Specifies the signature filename in SCP server.
fips-secondary-sig
Specifies the signature filename in SCP server.
fips-bootrom-sig
Specifies the signature filename in SCP server.
icx6450
Specifies the FastIron ICX 6450 as the device to which the signature file is
downloaded.
icx6610
Specifies the FastIron ICX 6610 as the device to which the signature file is
downloaded.
Modes
Usage Guidelines
Privileged EXEC mode
You are prompted for username and password when you configure this command.
NOTE
When transferring files between DUTs, you should configure the flash:primary keyword instead of the
primary keyword because the SCP server does not support remote-filename aliases.
Examples
The following example copies an image from an SCP server to a Brocade device:
device# copy scp flash 10.20.1.1 FCXR08011.bin primary
device# copy scp flash 10.20.1.1 FCXR08011.bin secondary
The following example downloads a copy of the signature file from a 172.26.51.180 SCP server to a
Brocade ICX 6610 device:
device# copy scp flash 172.26.51.180 /tftpboot/ICX6610.sig fips-primary-sig
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
175
copy scp license
copy scp license
Downloads a copy of the license file from an SCP server to a FastIron device.
Syntax
Parameters
copy scp license { ipv4-address- | ipv4-hostname- | ipv6 { ipv6-address- | ipv6-hostname- } outgoinginterface { ethernet stackid/slot/port | ve ve-number } } [ public-key { dsa | rsa } ] [ remote-port ]
remote-filename [ unit unit-id ]
ipv4-addressSpecifies the IPV4 address of the SCP server, using 8-bit values in dotted
decimal notation.
ipv4-hostnameSpecifies the IP hostname of the SCP server.
ipv6
Specifies the IPV6 address method for SCP file transfer.
ipv6-address-prefix/prefix-length
Specifies the IPV6 address of the SCP server. You must specify this address in
hexadecimal using 16-bit values between colons, as documented in RFC 2373.
ipv6-hostnameSpecifies the IPv6 hostname of the SCP server.
outgoing-interface
Specifies the interface to be used to reach the remote host.
ethernet stackid/slot/port
Configures an Ethernet interface as the outgoing interface.
ve ve-number
Configures a virtual interface (VE) as the outgoing interface.
public-key
Specifies the type of public key authentication to use for the connection, either
digital signature algorithm (DSA) or Rivest, Shamir, and Adelman (RSA) . If you
do not configure this parameter, the default authentication type is password.
dsa
Specifies DSA as the public key authentication.
rsa
Specifies RSA as the public key authentication.
remote-port
Specifies the local port number for the TCP connection.
remote-filename
Specifies the name of the file in the SCP server that is be transferred. You can
specify up to 127 characters for the filename.
unit unit-id
Specifies the unit ID of the device in the stack. If two or more pizza-box devices
are connected and acting as a single device, a single management ID is
assigned to the stack.
Modes
Usage Guidelines
Examples
Privileged EXEC mode
You are prompted for username and password when you configure this command.
The following example downloads a copy of the license file from an SCP server to a FastIron device:
Device# copy scp license 172.26.21.180 /tftpboot/abc.xml unit 1
Device#
176
FastIron Command Reference
53-1003389-04
Commands A - E
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
177
copy scp running-config
copy scp running-config
Downloads a copy of the running configuration file from an SCP server to a FastIron device.
Syntax
Parameters
copy scp running-config { ipv4-address | ipv4-hostname | ipv6 { ipv6-address | ipv6-hostname } [
outgoing-interface { ethernet stackid/slot/port | ve ve-number } ] } [ public-key { dsa | rsa } ] [ remoteport ] remote-filename overwrite
ipv4-address
Specifies the IPV4 address of the SCP server.
ipv4-hostname
Specifies the IP hostname of the SCP server.
ipv6
Specifies the IPV6 address method for SCP file transfer.
ipv6-address-prefix
Specifies the IPV6 address of the SCP server. You must specify this address in
hexadecimal using 16-bit values between colons, as documented in RFC 2373.
ipv6-hostname
Specifies the IPv6 hostname of the SCP server.
outgoing-interface
Specifies the interface to be used to reach the remote host.
ethernet stackid/slot/port
Configures an Ethernet interface as the outgoing interface.
ve ve-number
Configures a virtual interface (VE) as the outgoing interface.
public-key
Specifies the type of public key authentication to use for the connection, either
digital signature algorithm (DSA) or Rivest, Shamir, and Adelman (RSA) . If you
do not configure this parameter, the default authentication type is password.
dsa
Specifies DSA as the public key authentication.
rsa
Specifies RSA as the public key authentication.
remote-port
Specifies the remote port number for the TCP connection.
remote-filename
Specifies the name of the file in the SCP server that is be transferred. You can
specify up to 127 characters for the filename.
overwrite
Specifies that the FastIron device should overwrite the current configuration file
with the copied file. If you do not specify the overwrite keyword, the device
copies the downloaded file into the current running or startup configuration but
does not overwrite the current configuration.
Modes
Usage Guidelines
Examples
Privileged EXEC mode
You are prompted for username and password when you configure this command.
The following example downloads a copy of the running configuration file from an SCP server to a
FastIron device:
device# copy scp running-config 172.26.51.180 abc.cfg
178
FastIron Command Reference
53-1003389-04
Commands A - E
The following example downloads a copy of the running configuration file from an SCP server to a
FastIron device and overwrite the current configuration file with the copied file:
device# copy scp running-config 172.26.51.180 abc.cfg overwrite
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
179
copy scp startup-config
copy scp startup-config
Downloads a copy of the startup configuration file from an SCP server to a FastIron device.
Syntax
Parameters
copy scp startup-config { ipv4-address | ipv4-hostname | ipv6 { ipv6-address | ipv6-hostname }
outgoing-interface { ethernet stackid/slot/port | ve ve-number } } [ public-key { dsa | rsa } ] [ remoteport ] remote-filename
ipv4-address
Specifies the IPV4 address of the SCP server, using 8-bit values in dotted
decimal notation.
ipv4-hostname
Specifies the IP hostname of the SCP server.
ipv6
Specifies the IPV6 address method for SCP file transfer.
ipv6-address
Specifies the IPV6 address of the SCP server. You must specify this address in
hexadecimal using 16-bit values between colons, as documented in RFC 2373.
ipv6-hostname
Specifies the IPv6 hostname of the SCP server.
outgoing-interface
Specifies the interface to be used to reach the remote host.
ethernet stackid/slot/port
Configures an Ethernet interface as the outgoing interface.
ve ve-number
Configures a virtual interface (VE) as the outgoing interface.
public-key
Specifies the type of public key authentication to use for the connection, either
digital signature algorithm (DSA) or Rivest, Shamir, and Adelman (RSA) . If you
do not configure this parameter, the default authentication type is password.
dsa
Specifies DSA as the public key authentication.
rsa
Specifies RSA as the public key authentication.
remote-port
Specifies the remote port number for the TCP connection.
remote-filename
Specifies the name of the file in the SCP server that is be transferred. You can
specify up to 127 characters for the filename.
Modes
Usage Guidelines
Examples
Privileged EXEC mode
You are prompted for username and password when you configure this command.
The following example downloads a copy of the startup configuration file from an SCP server to a
FastIron device:
device# copy scp startup-config 172.26.51.180 abc.cfg
History
180
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
copy startup-config scp
copy startup-config scp
Uploads a copy of the startup configuration file from a FastIron device to an SCP server.
Syntax
Parameters
copy startup-config scp { ipv4-address- | ipv4-hostname- | ipv6 { ipv6-address- | ipv6-hostname- }
outgoing-interface { ethernet stackid/slot/port | ve ve-number } } [ public-key { dsa | rsa } ] [ remoteport ] remote-filename
ipv4-addressSpecifies the IPV4 address of the SCP server, using 8-bit values in dotted
decimal notation.
ipv4-hostnameSpecifies the IP hostname of the SCP server.
ipv6
Specifies the IPV6 address method for SCP file transfer.
ipv6-address-prefix/prefix-length
Specifies the IPV6 address of the SCP server. You must specify this address in
hexadecimal using 16-bit values between colons, as documented in RFC 2373.
ipv6-hostnameSpecifies the IPv6 hostname of the SCP server.
outgoing-interface
Specifies the interface to be used to reach the remote host.
ethernet stackid/slot/port
Configures an Ethernet interface as the outgoing interface.
ve ve-number
Configures a virtual interface (VE) as the outgoing interface.
public-key
Specifies the type of public key authentication to use for the connection, either
digital signature algorithm (DSA) or Rivest, Shamir, and Adelman (RSA) . If you
do not configure this parameter, the default authentication type is password.
dsa
Specifies DSA as the public key authentication.
rsa
Specifies RSA as the public key authentication.
remote-port
Specifies the remote port number for the TCP connection.
remote-filename
Specifies the name of the file in the SCP server that is be transferred. You can
specify up to 127 characters for the filename.
Modes
Usage Guidelines
Examples
Privileged EXEC mode
You are prompted for username and password when you configure this command.
The following example uploads a copy of the startup configuration file from a FastIron device to a to a
172.26.51.180 SCP server:
device# copy startup-config scp 172.26.51.180 my_startup_file
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
181
critical-vlan
critical-vlan
Specifies the VLAN into which the client should be placed when the RADIUS server times out while
authenticating or re-authenticating users.
Syntax
critical-vlan vlan-id
no critical-vlan vlan-id
Command Default
Parameters
The client is not part of the critical VLAN.
vlan-id
Specifies the VLAN ID of the specific critical VLAN.
Modes
Usage Guidelines
Examples
Authentication mode.
The no form of the command disables the critical VLAN by removing the client from the VLAN.
The following example enables VLAN 20 as critical VLAN.
device(config)# authentication
device(config-authen)# critical-vlan 20
History
182
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
default-ports
default-ports
Assigns ports (interfaces) other than the factory-assigned ports as the default stacking ports.
Syntax
default-ports unit/slot/ port
no default-ports
Command Default
Parameters
The factory-assigned default stacking ports are the only default stacking ports on the device.
unit
Stack unit ID for the device on which the interface resides.
slot
Stack unit slot or module on which the interface resides.
port
Interface to be used as a default stacking port.
Modes
Usage Guidelines
Stack unit configuration mode
The no form of the command restores the factory-assigned default stacking ports. Any ports you
previously assigned as the default stacking ports using the default-ports command are overwritten.
When you use the default-ports command, the factory-assigned default stacking ports are no longer
the default stacking ports.
Only valid stacking ports can be assigned as default stacking ports. Valid ports vary depending on the
type of FastIron device.
Tagged ports cannot be assigned as default stacking ports.
The number of ports you can assign as default stacking ports varies depending on the type of FastIron
device. Some devices allow you to assign two ports as the default stacking ports, and some devices
allow you to assign a single port as the default stacking port.
Examples
The following example assigns the stacking ports on Module 3 on the rear panel of an ICX 7750 as the
default stacking ports.
device# configure terminal
device(config)# stack unit 1
device¡(config-unit-1)# default-ports 1/3/1 1/3/4
FastIron Command Reference
53-1003389-04
183
disable-aging
disable-aging
Disables aging of MAC sessions at the global level.
Syntax
disable-aging { permitted-mac | denied-mac }
no disable-aging { permitted-mac | denied-mac }
Command Default
Parameters
Aging of MAC sessions is not disabled.
permitted-mac
Prevents permitted (authenticated and restricted) sessions from being aged out
and ages denied sessions.
denied-mac
Prevents denied sessions from being aged out, but ages out permitted
sessions.
Modes
Usage Guidelines
Authentication mode
The no form of the command does not disable aging.
Use this command to disable the aging of MAC sessions. Use the disable-aging command in the
authentication mode and the authentication disable-aging command at the interface level. The
command entered at the interface level overrides the command entered at the authentication level.
Examples
The example disables aging for permitted MAC addresses.
device(config)# authentication
device(config-authen)# disable-aging permitted-mac
History
184
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
disable authentication md5
disable authentication md5
Disables the MD5 authentication scheme for Network Time Protocol (NTP).
Syntax
disable authentication md5
no disable authentication md5
Command Default
Modes
Usage Guidelines
If JITC is enabled, the MD5 authentication scheme is disabled. In the standard mode, the MD5
authentication scheme is enabled.
Global configuration mode
In the standard mode, both SHA1 and MD5 authentication schemes are supported. If JITC is enabled,
The MD5 authentication for Network Time Protocol (NTP) is disabled by default and the disable
authentication md5 command can be seen in the running configuration. In the JITC mode, only the
SHA1 option is available. The SHA1 authentication scheme must be enabled manually to define the
authentication key for NTP using the authentication-key key-id command.
The no form of the command enables the MD5 authentication scheme.
Examples
The following example disables the MD5 authentication scheme.
device(config)# disable authentication md5
History
Release version
Command history
08.0.20a
This command was introduced.
FastIron Command Reference
53-1003389-04
185
dlb-internal-trunk-hash
dlb-internal-trunk-hash
Changes the hashing method for inter-packet-processor (inter-pp) HiGig links that are used to connect
master and slave units in ICX 7450-48 devices.
Syntax
dlb-internal-trunk-hash { inactivity-mode | spray-mode }
no dlb-internal-trunk-hash { inactivity-mode | spray-mode }
Command Default
Parameters
The hashing method is inactivity mode.
inactivity-mode
Specifies that the flow is set by the inactivity of traffic loading.
spray-mode
Specifies that the flow is set to receive new member assignments for every
packet arrival in accordance with the traffic loading of each aggregate member.
Modes
Usage Guidelines
Global configuration mode
The no form of this command restores the default hashing method.
NOTE
This command is supported only on ICX 7450-48 devices that have master and slave units.
Dynamic load balancing (DLB) enhances hash-based load balancing by taking into account the traffic
loading in the network. The inter-pp HiGig links in ICX7450-48 devices use hash-based load balancing
to distribute traffic evenly. You can configure the dlb-internal-trunk-hash command to change the
hashing method.
Examples
The following example globally enables spray mode as the inter-pp links hashing method.
ICX7450-48P Router(config)#dlb-internal-trunk-hash
History
186
Release version
Command history
08.0.20
This command was introduced.
spray-mode
FastIron Command Reference
53-1003389-04
dot1x auth-filter
dot1x auth-filter
Applies the specified filter on the interface.
Syntax
dot1x auth-filter filter-id vlan-id
no dot1x auth-filter filter-id vlan-id
Command Default
Parameters
There are no filters applied on the interface.
filter-id
Specifies the filter ID to be applied on the interface.
vlan-id
Specifies the VLAN ID.
Modes
Usage Guidelines
Interface configuration mode.
The no form of the command disable the dot1x auth-filter functionality. If the VLAN is not specified, the
auth-default-vlan is used.
The following rules apply when using the dot1x auth-filter command:
• The maximum number of filters that can be bound to a port is limited by the mac-filter-port default or
a configured value.
• The filters must be applied as a group. For example, if you want to apply four filters to an interface,
they must all appear on the same command line.
• You cannot add or remove individual filters in the group. To add or remove a filter on an interface,
apply the filter group again containing all the filters you want to apply to the port.
• If you apply a filter group to a port that already has a filter group applied, the older filter group is
replaced by the new filter group.
• If you add filters to or modify the dot1x authentication filter, the system clears all 802.1X sessions on
the port. Consequently, all users that are logged in will need to be re-authenticated.
Examples
The following example applies the dot1x filter on a specific VLAN.
device(config)# authentication
device(config-authen)# interface ethernet 1/1/1
device(config-if-e1000-1/1/1)# dot1x auth-filter 1 2
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
187
dot1x enable
dot1x enable
Enables dot1x authentication.
Syntax
dot1x enable
dot1x enable all
dot1x enable ethernet stackid/slot/port
no dot1x enable [ all | ethernet stackid/slot/port ]
Command Default
Parameters
dot1x authentication is not enabled.
all
Enables dot1x authentication on all interfaces.
ethernet stackid/slot/port
Enables dot1x authentication on the specified interface.
Modes
Usage Guidelines
Examples
Authentication mode.
The no form of the command disables dot1x authentication.
The following example enables dot1x authentication on all interfaces.
device(config)# authentication
device(config-authen)# dot1x enable all
The following example shows enabling dot1x authentication on ethernet interface 1/1/1.
device(config)# authentication
device(config-authen)# dot1x enable ethernet 1/1/1
History
188
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
dot1x guest-vlan
dot1x guest-vlan
Specifies the guest VLAN ID at the global level.
Syntax
dot1x guest-vlan vlan-id
no dot1x guest-vlan vlan-id
Command Default
Parameters
The guest VLAN ID is not specified.
vlan-id
Specifies the VLAN ID of the guest VLAN.
Modes
Usage Guidelines
dot1x configuration mode.
The no form of this command disables the functionality.
Use this command when the client does not support the dot1x authentication, so that the client can
access default privileges.
Examples
The following example specifies the guest VLAN.
device(config)# authentication
device(config-authen)# dot1x guest-vlan 7
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
189
dot1x max-reauth-req
dot1x max-reauth-req
Specifies the maximum number of Extensible Authentication Protocol (EAP) frame retransmissions.
Syntax
dot1x max-reauth-req count
no dot1x max-reauth-req count
Command Default
Parameters
The EAP frame retransmissions are not specified.
count
Specifies the EAP frame re-transmissions. This is a number from 1 through 10.
The default is 2.
Modes
Usage Guidelines
Authentication mode.
The no form of this command will disable this functionality.
The Brocade device retransmits the EAP-request/identity frame a maximum of two times. If no EAP
response/identity frame is received from the client after two EAP-request/identity frame re-transmissions
(or the amount of time specified with the max-reauth-req command), the device restarts the
authentication process with the client.
You can optionally change the number of times the Brocade device should retransmit the EAP request/
identity frame.
Examples
The following example configures the device to retransmit an EAP-request/identity frame to a client a
maximum of three times.
device(config)# authentication
device(config-authen)# dot1x max-reauth-req 3
History
190
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
dot1x-mka-enable
dot1x-mka-enable
Enables MACsec Key Agreement (MKA) capabilities on a licensed device and enters dot1x-mka
configuration mode.
Syntax
dot1x-mka-enable
no dot1x-mka-enable
Command Default
Modes
Usage Guidelines
No MACsec capability is available.
Global configuration
This command is supported only on the Brocade ICX 6610.
The no form of this command disables the MKA and MACsec functionality on all ports. This may require
the already authenticated hosts to re-authenticate.
Use the dot1x-mka-enable command to enable MACsec on an already licensed device. Commands
may be visible, but they do not work on a non-licensed device.
Examples
The following example enables MACsec capabilities on the device.
device(config)# dot1x-mka-enable
device(config-dot1x-mka)#
History
Related
Commands
Release version
Command history
08.0.20
This command was introduced.
enable-mka, mka-cfg-group
FastIron Command Reference
53-1003389-04
191
dot1x timeout
dot1x timeout
Describes the timeout parameters applicable to the device.
Syntax
dot1x timeout {quiet-period seconds| tx-period seconds | supplicant seconds }
no dot1x timeout {quiet-period seconds| tx-period seconds | supplicant seconds }
Command Default
Parameters
The timeout parameters are not applied to the device.
quiet-period seconds
Specifies the time, in seconds, that the device waits before trying to reauthenticate the client. The quiet period can be from 1 through 4294967295
seconds. The default is 60 seconds. If the Brocade device is unable to
authenticate the client, the Brocade device waits a specified amount of time
before trying again. The amount of time the Brocade device waits is specified
with the quiet period parameter.
tx-period seconds
Specifies the EAP request retransmission interval, in seconds, with the client.
By default, if the Brocade device does not receive an EAP-response/identity
frame from a client, the device waits 30 seconds, then retransmits the EAPrequest/identity frame. You can optionally change the amount of time the
Brocade device waits before re-transmitting the EAP-request/identity frame to
the client. If the client does not send back an EAP-response/identity frame
within 60 seconds, the device will transmit another EAP-request/identity frame.
The tx-period is a value from 1 through 4294967295. The default is 30 seconds.
supplicant seconds
By default, when the Brocade device relays an EAP-Request frame from the
RADIUS server to the client, it expects to receive a response from the client
within 30 seconds. You can optionally specify the wait interval using the
supplicant seconds parameters.
Modes
Usage Guidelines
Examples
Authentication mode.
The no form of the command disables dot1x timeout.
The following example specifies the quiet period as 30 seconds.
device(config)# authentication
device(config-authen)# dot1x enable
device(config-authen)# dot1x timeout quiet-period 30
History
192
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
egress-buffer-profile
egress-buffer-profile
Attaches a user-configured egress buffer profile to one or more ports.
Syntax
egress-buffer-profile profile-name
no egress-buffer-profile profile-name
Command Default
Parameters
If a port is not attached to a user-configured egress buffer profile, it uses the default egress buffer
profile.
profile-name
Specifies the name of the egress buffer profile to be attached to the port.
Modes
Interface mode
Multiple-interface mode
Usage Guidelines
The no form of this command removes a user-configured egress buffer profile from the port and the port
uses the default egress buffer profile.
You must configure an egress buffer profile before you can attach it to a port.
Only one egress buffer profile at a time can be attached to any port. You can attach an egress buffer
profile to more than one port.
Examples
The following example attaches an egress buffer profile named egress1 to a port:
Device(config-if-e10000-1/1/1)# egress-buffer-profile egress1
The following example attaches an egress buffer profile named egress2 to multiple ports:
Device(config-mif-1/1/2-1/1/16)# egress-buffer-profile egress2
The following example removes an egress buffer profile named egress2 from multiple ports:
Device(config-mif-1/1/2-1/1/16)# no egress-buffer-profile egress2
History
Release version
Command history
8.0.10
This command was introduced.
FastIron Command Reference
53-1003389-04
193
enable-accounting
enable-accounting
Enables Access Control List (ACL) accounting for IPv4 and IPv6 named ACLs.
Syntax
enable-accounting
no enable-accounting
Command Default
Modes
Usage Guidelines
Examples
This option is disabled.
IPv4 and IPv6 access-list configuration modes
This is only applicable to named ACLs. The no form of this command disables ACL accounting on the
associated ACL interface.
The following example enables IPv6 ACL accounting. The named access-list must be configured before
enabling the ACL accounting.
device(config)# ipv6 access-list v6
device(config-ipv6-access-list-v6)# enable-accounting
The following example enables ACL accounting for an IPv4 named ACL.
device(config)# ip access-list standard std
device(config-std-nacl)# permit 10.10.10.0/24
device(config-std-nacl)# deny 10.20.20.0/24
device(config-std-nacl)# enable-accounting
History
194
Release version
Command history
08.0.10
This command was introduced.
FastIron Command Reference
53-1003389-04
enable-mka
enable-mka
Enables MACsec Key Agreement (MKA) on a specified interface and changes the mode to dot1x-mkainterface mode to enable related parameters to be configured.
Syntax
enable-mka ethernet device/slot/port
no enable-mka ethernet device/slot/port
Command Default
Parameters
MKA is not enabled on an interface.
ethernet device/slot/port
Specifies an Ethernet interface and the number of the device, the slot on the
device, and the port on that slot.
Modes
Usage Guidelines
dot1x-mka-interface mode
When the no version of the command is executed, MACSec is removed from the port.
This command is supported only on the Brocade ICX 6610.
For a MACsec channel to be created between two ports, both ports and devices designated must have
MACsec enabled and configured.
Examples
The following example enables MACsec on port 2, slot 3 of the first device in the stack.
device(config)# dot1x-mka-enable
device(config-dot1x-mka)# enable-mka ethernet 1/3/2
device(config-dot1x-mka-1/3/2)#
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
195
errdisable packet-inerror-detect
errdisable packet-inerror-detect
Enables the device to monitor configured ports for inError packets and defines the sampling time
interval in which the number of inError packets is counted.
Syntax
errdisable packet-inerror-detect sampling-interval
no errdisable packet-inerror-detect sampling-interval
Command Default
Parameters
There is no monitoring for inError packets on any port of the device.
sampling-interval
Specifies the sampling interval in seconds. It can take a value in the inclusive
range of 2 through 60 seconds.
Modes
Usage Guidelines
Examples
Global configuration mode
If the number of inError packets exceeds the configured threshold for two consecutive sampling
windows, then the configured port is error-disabled. The no form of this command disables this
monitoring.
The following example sets the sampling interval in which the number of inError packets is counted to
three seconds.
device(config)# errdisable packet-inerror-detect 3
History
196
Release version
Command history
07.3.00g
This command was introduced.
FastIron Command Reference
53-1003389-04
Commands K - S
FastIron Command Reference
53-1003389-04
197
key-server-priority
key-server-priority
Configures the MACsec key-server priority for the MACsec Key Agreement (MKA) group.
Syntax
key-server-priority value
no key-server-priority value
Command Default
Parameters
Key-server priority is set to 16. This is not displayed in configuration details.
value
Specifies key-server priority. The possible values range from 0 to 255, where 0
is highest priority and 255 is lowest priority.
Modes
Usage Guidelines
dot1x-mka-cfg-group mode
This command is supported only on the Brocade ICX 6610.
The no form of the command removes the previous priority setting.
During key-server election, the server with the highest priority (the server with the lowest key-server
priority value) becomes the key-server.
Examples
The following example sets the key-server priority for MKA group test1 to 5.
device(config)#dot1x-mka-enable
device(config-dot1x-mka)# mka-cfg-group test1
device(config-dot1x-mka-group-test1)# key-server-priority 5
History
198
Release version
Command history
08.0.20
This command was introduced.
08.0.20a
This command was modified. The key-server priority value range was
increased from 0 through 127 to 0 through 255.
FastIron Command Reference
53-1003389-04
link-config gig copper autoneg-control
link-config gig copper autoneg-control
Configures the maximum advertised speed on a port that has auto-negotiation enabled.
Syntax
link-config gig copper autoneg-control { 100m-auto | 10m-auto | down-shift } ethernet stack-id/
slot/port [ to stack-id/slot/port | [ ethernet stack-id/slot/port to stack-id/slot/port | ethernet stack-id/slot/
port ] ... ]
no link-config gig copper autoneg-control { 100m-auto | 10m-auto | down-shift } ethernet stack-id/
slot/port [ to stack-id/slot/port | [ ethernet stack-id/slot/port to stack-id/slot/port | ethernet stack-id/slot/
port ] ... ]
Command Default
Parameters
The maximum port speed advertisement is not configured.
ethernet stack-id/slot/port
Specifies the Ethernet interface.
Modes
Usage Guidelines
Global configuration mode
Maximum port speed advertisement is not supported on Brocade ICX 7750.
The down-shift option is not supported on Brocade ICX 7450.
The maximum port speed advertisement works only when auto-negotiation is enabled (CLI command
speed-duplex auto). If auto-negotiation is off, the device rejects the maximum port speed
advertisement configuration.
You can enable the maximum port speed advertisement on one or two ports at a time.
When port speed down-shift or the maximum port speed advertisement is enabled on a port, the
device rejects any configuration attempts to set the port to a forced speed mode (100 Mbps or 1000
Mbps).
The no form of the command disables the maximum port speed advertisement.
Examples
The following command configures a maximum port speed advertisement of 10 Mbps on a port that has
auto-negotiation enabled.
device(config)# link-config gig copper autoneg-control 10m-auto ethernet 1/1/1
History
Release version
Command history
8.0.20
This command was introduced in Brocade ICX 7450, but the downshift
option was not supported.
FastIron Command Reference
53-1003389-04
199
logging
logging
Enables logging on the Router Advertisement (RA) guard policy.
Syntax
logging
no logging
Modes
Usage Guidelines
RA guard policy configuration mode
The no form of this command disables logging on the policy.
Logging cannot be modified if the RA guard policy is in use.
You can verify the logs for RA guard, such as RAs dropped, permitted, count for dropped packets, and
reasons for the drop.
Logging increases the CPU load and for higher traffic rates, RA packets drop due to congestion if they
are received at the line rate. For less load on the CPU, logging can be disabled on the RA guard policy.
Examples
The following example enables logging on an RA guard policy:
Brocade(config)# ipv6 raguard policy p1
Brocade(config-ipv6-RAG-policy p1)# logging
200
FastIron Command Reference
53-1003389-04
logging cli-command
logging cli-command
Enables logging of all syntactically valid CLI commands from each user session into the system log.
Syntax
logging cli-command
no logging cli-command
Command Default
Modes
Usage Guidelines
Logging of CLI commands is not enabled.
Global configuration mode
If the logging cli-command command is configured, all the CLI commands executed by the user are
logged in the system log and are displayed in the show logging command output.
The no form of the command disables the logging of CLI commands from each user session into the
system log.
Examples
The following example enables the logging of CLI commands on the device.
device(config)# logging cli-command
The following example shows the system log records which are displayed in the show logging
command output. The system log contains the valid commands that are executed by the user.
Brocade (config)#show logging
Syslog logging: enabled (0 messages dropped, 0 flushes, 5 overruns)
Buffer logging: level ACDMEINW, 50 messages logged
level code: A=alert C=critical D=debugging M=emergency E=error
I=informational N=notification W=warning
Dynamic Log Buffer (50 lines):
8d02h28m43s:I:CLI CMD: "ip route 0.0.0.0 0.0.0.0 10.20.64.1" by un-authenticated
user from console
8d02h28m24s:I:System: Interface ethernet 1/1, state up
8d02h28m22s:I:CLI CMD: "enable" by un-authenticated user from console
8d02h28m22s:I:PORT: 1/1 enabled by un-authenticated user from console session
8d02h28m19s:I:CLI CMD: "disable" by un-authenticated user from console
8d02h28m19s:I:PORT: 1/1 disabled by un-authenticated user from console session
8d02h28m16s:I:CLI CMD: "interface ethernet 1/1" by un-authenticated user from
console
FastIron Command Reference
53-1003389-04
201
loop-detection shutdown-disable
loop-detection shutdown-disable
Disables shutdown of a port when a loop detection probe packet is received on an interface.
Syntax
loop-detection shutdown-disable
no loop-detection shutdown-disable
Command Default
Modes
Usage Guidelines
Loop detection shutdown is enabled on the interface.
Interface configuration
The no form of this command disables loop detection shutdown.
Shutdown prevention for loop-detect functionality allows users to disable shut down of a port when the
loop detection probe packet is received on an interface. This provides control over deciding which port
is allowed to enter in to an error-disabled state and go into a shutdown state when a loop is detected.
Examples
The following example disables loop detection shutdown on an interface.
device(config)# interface ethernet 1/7
device(config-if-e1000-1/7)# loop-detection shutdown-disable
History
202
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
loop-detection-syslog-interval
loop-detection-syslog-interval
Specifies the interval (in minutes) at which a syslog is generated.
Syntax
loop-detection-syslog-interval num
no loop-detection-syslog-interval num
Command Default
Parameters
The syslog interval is 5 minutes.
num
Specifies the syslog interval in minutes. The interval can range from 1 through
1440 minutes.
Modes
Usage Guidelines
Global configuration
The no form of this command restores the default settings.
You can specify the interval at which the loop detection syslog message is generated if the loopdetection-shutdown-disable command is configured for the port. This configuration applies to all the
ports that have loop detection shutdown prevention configured.
Examples
The following example shows the loop detection syslog interval set to 1 hour.
device(config)# loop-detection-syslog-interval 60
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
203
mac filter enable-accounting
mac filter enable-accounting
Enables access control list (ACL) accounting on Layer 2 MAC filters.
Syntax
mac filter num enable-accounting
no mac filter num enable-accounting
Command Default
Parameters
This option is disabled.
num
Specifies the MAC filter ID.
enable-accounting
Enables MAC filter accounting on the specified interface.
Modes
Usage Guidelines
Examples
Global configuration mode
The no form of this command disables ACL accounting on the associated Layer 2 MAC filter interface.
The following example enables ACL accounting on a Layer 2 MAC filter.
device(config)# mac filter 1 permit 0000.0000.0001 ffff.ffff.ffff any
device(config)# mac filter 1 enable-accounting
device(config)# interface ethernet 3/21
device(config-if-e1000-3/21)# mac filter-group 1
History
204
Release version
Command history
08.0.10
This command was introduced.
FastIron Command Reference
53-1003389-04
mac-auth auth-filter
mac-auth auth-filter
Applies the specified filter on the interface.
Syntax
mac-auth auth-filter filter-id vlan vlan-id
no mac-auth auth-filter filter-id vlan vlan-id
Command Default
Parameters
There are no filters applied on the interface.
filter-id
Specifies the identification number of the filter to be applied on the interface.
vlan vlan-id
Specifies the identification number of the VLAN to which the filter is applied.
Modes
Usage Guidelines
Interface configuration mode
The no form of this command disables this functionality.
You must use the interface configuration mode to use this command.
If the VLAN is not specified in the command, the auth-default VLAN is used.
Examples
The following example applies the MAC address filter on VLAN 2.
device(config)# authentication
device(config-authen)# interface ethernet 1/1/1
device(config-if-e1000-1/1/1)# mac-auth auth-filter 1 vlan 2
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
205
mac-auth dot1x-override
mac-auth dot1x-override
Configures the device to perform dot1x authentication when MAC authentication fails.
Syntax
mac-auth dot1x-override
no mac-auth dot1x-override
Command Default
Modes
Usage Guidelines
Examples
MAC authentication dot1x override is not enabled.
Authentication mode
The no form of the command disables MAC authentication dot1x override functionality.
The following example enables MAC authentication dot1x override when MAC authentication fails.
device(config)# authentication
device(config-authen)# mac-auth dot1x-override
History
206
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
mac-auth enable
mac-auth enable
Enables MAC authentication globally or on a specific interface.
Syntax
mac-auth enable [ all | ethernet device/slot/port ]
no mac-auth enable [ all | ethernet device/slot/port ]
Command Default
Parameters
MAC authentication is not enabled.
all
Enables MAC authentication on all interfaces.
ethernet device/slot/port
Enables MAC authentication on a specific interface.
Modes
Usage Guidelines
Examples
Authentication mode.
The no form of the command disables MAC authentication.
The following example globally enables MAC authentication.
device(config)#authentication
device(config-authen)#mac-auth enable
device(config-authen)#mac-auth enable all
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
207
mac-auth password-format
mac-auth password-format
Configures the MAC authentication password format.
Syntax
mac-auth password-format { xx-xx-xx-xx-xx-xx | xxxx.xxxx.xxxx | xxxxxxxxxxxx } [upper-case]
no mac-auth password-format { xx-xx-xx-xx-xx-xx | xxxx.xxxx.xxxx | xxxxxxxxxxxx } [upper-case]
Command Default
Parameters
By default, the MAC address is sent to the RADIUS server in the format xxxxxxxxxxxx in lower case.
xx-xx-xx-xx-xx-xx
Specifies the MAC authentication password format as xx-xx-xx-xx-xx-xx.
xxxx.xxxx.xxxx
Specifies the MAC authentication password format as xxxx.xxxx.xxxx.
xxxxxxxxxxxx
Specifies the MAC authentication password format as xxxxxxxxxxxx.
upper-case
Converts the password to uppercase.
Modes
Usage Guidelines
Authentication mode
The no form of the command restores the default (no MAC authentication password format is
configured).
You can configure the device to send the MAC address to the RADIUS server in the format xx-xx-xx-xxxx-xx, or the format xxxx.xxxx.xxxx. Use the upper-case password format option to send the password
in uppercase.
Examples
The following example configures the MAC authentication password format as xx-xx-xx-xx-xx-xx.
device(config)# authentication
device(config-authen)# mac-auth password-format xx-xx-xx-xx-xx-xx
The following example configures the MAC authentication password format as xx-xx-xx-xx-xx-xx in
upper case.
device(config)# authentication
device(config-authen)# mac-auth password-format xx-xx-xx-xx-xx-xx upper-case
History
208
Release version
Command history
08.0.20
This command was introduced.
08.0.20c
The upper-case option was added.
FastIron Command Reference
53-1003389-04
mac-auth password-override
mac-auth password-override
Enables password override for MAC authentication. The password you specify is used for MAC
authentication instead of the MAC address.
Syntax
mac-auth password-override password
no mac-auth password-override password
Command Default
Parameters
MAC authentication password override is not enabled.
password
Specifies the password to be used for MAC authentication. The password can
contain up to 32 alphanumeric characters, but cannot include blank spaces.
Modes
Usage Guidelines
Authentication mode
The no form disables MAC authentication password override.
The MAC address is still the user name and cannot be changed.
Examples
The following example enables MAC authentication password override on the device.
device(config)# authentication
device(config-authen)# mac-auth password-override password
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
209
mac-notification interval
mac-notification interval
Configures the MAC-notification interval between each set of generated traps.
Syntax
mac-notification interval secs
no mac-notification interval secs
Command Default
Parameters
No interval for MAC-notification is configured.
secs
Specifies the MAC-notification interval in seconds between each set of traps
that are generated. The range is from 1 through 3600 seconds (1 hour). The
default interval is 3 seconds.
Modes
Usage Guidelines
Global configuration mode
The no form of this command sets the interval to its default value, which is 3 seconds.
A trap is sent aggregating the MAC events such as addition or deletion depending on the interval you
specify.
Examples
The following example configures an interval of 40 seconds.
device(config)# mac-notification interval 40
The following example sets the interval to its default value:
device(config)# no mac-notification interval 3
History
210
Release version
Command history
08.0.10
This command was introduced.
FastIron Command Reference
53-1003389-04
macsec cipher-suite
macsec cipher-suite
Enables GCM-AES-128 bit encryption or GCM-AES-128 bit integrity checks on MACsec frames
transmitted between group members.
Syntax
macsec cipher-suite { gcm-aes-128 | gcm-aes-128 integrity-only }
no macsec cipher-suite { gcm-aes-128 | gcm-aes-128 integrity-only }
Command Default
Parameters
GCM-AES-128 bit encryption or integrity checking is not enabled. Frames are encrypted starting with
the first byte of the data packet, and ICV checking is enabled.
gcm-aes-128
Enables GCM-AES-128 bit encryption.
gcm-aes-128 integrity-only
Enables GCM-AES-128 bit integrity checks.
Modes
Usage Guidelines
dot1x-mka-cfg-group mode
The no form of the command restores the default encryption and integrity checking.
This command is supported only on the Brocade ICX 6610.
The macsec cipher-suite command can be used in conjunction with an encryption offset configured
with the macsec confidentiality-offset command.
Examples
The following example enables GCM-AES-128 encryption on group test1.
device(config)# dot1x-mka-enable
device(config-dot1x-mka)# mka-cfg-group test1
device(config-dot1x-mka-group-test1)# macsec cipher-suite gcm-aes-128
The following example enables GCM-AES-128 bit integrity checking on test1.
device(config)# dot1x-mka-enable
device(config-dot1x-mka)# mka-cfg-group test1
device(config-dot1x-mka-group-test1)# macsec cipher-suite gcm-aes-128 integrity-only
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
211
macsec confidentiality-offset
macsec confidentiality-offset
Configures the offset size for MACsec encryption.
Syntax
macsec confidentiality-offset size
no macsec confidentiality-offset size
Command Default
Parameters
No offset for MACsec encryption is configured.
size
Determines where encryption begins. Valid values are:
Modes
Usage Guidelines
30
Encryption begins at byte 31 of the data packet.
50
Encryption begins at byte 51 of the data packet.
dot1x-mka-cfg-group mode
This command is supported only on the Brocade ICX 6610.
The no form of the command disables encryption offset on all interfaces in the MACsec MKA group.
This command is only meaningful when encryption is enabled for the MACsec group using the macsec
cipher-suite command.
Examples
The following example configures a 30-byte offset on encrypted transmissions as part of group test1
parameters.
device(config)# dot1x-mka-enable
device(config-dot1x-mka)# mka-cfg-group test1
device(config-dot1x-mka)# macsec cipher-suite gcm-aes-128
device(config-dot1x-mka-group-test1)# macsec confidentiality-offset 30
History
212
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
macsec frame-validation
macsec frame-validation
Enables validation checks for frames with MACsec headers and configures the validation mode (strict or
not strict).
Syntax
macsec frame-validation { disable | check | strict }
no macsec frame-validation { disable | check | strict }
Command Default
Parameters
MACsec frame validation is disabled (not visible in configuration).
disable
Disables validation checks for frames with MACsec headers.
check
Enables validation checks for frames with MACsec headers and configures
non-strict validation mode. If frame validation fails, counters are incremented
but packets are accepted.
strict
Enables validation checks for frames with MACsec headers and configures
strict validation mode. If frame validation fails, counters are incremented and
packets are dropped.
Modes
Usage Guidelines
dot1x-mka-cfg-group mode
This command is supported only on the Brocade ICX 6610.
The no form of the restores the default (validation checks for frames with MACsec headers is disabled).
Examples
The following example enables validation checks for frames with MACsec headers on group test1 and
configures strict validation mode.
device(config)# dot1x-mka-enable
device(config-dot1x-mka)# mka-cfg-group test1
device(config-dot1x-mka-group-test1)# macsec frame-validation strict
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
213
macsec replay-protection
macsec replay-protection
Specifies the action to be taken when packets are received out of order, based on their packet
number. If replay protection is configured, you can specify the window size within which out-of-order
packets are allowed.
Syntax
macsec replay-protection { strict | out-of-order window-size size }
no macsec replay-protection { strict | out-of-order window-size size }
Parameters
strict
Does not allow out-of-order packets.
out-of-order window-size
Allows out-of-order packets within a specific window size.
size
Specifies the allowable window within which an out-of-order packet can be
received. Allowable range is from 0 through 4294967295.
Modes
Usage Guidelines
dot1x-mka-cfg-group mode
This command is supported only on the Brocade ICX 6610.
The no form of the command disables macsec replay protection.
Examples
The following example configures group test1 to accept packets in exact sequence only.
device(config)# dot1x-mka-enable
device(config-dot1x-mka)# mka-cfg-group test1
device(config-dot1x-mka-group-test1)# macsec replay-protection strict
device(config-dot1x-mka-group-test1)#
The following example configures group test1 to accept out-of-order MACsec frames within a window
size of 2000.
device(config)# dot1x-mka-enable
device(config-dot1x-mka)# mka-cfg-group test1
device(config-dot1x-mka-group-test1)# macsec replay-protection out-of-order windowsize 2000
History
214
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
max-hw-age
max-hw-age
Enables and configures the maximum hardware age for denied MAC addresses.
Syntax
max-hw-age age
no max-hw-age age
Command Default
Parameters
The maximum hardware age is not configured. The default hardware aging time is 70 seconds.
age
Specifies the maximum hardware age in seconds. The possible values range
from 1 to 65535 seconds.
Modes
Usage Guidelines
Authentication mode
The no form of this command disables maximum hardware age.
Aging of the Layer 2 hardware entry for a blocked MAC address occurs in two phases, known as
hardware aging and software aging. On FastIron devices, the hardware aging period for blocked MAC
addresses is fixed at 70 seconds and is non-configurable. The hardware aging time for non-blocked
MAC addresses is the length of time specified with the mac-age command. The software aging period
for blocked MAC addresses is configurable through the CLI. Once the hardware aging period ends, the
software aging period begins. When the software aging period ends, the blocked MAC address ages
out, and can be authenticated again if the Brocade device receives traffic from the MAC address.
On FastIron X Series devices, the hardware aging period for blocked MAC addresses is not fixed at 70
seconds. The hardware aging period for blocked MAC addresses is equal to the length of time specified
with the mac-age command. As on FastIron devices, once the hardware aging period ends, the
software aging period begins. When the software aging period ends, the blocked MAC address ages
out, and can be authenticated again if the device receives traffic from the MAC address.
Examples
The following example enables maximum hardware age and sets it to 160 seconds.
device(config)# authentication
device(config-authen)# max-hw-age 160
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
215
maximum-preference
maximum-preference
Configures the Router Advertisement (RA) guard policy to accept RAs based on a router preference
setting.
Syntax
maximum-preference { high | low | medium }
no maximum-preference { high | low | medium }
Command Default
The router preference setting for the RA guard policy is high (allows all RAs).
Parameters
high
Configures the router preference of RAs for the RA guard policy to high (allows
all RAs). This is the default.
low
Allows RAs of low router preference.
medium
Allows RAs of low and medium router preference.
Modes
Usage Guidelines
RA guard policy configuration mode
If a very low value is set, the RAs expected to be forwarded might get dropped.
The no form of this command removes the router preference for an RA guard policy.
Examples
The following example configures the RA guard policy router preference to low:
Brocade(config)# ipv6 raguard policy p1
Brocade(config-ipv6-RAG-policy p1)# maximum-preference low
216
FastIron Command Reference
53-1003389-04
max-mcache
max-mcache
Configures the maximum number of PIM cache entries.
Syntax
max-mcache num
no max-mcache num
Command Default
Parameters
If this command is not configured, the maximum value is determined by the system max pim-hwmcache command or by available system resources.
num
Specifies the maximum number of multicast cache entries for PIM.
Modes
PIM router configuration mode
PIM router VRF mode
Usage Guidelines
The no form of this command removes the configuration and resets the command to its default
behavior.
Configure the max-mcache command to define the maximum number of repeated cache entries for
PIM traffic being sent from the same source address and being received by the same destination
address. To define this maximum for the default VRF, configure the command in router PIM
configuration mode; to define the maximum for a specific VRF, first configure the router pim vrf
command.
Examples
This example configures the maximum number of PIM cache entries for the default VRF to 999.
device(config)# router pim
device(config-pim-router)# max-mcache 999
This example configures the maximum number of PIM cache entries for the VRF, VPN1, to 999.
device(config)# router pim vrf vpn1
device(config-pim-router-vrf-vpn1)# max-mcache 999
FastIron Command Reference
53-1003389-04
217
max-sw-age
max-sw-age
Configures the maximum software age for denied MAC addresses.
Syntax
max-sw-age age
no max-sw age
Command Default
Parameters
The maximum software age is not configured.
age
You can specify from 1 - 65535 seconds. The default is 120 seconds.
Modes
Usage Guidelines
Authentication mode
When the Brocade device is configured to drop traffic from non-authenticated MAC addresses, traffic
from the blocked MAC addresses is dropped in hardware, without being sent to the CPU. A Layer 2
CAM entry is created that drops traffic from the blocked MAC address in hardware. If no traffic is
received from the blocked MAC address for a certain amount of time, this Layer 2 CAM entry is aged
out. If traffic is subsequently received from the MAC address, then an attempt can be made to
authenticate the MAC address again.
Aging of the Layer 2 CAM entry for a blocked MAC address occurs in two phases, known as hardware
aging and software aging. The hardware aging period is fixed at 70 seconds and is non-configurable.
The software aging time is configurable through the CLI.
Examples
The following example configures the maximum software age to 170 seconds.
device(config)# authentication
device(config-authen)# max-sw-age 170
History
218
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
mesh-group
mesh-group
Configures a multicast source discovery protocol (MSDP) mesh group from several rendezvous points
(RPs).
Syntax
mesh-group group-name peer-address
no mesh-group group-name peer-address
Command Default
Parameters
Mesh groups are not configured.
group-name
Specifies the mesh group as alphabetic characters. The limit is 31 characters.
peer-address
Specifies the IP address of the MSDP peer that is being placed in the mesh
group. Each mesh group can include up to 32 peers.
Modes
Usage Guidelines
MSDP VRF configuration mode
The no form of this command removes mesh groups.
You must configure the msdp-peer command to configure the MSDP peers by assigning their IP
addresses and the loopback interfaces before you configure a mesh group.
You can have up to four mesh groups in a multicast network. Each mesh group can include up to 15
peers.
Each device that will be part of a mesh group must have a mesh group definition for all the peers in the
mesh-group.
Examples
This example configures an MSDP mesh group on each device that will be included in the mesh group.
Device(config)# router msdp
Device(config-msdp-router)#
Device(config-msdp-router)#
Device(config-msdp-router)#
Device(config-msdp-router)#
Device(config-msdp-router)#
Device(config-msdp-router)#
Device(config-msdp-router)#
FastIron Command Reference
53-1003389-04
msdp-peer 206.251.18.31 connect-source loopback 2
msdp-peer 206.251.19.31 connect-source loopback 2
msdp-peer 206.251.20.31 connect-source loopback 2
mesh-group GroupA 206.251.18.31
mesh-group GroupA 206.251.19.31
mesh-group GroupA 206.251.20.31
exit
219
message-interval
message-interval
Changes the default PIM Sparse join or prune message interval.
Syntax
message-interval [ vrf vrf-name ] interval
no message-interval [ vrf vrf-name ] interval
Parameters
vrf vrf-name
Specifies a VRF instance.
interval
Specifies the join or prune message interval in seconds. The range is 10
through 18724; the default is 60.
Command Default
Modes
The join or prune interval is 60 seconds.
PIM router configuration mode
PIM router VRF configuration mode
Usage Guidelines
The no form of this command restores the default; the join-prune interval is 60 seconds.
PIM Sparse join and prune messages inform other PIM Sparse routers about clients who want to
become receivers (join) or stop being receivers (prune) for PIM Sparse groups.
NOTE
Configure the same join or prune message interval on all the PIM Sparse routers in the PIM Sparse
domain. The performance of PIM Sparse can be adversely affected if the routers use different timer
intervals.
Examples
This example changes the PIM join or prune interval to 30 seconds.
Device(config)# ipv6 router pim
Device(config-ipv6-pim-router)# message-interval 30
This example changes the PIM join or prune interval on a VRF to 30 seconds.
Device(config)# ipv6 router pim vrf blue
Device(config-ipv6-pim-router-vrf-blue)# message-interval 30
220
FastIron Command Reference
53-1003389-04
mka-cfg-group
mka-cfg-group
Creates and names a MACsec Key Agreement (MKA) configuration group.
Syntax
mka-cfg-group group-name
no mka-cfg-group group-name
Command Default
Parameters
No MACsec options are configured for an MKA configuration group. All related parameters retain their
default settings.
group-name
Provides a name for an MKA configuration group that can be applied to ports.
Modes
dot1x-mka configuration mode
dot1x-mka-interface configuration mode
Usage Guidelines
This command is supported only on the Brocade ICX 6610.
The no form of this command deletes the MKA configuration group. MACSec is disabled on the ports
where the group is configured.
The dot1x-mka-enable command must be executed before the mka-cfg-group command can be
used.
After the MACsec Key Agreement (MKA) configuration group is created, you can apply the configured
group and its settings to an interface being configured using the mka-cfg-group command in the dot1xmka-interface configuration mode.
FastIron Command Reference
53-1003389-04
221
Commands K - S
Examples
The following example creates the MKA configuration group test1.
device(config)# dot1x-mka
dot1x-mka-enable
Enable MACsec
device(config)# dot1x-mka-enable
device(config-dot1x-mka)#
device(config-dot1x-mka)# mka-cfg-group
ASCII string
Name for this group
device(config-dot1x-mka)# mka-cfg-group test1
device(config-dot1x-mka-group-test1)#
device(config-dot1x-mka-group-test1)# key-server-priority
DECIMAL
Priority of the Key Server. Valid values should be between 0 and 255
device(config-dot1x-mka-group-test1)# key-server-priority 5
device(config-dot1x-mka-group-test1)#
device(config-dot1x-mka-group-test1)# macsec cipher-suite
gcm-aes-128
GCM-AES-128 Cipher suite
device(config-dot1x-mka-group-test1)# macsec cipher-suite gcm-aes-128
device(config-dot1x-mka-group-test1)#
device(config-dot1x-mka-group-test1)# macsec confidentiality-offset
30
Confidentiality offset of 30
50
Confidentiality offset of 50
device(config-dot1x-mka-group-test1)# macsec confidentiality-offset 30
device(config-dot1x-mka-group-test1)#
device(config-dot1x-mka-group-test1)# macsec frame-validation
check
Validate frames with secTAG and accept frames without secTAG
disable
Disable frame validation
strict
Validate frames with secTAG and discard frames without secTAG
device(config-dot1x-mka-group-test1)# macsec frame-validation strict
device(config-dot1x-mka-group-test1)#
device(config-dot1x-mka-group-test1)# macsec replay-protection
out-of-order
Validate MACsec frames arrive in the given window size
strict
Validate MACsec frames arrive in a sequence
device(config-dot1x-mka-group-test1)# macsec replay-protection strict
device(config-dot1x-mka-group-test1)#
The following example applies the previously configured MKA group test1 to ethernet interface 1/3/3.
device(config)# dot1x-mka-enable
device(config-dot1x-mka)# enable-mka ethernet 1/3/3
device(config-dot1x-mka-1/3/3)# mka-cfg-group test1
History
222
Release version
Command history
08.0.20
This command was introduced.
08.0.20a
This command was expanded to support the association of a configured MKA
group and its settings to an interface at the interface configuration level. The
mka-group command was deprecated as part of this change.
FastIron Command Reference
53-1003389-04
mstp instance
mstp instance
Configures a Multiple Spanning Tee Protocol (MSTP) instance that allows multiple VLANs to be
managed by a single STP instance and supports per-VLAN STP. This allows you to use fewer
spanning-tree instances to map to VLANs.
Syntax
mstp instance instance-number [ vlan vlan-id | vlan-group group-id ] [ priority priority-value ]
no mstp instance instance-number [ vlan vlan-id | vlan-group group-id ] [ priority priority-value ]
Command Default
Parameters
No MSTP instances are configured. Any VLANs remain in the common, internal spanning tree (CIST) or
are free.
instance-number
Specifies the number for the instance of MSTP that you are configuring. You
can specify up to 15 instances, identifying each, in MSTP mode, by a number in
the range 1 through 4094. In MSTP mode, you cannot specify the value 0,
which identifies the CIST. In MSTP+ mode, the range is 0 through 4094.
vlan vlan-id
Assigns one or more VLANs or a range of VLANs to the MSTP instance.
vlan-group group-id
Assigns one or more VLAN groups to the MSTP instance.
priority priority-value
Specifies the forwarding preference for instances within a VLAN or on the
device. You can specify a numeric value in the range 0 to 61440 in increments
of 4096. A higher priority variable means a lower forwarding priority. The default
value is 32768.
Modes
Usage Guidelines
Global configuration mode
In MSTP mode, the no form of this command moves a VLAN or VLAN group from its assigned MSTP
back into the CIST. In MSTP+ mode, the no form of this command assigns any VLAN as a free VLAN.
The system does not allow an MSTP instance without any VLANs mapped to it;removing all VLANs
from an MSTP instance deletes the instance from the system.
In MSTP+ mode, you can specify an instance number value of 0 because MSTP+ mode allows you to
add VLANs to and remove VLANs from the CIST.
Examples
The following example configures an MSTP instance and map VLANs 1 to 7 to it.
Device(config)# mstp instance 7 vlan 4 to 7
The following example specifies a priority of 8192 to MSTP instance 1.
Device(config)# mstp instance 1 priority 8192
FastIron Command Reference
53-1003389-04
223
mstp scope
mstp scope
Configures VLANs in Multiple Spanning Tee Protocol (MSTP) mode.
Syntax
mstp scope { all | pvst }
no mstp scope { all | pvst }
Command Default
Parameters
No VLAN is under direct MSTP control.
all
Configures MSTP on all VLANs.
pvst
Configures MSTP in per-VLAN spanning tree (PVST) mode.
Modes
Usage Guidelines
Global configuration mode
The no form of this command removes the MSTP PVST mode and restores the device to non-MSTP
mode.
MSTP is not operational until the mstp start command is configured. You cannot start MSTP+ unless at
least one MSTP+ instance of MSTP+ is configured.
Examples
The following example configures MSTP mode on all VLANs.
Device(config)# mstp scope all
The following example enables MSTP in PVST mode.
Device(config)# mstp scope pvst
History
224
Release version
Command history
8.0.20
This command was modified to support the pvst keyword.
FastIron Command Reference
53-1003389-04
multicast disable-pimsm-snoop
multicast disable-pimsm-snoop
Disables PIM Sparse mode (SM) snooping for a specific VLAN when snooping is enabled globally.
Syntax
multicast disable-pimsm-snoop
no multicast disable-pimsm-snoop
Command Default
Modes
Usage Guidelines
Examples
The global PIM SM snooping setting applies.
VLAN configuration mode
The no form of this command restores the global PIM SM snooping setting.
This example disables PIM SM snooping on VLAN 20.
Device(config)#config vlan 20
Device(config-vlan-20)#multicast disable-pimsm-snoop
FastIron Command Reference
53-1003389-04
225
multicast fast-convergence
multicast fast-convergence
Configures a device to listen to topology change events in Layer 2 protocols such as spanning tree,
and then send general queries to shorten the convergence time.
Syntax
multicast fast-convergence
no multicast fast-convergence
Command Default
Modes
Usage Guidelines
Fast convergence is not configured.
VLAN configuration mode
The no form of this command restores the default; fast convergence is not configured.
If the Layer 2 protocol cannot detect a topology change, fast convergence may not work in some cases.
For example, if the direct connection between two devices switches from one interface to another, the
Rapid Spanning Tree protocol (802.1w) considers this optimization rather than a topology change. In
this example, other devices do not receive topology change notifications, and cannot send queries to
speed up the convergence. Fast convergence works well with the regular spanning tree protocol in this
case.
Examples
This example configures fast convergence on VLAN 70.
Device(config)#vlan 70
Device(config-vlan-70)#multicast fast-convergence
226
FastIron Command Reference
53-1003389-04
multicast fast-leave-v2
multicast fast-leave-v2
Configures fast leave for IGMP V2.
Syntax
multicast fast-leave-v2
no multicast fast-leave-v2
Command Default
Modes
Usage Guidelines
Fast leave for IGMP V2 is not configured.
VLAN configuration mode
The no form of this command restores the default; fast leave for IGMP V2 is not configured.
When a device receives an IGMP V2 leave message, it sends out multiple group-specific queries. If no
other client replies within the waiting period, the device stops forwarding traffic. When the multicast
fast-leave-v2 command is configured, and when the device receives a leave message, it immediately
stops forwarding to that port. The device does not send group specific-queries. When the multicast
fast-leave-v2 command is configured on a VLAN, you must not have multiple clients on any port that is
part of the VLAN.
In a scenario where two devices connect, the querier device should not be configured for fast-leave-v2
because the port might have multiple clients through the non-querier.
You can configure the ip multicast leave-wait-time command to set the number of queries and the
waiting period.
Examples
This example configures fast leave for IGMP on VLAN 10.
Device(config)#vlan 10
Device(config-vlan-10)#multicast fast-leave-v2
FastIron Command Reference
53-1003389-04
227
multicast pimsm-snooping prune-wait
multicast pimsm-snooping prune-wait
Configures the amount of time a device waits after receiving a PIM prune message before removing
the outgoing interface (OIF) from the forwarding entry.
Syntax
multicast pimsm-snooping prune-wait seconds
no multicast pimsm-snooping prune-wait seconds
Command Default
Parameters
The prune-wait time is 5 seconds.
seconds
The time to wait, in seconds. The range is 0 to 65535; the default is 5.
Modes
Usage Guidelines
VLAN configuration mode
The no form of this command restores the default prune-wait time (5 seconds).
The prune-wait time is necessary on a LAN where multiple receivers could be listening to the group; it
gives them time to override the prune message. Configure the multicast pimsm-snooping prune-wait
command to modify the prune-wait time according to topology and PIM router configurations.
In accordance with RFC 4601, PIM routers delay pruning for 3.5 seconds by default, so configuring a
lower prune-wait value may cause traffic disruption. You should configure a prune-wait value lower than
3.5 seconds only if the topology supports it, for example, if the group has only one receiver, and an
immediate prune is needed.
Examples
The following example configures the prune-wait time to 7 seconds.
Device(config)#vlan 10
Device(config-vlan-10)#multicast pimsm-snooping prune-wait 7
History
228
Release version
Command history
8.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
multicast port-version
multicast port-version
Configures the IGMP version on individual ports in a VLAN.
Syntax
multicast port-version { 2 | 3 } ethernet port [ ethernet port | to port ]
no multicast port-version { 2 | 3 } ethernet port [ ethernet port | to port ]
Command Default
Parameters
The port uses the IGMP version configured globally or for the VLAN.
2
Configures IGMP version 2.
3
Configures IGMP version 3.
ethernet port
Specifies the port to configure the version on.
to
Specifies a range of ports.
Modes
Usage Guidelines
VLAN configuration mode
The no form of this command restores the IGMP version configured globally or for the VLAN.
You can specify a list of ports, separated by a space, or a range of ports, or you can combine lists and
ranges.
See the description of the ip multicast version command for information on how to configure the IGMP
version globally.
See the description of the multicast version command for information on how to configure the IGMP
version on a VLAN.
Examples
This example configures ports 4, 5, and 6 to use IGMP version 3.
Device(config)#config vlan 20
(config-vlan-20)#multicast port-version 3 ethernet 2/4 to 2/6
FastIron Command Reference
53-1003389-04
229
multicast proxy-off
multicast proxy-off
Turns off proxy activity for static groups.
Syntax
multicast proxy-off
no multicast proxy-off
Command Default
Modes
Usage Guidelines
Proxy activity is on.
VLAN configuration mode
The no form of this command restores the default; proxy activity is on.
When a device is configured for static groups, it acts as a proxy and sends membership reports for the
static groups when it receives general or group-specific queries. When a static group configuration is
removed, the group is deleted from the active group table immediately. However, leave messages are
not sent to the querier, and the querier must age out the group. You can configure the multicast proxyoff command to turn off proxy activity.
Examples
This example turns off proxy activity for VLAN 20.
Device(config)#vlan 20
Device(config-vlan-20)#multicast proxy-off
230
FastIron Command Reference
53-1003389-04
multicast router-port
multicast router-port
Configures a static router Ethernet port to receive multicast control and data packets.
Syntax
multicast router-port ethernet stackid/slot/portnum [ ethernet stackid/slot/portnum | to stackid/slot/
portnum ]
multicast router-port ethernet stackid/slot/portnum [ ethernet stackid/slot/portnum | to stackid/slot/
portnum ]
Command Default
Parameters
The device forwards all multicast control and data packets only to router ports that receive queries.
stackid/slot/portnum
Specifies the Ethernet port you want to force traffic to. On standalone devices
specify the interface ID in the format slot/port-id; on stacked devices you must
also specify the stack ID, in the format stack-id/slot/port-id. You can configure a
single port or a list of ports, separated by a space.
to
Specifies a range of ports.
Modes
Usage Guidelines
Examples
VLAN configuration mode
The no form of this command restores the default, that is, the device forwards all multicast control and
data packets only to router ports that receive queries.
This example configures a static port on Ethernet 1/1/3 on VLAN 70.
device#configure terminal
device(config)#vlan 70
device(config-vlan-70)#multicast router-port ethernet 1/1/3
This example configures a list of static ports on VLAN 70.
device#configure terminal
device(config)#vlan 70
device(config-vlan-70)#multicast router-port ethernet 1/1/24 ethernet 1/6/24 ethernet
1/8/17
This example configures a range of static ports on VLAN 70.
device#configure terminal
device(config)#vlan 70
device(config-vlan-70)#multicast router-port ethernet 1/1/1 to 1/1/8
This example configures a combined range and list of static ports on VLAN 70.
device#configure terminal
device(config)#vlan 70
device(config-vlan-70)#multicast router-port ethernet 1/1/1 to 1/1/8 ethernet 1/1/24
ethernet 1/6/24 ethernet 1/8/17
FastIron Command Reference
53-1003389-04
231
multicast static-group
multicast static-group
Configures a static IGMP group for a VLAN.
Syntax
multicast static-group ipv4-address [ count num ] [ ethernet stackid/slot/portnum | drop ]
no multicast static-group ipv4-address [ count num ] [ ethernet stackid/slot/portnum | drop ]
Command Default
Parameters
The VLAN cannot forward multicast traffic to ports that do not receive IGMP membership reports.
ipv4-address
Specifies the address of the static group.
count num
Specifies a contiguous range of groups.
ethernet stackid/slot/portnum
Specifies the ports to be included in the group. On standalone devices specify
the interface ID in the format slot/port-iD; on stacked devices you must also
specify the stack ID, in the format stack-ID/slot/port-ID.
drop
Specifies discarding data traffic to a group in hardware.
Modes
Usage Guidelines
VLAN configuration mode
The no form of this command removes the static group fromr the VLAN.
A snooping-enabled VLAN cannot forward multicast traffic to ports that do not receive IGMP
membership reports. You can configure the multicast static-group command to create a static group
that applies to specific ports, allowing packets to be forwarded to them even though they have no client
membership reports.
On FCX, ICX 6610, ICX 6430, ICX 6450, and ICX 6650 devices, configuring the drop keyword discards
data traffic to a group in hardware. The group can be any multicast group including groups in the
reserved range of 224.0.0.X. Configuring the drop keyword does not affect IGMP packets, which are
always trapped to CPU when snooping is enabled. It applies to the entire VLAN, and cannot be
configured for a port list. When the drop keyword is not configured, the group must exist outside the
reserved range.
Examples
This example configures on VLAN 20 a static group containing ports 1/1/3 and 1/1/5 to 1/1/7.
device# configure terminal
device(config)# vlan 20
device(config-vlan-20)# multicast static-group 224.1.1.1 count 2 ethernet 1/1/3
ethernet 1/1/5 to 1/1/7
232
FastIron Command Reference
53-1003389-04
multicast tracking
multicast tracking
Enables tracking and fast leave on VLANs.
Syntax
multicast tracking
no multicast tracking
Command Default
Modes
Usage Guidelines
Tracking and fast leave are disabled.
VLAN configuration mode
The no form of this command restores the default, that is, tracking and fast leave are disabled.
The membership tracking and fast leave features are supported for IGMP V3 only. If any port or any
client is not configured for IGMP V3, the multicast tracking command is ignored.
Examples
This example enables tracking and fast leave on VLAN 20.
Device(config)#vlan 20
Device(config-vlan-20)#multicast tracking
FastIron Command Reference
53-1003389-04
233
multicast version
multicast version
Configures the IGMP version for snooping on a VLAN.
Syntax
multicast version [ 2 | 3 ]
no multicast version
Command Default
Parameters
The globally-configured IGMP version is used.
2
Configures IGMP version 2.
3
Configures IGMP version 3.
Modes
Usage Guidelines
VLAN configuration mode
The no form of this command restores the globally configured version.
If an IGMP version is configured for an individual port, that port uses the version configured for it, not
the VLAN version.
See the description of the ip multicast version command for information on how to configure the IGMP
version globally.
See the description of the multicast port-version command for information on how to configure the
IGMP version on an individual port
Examples
This example configures IGMP version 3 on VLAN 20.
Device(config)#vlan 20
Device(config-vlan-20)#multicast version 3
234
FastIron Command Reference
53-1003389-04
multicast6 disable-mld-snoop
multicast6 disable-mld-snoop
Disables multicast listening discovery (MLD) snooping for a specific VLAN when snooping is enabled
globally.
Syntax
multicast6 disable-multicast-snoop
no multicast6 disable-multicast-snoop
Command Default
Modes
Usage Guidelines
Examples
The global MLD snooping setting applies.
VLAN configuration mode
The no form of this command restores the global MLD snooping setting.
This example disables MLD snooping on VLAN 20.
Device(config)#vlan 20
Device(config-vlan-20)#multicast6 disable-multicast-snoop
FastIron Command Reference
53-1003389-04
235
multicast6 disable-pimsm-snoop
multicast6 disable-pimsm-snoop
When PIM6 SM snooping is enabled globally, overrides the global setting and disables it for a specific
VLAN.
Syntax
multicast6 disable-pimsm-snoop
no multicast6 disable-pimsm-snoop
Command Default
Modes
Usage Guidelines
The globally configured PIM6 SM snooping applies.
VLAN configuration mode
The no form of this command restores the globally configured PIM6 SM snooping.
The device must be in multicast listening discovery (MLD) passive mode before PIM6 SM snooping can
be disabled.
Examples
This example enables PIM6 SM traffic snooping on VLAN 20.
Device(config)# vlan 20
Device(config-vlan-20)#multicast6 disable-pimsm-snoop
236
FastIron Command Reference
53-1003389-04
multicast6 fast-convergence
multicast6 fast-convergence
Configures a device to listen to topology change events in Layer 2 protocols such as spanning tree, and
then send general queries to shorten the convergence time.
Syntax
multicast6 fast-convergence
no multicast6 fast-convergence
Command Default
Modes
Usage Guidelines
Fast convergence is not configured.
VLAN configuration mode
The no form of this command restores the default; fast convergence is not configured.
Configure the multicast6 fast-convergence command to allow a device to listen to topology change
events in Layer 2 protocols, such as Spanning Tree, and send general queries to shorten the
convergence time.
If the Layer 2 protocol cannot detect a topology change, fast convergence may not work in some cases.
For example, if the direct connection between two devices switches from one interface to another, the
Rapid Spanning Tree protocol (802.1w) considers this to be optimization rather than a topology change.
In this case, other devices do not receive topology change notifications and cannot send queries to
speed up convergence. The original spanning tree protocol does not recognize optimization actions,
and fast convergence works in all cases.
Examples
This example configures fast convergence on VLAN 70.
device# configure terminal
device(config)# vlan 70
device(config-vlan-70)# multicast6 fast-convergence
FastIron Command Reference
53-1003389-04
237
multicast6 port-version
multicast6 port-version
Configures the multicast listening discovery (MLD) version on individual ports in a VLAN.
Syntax
multicast6 port-version { 1 | 2 } [ ethernet stackid/slot/portnum [ ethernet stackid/slot/portnum | to
port ] ]
no multicast6 port-version { 1 | 2 } [ ethernet stackid/slot/portnum [ ethernet stackid/slot/portnum | to
port ] ]
Command Default
Parameters
The port uses the MLD version configured globally or for the VLAN.
1
Configures MLD version 1.
2
Configures MLD version 2.
ethernet stackid/slot/portnum
Specifies the port to configure the version on. On standalone devices specify
the interface ID in the format slot/port-id; on stacked devices you must also
specify the stack ID, in the format stack-id/slot/port-id. You can specify a list of
ports, separated by a space, or a range of ports, or you can combine lists and
ranges.
to
Specifies a range of ports.
Modes
Usage Guidelines
VLAN configuration mode
The no form of this command restores the MLD version configured globally or for the VLAN.
When you configure the MLD version on a specified port or range of ports, the other ports use the MLD
version specified with the multicast6 version command, or the globally configured MLD version.
Examples
This example configures ports 1/1/4, 1/1/5, 1/1/6, and 1/2/1 on VLAN 20 to use MLD version 2.
Device(config)#vlan 20
Device(config-vlan-20)#multicast6 port-version 2 ethernet 1/2/1 ethernet 1/1/4 to
1/1/6
238
FastIron Command Reference
53-1003389-04
multicast6 proxy-off
multicast6 proxy-off
Turns off multicast listening discovery (MLD) proxy activity.
Syntax
multicast6 proxy-off
no multicast6 proxy-off
Command Default
Modes
Usage Guidelines
MLD snooping proxy activity is on.
VLAN configuration mode
The no form of this command restores the default; proxy activity is on.
When a device is configured for static groups, it acts as a proxy and sends membership reports for the
static groups when it receives general or group-specific queries. When a static group configuration is
removed, the group is deleted from the active group table immediately. However, leave messages are
not sent to the querier, and the querier must age out the group. You can configure the multicast proxyoff command to turn off proxy activity.
Examples
This example turns off proxy activity for VLAN 20.
Device(config)#vlan 20
Device(config-vlan-20)#multicast6 proxy-off
FastIron Command Reference
53-1003389-04
239
multicast6 router-port
multicast6 router-port
Configures a static router port to receive IPv6 multicast control and data packets.
Syntax
multicast6 router-port ethernet stackid/slot/portnum [ ethernet stackid/slot/portnum | to stackid/slot/
portnum ]
no multicast6 router-port ethernet stackid/slot/portnum [ ethernet stackid/slot/portnum | to stackid/
slot/portnum ]
Command Default
Parameters
The device forwards all IPv6 multicast control and data packets only to router ports that receive queries.
ethernet stackid/slot/portnum
Specifies the Ethernet port you want to force traffic to. On standalone devices
specify the interface ID in the format slot/port-ID; on stacked devices you must
also specify the stack ID, in the format stack-ID/slot/port-ID. You can configure
a single port or a list of ports, separated by a space.
to
Specifies a range of ports.
Modes
Usage Guidelines
VLAN configuration mode
The no form of this command restores the default, that is, the device forwards all multicast control and
data packets only to router ports that receive queries.
All multicast control and data packets are forwarded to router ports that receive queries. Although router
ports are learned, you can configure static router ports to force multicast traffic to specific ports, even
though these ports never receive queries.
Examples
This example configures a range and a list of static ports on VLAN 70.
device#configure terminal
device(config)#vlan 70
device(config-vlan-70)#multicast6 router-port ethernet 1/1/1 to 1/1/8 ethernet 1/1/24
ethernet 1/6/24 ethernet 1/8/17
240
FastIron Command Reference
53-1003389-04
multicast6 static-group
multicast6 static-group
Configures a static multicast listening discovery (MLD) group for a VLAN.
Syntax
multicast6 static-group ipv6-address [ count num ] [ ethernet stackid/slot/portnum | to stackid/slot/
portnum ]
no multicast6 static-group ipv6-address [ count num ] [ ethernet stackid/slot/portnum | to stackid/
slot/ portnum ]
Command Default
Parameters
The VLAN cannot forward multicast traffic to ports that do not receive MLD membership reports.
ipv6-address
Specifies the IPv6 address of the multicast group.
count num
Specifies a contiguous range of groups. The default is 1.
to
Specifies a range of ports.
ethernet stackid/slot/portnum
Specifies the Ethernet port you want to force traffic to. On standalone devices
specify the interface ID in the format slot/port-ID; on stacked devices you must
also specify the stack ID, in the format stack-ID/slot/port-ID. You can configure
a single port or a list of ports, separated by a space.
Modes
Usage Guidelines
VLAN configuration mode
The no form of this command removes the static group fromr the VLAN.
A snooping-enabled VLAN cannot forward multicast traffic to ports that do not receive MLD membership
reports. To allow clients to send reports, you can configure a static group that applies to individual ports
on the VLAN. The static group forwards packets to the static group ports even if they have no client
membership reports.
You cannot configure a static group that applies to an entire VLAN.
The maximum number of supported static groups in a VLAN is 512, and the maximum number of
supported static groups for individual ports in a VLAN is 256.
Examples
This example configures on VLAN 20 a static group containing ports 0/1/3 and 0/1/5 to 0/1/7.
Device(config)#vlan 20
(config-vlan-20)#multicast6 static-group ff05::100 count 2 ethernet 0/1/3 ethernet
0/1/5 to 0/1/7
FastIron Command Reference
53-1003389-04
241
multicast6 tracking
multicast6 tracking
Enables tracking and fast leave for IPv6 multicast listening discovery Version 2 (MLDv2) on VLANs.
Syntax
multicast6 tracking
no multicast6 tracking
Command Default
Modes
Usage Guidelines
Tracking and fast leave are disabled.
VLAN configuration mode
The no form of this command restores the default, that is, tracking and fast leave are disabled.
The membership tracking and fast leave features are supported for MLDv2 only. If any port or any client
is not configured for MLDv2, the multicast tracking command is ignored.
Examples
This example enables tracking and fast leave on VLAN 20.
Device(config)#vlan 20
Device(config-vlan-20)#multicast6 tracking
242
FastIron Command Reference
53-1003389-04
multicast6 version
multicast6 version
Configures the multicast listening discovery (MLD) version for snooping on a VLAN.
Syntax
multicast6 version { 1 | 2 }
no multicast6 version { 1 | 2 }
Command Default
Parameters
The globally configured MLD version is configured.
1
Configures MLD Version 1.
2
Configures MLD Version 2.
Modes
Usage Guidelines
Global configuration mode
The no form of this command restores the globally configured MLD version.
If an MLD version is specified for individual ports, these ports use that version instead of the version
specified for the VLAN.
Examples
This example specifies MLD Version 2 on VLAN 20.
Device(config)# vlan 20
Device(config-vlan-20)#multicast6 version 2
FastIron Command Reference
53-1003389-04
243
nbr-timeout
nbr-timeout
Configures the interval after which a PIM device considers a neighbor to be absent.
Syntax
nbr-timeout seconds
no nbr-timeout seconds
Command Default
Parameters
The timeout interval is 105 seconds.
seconds
Specifies the interval, in seconds. The range is 35 through 65535 seconds. The
default is 105 seconds.
Modes
Usage Guidelines
PIM router configuration mode
The no form of this command restores the default timeout interval, 105 seconds.
You should set the interval to be not less than 3.5 times the hello timer value.
Examples
This example configures a PIM neighbor timeout value of 360 seconds on all ports on a device
operating with PIM.
Device(config)# router pim
Device(config-pim-router)# nbr-timeout 360
244
FastIron Command Reference
53-1003389-04
openflow enable
openflow enable
Enables or disables the Openflow hybrid port mode on the port.
Syntax
openflow enable [ layer2 | layer3 | layer23 [hybrid-mode ] ]
no openflow enable [ layer2 | layer3 | layer23 [hybrid-mode ] ]
Parameters
layer2
Enables Layer 2 matching mode for flows.
layer3
Enables Layer 3 matching mode for flows.
layer23 hybrid-mode
Enables Layer 2 and Layer 3 matching mode for flows with an option for hybrid
port mode.
Modes
Usage Guidelines
Interface configuration mode
In interface configuration mode, this command enables Layer 2 or Layer 3 matching mode for flows with
an optional enabling of hybrid port mode.
NOTE
OpenFlow must be globally enabled before the Layer2 or Layer 3 matching modes can be specified.
Examples
After OpenFlow 1.3 is enabled, the following example configures Layer 2 and Layer 3 matching mode
for flows.
device# configure terminal
device(config)# openflow enable ofv130
device (config)# interface ethernet 1/1/1
device (config-if-1/1/1)# openflow enable layer 23
History
Release
Command History
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
245
originator-id
originator-id
Configures MSDP to use the specified interface IP address as the IP address of the rendezvous point
(RP) in a source-active (SA) message.
Syntax
originator-id type number
no originator-id type number
Command Default
Parameters
MSDP uses the IP address of the originating RP in the RP address field of the SA message.
type
Specifies the type of interface used by the RP. You can use Ethernet, loopback,
and virtual routing interfaces (ve).
number
Specifies the interface number. For example, the Ethernet port number,
loopback number, or virtual routing interface number.
Modes
MSDP router configuration mode
MSDP router VRF configuration mode
Usage Guidelines
Examples
The no form of this command restores the default
This example configures an interface IP address to be the IP address of the RP.
Device(config)# interface loopback 2
Device(config-lbif-2)# ip address 2.2.1.99/32
Device(config)# router msdp
Device(config-msdp-router)# originator-id loopback 2
Device(config-msdp-router)# exit
This example configures an interface IP address to be the IP address of the RP on a VRF named blue.
Device(config)# interface loopback 2
Device(config-lbif-2)# ip address 2.2.1.99/32
Device(config)# router msdp vrf blue
Device(config-msdp-router-vrf blue)# originator-id loopback 2
Device(config-msdp-router-vrf blue)# exit
246
FastIron Command Reference
53-1003389-04
packet-inerror-detect
packet-inerror-detect
Enables the monitoring of a port for inError packets and defines the maximum number of inError
packets allowed for the port during the configured sampling interval.
Syntax
packet-inerror-detect inError-count
no packet-inerror-detect inError-count
Command Default
Parameters
The Packet InError Detect feature is disabled for the port.
inError-count
Specifies the maximum number of inError packets that are allowed for a port
during the configured sampling interval. The value can range from 10 through
4294967295.
Modes
Usage Guidelines
Interface configuration mode
The no form of this command disable monitoring of inError packets for the port.
If the number of inError packets received at a port exceeds the default value for two consecutive
sampling windows, the port is set to the error-disabled state.
NOTE
To enable monitoring of inError packets for the port only, you must first use the errdisable packetinerror-detect command in global configuration mode to globally enable monitoring for inError packets
on the device.
Examples
The following example displays the maximum number of allowed inError packets for a port set to the
value 10.
device(config)# interface ethernet 1/1/1
device(config-if-e1000-1/1/1)# packet-inerror-detect 10
History
Release version
Command history
07.3.00g
This command was introduced.
FastIron Command Reference
53-1003389-04
247
pass-through
pass-through
Enables pass-through which allows certain protocol packets to pass through ports that have been
enabled for flexible authentication.
Syntax
pass-through { lldp | fdp | cdp }
no pass-through{ lldp | fdp | cdp }
Command Default
Parameters
Pass-through is not enabled.
lldp
Specifies the Link Layer Discovery Protocol to pass through.
fdp
Specifies the Foundry Discovery Protocol to pass through.
cdp
Specifies the Cisco Discovery Protocol to pass through.
Modes
Usage Guidelines
Authentication mode
The no form of the command disables pass-through.
This command specifies the protocols to be passed through even though the client is not authenticated.
Examples
The example enables LLDP for pass-through.
device(config)#authentication
device(config-authen)#pass-through lldp
History
248
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
phy cable diagnostics tdr
phy cable diagnostics tdr
Runs the VCT TDR test on the specified port.
Syntax
Parameters
phy cable-diagnostics tdr stackid/slot/port
stackid/slot/port
Specifies the interface (port), by device, slot, and port number.
Modes
Usage Guidelines
Privileged EXEC mode
Use this command to clear TDR test registers before every TDR cable diagnostic test.
Before executing this command, use the clear cable-diagnostics tdr command to clear any previous
TDR test results.
Display diagnostic test results using the show cable-diagnostics tdr stackid/slot/port command.
Examples
The following example clears test registers for the interface and then runs the TDR diagnostic test for
port 3 on slot 2 of the first device in the stack.
device# clear cable-diagnostics tdr 1/2/3
device# phy cable-diag tdr 1/2/3
History
Release version
Command history
08.0.20
This command was introduced for ICX 6610, ICX 6430, ICX 6430-C, ICX
6450, and ICX6450-C devices.
FastIron Command Reference
53-1003389-04
249
prefix-list
prefix-list
Associates an IPv6 prefix list with a Router Advertisement (RA) guard policy.
Syntax
prefix-list name
no prefix-list name
Parameters
name
Specifies the name of the IPv6 prefix list to associate with the RA guard policy.
Modes
Usage Guidelines
RA guard policy configuration mode
This command associates an IPv6 prefix list with an RA guard policy so that only the RAs that have the
given prefix are forwarded. You must provide the name of an IPv6 prefix list already configured using
the ipv6 prefix-list command. For more information on configuring an IPv6 prefix list using the ipv6
prefix-list command, see the FastIron Ethernet Switch Layer 3 Routing Configuration Guide .
Only one prefix list can be associated with an RA guard policy. If the command is configured twice with
different prefix lists, the latest configured prefix list is associated with the RA guard policy.
Examples
The following example associates an IPv6 prefix list with an RA guard policy:
Brocade(config)# ipv6 prefix-list raguard-prefix1
Brocade(config)# ipv6 raguard policy p1
Brocade(config-ipv6-RAG-policy p1)# prefix-list raguard-prefix1
250
FastIron Command Reference
53-1003389-04
pre-shared-key
pre-shared-key
Configures the pre-shared MACsec key on the interface.
Syntax
pre-shared-key key-id key-name hex-string
no pre-shared-key key-id key-name hex-string
Command Default
Parameters
No pre-shared MACsec key is configured on the interface.
key-id
Specifies the 32 hexadecimal value used as the Connectivity Association Key
(CAK).
key-name hex-string
Specifies the 32 hexadecimal characters used as the CAK key name.
Modes
Usage Guidelines
dot1x-mka interface mode
The no form of the command removes the pre-shared key from the interface.
This command is supported only on the Brocade ICX 6610 device.
The pre-shared key is required for communications between MACsec peers.
Examples
The following example configures MKA group test1 and assigns the MACsec pre-shared key with a
name beginning with 96437a93 and with the value shown, to port 2, slot 3 on the first device in the
stack.
device(config)#dot1x-mka-enable
device(config-dot1x-mka)# mka-cfg-group test1
device(config-dot1x-mka-group-test1)# key-server-priority 5
device(config-dot1x-mka-group-test1)# macsec cipher-suite gcm-aes-128
device(config-dot1x-mka-group-test1)# macsec confidentiality-offset 30
device(config-dot1x-mka-group-test1)# exit
device(config-dot1x-mka)# enable-mka ethernet 1/3/2
device(config-dot1x-mka-1/3/2)# mka-group test1
device(config-dot1x-mka-1/3/2)# pre-shared-key 135bd758b0ee5c11c55ff6ab19fdb199 keyname 96437a93ccf10d9dfe347846cce52c7d
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
251
priority
priority
Configures a priority value for the device. This value is used along with other factors to determine
controller election if a stack failover or merge occurs.
Syntax
priority num
no priority
Command Default
Parameters
The priority value for the active controller and standby device is 128.
num
Possible values are 0 to 255. Lower values assign a lower priority to the device,
and higher values assign a higher priority to the device.
Modes
Usage Guidelines
Stack unit configuration mode
The no form of the command restores the default priority value to the device (128). You do not have to
specify the default value when using the no form.
A unit that has a relatively high priority value is more likely to be elected to be the active controller.
When you change the priority value assigned to a stack unit, the value takes effect immediately but
does not affect the active controller until the next reset.
When the active and standby controller have the same priority value, other factors affect controller
election, such as up-time and number of members controlled.
Examples
The following example assigns a priority value of 130 to stack unit 1.
device(Config)# stack unit 1
device(Config-unit-1)# priority 130
History
252
Release version
Command history
08.0.01
This command was introduced.
FastIron Command Reference
53-1003389-04
priority-flow-control
priority-flow-control
Enables priority flow control (PFC) on a priority group.
Syntax
priority-flow-control priority-group-number
no priority-flow-control priority-group-number
Command Default
Parameters
PFC is globally disabled
priority-group-number
Specifies a priority group. The range is 0-3.
Modes
Usage Guidelines
Global configuration mode
The no form of this command restores the default flow-control settings.
To enable global PFC, symmetrical-flow-control must be disabled.
You must enable PFC globally before you configure it for priority groups.
Enabling PFC on a priority group enables PFC on all the ports.
PFC and 802.3x flow control are mutually exclusive. Configuring the priority-flow-control command
disables 802.3x in both transmit and receive directions.
PFC is not supported for ports across stack units on ICX 7750 devices.
PFC is not supported on ICX 7450 devices.
Examples
The following example enables PFC for a priority group:
Device(config)# priority-flow-control enable
Device(config)# priority-flow-control 2
History
Release version
Command history
8.0.10
This command was introduced.
8.0.20
This command was modified. Specifying a priority group no longer enables
PFC on all ports.
FastIron Command Reference
53-1003389-04
253
priority-flow-control enable
priority-flow-control enable
Enables priority flow control (PFC) globally or on an individual port.
Syntax
priority-flow-control enable
no priority-flow-control enable
Command Default
Modes
PFC is disabled (globally and on all ports).
Global configuration mode
Interface configuration mode
Usage Guidelines
In global configuration mode, the no form of this command restores the default flow-control settings. In
interface configuration mode, the no form of the command disables PFC on the interface.
To enable global PFC, symmetrical-flow-control must be disabled.
You must enable PFC globally before you configure it for priority groups.
In global configuration mode, configuring the priority-flow-control enable command enables PFC
globally; in interface configuration mode, configuring it enables PFC on a port. You can configure the
priority-flow-control enable command in interface configuration mode to enable both PFC transmit
and receive, that means PFC is both honored and generated. PFC must be enabled on at least one
priority group before you can configure the priority-flow-control enable command on an interface.
Priority flow control and 802.3x flow control are mutually exclusive; therefore, configuring the priorityflow-control enable command disables 802.3x in both transmit and receive directions.
Examples
The following example enables PFC globally.
Device(config)# priority-flow-control enable
The following example enables PFC on an interface.
Device(config-if-e10000-1/1/1)# priority-flow-control enable
History
254
Release version
Command history
8.0.10
This command was introduced.
8.0.20
This command was modified to add enabling PFC on a port.
FastIron Command Reference
53-1003389-04
prune-timer
prune-timer
Configures the time a PIM device maintains a prune state for a forwarding entry.
Syntax
prune-timer seconds
no prune-timer seconds
Command Default
Parameters
The prune time is 180 seconds.
seconds
Specifies the interval in seconds. The range is 60 through 3600 seconds. The
default is 180 seconds.
Modes
Usage Guidelines
PIM router configuration mode
The no form of this command restores the default prune time, 180 seconds.
The first received multicast interface is forwarded to all other PIM interfaces on the device. If there is no
presence of groups on that interface, the leaf node sends a prune message upstream and stores a
prune state. This prune state travels up the tree and installs a prune state. A prune state is maintained
until the prune timer expires or a graft message is received for the forwarding entry.
Examples
This example configures a PIM prune timer to 90 seconds.
Device(config)# router pim
Device(config-pim-router)# prune-timer 90
FastIron Command Reference
53-1003389-04
255
prune-wait
prune-wait
Configures the time a PIM device waits before stopping traffic to neighbor devices that do not want the
traffic.
Syntax
prune-wait seconds
no prune-wait
Command Default
Parameters
The prune wait time is 3 seconds.
seconds
Specifies the wait time in seconds. The range is 0 through 30 seconds. The
default is 3 seconds.
Modes
Usage Guidelines
PIM router configuration mode
The no form of this command restores the default prune wait time of 3 seconds.
A smaller prune wait value reduces flooding of unwanted traffic. A prune wait value of 0 causes the PIM
device to stop traffic immediately upon receiving a prune message.
If there are two or more neighbors on the physical port, you should not configure the prune-wait
command because one neighbor may send a prune message while the other sends a join message at
the same time, or within less than 3 seconds.
Examples
This example configures the prune wait time to 0 seconds.
Device(config)# router pim
Device(config-pim-router)# prune-wait 0
256
FastIron Command Reference
53-1003389-04
qos egress-buffer-profile
qos egress-buffer-profile
Configures an egress buffer profile.
Syntax
qos egress-buffer-profile user-profile-name queue-share-level level queue-number
no qos egress-buffer-profile user-profile-name queue-share-level level queue-number
Command Default
Parameters
The egress buffer profile is:
Queue
Share level
0
level4-1/9
1
level3-1/16
2
level3-1/16
3
level3-1/16
4
level3-1/16
5
level3-1/16
6
level3-1/16
7
level3-1/16
user-profile-name
Specifies the name of the egress buffer profile to be configured.
queue-share-level level
Specifies the number of buffers that can be used in a sharing pool. Eight levels
are supported.
queue-number
Specifies the queue to apply the buffer limit to. There are eight hardware
queues per port.
Modes
Usage Guidelines
Global configuration mode
The no form of this command deletes the egress buffer profile.
You can attach an egress buffer profile to a port.
You must configure the no qos egress-buffer-profile command to detach a profile from any ports that
are using it before you can configure the no qos egress-buffer-profile command to delete it.
The higher the sharing level, the better the port absorb micro-burst. However, higher-sharing levels of 7
and 8 may compromise QoS functions and create uneven distribution of traffic during periods of
congestion.
The following eight queue-share levels are supported:
FastIron Command Reference
53-1003389-04
257
Commands K - S
Examples
Level
Sharing-pool buffers
level1-1/64
1/64 of buffers in the sharing pool
level2-1/32
1/32 of buffers in the sharing pool
level3-1/16
1/16 of buffers in the sharing pool
level4-1/9
1/9 of buffers in the sharing pool
level5-1/5
1/5 of buffers in the sharing pool
level6-1/3
1/3 of buffers in the sharing pool
level7-1/2
1/2 of buffers in the sharing pool
level8-2/3
2/3 of buffers in the sharing pool
The following example creates an egress buffer profile named port-40G.
Device(config)#
level1-1/64
level2-1/32
level3-1/16
level4-1/9
level5-1/5
level6-1/3
level7-1/2
level8-2/3
qos egress-buffer-profile port-40G queue-share-level
1/64 of buffers in the sharing pool
1/32 of buffers in the sharing pool
1/16 of buffers in the sharing pool
1/9 of buffers in the sharing pool
1/5 of buffers in the sharing pool
1/3 of buffers in the sharing pool
1/2 of buffers in the sharing pool
2/3 buffers in the sharing pool
The following example configures queue 0 on the egress buffer profile named port-40G to use 1/5 of
sharing pool.
Device(config)# qos egress-buffer-profile port-40G port-40G queue-share-level
level5-1/5 0
The following example configures queue 1 on the egress buffer profile named port-40G to use 1/64 of
the sharing pool.
Device(config)# qos egress-buffer-profile port-40G port-40G queue-share-level
level1-1/64 1
The following example attaches the egress buffer profile named port-40G to ports 1/2/1 to 1/2/6.
Device(config)# interface ethernet 1/2/1 to 1/2/6
Device(config-mif-1/2/1-1/2/6)#egress-buffer-profile port-40G
Device(config-mif-1/2/1-1/2/6)#end
The following example shows the error if you try to delete a profile that is attached to a port.
Device(config)# no qos egress-buffer-profile port-40G
Error - Egress Profile port-40G is active on Port 1/2/1. It must be deactivated from
port before deleting.
The following example detaches the egress buffer profile named port-40G from ports 1/2/1 to 1/2/6 and
then delete the profile.
Device(config)# interface ethernet 1/2/1 to 1/2/6
Device(config-mif-1/2/1-1/2/6)# no egress-buffer-profile port-40G
Device(config-mif-1/2/1-1/2/6)#exit
Device(config)# no qos egress-buffer-profile port-40G
History
258
Release version
Command history
8.0.10
This command was introduced.
FastIron Command Reference
53-1003389-04
qos ingress-buffer-profile
qos ingress-buffer-profile
Configures an ingress buffer profile.
Syntax
qos ingress-buffer-profile user-profile-name priority-group priority-group-number xoff shared-level
no qos ingress-buffer-profile user-profile-name priority-group priority-group-number xoff sharedlevel
Command Default
Parameters
An ingress buffer profile is not configured.
user-profile-name
Specifies the name of the ingress buffer profile to be configured.
priority-group priority-group-number
Specifies the priority group (PG) number whose XOFF threshold level has to be
configured.
xoff shared-level
Specifies the per-PG buffer threshold to trigger sending of priority flow control
(PFC).
Modes
Usage Guidelines
Global configuration mode
The no form of this command deletes the ingress buffer profile.
You can attach an ingress buffer profile to a port.
You must configure the no qos ingress-buffer-profile command to detach a profile from any ports that
are using it before you can configure the no qos ingress-buffer-profile command to delete it.
The higher the sharing level, the better the port absorbs micro-bursts, before reaching the XOFF
threshold limit.
If PFC is enabled on PG and per-port with a user-defined ingress buffer profile attached to a port, port
max XOFF is 50% of service pool 1. Port max is used as a cap to prevent a port from using too many
buffers. Under normal conditions, the PG XOFF limit is reached first.
If a PG is not enabled to send globally, any XOFF value configured has no effect.
The default ingress buffer profiles are as follows:
• For PFC disabled ports, the default PG XOFF limit is level7-1/2
• For PFC enabled ports, the default PG XOFF limit is level2-1/32
The following six PG XOFF limits are supported:
Level
Sharing-pool buffers
level1-1/64
1/64 of buffers in the sharing pool
level2-1/32
1/32 of buffers in the sharing pool
level3-1/16
1/16 of buffers in the sharing pool
level4-1/9
1/9 of buffers in the sharing pool
level5-1/5
1/5 of buffers in the sharing pool
FastIron Command Reference
53-1003389-04
259
Commands K - S
Examples
Level
Sharing-pool buffers
level6-1/3
1/3 of buffers in the sharing pool
The following example creates an ingress buffer profile for PG 0 with a PG XOFF limit of 1/3 of buffers
in the sharing pool.
Device(config)#qos ingress-buffer-profile ing1 priority-group 0 xoff level6-1/3
History
260
Release version
Command history
8.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
qos priority-to-pg
qos priority-to-pg
Configures priority-to-priority-group (PG) mapping for priority flow control (PFC).
Syntax
qos priority-to-pg qosp0 priority-PG-map qosp1 priority-PG-map qosp2 priority-PG-map qosp3
priority-PG-map qosp4 priority-PG-map qosp5 priority-PG-map qosp6 priority-PG-map qosp7 priorityPG-map
no qos priority-to-pg
Command Default
Parameters
Priority-to-PG mapping is not configured.
qosp0-7
Configures the internal priority based on classification in the range 0 through 7.
priority-PG-map
Specifies the internal priority-to-PG mapping. The range is 0 through 3.
Modes
Usage Guidelines
Global configuration mode
The no form of this command restores the default priority-to-PG map.
You must configure the priority-flow-control enable command to enable PFC globally before you
configure priority-to-PG mapping.
NOTE
Default mapping, mapping priorities, and mapping restrictions changed in Brocade FastIron Release
8.0.20. The following restrictions apply:
•
•
•
•
Priority 7, and only Priority 7, is always mapped to PG4.
PG4 is always lossy.
PFC cannot be enabled on PG4.
Priorities 0 to 5 can be mapped to PG0, PG1, and PG2. They cannot be mapped to PG3 or PG4.
The default value of priority-to-PG maps is:
•
•
•
•
•
•
•
•
QoS internal priority 0 is mapped to PG 0
QoS internal priority 1 is mapped to PG 0
QoS internal priority 2 is mapped to PG 1
QoS internal priority 3 is mapped to PG 1
QoS internal priority 4 is mapped to PG 1
QoS internal priority 5 is mapped to PG 2
QoS internal priority 6 is mapped to PG 2
QoS internal priority 7 is mapped to PG 4
The default value of priority-to-PG maps in releases prior to Release 8.0.20 is:
•
•
•
•
•
•
QoS internal priority 0 is mapped to PG 0
QoS internal priority 1 is mapped to PG 0
QoS internal priority 2 is mapped to PG 1
QoS internal priority 3 is mapped to PG 1
QoS internal priority 4 is mapped to PG 1
QoS internal priority 5 is mapped to PG 2
FastIron Command Reference
53-1003389-04
261
Commands K - S
• QoS internal priority 6 is mapped to PG 2
• QoS internal priority 7 is mapped to PG 2
In releases prior to Release 8.0.20, you can map QoS internal priority 7 to PG 3. You can also map any
other priority to PG 3 if it meets these requirements:
• Lower priorities mapped to lower PGs.
• PGs are configured in ascending order.
• Multiple priorities in a single PG must be consecutive.
Priority-to-PG mapping is not configurable in other modes. Symmetrical and asymmetrical 802.3x flow
control modes have their own default priority-to-PG mapping.
You must configure PGs in ascending order, 0 to 3. You can configure a higher-order PG only if all the
lower-order PGs have some mapped priorities.
Examples
The following example configures a priority-to-PG map.
Device(config)# priority-flow-control enable
Device(config)# qos priority-to-pg qosp0 0 qosp1 1 qosp2 1 qosp3 1 qosp4 2 qosp5 2
qosp6 2 qosp7 4
The following example restores the default priority-to-PG map.
Device(config)# no qos priority-to-pg qosp0 0 qosp1 1 qosp2 1 qosp3 1 qosp4 2 qosp5 2
qosp6 2 qosp7 4
History
262
Release version
Command history
8.0.10
This command was introduced.
8.0.20
This command was modified to change priority 7-to-PG4 mapping and
mapping restrictions for priorities 0 through 5.
FastIron Command Reference
53-1003389-04
qos scheduler-profile
qos scheduler-profile
Configures a user-defined Quality of Service (QoS) scheduler profile.
Syntax
qos scheduler-profile user-profile-name { mechanism scheduling-mechanism | profile [ qosp0 wt0 |
qosp1 wt1 | qosp2 wt2 | qosp3 wt3 | qosp4 wt4 | qosp5 wt5 | qosp6 wt6 | qosp7 wt7 ] }
no qos scheduler-profile user-profile-name
Command Default
Parameters
A user-defined QoS scheduler profile is not configured.
user-profile-name
Specifies the name of the scheduler profile to be configured.
mechanism scheduling-mechanism
Configures the queue assignment with the specified scheduling mechanism.
The following scheduling mechanisms are supported:
mixed-sp-wrr
Specifies mixed strict-priority (SP) and weighted scheduling.
strict
Specifies SP scheduling.
weighted
Specifies weighted scheduling.
profile qosp0-7
Configures the profile based on classification in the range 0 through 7.
wt0-7
Specifies the bandwidth percentage for the corresponding QoS profile. The
range is from 0 through 7.
Modes
Usage Guidelines
Global configuration mode
The no form of this command removes the scheduler profile configuration.
You can use the scheduler-profile command to attach a user scheduler profile to a port. If you want to
remove a scheduler-profile you must ensure that it is not attached to any port.
On ICX 7750 and ICX 7450 devices, changing the global scheduler and port scheduler on running traffic
may cause traffic loss.
The default QoS-profile weights for each queue using a weighted QoS mechanism are as follows:
Profile
Priority
Weighted bandwidth
Profile qosp7
Priority7(Highest)
Bandwidth requested 44% calculated 44%
Profile qosp6
Priority6
Bandwidth requested 8% calculated 8%
Profile qosp5
Priority5
Bandwidth requested 8% calculated 8%
Profile qosp4
Priority4
Bandwidth requested 8% calculated 8%
Profile qosp3
Priority3
Bandwidth requested 8% calculated 8%
Profile qos2
Priority2
Bandwidth requested 8% calculated 8%
Profile qosp1
Priority1
Bandwidth requested 8% calculated 8%
Profile qosp0
Priority0 (Lowest)
Bandwidth requested 8% calculated 8%
FastIron Command Reference
53-1003389-04
263
Commands K - S
Per-queue details
Bandwidth percentage
Class 0
3
Class 1
3
Class 2
3
Class 3
3
Class 4
3
Class 5
3
Class 6
7
Class 7
75
The default QoS-profile weights for each queue using a mixed QoS mechanism are as follows:
Per-queue details
Bandwidth percentage
Class 0
15
Class 1
15
Class 2
15
Class 3
15
Class 4
15
Class 5
25
Class 6
sp
Class 7
sp
The total weight (wt0-wt7) in both weighted and mixed mechanism must be 100 percent.
The minimum value for any weight is 1.
A maximum of eight scheduler profiles are supported.
Examples
The following example configures a QoS scheduler profile named user1, with weighted scheduling, and
specify the bandwidth percentage for each QoS class:.
Device(config)# qos scheduler-profile user1 mechanism weighted
Device(config)# qos scheduler-profile user1 profile qosp0 1 qosp1 1 qosp2 10 qosp3 10
qosp4 10 qosp5 10 qosp6 20 qosp7 38
The following example configures a QoS scheduler profile named user2, with SP scheduling.
Device(config)# qos scheduler-profile user2 mechanism strict
264
FastIron Command Reference
53-1003389-04
Commands K - S
The following example configures a QoS scheduler profile named user3, with mixed SP and weighted
scheduling.
Device(config)# qos scheduler-profile user3 mechanism mixed-sp-wrr
The following example removes a QoS scheduler profile named user3.
Device(config)# no qos scheduler-profile user3
History
Release version
Command history
08.0.10
This command was introduced.
FastIron Command Reference
53-1003389-04
265
qos-internal-trunk-queue
qos-internal-trunk-queue
Modifies the dynamic buffer-share level of inter-packet-processor (inter-pp) HiGig links egress queues
on ICX 7450 devices.
Syntax
qos-internal-trunk-queue level queue
no qos-internal-trunk-queue level queue
Command Default
Parameters
The buffer share level defaults are:
Queue
Share level
0
level4-1/9
1
level3-1/16
2
level3-1/16
3
level3-1/16
4
level3-1/16
5
level3-1/16
6
level3-1/16
7
level3-1/16
level
Specifies the number of buffers that can be used in a sharing pool. ICX 7450
devices support eight levels.
queue
Specifies the queue to apply the buffer limit to. Each port has eight hardware
queues.
Modes
Usage Guidelines
Global configuration mode
The no form of this command restores the default queue share level on the specified queue.
NOTE
This command is supported only on ICX 7450 devices or across stack units or for ports across master
and slave packet-processor (pp) devices in ICX7450-48 units.
The following eight queue-share levels are supported:
266
Level
Sharing-pool buffers
level1-1/64
1/64 of buffers in the sharing pool
FastIron Command Reference
53-1003389-04
Commands K - S
Examples
Level
Sharing-pool buffers
level2-1/32
1/32 of buffers in the sharing pool
level3-1/16
1/16 of buffers in the sharing pool
level4-1/9
1/9 of buffers in the sharing pool
level5-1/5
1/5 of buffers in the sharing pool
level6-1/3
1/3 of buffers in the sharing pool
level7-1/2
1/2 of buffers in the sharing pool
level8-2/3
2/3 of buffers in the sharing pool
The following example configures the buffer share level of inter-packet-processor (inter-pp) HiGig links
egress queues.
ICX7450-48P Router(config)#qos-internal-trunk-queue
level1-1/64
1/64 of buffers in the sharing pool
level2-1/32
1/32 of buffers in the sharing pool
level3-1/16
1/16 of buffers in the sharing pool
level4-1/9
1/9 of buffers in the sharing pool
level5-1/5
1/5 of buffers in the sharing pool
level6-1/3
1/3 of buffers in the sharing pool
level7-1/2
1/2 of buffers in the sharing pool
level8-2/3
2/3 buffers in the sharing pool
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
267
radius-client coa host
radius-client coa host
Configures the key to be used between the Change of Authorization (CoA) client and FastIron device.
Syntax
radius-client coa host { addr | name } [ key key-string ]
no radius-client coa host { addr | name } [ key key-string ]
Command Default
Parameters
No key is configured between the CoA client and device.
addr
Address of the CoA host.
name
Name of the CoA host.
key key-string
The key required to be used between the CoA client and FastIron device.
Modes
Usage Guidelines
Examples
Global configuration mode
RADIUS Change of Authorization (CoA) messages from clients configured through this command will
be processed. CoA messages from unconfigured clients will be discarded.
The following example displays the configuration between CoA host and the device.
device(config)# radius-client coa host 10.21.240.46 key 0 Foundry1#
History
268
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
radius-client coa port
radius-client coa port
Changes the default CoA (Change of Authorization) port number.
Syntax
radius-client coa port udp-port-number
no radius-client coa port udp-port-number
Command Default
Parameters
The CoA port number is 3799.
udp-port-number
The number of the UDP port.
Modes
Usage Guidelines
Examples
Global configuration mode
The no form of the command restores the default port number (3799).
The following example changes the CoA port number to 3000.
device(config)# radius-client coa port 3000
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
269
raguard
raguard
Configures the current interface as a trusted, untrusted, or host Router Advertisement (RA) guard port.
Syntax
raguard { trust | untrust | host }
no raguard { trust | untrust | host }
Parameters
trust
Configures an interface as a trusted RA guard port.
untrust
Configures an interface as an untrusted RA guard port.
host
Configures an interface as a host RA guard port.
Modes
Usage Guidelines
Interface configuration mode
The no form of this command removes the current trusted or untrusted configuration.
A trusted RA guard port forwards all the receive RA packets without inspecting. An untrusted port
inspects the received RAs against the RA guard policy’s whitelist, prefix list and preference maximum
settings before forwarding the RA packets. If an RA guard policy is not configured on an untrusted or
host port, all the RA packets are forwarded.
Examples
The following example configures an interface as a trusted RA guard port:
Brocade(config)# interface ethernet1/1/1
Brocade(config-int-e1000-1/1/1)# raguard trust
The following example configures an interface as an untrusted RA guard port:
Brocade(config)# interface ethernet1/2/1
Brocade(config-int-e1000-1/2/1)# raguard untrust
The following example configures an interface as a host RA guard port:
Brocade(config)# interface ethernet3/2/1
Brocade(config-int-e1000-3/2/1)# raguard host
270
FastIron Command Reference
53-1003389-04
register-probe-time
register-probe-time
Configures the time the PIM router waits for a register-stop from a rendezvous point (RP) before it
generates another NULL register to the PIM RP
Syntax
register-probe-time seconds
no register-probe-time seconds
Command Default
Parameters
The wait time is10 seconds.
seconds
Specifies the time, in seconds, between queries. The range is 10 through 50
seconds. The default is 10 seconds.
Modes
Usage Guidelines
PIM router configuration mode
The no form of this command restores the wait time to 10 seconds.
The register-probe time configuration applies only to the first-hop PIM router.
NOTE
When a PIM first-hop router has successfully registered with a PIM RP, the PIM first-hop router will not
default back to the data registration. All subsequent registers will be in the form of the NULL
registration.
Examples
This example configures the register-probe time to 20 seconds.
Device(config)#router pim
Device(config-pim-router)#register-probe-time 20
FastIron Command Reference
53-1003389-04
271
register-suppress-time
register-suppress-time
Configures the interval at which the PIM router triggers the NULL register message.
Syntax
register-suppress-time seconds
no register-suppress-time seconds
Command Default
Parameters
The interval at which PIM router triggers the NULL register message is 60 seconds.
seconds
Specifies the interval, in seconds, between queries. The range is 60 through
120 seconds. The default is 60 seconds.
Modes
Usage Guidelines
PIM router configuration mode
The no form of this command restores the register-suppress interval to 60 seconds.
The register-suppress interval configuration applies only to the first-hop PIM router.
Examples
The following example configures the interval at which PIM router triggers the NULL register message
to 90 seconds.
Device(config)#router pim
Device(config-pim-router)#register-suppress-time 90
272
FastIron Command Reference
53-1003389-04
restricted-vlan
restricted-vlan
Configures the restricted VLAN at the global level.
Syntax
restricted-vlan vlan-id
no restricted-vlan vlan-id
Command Default
Parameters
The restricted VLAN is not specified.
vlan-id
Specifies the identification number of the restricted VLAN.
Modes
Usage Guidelines
Authentication mode
The no form of the command disables the restricted VLAN.
Use this command to move the port to a restricted VLAN when multi-device port authentication fails.
Examples
The following example creates a restricted VLAN with VLAN 1.
device(config)# authentication
device(config-authen)# restricted-vlan 1
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
273
route-precedence
route-precedence
Configures a table that defines the order (precedence) in which multicast routes are selected from the
multicast routing table (mRTM) and unicast routing (uRTM) table.
Syntax
route-precedence { [ mc-non-default | none ] | [ mc-default | none ] | [ uc-non-default | none ] | [ ucdefault | none ] }
no route-precedence
Command Default
The default route precedence used to select routes is:
1.
2.
3.
4.
Parameters
A non-default multicast route from the mRTM (mc-non-default).
A default multicast route from the mRTM (mc-default).
A non-default unicast route from the uRTM (uc-non-default).
A default unicast route from the uRTM (uc-non-default).
mc-non-default
Specifies the precedence for the non-default multicast route table (mRTM).
none
Specifies that this type of route is to be ignored. You can specify this option for
any of the multicast or unicast route types.
mc-default
Specifies the precedence for the multicast routing table (mRTM).
uc-non-default
Specifies the precedence for the non-default unicast route table (uRTM).
uc-default
Specifies the precedence for the default unicast route table (uRTM).
Modes
Usage Guidelines
PIM configuration mode
The order in which you place the keywords determines the route precedence.
The no form of this command restores the default route precedence settings.
You must configure four parameters indicating the four different route types. If you want to specify that a
particular route type is not used, configure the none keyword to fill the precedence table.
Examples
The following example configures a route precedence in which a non-default multicast route has the
highest precedence, and a default unicast route has the lowest precedence. The order used to select
routes is:
1.
2.
3.
4.
A non-default multicast route from the mRTM.
A non-default unicast route from the uRTM.
A default multicast route from the mRTM.
A default unicast route from the uRTM
Device(config)# router pim
Device(config-pim-router)# route-precedence mc-non-default uc-non-default mc-default
uc-default
274
FastIron Command Reference
53-1003389-04
Commands K - S
The following example configures a route precedence in which the unicast default route is ignored. The
order used to select routes is:
1. A non-default multicast route from the mRTM.
2. A default multicast route from the mRTM.
3. A non-default unicast route from the uRTM.
Device(config)# router pim
Device(config-pim-router)# route-precedence mc-non-default mc-default uc-non-default
none
History
Release version
Command history
8.0.10a
This command was introduced.
FastIron Command Reference
53-1003389-04
275
route-precedence admin-distance
route-precedence admin-distance
Configures route precedence so that multicast routes are selected from the best route in the multicast
routing table (mRTM) and unicast routing (uRTM) table.
Syntax
route-precedence admin-distance
no route-precedence admin-distance
Command Default
Multicast routes are not selected from the best route in the mRTM and uRTM. Routes are selected
based on:
• The route precedence configured using the route-precedence command.
• The system route precedence default (if route precedence has not been configured using the routeprecedence command.
the default route precedence settings.
Modes
Usage Guidelines
PIM configuration mode
The no form of this command restores the previous route precedence settings.
If the mRTM and the uRTM have routes of equal cost, the route from the mRTM is preferred.
Examples
The following example configures route precedence so that the best multicast route from the mRTM and
uRTM tables is selected.
Device(config)#router pim
Device(config-pim-router)#route-precedence admin-distance
History
276
Release version
Command history
8.0.10a
This command was introduced.
FastIron Command Reference
53-1003389-04
router msdp
router msdp
Enables multicast source discovery protocol (MSDP) on a router.
Syntax
Command Default
Parameters
router msdp [ vrf vrf-name ]
MSDP is not enabled.
vrf vrf-name
Specifies a virtual routing and forwarding (VRF) instance.
Modes
Usage Guidelines
Global configuration mode
When you configure the no router msdp vrf vrf-name command, the MSDP configuration is removed
only from the specified VRF.
The PIM Sparse Rendezvous Point (RP) is also an MSDP peer.
Devices that run MSDP usually also run BGP. The source address used by the MSDP device is
normally configured to be the same source address used by BGP.
All MSDP parameters available for the default router instance are configurable for a VRF-based MSDP
instance.
Examples
The following example enables MSDP.
Device(config)# router msdp
The following example enables MSDP on a VRF named blue.
Device(config)# router msdp vrf blue
The following example removes the MSDP configuration only from the VRF named blue.
Device(config-msdp-router-vrf-blue)# no router msdp vrf blue
FastIron Command Reference
53-1003389-04
277
router pim
router pim
Configures basic global protocol-independent multicast (PIM) Sparse parameters on a device within
the PIM Sparse domain and enters PIM-router configuration mode.
Syntax
router pim [ vrf vrf-name ]
no router pim [ vrf vrf-name ]
Command Default
Parameters
PIM Sparse is not configured.
vrf vrf-name
Specifies a virtual routing and forwarding (VRF) instance.
Modes
Global configuration mode
Interface configuration mode
Usage Guidelines
The no form of this command disables PIM and removes all configuration for PIM multicast on the
device (router pim level) only. Configuring the no router pim vrf vrf-name command removes all
configuration for PIM multicast on the specified VRF.
You do not need to globally enable IP multicast routing when configuring PIM Sparse.
After you enable IP multicast routing and PIM Sparse at the global level, you must enable it on the
individual interfaces connected to the PIM Sparse network.
If you configure PIM Sparse on an interface that is on the border of the PIM Sparse domain, you also
must also configure the ip pim border command on the interface.
You must configure the bsr-candidate ethernet command to identify an interface on at least one
device as a candidate PIM Sparse Bootstrap router (BSR) and candidate PIM Sparse Rendezvous
Point (RP).
You can configure the rp-address command to explicitly identify an RP, including an ACL-based RP, by
its IP address instead of having it identified by the RP election process.
Entering the router pim vrf command to enable PIM does not require a software reload.
All PIM parameters available for the default router instance are configurable for a VRF-based PIM
instance.
Examples
This example configures basic global PIM Sparse parameters.
Device(config)# router pim
This example configures PIM Sparse on a VRF named blue.
Device(config)# router pim blue
278
FastIron Command Reference
53-1003389-04
rp-address
rp-address
Configures a device interface as a rendezvous point (RP).
Syntax
rp-address { ip-address | ipv6-address } acl_name_or_id
no rp-address { ip-address | ipv6-address }
Command Default
Parameters
The RP is selected by the PIM Sparse protocol’s RP election process.
ip-address
Specifies the IP address of the RP.
ipv6-address
Specifies the IPv6 address of the RP.
acl_name_or_id
Specifies the name or ID of the ACL that specifies which multicast groups use
the RP.
Modes
Router configuration mode
VRF configuration mode
Usage Guidelines
The no form of this command restores the default and the RP is selected by the RP election process.
Devices in the PIM Sparse domain use the specified RP and ignore group-to-RP mappings received
from the bootstrap router (BSR).
The RP is the meeting point for PIM Sparse sources and receivers. A PIM Sparse domain can have
multiple RPs, but each PIM Sparse multicast group address can have only one active RP. PIM Sparse
routers learn the addresses of RPs and the groups for which they are responsible from messages that
the BSR sends to each of the PIM Sparse routers.
NOTE
Specify the same IP or IPv6 address as the RP on all PIM Sparse devices within the PIM Sparse
domain. Make sure the device is on the backbone or is otherwise well connected to the rest of the
network.
Examples
This example configures the device interface at IP address 207.95.7.1 as the RP for the PIM Sparse
domain.
Device(config)# router pim
Device(config-pim-router)# rp-address 207.95.7.1
This example configures an ACL named acl1 to specify which multicast groups use the RP.
Device(config)# router pim
Device(config-pim-router)# rp-address 130.1.1.1 acl1
This example configures an RP for a VRF named blue.
Device(config)# ipv6 router pim vrf blue
Device(config-ipv6-pim-router-vrf-blue)# rp-address 31::207
FastIron Command Reference
53-1003389-04
279
rp-adv-interval
rp-adv-interval
Configures the interval at which the candidate rendezvous point (RP) configured on the device sends
candidate-RP advertisement messages to the bootstrap router (BSR).
Syntax
rp-adv-interval seconds
no rp-adv-interval seconds
Command Default
Parameters
The device sends candidate-RP advertisement messages every 60 seconds.
seconds
Specifies the interval, in seconds, between advertisement messages. The
range is 10 through 65535 seconds. The default is 60 seconds.
Modes
PIM router configuration mode
PIM router VRF configuration mode
Usage Guidelines
Examples
The no form of this command restores the candidate-RP advertisement-message interval to 60
seconds.
The following example configures the candidate-RP advertisement-message interval to 90 seconds.
Device(config)#router pim
Device(config-pim-router)#rp-adv-interval 90
The following example configures, on a VRF named blue, the candidate-RP advertisement-message
interval to 90 seconds.
Device(config)#ipv6 router pim vrf blue
Device(config-ipv6-pim-router-vrf-blue)#rp-adv-interval 90
280
FastIron Command Reference
53-1003389-04
rp-candidate
rp-candidate
Configures a device as a candidate rendezvous point (RP) for all multicast groups with the prefix
224.0.0.0/4, by default, and explicitly adds or deletes groups with other prefixes.
Syntax
rp-candidate { ethernet stackid / slot / portnum | loopback num | ve num | tunnel num }
rp-candidate {add | delete } group-addr mask-bits
no rp-candidate { ethernet stackid / slot / portnum | loopback num | ve num | tunnel num }
no rp-candidate {add | delete } group-addr mask-bits
Command Default
Parameters
The PIM router is not available for selection as an RP.
ethernet stackid/slot/portnum
Specifies a physical interface for the candidate RP. On standalone devices
specify the interface ID in the format slot/port-id; on stacked devices you must
also specify the stack ID, in the format stack-id/slot/port-id.
loopback num
Specifies a loopback interface for the candidate RP.
ve num
Specifies a virtual interface for the candidate RP.
tunnel num
Specifies a GRE tunnel interface for the candidate RP.
add
Specifies adding a group address or range of group addresses to the default
group configured by the those the device is the candidate RP for by default, that
is, groups with the prefix 224.0.0.0/4.
delete
Specifies deleting a group address or range of group addresses, that were
added using the add keyword.
group-addr mask-bits
Specifies the group address and the number of significant bits in the subnet
mask.
Modes
Usage Guidelines
Router PIM configuration mode
The no rp-candidate command makes the PIM router cease to act as a candidate RP.
The no rp-candidate add command deletes a group address or range of group addresses that were
added using the add keyword.
Configuring the rp-candidate command on an Ethernet, loopback, virtual, or tunnel interface,
configures the device as a candidate RP for all multicast groups with the prefix 224.0.0.0/4, by default.
You can configure the rp-candidate add command to add to those a group address or range of group
addresses. You can configure the rp-candidate delete command to delete a group address or range of
group addresses that were added to the default addresses.
NOTE
You cannot delete the default group prefix.
The RP is the meeting point for PIM Sparse sources and receivers. A PIM Sparse domain can have
multiple RPs, but each PIM Sparse multicast group address can have only one active RP. PIM Sparse
FastIron Command Reference
53-1003389-04
281
Commands K - S
routers learn the addresses of RPs and the groups for which they are responsible from messages that
the bootstrap router (BSR) sends to each of the PIM Sparse routers.
Although you can configure the device as only a candidate BSR or an RP, it is recommended that you
configure the same interface on the same device as both a BSR and an RP.
NOTE
Specify the same IPv6 address as the RP on all IPv6 PIM Sparse routers within the IPv6 PIM Sparse
domain. Make sure the device is on the backbone or is otherwise well connected to the rest of the
network. You can configure the rp-address command to specify the RP address.
Examples
This example configures a physical device as a candidate RP.
device(config)# router pim
device(config-pim-router)# rp-candidate ethernet 1/2/2
This example uses a loopback interface to configure a device as a candidate RP.
device(config)# router pim
device(config-pim-router)# rp-candidate loopback 1
This example uses a virtual interface to configure a device as a candidate RP.
device(config)# router pim
device(config-pim-router)# rp-candidate ve 120
This example configures an address group to the devices for which it is a candidate RP.
device(config)# router pim
device(config-pim-router)# rp-candidate add 224.126.0.0 16
This example deletes an address group from the devices for which it is a candidate RP.
device(config)# router pim
device(config-pim-router)# rp-candidate delete 224.126.22.0 24
History
282
Release version
Command history
8.0.20
This command was modified to add the tunnel keyword.
FastIron Command Reference
53-1003389-04
rp-embedded
rp-embedded
Configures embedded-rendezvous point (RP) support on PIM devices.
Syntax
rp-embedded
no rp-embedded
Command Default
Modes
Embedded RP support is enabled.
PIM router configuration mode
PIM router VRF configuration mode
Usage Guidelines
Examples
The no form of this command disables embedded RP support.
This example disables embedded RP support.
Device(config)# ipv6 router pim
Device(config-ipv6-pim-router)#no rp-embedded
This example disables embedded RP support on a VRF named blue.
Device(config)#ipv6 router pim vrf blue
Device(config-ipv6-pim-router-vrf-blue)#no rp-embedded
FastIron Command Reference
53-1003389-04
283
scheduler-profile
scheduler-profile
Attaches a scheduler profile to one or more ports.
Syntax
scheduler-profile profile-name
no scheduler-profile profile-name
Command Default
Parameters
A scheduler profile is not attached to a port.
profile-name
Specifies the name of the scheduler profile to be attached to the port.
Modes
Interface mode
Multiple-interface mode
Usage Guidelines
The no form of this command removes the scheduler profile from the port or ports.
You must configure a user scheduler profile before you can attach it to a port.
Only one scheduler profile at a time can be attached to any port. You can attach a scheduler profile to
more than one port.
Examples
The following example attaches a scheduler profile named user1 to a port.
Device(config-if-e10000-1/1/1)# scheduler-profile user1
The following example attaches a scheduler profile named user2 to multiple ports.
Device(config-mif-1/1/2-1/1/16)# scheduler-profile user2
The following example removes a scheduler profile named user2 from multiple ports.
Device(config-mif-1/1/2-1/1/16)# no scheduler-profile user2
History
284
Release version
Command history
8.0.10
This command was introduced.
FastIron Command Reference
53-1003389-04
Show Commands
FastIron Command Reference
53-1003389-04
285
show cable-diagnostics tdr
show cable-diagnostics tdr
Displays the results of Virtual Cable Test (VCT) TDR cable diagnostic testing.
Syntax
Parameters
show cable-diagnostics tdr stackid/slot/ port
stackid/slot/port
Identifies the specific interface (port), by device, slot, and port number in the format shown.
Modes
User EXEC mode
Privileged EXEC mode
Usage Guidelines
Most Brocade devices support VCT technology. VCT technology enables the diagnosis of a conductor
(wire or cable) by sending a pulsed signal into the conductor, then examining the reflection of that pulse.
This method of cable analysis is referred to as Time Domain Reflectometry (TDR). By examining the
reflection, the Brocade device can detect and report cable statistics such as local and remote link pair,
cable length, and link status.
THis command is supported only on the Brocade ICX 6610, ICX 6430, ICX 6430-C, ICX 6450, and
ICX6450-C.
Examples
The following example displays TDR test results for port 1, slot 2 on device 3 in the stack. The results
indicate that the port is down or the cable is not connected.
device>show cable-diagnostics tdr 3/2/1
Port
Speed Local pair Pair Length Remote pair
--------- ----- ---------- ----------- ----------01
UNKWN Pair A
>=3 M
Pair B
>=3 M
Pair C
>=3 M
Pair D
>=3 M
Pair status
----------Open
Open
Open
Open
The following example displays I the TDR test results for the same port show details for an active port.
device>show cable-diagnostics tdr 3/2/1
Port
Speed Local pair Pair Length
--------- ----- ---------- ----------01
1000M Pair A
50M
Pair B
50M
Pair C
50M
Pair D
50M
History
286
Remote pair
----------Pair B
Pair A
Pair D
Pair C
Pair status
----------Terminated
Terminated
Terminated
Terminated
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
show default values
show default values
Displays default, maximum, current, and configured values for system maximum parameters.
Syntax
show default values
Modes
Privileged EXEC mode
Examples
This example does not show complete output; it shows only PIM hardware mcache values.
Device(config)#show default values
System Parameters
Default
Maximum
pim-hw-mcache
1024
6144
Current
1500
Configured
1500
This example does not show complete output; it shows only PIM6 hardware mcache values.
Device(config)#show default values
System Parameters
Default
Maximum
pim6-hw-mcache
512
1024
Current
1024
Configured
1024
This example does not show complete output; it shows only MLD mcache values.
Device(config)#show default values
System Parameters
Default
Maximum
mld-snoop-mcache
512
8192
Current
512
Configured
512
This example does not show complete output; it shows only IGMP group values.
Device(config)#show default values
System Parameters
Default
Maximum
igmp-snoop-group-add 4096
8192
Current
5000
Configured
5000
This example does not show complete output; it shows only MLD group values.
Device(config)#show default values
System Parameters
Default
Maximum
MLD-snoop-group-addr 4096
8192
FastIron Command Reference
53-1003389-04
Current
5000
Configured
5000
287
show dlb-internal-trunk-hash
show dlb-internal-trunk-hash
Displays the dynamic load balancing (DLB) hashing method for inter-packet-processor (inter-pp) links
that connect master and slave units in ICX 7450-48 devices.
Syntax
show dlb-internal-trunk-hash
Modes
Global configuration mode
Examples
The following example displays the hashing method in effect for inter-pp links on an ICX 7450-48
device.
ICX7450-48P Router(config)#show dlb-internal-trunk-hash
Internal trunk mode: spray-mode
History
288
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
show dot1x ip-acl
show dot1x ip-acl
Displays the layer 3 ACLs for dot1x authentication.
Syntax
Parameters
show dot1x ip-acl { all | ethernet device/slot/port }
all
Specifies the ACLs at the global level.
ethernet device/slot/port
Specifies the ACLs at the interface level.
Modes
Examples
Privileged EXEC mode
The following example displays dot1x IP ACL authentication information for all interfaces.
device# show dot1x ip-acl all
802.1X IP ACL Information :
Port 2/1/2 : 0013.9400.0002
In-bound IP ACL : 123
Port 2/1/2 : 0013.9400.0001
In-bound IP ACL : 123
The following example displays dot1x IP ACL authentication information for Ethernet interface 2/1/2.
device# show dot1x ip-acl ethernet 2/1/2
802.1X IP ACL Information :
Port 2/1/2 : 0013.9400.0002
In-bound IP ACL : 123
Port 2/1/2 : 0013.9400.0001
In-bound IP ACL : 123
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
289
show dot1x mac-filter
show dot1x mac-filter
Shows the layer 2 ACLs for dot1x authentication.
Syntax
Parameters
show dot1x mac-filter { all | ethernet device/slot/port }
all
Specifies the ACLs at the global level.
ethernet device/slot/port
Specifies the ACLs at the interface level.
Modes
Global configuration
Interface configuration
Command Output
Examples
The show mac-filter command displays the following information:
Output field
Description
Dynamic MAC filter-list
The MAC filter defined on the device.
The show dot1x mac-filter command displays the following information
device# show dot1x mac-filter all
802.1x MAC Address Filter information:
Port 1/1/48:
Dynamic MAC filter-list: 1
History
290
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
show dot1x sessions
show dot1x sessions
Shows dot1x configuration sessions at the global and interface level.
Syntax
Parameters
show dot1x sessions { all | ethernet device/slot/port }
all
Specifies the sessions at the global level.
ethernetdevice/slot/port
Specifies the sessions at the interface level.
Modes
Global configuration
Interface configuration
Command Output
Examples
The show dot1x sessions command displays the following information:
Output field
Description
Port
The port number.
MAC Address
The MAC address of the client.
IP Address
The IP address of the client.
VLAN
The VLAN
Auth State
The authentication state.
ACL
The specific ACL applied.
Age
The age of the session.
PAE State
The Port Access Entity state.
The show dot1x sessions command displays the following information:
device# show dot1x sessions all
Port
MAC
IP
User
Vlan
Auth
ACL
Age
PAE
Addr
Addr
Name
State
State
------------------------------------------------------------------------------------------1/1/1 0024.3821.48dd N/A
N/A
4092 init
none
S36734
CONNECTING
1/1/2 748e.f8b7.8f61 N/A
N/A
200 init
none
Ena
HELD
device# show dot1x sessions ethernet 1/1/15
------------------------------------------------------------------------------------------Port
PAE
MAC
IP
User
Vlan
Auth
ACL
Age
Addr
Addr
Name
State
State
------------------------------------------------------------------------------------------1/1/1 0024.3821.48dd N/A
N/A
4092 init
none
S36750
CONNECTING
FastIron Command Reference
53-1003389-04
291
Show Commands
History
292
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
show dot1x statistics
show dot1x statistics
Displays the 802.1x (dot1x) authentication statistics.
Syntax
Parameters
show dot1x statistics { all | ethernet device/slot/port }
all
Displays the dot1x authentication statistics for all interfaces.
ethernet device/slot/port
Displays the dot1x authentication statistics for the specified interface.
Modes
Command Output
Examples
Privileged EXEC mode
The show dot1x statistics command displays the following information:
Output field
Description
RX EAPOL Start
The number of EAPOL-Start frames received on the port.
RX EAPOL Logoff
The number of EAPOL-Logoff frames received on the port.
RX EAPOL Invalid
The number of invalid EAPOL frames received on the port.
RX EAPOL Total
The total number of EAPOL frames received on the port.
RX EAP Resp/Id
The number of EAP-Response/Identity frames received on the port
RX EAP Resp other than Resp/Id
The total number of EAPOL-Response frames received on the port that were
not EAP-Response/Identity frames.
RX EAP Length Error
The number of EAPOL frames received on the port that have an invalid
packet body length.
Last EAPOL Version
The version number of the last EAPOL frame received on the port.
Last EAPOL Source
The source MAC address in the last EAPOL frame received on the port.
TX EAPOL Total
The total number of EAPOL frames transmitted on the port.
TX EAP Req/Id
The number of EAP-Request/Identity frames transmitted on the port.
TX EAP Req other than Req/Id
The number of EAP-Request frames transmitted on the port that were not
EAP-Request/Identity frames.
The following example displays dot1x authentication statistics for port 10/2/1.
device# show dot1x statistics ethernet 10/2/1
Port 10/2/1 Statistics:
RX EAPOL Start : 2
RX EAPOL Logoff : 2
RX EAPOL Invalid : 0
RX EAPOL Total : 12
RX EAP Resp/Id : 4
RX EAP Resp other than Resp/Id : 4
RX EAP Length Error : 0
Last EAPOL Version : 1
Last EAPOL Source : 0022.0002.0002
TX EAPOL Total : 0
TX EAP Req/Id : 10417
TX EAP Req other than Req/Id : 2
FastIron Command Reference
53-1003389-04
293
Show Commands
History
294
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
show dot1x-mka config
show dot1x-mka config
Shows the MACsec Key Agreement (MKA) configuration for the device.
Syntax
show dot1x-mka config
Modes
EXEC or Privileged EXEC mode
Usage Guidelines
This command is supported only on the Brocade ICX 6610.
Command Output
The show dot1x-mka config command displays the following information:
Output field
Description
dot1x-mka-enable
MACsec is enabled on the device.
enable-mka ethernet device/slot/port
The ethernet interfaces specified are enabled for
MACsec.
mka-cfg-group group-name
The configuration details that follow are for the named
MACsec MKA group.
key-server-priority value
The key server priority for MACsec transmissions on
the named group is set at this value.
macsec cipher-suite gcm-aes-128
MACsec encryptions between members of the group
are encrypted.
or
macsec cipher-suite gcm-aes-128 integrity-only
or
ICV checking only is performed, but no encryption is
performed.
macsec confidentiality-offset value
The byte offset used for encrypted data is set to the
value shown. Allowable values are 0, 30 (the first 30
bytes of data are not encrypted), and 50 (the first 50
bytes of data are not encrypted).
macsec frame-validation { check | discard }
For transmissions between MKA group members,
indicates whether the MACsec frame header is
checked and what action is taken for invalid frames
(counted or discarded).
macsec-replay protection { strict | out-of-order window-size Replay protection is enabled. The type of protection is
value }
shown as strict (discard any frame received out of
sequence) or as allowing receipt of out-of-sequence
frames within the specified window.
key value name value
FastIron Command Reference
53-1003389-04
The pre-shared key is set to this value and name for
the MKA configuration group. Both key and name are
hexadecimal strings.
295
Show Commands
Output field
Description
enable ethernet device/slot/port
The specified interface is enabled for MACsec. The
interface belongs to the named MKA group, and the
interface uses the pre-shared key shown to confirm
peers with which it can communicate.
mka-cfg-group name
key hexadecimal value name hexadecimal value
Examples
The following example displays MACsec configuration information for an ICX 6610 device with MACsec
enabled. Two MKA groups, test1 and group1, are configured. Interfaces with either group of parameters
applied could form secure channels because the groups have the same pre-shared key.
device(config-dot1x-mka-1/3/2)# show dot1x-mka config
dot1x-mka-enable
mka-cfg-group test1
key-server-priority 5
macsec cipher-suite gcm-aes-128 integrity-only
macsec confidentiality-offset 30
macsec frame-validation strict
mka-cfg-group group1
key-server-priority 20
macsec cipher-suite gcm-aes-128
macsec confidentiality-offset 30
enable-mka ethernet 1/3/2
mka-group test1
pre-shared-key 135bd758 b0ee5c11 c55ff6ab 19fdb199 key-name 96437a93 ccf10d9d
fe347846 cce52c7d
enable-mka ethernet 1/3/3
mka-group group1
pre-shared-key 135bd758 b0ee5c11 c55ff6ab 19fdb199 key-name 96437a93 ccf10d9d
fe347846 cce52c7d
enable-mka ethernet 1/3/4
mka-group group1
pre-shared-key 135bd758 b0ee5c11 c55ff6ab 19fdb199 key-name 96437a93 ccf10d9d
fe347846 cce52c7d
History
296
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
show dot1x-mka config-group
show dot1x-mka config-group
Shows details for the specified MACsec Key Agreement (MKA) groups configured on this device, or for
a designated MKA group.
Syntax
Parameters
show dot1x-mka config-group group-name
group-name
Limits the group configuration displayed to the named MKA group.
Modes
EXEC or Privileged EXEC mode
Usage Guidelines
This command is supported only on the Brocade ICX 6610.
Command Output
The show dot1x-mka config-group command displays the following information:
Examples
Output field
Description
mka-cfg-group
The configuration details that follow are for the specified
MACsec MKA group.
key-server-priority
The key-server priority for MACsec transmissions on the
named group is set at te specified value.
macsec cipher-suite gcm-aes-128
MACsec transmissions are encrypted.
or
or
macsec cipher-suite gcm-aes-128 integrity-only
ICV checking only is performed.
macsec confidentiality-offset
The byte offset used for encrypted data is set to the value
shown. Allowable values are 0, 30 (the first 30 bytes of
data are not encrypted), and 50 (the first 50 bytes of data
are not encrypted).
macsec frame-validation {check | discard}
Indicates whether the MACsec frame header is checked
and what action is taken for invalid frames (counted or
discarded).
macsec replay-protection {strict | out-of-order windowsize size}
Replay protection is enabled. The type of protection is
shown as strict (discard any frame received out of
sequence) or as allowing receipt of out-of-sequence
frames within the specified window.
The following example lists the configuration details for MKA group test1.
device(config-dot1x-mka-1/3/2)# show dot1x-mka config-group test1
mka-cfg-group test1
key-server-priority 5
macsec cipher-suite gcm-aes-128 integrity-only
macsec confidentiality-offset 30
macsec frame-validation check
macsec replay-protection strict
FastIron Command Reference
53-1003389-04
297
Show Commands
History
298
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
show dot1x-mka sessions
show dot1x-mka sessions
Displays a summary of all MACsec Key Agreement (MKA) sessions on the device.
Syntax
show dot1x-mka sessions brief
show dot1x-mka sessions ethernet device/slot/port
Parameters
brief
Displays a brief status of all MKA sessions.
ethernet device/slot/port
Displays MKA sessions that are active on a specified Ethernet interface. The Ethernet
interface is specified by device position in stack, slot on the device, and interface on the
slot.
Modes
EXEC or Privileged EXEC mode
Usage Guidelines
This command is supported only on the Brocade ICX 6610.
Command Output
The show dot1x-mka sessions command with the brief option displays the following information:
Output field
Description
Port
Designates the interface for which MACsec information is listed (by device,
slot, and port).
Link-Status
Indicates whether the link is up or down.
MKA-Status
Indicates whether a secure channel has been established.
Key-Server
Indicates whether the interface is operating as a key-server.
Negotiated Capability
Indicates MACsec parameters configured on the designated interface.
The show dot1x-mka sessions command with the ethernet interface options displays the following
information:
Output field
Description
Interface
The information that follows applies to the designated interface.
MKA cfg group Name
The designated MKA configuration group has been applied to the designated
interface.
DOT1X-MKA Enabled (Yes, No)
Indicates whether MACsec is enabled for the designated interface.
DOT1X-MKA Active (Yes, No)
Indicates whether MACsec is active on the interface.
Key Server (Yes, No)
Indicates whether the MACsec key-server is active over the interface.
Configuration Status:
The following fields describe the MKA configuration applied to the interface.
Enabled (Yes, No)
Indicates whether MACsec is currently enabled.
Capability (Integrity and or
confidentiality)
Indicates whether ICV checks are being performed on MACsec frames and
whether encryption is being applied.
FastIron Command Reference
53-1003389-04
299
Show Commands
Output field
Description
Desired (Yes, No)
Indicates whether port is interested in becoming the key-server.
Protection (Yes, No)
Indicates whether replay protection is applied to the interface.
Frame Validation (Yes, No)
Indicates whether frames received are being checked for valid MACsec
headers.
Replay Protection (Strict, Out of
Order)
Indicates that replay protection is configured and whether frames must be
received in exact order or within an allowable window.
Replay Protection Size
Indicates the allowable window size within which frames may be received.
Cipher Suite (GCM-AES-128)
Specifies the cipher suite used for ICV checking, encryption, and decryption.
Key Server Priority (1 to 127)
Specifies the key-server priority configured on the interface.
Secure Channel Information
The following fields describe a secure channel established on this interface.
Local SCI
Provides the hexadecimal value of the Secure Channel Identifier for this
channel.
Member Identifier
Provides the MACsec number assigned to the MKA peer.
Message Number
Provides the Message Number contained in Hello packets from this MKA
peer. Hello packets are exchanged to determine peer status, MACsec
capabilities, and SAK Key Identifier.
Latest SAK Status (RX and or TX)
Indicates the Secure Association Key (SAK) state.
Latest SAK AN
Provides the Association Number for the most recently active Secure
Association Key.
Latest SAK KI
Provides the Key Identifier for the most recently active Secure Association
Key.
Negotiated Capability (Integrity and Indicates whether ICV checking, encryption, and a confidentiality offset have
or Confidentiality with offset)
been applied on the secure channel. (The negotiated capability may differ
from parameters configured on the interface when it does not have key-server
status.)
300
Peer Information:
The output fields that follow provide information on actual and potential
MACsec peer interfaces.
State (Live or Potential)
Indicates whether the peer is considered a live peer or a potential peer for
MKA protocol.
Member Identifier
Designates the peer by its Member Identifier, a hexadecimal value.
Message Number
Provides the Message Number that appears in Hello packets from the
designated peer interface as a hexadecimal value.
SCI
Provides the peer's Secure Channel Identifier.
Priority
Provides the key-server priority configured on the peer interface.
FastIron Command Reference
53-1003389-04
Show Commands
Examples
In the following example, all enabled MKA interfaces on the device are listed, along with configured
parameters and current status.
device(config-dot1x-mka-1/3/2)# show dot1x-mka sessions brief
Port
Link-Status
MKA-Status
Key-Server
Negotiated Capability
1/3/2
1/3/3
1/3/4
Down
Up
Up
Pending
Secured
Secured
--No
No
--Integrity, Confidentiality with Off. 30
Integrity, Confidentiality with Off. 30
The following example lists MKA sessions that are active on Ethernet interface 1/3/3 (device 1, slot 3,
port 3), with configuration details for each active interface.
device(config-dot1x-mka-1/3/3)# show dot1x-mka sessions ethernet 1/3/3
Interface
MACsec Status
DOT1X-MKA Enabled
DOT1X-MKA Active
Key Server
Configuration Status:
Enabled
Capability
Desired
Protection
Frame Validation
Replay Protection
Replay Protection Size
Cipher Suite
Key Server Priority
Local SCI
Member Identifier
Message Number
: 1/3/3
:
:
:
:
Secured
Yes
Yes
No
:
:
:
:
:
:
:
:
:
Yes
Integrity,
Yes
Yes
Disable
Strict
0
GCM-AES-128
20
: 748ef8344a510082
: 802ed0536fcafc43407ba222
: 8612
Secure Channel Information:
Latest SAK Status
:
Latest SAK AN
:
Latest KI
:
Negotiated Capability
:
Rx & Tx
0
d08483062aa9457e7c2470e300000001
Integrity, Confidentiality with offset 30
Peer Information:
State
Member Identifier
Priority
---------------------------Live
d08483062aa9457e7c2470e3
20
History
Confidentiality
Message Number
SCI
--------------
----------------
8527
748ef83443910082
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
301
show dot1x-mka statistics
show dot1x-mka statistics
Displays current MACsec Key Agreement (MKA) statistics on the interface.
Syntax
Parameters
show dot1x-mka statistics ethernet device/slot/port
ethernet device/slot/port
Ethernet interface for which MKA statistics are to be displayed. The interface is
designated by a device number in stack/slot on the device/interface on the slot.
Modes
Usage Guidelines
EXEC or Privileged EXEC mode
This command is supported only on the ICX 6610.
It is recommended that you use the clear dot1x-mka statistics command to clear results of the
previous show dot1x-mka statistics command before re-executing it.
Command Output
Examples
The show dot1x-mka statistics command displays the following information:
Output field
Description
Interface (device/slot/port)
The output fields describe MACsec activity for the designated interface.
MKA in Pkts
MKA protocol packets received
MKA in SAK Pkts
MKA protocol packets received containing a SAK
MKA in Bad Pkts
MKA protocol packets received that are bad
MKA in Bad ICV Pkts
MKA protocol packets received with a bad ICV
MKA in Mismatch Pkts
MKA protocol packets received with mismatched CAK
MKA out Pkts
MKA protocol packets transmitted
MKA out SAK Pkts
MKA protocol packets transmitted containing a SAK
Number of SAK
Total number of SAKs received
The following example shows MKA statistics for Ethernet interface 1/3/3 (device 1, slot 3, port 3), which
is transmitting and receiving MACsec frames.
device(config-dot1x-mka-1/3/3)# clear dot1x-mka statistics ethernet 1/3/3
device(config-dot1x-mka-1/3/3)# show dot1x-mka statistics ethernet 1/3/3
History
302
Interface
: 1/3/3
MKA in Pkts
MKA in SAK Pkts
MKA in Bad Pkts
MKA in Bad ICV Pkts
MKA in Mismatch Pkts
MKA out Pkts
MKA out SAK Pkts
Number of SAK
:
:
:
:
:
:
:
:
8585
1
0
0
0
8687
0
1
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
show interface ethernet
show interface ethernet
Displays the detailed interface configuration and capabilities of all interfaces or for a specific interface.
Syntax
Parameters
show interface ethernet stackid/slot/port
stackid/slot/port
Specifies the Ethernet port.
Modes
Examples
Privileged EXEC mode
Thie following example shows detailed interface information. Note that the priority flow control (PFC) is
shown as enabled and information for the unicast and multicast egress queues is shown separately.
Device#show interface ethernet 1/1/22
10GigabitEthernet1/1/22 is up, line protocol is up
Port up for 16 minutes 1 seconds
Hardware is 10GigabitEthernet, address is aabb.ccdd.ef14 (bia aabb.ccdd.ef14)
Configured speed 10Gbit, actual 10Gbit, configured duplex fdx, actual fdx
Member of 1 L2 VLANs, port is tagged, port state is FORWARDING
BPDU guard is Disabled, ROOT protect is Disabled, Designated protect is Disabled
Link Error Dampening is Disabled
STP configured to ON, priority is level0, mac-learning is enabled
….
…..
MTU 1500 bytes
Priority-Flow-Control is Enabled
300 second input rate: 37014512 bits/sec, 9036 packets/sec, 0.38% utilization
300 second output rate: 731174584 bits/sec, 178509 packets/sec, 7.58% utilization
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 multicasts, 0 unicasts
0 input errors, 0 CRC, 0 frame, 0 ignored
0 runts, 0 giants
26055807 packets output, 13340529672 bytes, 0 underruns
Transmitted 0 broadcasts, 98 multicasts, 26055709 unicasts
0 output errors, 0 collisions
Relay Agent Information option: Disabled
UC Egress queues:
Queue counters
Queued packets
0
0
1
2349160
2
2349163
3
2349165
4
2349163
5
2349165
6
5461694
7
6498353
Dropped Packets
2074860
2074861
2074861
2074860
2074860
2074860
518651
0
MC Egress queues:
Queue counters
Queued packets
0
0
1
0
2
0
3
0
4
0
Dropped Packets
0
0
0
0
0
FastIron Command Reference
53-1003389-04
303
Show Commands
This example shows information for an interface that has an ingress profile and an egress profile
attached to a port.
Device(config-if-e40000-1/1/1)#show inernet ethernet 1/1/1
40GigabitEthernet1/1/1 is up, line protocol is up
Port up for 5 days 12 hours 45 minutes 48 seconds
Hardware is 40GigabitEthernet, address is 748e.f8f9.3d80 (bia 748e.f8f9.3d80)
Configured speed 40Gbit, actual 40Gbit, configured duplex fdx, actual fdx
Configured mdi mode AUTO, actual none
Member of 1 L2 VLANs, port is tagged, port state is FORWARDING
BPDU guard is Disabled, ROOT protect is Disabled, Designated protect is Disabled
Link Error Dampening is Disabled
STP configured to ON, priority is level0, mac-learning is enabled
Flow Control is enabled
Mirror disabled, Monitor disabled
Mac-notification is disabled
Not member of any active trunks
Not member of any configured trunks
No port name
IPG MII 96 bits-time, IPG GMII 96 bits-time
MTU 1500 bytes, encapsulation ethernet
Ingress Profile is i1
Egress Profile is e1
300 second input rate: 0 bits/sec, 0 packets/sec, 0.00% utilization
300 second output rate: 0 bits/sec, 0 packets/sec, 0.00% utilization
8060797794 packets input, 1031782117647 bytes, 0 no buffer
Received 0 broadcasts, 0 multicasts, 8060797794 unicasts
4 input errors, 0 CRC, 0 frame, 0 ignored
0 runts, 0 giants
8078157201 packets output, 1034004121728 bytes, 0 underruns
Transmitted 0 broadcasts, 0 multicasts, 8078157201 unicasts
0 output errors, 0 collisions
Relay Agent Information option: Disabled
History
304
Release version
Command history
8.0.20
This command was modified to include PFC status and separate unicast and
multicast egress queues.
FastIron Command Reference
53-1003389-04
show interfaces stack-ports
show interfaces stack-ports
Use the show interfaces stack-ports command to display information about the stacking ports for all
members in a stack.
Syntax
show interfaces stack-ports
Modes
Privileged EXEC mode
Usage Guidelines
Use the clear stack ipc command before issuing theshow stack ipc command. This helps to ensure
that the data are the most recent traffic statistics for the stack.
This command must be executed from active stack controller.
Command Output
The show interfaces stack-ports command displays the following information:
Output field Description
Port
Specifies the stack identification number for this unit
Link
Identifies the configuration for modules on this unit
State
Indicates that a priority has been assigned to this stack unit
Dupl
Indicates whether the port is configured as half- or full-duplex
Speed
Indicates the port speed
Trunk
Indicates whether the port is part of a trunk
Tag
Indicates whether the port is tagged or untagged
P
Specifies port priority
MAC
Provides the MAC address of the port.
NOTE
If a unit is provisional (it is reserved and does not have a physical unit associated with the unit ID),
the interface MAC address displayed for the unit is 0000.0000.0000.
Name
FastIron Command Reference
53-1003389-04
Displays the optional name assigned to the port if present
305
Show Commands
Examples
The following example displays information about the stack-port interfaces for an ICX 6610 in a mixed
stack.
ICX6610-48 Router# show
Port
Link
State
1/2/1
Up
Forward
1/2/2
Up
Forward
1/2/6
Up
Forward
1/2/7
Down
None
2/2/1
Down
None
2/2/2
Down
None
2/2/6
Down
None
2/2/7
Down
None
3/2/1
Down
None
3/2/2
Up
Forward
3/2/6
Up
Forward
3/2/7
Up
Forward
5/2/1
Down
None
5/2/2
Up
Forward
5/2/6
Up
Forward
5/2/7
Down
None
306
interfaces
Dupl Speed
Full 40G
Full 10G
Full 40G
None None
None None
None None
None None
None None
None None
Full 10G
Full 40G
Full 10G
None None
Full 10G
Full 40G
None None
stack-ports
Trunk Tag Pvid
None No N/A
None No N/A
None No N/A
None No N/A
None No N/A
None No N/A
None No N/A
None No N/A
None No N/A
None No N/A
None No N/A
None No N/A
None No N/A
None No N/A
None No N/A
None No N/A
Pri
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
MAC
Name
0000.0034.1db5
0000.0034.1db6
0000.0034.1db7
0000.0034.1db8
0000.0000.0000
0000.0000.0000
0000.0000.0000
0000.0000.0000
0000.0034.266d
0000.0034.266e
0000.0034.266f
0000.0034.2670
0000.0034.11ad
0000.0034.11ae
0000.0034.11af
0000.0034.11b0
FastIron Command Reference
53-1003389-04
show ip mroute
show ip mroute
Displays information on multicast routes. You can specify whether you want to display information from
static or connected mroutes or from a particular mroute.
Syntax
Parameters
show ip mroute [vrf vrf-name ] { static | connected | nexthop | ip-subnet [ mask]}
vrf vrf-name
Specifies a VRF route.
static
Specifies a static multicast route.
connected
Specifies a directly attached (connected) multicast route.
nexthop
Specifies an IPv4 next hop table.
ip-subnet [ mask ]
Specifies an IP address.
Modes
Privileged EXEC mode
Global configuration mode
Examples
The following example displays information for IP multicast routes:
Device(config)# show ip mroute
Total number of IP routes: 5
Type Codes - B:BGP D:Connected S:Static;
Cost - Dist/Metric
Destination
Gateway
Port
Type
Uptime
1
20.20.20.0/24
220.220.220.1
ve 220
S
8m54s
2
50.50.50.0/24
DIRECT
ve 50
D
8h26m
3
77.1.1.1/32
DIRECT
loopback 1
D
8h26m
4
129.129.129.0/24
DIRECT
ve 129
D
8h26m
5
220.220.220.0/24
DIRECT
ve 220
D
2h49m
Cost
1/1
0/0
0/0
0/0
0/0
The following example displays information for static multicast routes:
Device(config)# show ip mroute static
Type Codes - B:BGP D:Connected S:Static;
Cost - Dist/Metric
Destination
Gateway
Port
1
20.20.20.0/24
220.220.220.1
ve 220
Cost
1/1
Type
S
Uptime
8m54s
The following example displays information for directly attached multicast routes:
Device(config)# show ip mroute connected
Type Codes - B:BGP D:Connected S:Static;
Destination
Gateway
1
50.50.50.0/24
DIRECT
2
77.1.1.1/32
DIRECT
3
129.129.129.0/24
DIRECT
4
220.220.220.0/24
DIRECT
Cost - Dist/Metric
Port
Cost
ve 50
0/0
loopback 1
0/0
ve 129
0/0
ve 220
0/0
Type
D
D
D
D
Uptime
8h26m
8h26m
8h26m
2h49m
Type
D
Uptime
8h26m
The following example displays information for IP multicast route 50.50.50.100:
Device(config)# show ip mroute 50.50.50.100
Type Codes - B:BGP D:Connected S:Static;
Destination
Gateway
1
50.50.50.0/24
DIRECT
FastIron Command Reference
53-1003389-04
Cost - Dist/Metric
Port
Cost
ve 50
0/0
307
Show Commands
History
308
Release version
Command history
8.0.10a
This command was introduced.
FastIron Command Reference
53-1003389-04
show ip msdp mesh-group
show ip msdp mesh-group
Displays the details of a specific mesh-group.
Syntax
Parameters
show ip msdp [ vrf vrf-name ] mesh-group group-name
vrf
Displays the mesh-group details for the VRF instance specified by the vrf-name
variable.
vrf-name
Specifies the VRF instance.
mesh-group
Specifies the MSDP group.
group-name
Specifies the mesh group.
Modes
Privileged EXEC mode
Global configuration mode
MSDP router configuration mode
Usage Guidelines
If used without specifying a VRF, this command shows data from the default VRF.
Command Output
The show ip msdp [ vrf vrf-name ] mesh-group group-name command displays the following
information:
Output field
Description
Peer Address
The IP address of the MSDP peer that is placed in the mesh group.
State
The state of the MSDP device connection with the mesh group. The state can
be one of the following:
• CONNECT - The session is in the active open state.
• ESTABLISH - The MSDP session is fully up.
Examples
•
IDLE - The session is idle.
•
LISTEN - The session is in the passive open state.
KA (Keep Alive) In
The number of MSDP keepalive messages received by the mesh group.
KA (Keep Alive) Out
The number of MSDP keepalive messages sent by the mesh group.
SA (Source-Active) In
The number of SA messages received by the mesh group.
SA (Source-Active) Out
The number of SA messages sent by the mesh group.
NOT (Notification) In
The number of notification messages received by the mesh group.
NOT (Notification) out
The number of notification messages sent by the mesh group.
Age
The number of seconds the messages has been in the cache.
The following example shows the mesh-group configuration details.
device#show ip msdp mesh-group
Mesh-Group-Name
group1
group2
FastIron Command Reference
53-1003389-04
Peer-IP-Address
40.0.0.40
21.0.0.23
309
Show Commands
The following example shows the details of mesh-group group1.
device#show ip msdp mesh-group group1
MSDP MESH-GROUP:group1
KA: Keepalive SA:Source-Active NOT: Notification
Peer Address
State
KA
SA
In
Out
In
40.0.0.40
ESTABLISH
1407
1406
0
NOT
In
0
Out
0
Out
0
Age
6
The following example shows the mesh-group configuration details for the VRF 10 instance.
device#show ip msdp vrf 10 mesh-group
Mesh-Group-Name
Peer-IP-Address
group1
22.0.0.22
group2
21.0.0.23
The following example shows the mesh-group group2 details for the VRF 10 instance.
device#show ip msdp vrf 10 mesh-group group2
MSDP MESH-GROUP:group2
KA: Keepalive SA:Source-Active NOT: Notification
Peer Address
State
KA
SA
In
Out
21.0.0.23
IDLE
0
0
0
History
310
Release version
Command history
08.0.20
This command was introduced.
0
In
NOT
0
Out
Age
In
0
Out
0
FastIron Command Reference
53-1003389-04
show ip multicast group
show ip multicast group
Displays information about IGMP groups.
Syntax
Parameters
show ip multicast [ cluster ] group [group-address [detail] [tracking] ]
cluster
Specifies a multi-chassis trunking (MCT) cluster.
group-address
Specifies information for a particular group.
detail
Specifies detailed IGMP group information for a specific group.
tracking
Specifies tracking information on interfaces that have tracking enabled.
Modes
Command Output
Privileged EXEC mode
The show ip multicast group command displays the following information:
Output Field Description
group
The address of the group (destination address in this case, 224.1.1.1)
p-port
The physical port on which the group membership was received.
ST
Yes indicates that the IGMP group was configured as a static group; No means the address was
learned from reports.
QR
Yes means the port is a querier port; No means it is not. A port becomes a non-querier port when it
receives a query from a source with a lower source IP address than the device.
life
The number of seconds the group can remain in EXCLUDE mode. An EXCLUDE mode changes to
INCLUDE mode if it does not receive an "IS_EX" or "TO_EX" message during a certain period of
time. The default is 260 seconds. There is no life displayed in INCLUDE mode.
mode
Indicates current mode of the interface: INCLUDE or EXCLUDE. If the interface is in INCLUDE
mode, it admits traffic only from the source list. If an interface is in EXCLUDE mode, it denies traffic
from the source list and accepts the rest.
source
Identifies the source list that will be included or excluded on the interface.
For example, if an IGMP V2 group is in EXCLUDE mode with a source of 0, the group excludes
traffic from the 0 (zero) source list, which actually means that all traffic sources are included.
FastIron Command Reference
53-1003389-04
311
Show Commands
Examples
The following example shows that an IGMP V2 group is in EXCLUDE mode with a source of 0. The
group excludes only traffic from the 0 (zero) source list, which means that all traffic sources are
included.
Device#show ip multicast group
p-:physical, ST:static, QR:querier, EX:exclude, IN:include, Y:yes, N:no
VL70 : 3 groups, 4 group-port, tracking_enabled
group
p-port
ST
QR
life mode
source
1
224.1.1.2
1/33
no
yes
120 EX
0
2
224.1.1.1
1/33
no
yes
120 EX
0
3
226.1.1.1
1/35
yes
yes
100 EX
0
4
226.1.1.1
1/33
yes
yes
100 EX
0
The following example displays detailed IGMP group information for multicast group 226.1.1.1:
Device#show ip multicast group 226.1.1.1 detail
Display group 226.1.1.1 in all interfaces in details.
p-:physical, ST:static, QR:querier, EX:exclude, IN:include, Y:yes, N:no
VL70 : 1 groups, 2 group-port, tracking_enabled
group
p-port
ST
QR
life mode
source
1
226.1.1.1
1/35
yes
yes
120 EX
0
group: 226.1.1.1, EX, permit 0 (source, life):
life=120, deny 0:
group
p-port
ST
QR
life mode
source
2
226.1.1.1
1/33
yes
yes
120 EX
0
group: 226.1.1.1, EX, permit 0 (source, life):
life=120, deny 0:
The following example displays the list of clients that belong to multicast group 224.1.1.1 when tracking
and fast leave are enabled:
Device#show ip multicast group 224.1.1.1 tracking
Display group 224.1.1.1 in all interfaces with tracking enabled.
p-:physical, ST:static, QR:querier, EX:exclude, IN:include, Y:yes, N:no
VL70 : 1 groups, 1 group-port, tracking_enabled
group
p-port
ST
QR
life mode
source
*** Note: has 1 static groups to the entire vlan, not displayed here
1
224.1.1.1
1/33
no
yes
100 EX
0
receive reports from 1 clients: (age)
(10.2.100.2 60)
The following example displays information for a device in an MCT cluster, In the “local” column, YES
indicates that report/leave were received on local ports [cluster-edge ports (CEP) or cluster-client-edge
ports (CCEP)]; NO indicates that report/leave were received on a port that is an inter-chassis link (ICL)
between the MCT cluster switches, via an MCT peer.
Device#show ip multicast cluster group
p-:physical, ST:static, QR:querier, EX:exclude, IN:include,
VL70 : 1 groups, 1 group-port
group
p-port
ST
QR
life mode
1
225.1.1.1
e3/10
no
no
260
EX
2
230.1.1.2
e3/12
no
yes
40
EX
History
312
Y:yes, N:no
source
0
0
local
YES
NO
Release version
Command history
8.0.20
This command was modified to display MCT cluster information.
FastIron Command Reference
53-1003389-04
show ip multicast mcache
show ip multicast mcache
Displays information in the multicast forwarding mcache.
Syntax
Parameters
show ip multicast [ cluster ] mcache
cluster
Specifies a multi-chassis trunking (MCT) cluster.
Modes
Privileged EXEC mode
Usage Guidelines
Configuring the show default values command does not show complete output; it shows only IGMP
mcache values. The IGMP snooping mcache contains multicast forwarding information for VLANs and
you must configure the show ip multicast mcache command to display those.
Command Output
The show ip multicast mcache command displays the following information:
Field
Description
(source group) Source and group addresses of this data stream. (* group) means match group only; (source
group) means match both.
Examples
cnt
The number of packets processed in software. Packets are switched in hardware, which increases
this number slowly.
OIF
The output interfaces. If entire vlan is displayed, this indicates that static groups apply to the
entire VLAN.
age
The mcache age. The mcache will be reset to 0 if traffic continues to arrive, otherwise the mcache
will be aged out when it reaches the time defined by the ip multicast mcache-age command.
uptime
The up time of this mcache in seconds.
vidx
Vidx specifies output port list index. Range is from 4096 through 8191.
ref-cnt
The vidx is shared among mcaches having the same output interfaces. Ref-cnt indicates the
number of mcaches using this vidx.
ICL
Inter-chassis link between MCT cluster switches.
CCEP
Cluster-client-edge ports (ports on cluster switch connecting it with acluster client).
The following example shows information in the multicast forwarding mcache:
Device#show ip multicast mcache
Example: (S G) cnt=: cnt is number of SW processed packets
OIF: e1/22 TR(1/32,1/33), TR is trunk, e1/32 primary, e1/33 output
vlan 10, 1 caches. use 1 VIDX
1
(10.10.10.2 239.0.0.3) cnt=0
OIF: tag e2
age=2s up-time=2s change=2s vidx=8191 (ref-cnt=1)
FastIron Command Reference
53-1003389-04
313
Show Commands
The following example shows information in the multicast forwarding mcache when data arrives locally:
Device#show ip multicast cluster mcache
xample: (S G) cnt=: (S G) are the lowest 32 bits, cnt is number of SW processed
packets
OIF: e1/22 TR(e1/32,e1/33), TR is trunk, e1/32 primary, e1/33 output
[1,10]: [1 - has local oif, 10 - ICL due to CCEP count]
vlan 10, 1 caches. use 1 VIDX
1
(* 225.1.1.3) cnt=52244
OIF: tag TR(e4/23) [1,0]
age=167s up-time=11548s, change=58639s vidx=8184 (ref-cnt=1)
The following example shows information in the multicast forwarding mcache when data arrives on an
MCT peer:
Device#show ip multicast cluster mcache
Example: (S G) cnt=: (S G) are the lowest 32 bits, cnt is number of SW processed
packets
OIF: e1/22 TR(e1/32,e1/33), TR is trunk, e1/32 primary, e1/33 output
[1,10]: [1 - has local oif, 10 - ICL due to CCEP count]
vlan 10, 1 caches. use 1 VIDX
1
(30.0.0.10 225.1.1.3) cnt=30084
OIF: tag TR(e3/13) [1,0]
age=152s up-time=13728s, change=9990s vidx=8184 (ref-cnt=1)
History
314
Release version
Command history
8.0.20
This command was modified to display MCT cluster information.
FastIron Command Reference
53-1003389-04
show ip multicast optimization
show ip multicast optimization
Displays Internet Group Management Protocol (IGMP) snooping hardware resource-sharing
information.
Syntax
Parameters
show ip multicast optimization [ ipmc ]
ipmc
Specifies the IPMC group index number.
Modes
Privileged EXEC mode
VLAN configuration mode
Usage Guidelines
The show ip multicast optimization command is available only on ICX 7750 devices.
Use this command to display the availability of IP multicast (IPMC) group indexes in the hardware and
how they are used and shared.
Examples
The following example displays resource information showing that IPMC group index 4 is shared by two
users and the ports included in the set are 1/1/6 and 1/1/1:
Device(config)#vlan 150
Device(config-vlan-150)#show ip multicast optimization
Total IPMCs Allocated:
0; Available: 8192; Failed:
0
Index
IPMC
SetId
Users
Set
1.
4
0x161fcbd8
2 {<1/1/6>,<1/1/1>,}
2.
1
0x161d0930
10 {<1/1/6>,<1/1/4>,<1/1/3>,<1/1/2>,
<1/1/1>,}
Sharability Coefficient: 76%
History
Release version
Command history
8.0.10
This command was introduced.
FastIron Command Reference
53-1003389-04
315
show ip multicast pimsm-snooping
show ip multicast pimsm-snooping
Displays information related to PIM sparse mode (SM) snooping on the mcache.
Syntax
Parameters
show ip multicast pimsm-snooping [ vlan vlan-id ] [ cache ip-address ] [ resources ]
cache ip-address
Specifies the PIM SM Snooping cache.
vlan vlan-id
Specifies snooping for a VLAN.
resources
Specifies PIM SM snooping resources.
Modes
Usage Guidelines
Examples
Privileged EXEC mode
Use the show ip multicast pimsm-snooping command to display information related to the PIM SM
snooping on the outgoing interface (OIF) in the mcache.
The following example shows PIM SM information for the mcache:
Device#show ip multicast pimsm-snooping
Example: Port: 7/3 (ref_count=1)
ref_count: no of entries in pimsm snoop cache added this oif)
vlan 503, has 1 caches.
1
(* 225.1.1.1) has 3 pim join ports out of 4 OIF
4/23 (ref_count=2), 4/13 (ref_count=1), 4/5 (ref_count=3),
316
FastIron Command Reference
53-1003389-04
show ip multicast vlan
show ip multicast vlan
Displays IGMP snooping information for a specific VLAN.
Syntax
Parameters
show ip multicast vlan [ cluster ] vlan-id
vlan-id
Specifies the VLAN for which you want information. If you do not specify a vlanid, information for all VLANs is displayed.
cluster
Specifies a multi-chassis trunking (MCT) cluster.
Modes
Usage Guidelines
Privileged EXEC mode
You can use the show ip multicast vlan command to display the querier information for a VLAN. This
command displays the VLAN interface status and whether there is any other querier present with the
lowest IP address. The following list provides the combinations of querier possibilities:
•
•
•
•
Command Output
Active Interface with no other querier present
Passive Interface with no other querier present
Active Interface with other querier present
Passive Interface with other querier present
The show ip multicast vlan command displays the following information:
Output Field Description
Version
The global IGMP version. In this example, the device is configured for IGMP version 2.
Query
How often a querier sends a general query on the interface. In this example, the general queries are
sent every 125 seconds.
Group Age
The number of seconds membership groups can be members of this group before aging out.
Max Resp
The maximum number of seconds a client waits before replying to a query.
Other Qr
How long it took a switch with a lower IP address to become a new querier. This value is 2 x Query
+ Max Resp.
cfg
The IGMP version for the specified VLAN. In this example, VL10: cfg V3 indicates that VLAN 10 is
configured for IGMP V3.
vlan cfg
The IGMP configuration mode, which is either passive or active.
pimsm
Indicates that PIM SM is enabled on the VLAN.
rtr port
The router ports, which are the ports receiving queries.
local
Entries learned on local interfaces of the cluster switch, for example, local cluster-client-edge ports
(CCEP) or cluster-edge ports (CEP).
FastIron Command Reference
53-1003389-04
317
Show Commands
Output Field Description
mct peer
Examples
Entries learned via the MCT peer cluster switch. Control messages synchronize via inter-chassis
link (ICL) from the MCT peer cluster switch.
The following example shows IGMP snooping information for VLAN 10:
Device#show ip multicast vlan 10
Version=3, Intervals: Query=10, Group Age=260, Max Resp=10, Other Qr=30
VL10: cfg V3, vlan cfg passive, , pimsm (vlan cfg), 3 grp, 1 (SG) cache, no rtr port,
e2
has
3 groups, non-QR (passive), default V3
**** Warning! has V2 client (life=240),
group: 239.0.0.3, life = 240
group: 224.1.1.2, life = 240
group: 224.1.1.1, life = 240
e4
has
0 groups, non-QR (passive), default V3
The following example shows IGMP snooping information when the VLAN interface is active and no
other querier is present with the lowest IP address:
Device#show ip multicast vlan 10
Version=2, Intervals: Query=125, Group Age=260, Max Resp=10, Other Qr=260
VL10: dft
V2, vlan cfg active, 0 grp, 0 (*G) cache, no rtr port,
1/1/16 has
0 groups,
This interface is Querier
default V2
1/1/24 has
0 groups,
This interface is Querier
default V2
2/1/16 has
0 groups,
This interface is Querier
default V2
2/1/24 has
0 groups,
This interface is Querier
default V2
3/1/1
has
0 groups,
This interface is Querier
default V2
3/1/4
has
0 groups,
This interface is Querier
default V2
The following example shows IGMP snooping information when the VLAN interface is passive and no
other querier is present with the lowest IP address:
Device#show ip multicast vlan 10
Version=2, Intervals: Query=125, Group Age=260, Max Resp=10, Other Qr=260
VL10: dft V2, vlan cfg passive, 0 grp, 0 (*G) cache, no rtr port,
1/1/16 has
0 groups,
This interface is non-Querier (passive)
default V2
1/1/24 has
0 groups,
This interface is non-Querier (passive)
default V2
2/1/16 has
0 groups,
This interface is non-Querier (passive)
default V2
2/1/24 has
0 groups,
This interface is non-Querier (passive)
default V2
3/1/1
has
0 groups,
This interface is non-Querier (passive)
default V2
3/1/4
has
0 groups,
This interface is non-Querier (passive)
default V2
318
FastIron Command Reference
53-1003389-04
Show Commands
The following example shows IGMP snooping information when the VLAN interface is active and
another querier is present with the lowest IP address:
Device#show ip multicast vlan 10
Version=2, Intervals: Query=125, Group Age=260, Max Resp=10, Other Qr=260
VL10: dft V2, vlan cfg active, 7 grp, 6 (*G) cache, rtr ports,
router ports: 2/1/24(260) 10.5.5.5, 3/1/4(260) 10.8.8.8,
1/1/16 has
4 groups,
This interface is Querier
default V2
group: 226.6.6.6, life = 240
group: 228.8.8.8, life = 240
group: 230.0.0.0, life = 240
group: 224.4.4.4, life = 240
1/1/24 has
1 groups,
This interface is Querier
default V2
group: 228.8.8.8, life = 240
2/1/16 has
4 groups,
This interface is Querier
default V2
group: 226.6.6.6, life = 240
group: 228.8.8.8, life = 240
group: 230.0.0.0, life = 240
group: 224.4.4.4, life = 240
2/1/24 has
2 groups,
This interface is non-Querier
Querier is 10.5.5.5
Age is 0
Max response time is 100
default V2
**** Warning! has V3 (age=0) nbrs
group: 234.4.4.4, life = 260
group: 226.6.6.6, life = 260
3/1/1
has
4 groups,
This interface is Querier
default V2
group: 238.8.8.8, life = 260
group: 228.8.8.8, life = 260
group: 230.0.0.0, life = 260
group: 224.4.4.4, life = 260
3/1/4
has
1 groups,
This interface is non-Querier
Querier is 10.8.8.8
Age is 0
Max response time is 100
default V2
**** Warning! has V3 (age=0) nbrs
group: 236.6.6.6, life = 260
FastIron Command Reference
53-1003389-04
319
Show Commands
The following example shows IGMP snooping information when the VLAN interface is passive and
another querier is present with the lowest IP address:
Device#show ip multicast vlan 10
Version=2, Intervals: Query=125, Group Age=260, Max Resp=10, Other Qr=260
VL10: dft V2, vlan cfg passive, 7 grp, 6 (*G) cache, rtr ports,
router ports: 2/1/24(260) 10.5.5.5, 3/1/4(260) 10.8.8.8,
1/1/16 has
4 groups,
This interface is non-Querier (passive)
default V2
group: 226.6.6.6, life = 260
group: 228.8.8.8, life = 260
group: 230.0.0.0, life = 260
group: 224.4.4.4, life = 260
1/1/24 has
1 groups,
This interface is non-Querier (passive)
default V2
group: 228.8.8.8, life = 260
2/1/16 has
4 groups,
This interface is non-Querier (passive)
default V2
group: 226.6.6.6, life = 260
group: 228.8.8.8, life = 260
group: 230.0.0.0, life = 260
group: 224.4.4.4, life = 260
2/1/24 has
2 groups,
This interface is non-Querier (passive)
Querier is 10.5.5.5
Age is 0
Max response time is 100
default V2
**** Warning! has V3 (age=0) nbrs
group: 234.4.4.4, life = 260
group: 226.6.6.6, life = 260
3/1/1
has
4 groups,
This interface is non-Querier (passive)
default V2
group: 238.8.8.8, life = 260
group: 228.8.8.8, life = 260
group: 230.0.0.0, life = 260
group: 224.4.4.4, life = 260
3/1/4
has
1 groups,
This interface is non-Querier (passive)
Querier is 10.8.8.8
Age is 0
Max response time is 100
default V2
**** Warning! has V3 (age=0) nbrs
group: 236.6.6.6, life = 260
The following example shows IGMP snooping information when the device is connected to an MCT
cluster:
Device#show ip multicast cluster vlan 10
Version=2, Intervals: Query=125, Group Age=260, Max Resp=10, Other Qr=255
VL10: dft V2, vlan cfg passive, 0 grp, 0 (*G) cache, rtr ports,
router ports: e4/14(65) 50.0.0.1 (local:1, mct peer:0)
(local:1, mct peer:0)
History
320
<- Indicates if entry is local or\and mct-peer entry
Release version
Command history
8.0.20
This command was modified to display MCT cluster information.
FastIron Command Reference
53-1003389-04
show ip pim interface
show ip pim interface
Displays information for PIM interfaces.
Syntax
Parameters
show ip pim interface { ethernetstackid/slot/port-id | loopback loopback-number | ve ve-number }
ethernetstackid/slot/port-id
Specifies a physical interface. On standalone devices specify the interface ID in
the format slot/port-id; on stacked devices you must also specify the stack ID, in
the format stack-id/slot/port-id.
loopback loopback-number
Specifies a loopback interface.
ve ve-number
Specifies a virtual interface.
Modes
Examples
Privileged EXEC mode
This example displays output from the show ip pim interface command, showing that ACL 10 is
applied to interface 1/1/9 to control neighbor access.
Device# show ip pim interface
Flags
: SM - Sparse Mode v2, DM - Dense Mode v2, P - Passive Mode
--------+---------------+-----+---+-------+---+-----+-------+-------+----+--------+
Int'face|Local
|Mode |St |Des Rtr|TTL|Mcast| Filter| VRF
|DR |Override
|Address
|
|
|AddPort|Thr|Bndry| ACL |
|Prio|Interval
--------+---------------+-----+---+-------+---+-----+-------+-------+----+--------+
e1/1/1
5.5.5.5
SM
Ena Itself
1 None
None
default 1
3000ms
e1/1/9
15.1.1.5
SM
Ena Itself
1 None
10
default 1
3000ms
e1/1/12 12.12.12.1
SM
Dis Itself
1 None
None
default 1
3000ms
v20
21.21.21.22
SM
Ena Itself
1 None
None
default 1
3000ms
v60
60.60.60.1
SM
Ena Itself
1 None
None
default 1
3000ms
v310
110.110.110.2
SM
Dis Itself
1 None
None
default 1
3000ms
v360
160.160.160.1
SM
Dis Itself
1 None
None
default 1
3000ms
l2
4.4.4.4
SM
Ena Itself
1 None
None
default 1
3000ms
l3
10.10.10.10
SM
Ena Itself
1 None
None
default 1
3000ms
Total Number of Interfaces : 9
History
Release version
Command history
8.0.20a
This command was modified to display neighbor filter information.
FastIron Command Reference
53-1003389-04
321
show ip pim traffic
show ip pim traffic
Displays IPv4 PIM traffic statistics.
Syntax
Parameters
show ip pim traffic [ vrf vrf-name ] [ join-prune ] [ rx | tx ]
vrf vrf-name
Specifies information for a VRF instance.
join-prune
Specifies displaying join and prune statistics.
rx
Specifies displaying received PIM traffic statistics.
tx
Specifies displaying transmitted PIM traffic statistics.
Modes
Privileged EXEC mode
Usage Guidelines
PIM control packet statistics for interfaces that are configured for standard PIM are listed first by the
display.
Command Output
The show ip pim traffic command displays the following information:
Output Field
Description
Port
The port or virtual interface on which the PIM interface is configured.
HELLO
The number of PIM Hello messages sent or received on the interface.
JOIN-PRUNE
The number of Join or Prune messages sent or received on the interface.
NOTE
Unlike PIM Dense, PIM Sparse uses the same messages for Joins and Prunes.
ASSERT
The number of Assert messages sent or received on the interface.
REGISTER GRAFT (DM)
The number of Register messages sent or received on the interface.
REGISTER STOP (SM)
The number of Register Stop messages sent or received on the interface.
BOOTSTRAP MSGS (SM) The number of bootstrap messages sent or received on the interface.
322
CAND. RP ADV. (SM)
The total number of Candidate-RP-Advertisement messages sent or received on the
interface.
Err
The total number of messages discarded, including a separate counter for those that
failed the checksum comparison.
FastIron Command Reference
53-1003389-04
Show Commands
Examples
This example shows PIM join and prune traffic statistics for received and sent packets:
Device(config)#show ip pim traffic
Port
HELLO
JOIN-PRUNE ASSERT
REGISTER REGISTER BOOTSTRAP CAND. RP Err
GRAFT(DM) STOP(SM) MSGS (SM) ADV. (SM)
-------+---------+-----------+---------+---------+---------+---------+---------+--Rx
Rx
Rx
Rx
Rx
Rx
Rx
Rx
------+---------+-----------+---------+---------+---------+---------+---------+--v30
0
0
0
0
0
0
0
0
v50
2526
1260
0
0
0
1263
0
0
v150
2531
0
0
0
0
1263
0
0
v200
2531
0
0
0
0
1
0
0
Port
HELLO
JOIN-PRUNE ASSERT
REGISTER REGISTER BOOTSTRAP CAND. RP Err
GRAFT(DM) STOP(SM) MSGS (SM) ADV. (SM)
-------+---------+-----------+---------+---------+---------+---------+---------+--Tx
Tx
Tx
Tx
Tx
Tx
Tx
------+---------+-----------+---------+---------+---------+---------+---------+--v30
2528
0
0
0
0
0
0
v50
2540
1263
0
0
0
2
0
v150
2529
0
0
0
0
1262
0
v200
2529
0
0
0
0
1262
0
This example shows the number of received IPv4 PIM Hello packets dropped on interface 1/1/9
because an ACL to control neighbor access is configured on it.
Device#show ip pim traffic rx
Port
HLO
JN-PRNE ASSERT REG
REG
GRFT(DM) STOP(SM)
BTSTRP
MSGS(SM)
CAND RP
ADV.(SM)
Err
-------+-------+------+-----+-------+----------+---------+---------+--Rx
Rx
Rx
Rx
Rx
Rx
Rx
Rx
-------+-------+------+-----+-------+----------+---------+---------+--e1/1/1 0
0
0
0
0
0
0
0
e1/1/9 764
0
0
0
0
0
0
757
e1/1/12 0
0
0
0
0
0
0
0
v20
758
0
0
1916
0
0
0
0
v60
0
0
0
0
0
0
0
0
v310
0
0
0
0
0
0
0
0
v360
0
0
0
0
0
0
0
0
This example shows PIM join and prune traffic statistics for sent packets:
Device(config)#show ip pim traffic tx
Port
HELLO
JOIN-PRUNE ASSERT
REGISTER REGISTER BOOTSTRAP CAND. RP Err
GRAFT(DM) STOP(SM) MSGS (SM) ADV. (SM)
-------+---------+-----------+---------+---------+---------+---------+---------+--Tx
Tx
Tx
Tx
Tx
Tx
Tx
------+---------+-----------+---------+---------+---------+---------+---------+--v30
2528
0
0
0
0
0
0
v50
2540
1263
0
0
0
2
0
v150
2529
0
0
0
0
1262
0
v200
2530
0
0
0
0
1262
0
This example shows PIM join and prune traffic statistics.
Device(config)#show ip pim traffic join-prune
Port Packet
Join
Prune
Avg Aggr Last Aggr
-----+---------+---------+---------+---------+---------Rx
Rx
Rx
Rx
Rx
-----+---------+---------+---------+---------+---------v30
0
0
0
0
0
v50
1260
1260
0
1
1
v150 0
0
0
0
0
v200 0
0
0
0
0
Port Packet
Join
Prune
Avg Aggr Last Aggr
-----+---------+---------+---------+---------+---------Tx
Tx
Tx
Tx
Tx
-----+---------+---------+---------+---------+---------v30
0
0
0
0
0
v50
1263
1262
1
1
1
v150 0
0
0
0
0
v200 0
0
0
0
0
FastIron Command Reference
53-1003389-04
323
Show Commands
This example shows PIM join and prune traffic statistics.
Device(config)#show ip pim traffic join-prune rx
Port Packet
Join
Prune
Avg Aggr Last Aggr
-----+---------+---------+---------+---------+---------Rx
Rx
Rx
Rx
Rx
-----+---------+---------+---------+---------+---------v30
0
0
0
0
0
v50
1260
1260
0
1
1
v150 0
0
0
0
0
v200 0
0
0
0
0
This example shows PIM join and prune traffic statistics.
Device(config)#show ip pim traffic join-prune tx
Port Packet
Join
Prune
Avg Aggr Last Aggr
-----+---------+---------+---------+---------+---------Tx
Tx
Tx
Tx
Tx
-----+---------+---------+---------+---------+---------v30
0
0
0
0
0
v50
1264
1263
1
1
1
v150 0
0
0
0
0
v200 0
0
0
0
0
History
324
Release version
Command history
8.0.20a
This command was modified to display, in the Err column, received Hello
packets dropped on an interface because of an ACL to control neighbor
access.
FastIron Command Reference
53-1003389-04
show ip pimsm-snooping cache
show ip pimsm-snooping cache
Displays the downstream PIM join/prune information for both source-path tree (SPT) and rendezvouspoint tree (RPT).
Syntax
Parameters
show ip pimsm-snooping cache [ vlan vlan-id ] ip-address [ resources ]
ip-address
Specifies the IP address.
vlan vlan-id
Specifies snooping for a VLAN.
resources
Specifies PIM SM snooping resources.
Modes
Privileged EXEC mode
Usage Guidelines
Use the show ip pimsm-snooping cache command to check and verify the outgoing interfaces (OIF)s
added by pimsm-snooping module.
Command Output
The show ip pimsm-snooping cache command displays the following information:
Output field
Description
SG
(s,g) downstream fsm state for SPT.
G
(*,g) downstream fsm state for RPT
The show ip pimsm-snooping cache command displays the following information only when multichassis trunking (MCT) is enabled on the VLAN:
Examples
Output field
Description
CCEP
Cluster client edge port
CEP
Cluster edge port
Remote/Local
Join/Prune received on MCT peer or local
The following example shows PIM SM information when there is no traffic and the last-hop router (LHR)
has joined the RPT. Only an (*,G) entry is created.
Device1#show ip pimsm-snooping cache
OIF Info:
TR - OIF Belongs to Trunk/LAG, Primary port is displayed
SG - (*,g)/(s,g) downstream fsm state:
NI : No Info, J : Join, PP : Prune Pending, CLEAN : cleanup in progress
RPT - (s,g,rpt) downstream fsm state:
NI : No Info, P : Pruned, PP : Prune Pending, Px : Temp step in (*,G)
join processing, PPx : Temp State in (*,G) processing, CLEAN : cleanup
in progress.
PIMSM Snoop cache for vlan 503
1
(* 225.1.1.1) Up Time: 5d 18:38:32
OIFs: 2
TR(e4/5) G : J(197) ET: 210, Up Time: 5d 18:38:32 , CCEP, Remote
TR(e4/23) G : J(166) ET: 210, Up Time: 1d 19:36:23 , CEP, Local
FastIron Command Reference
53-1003389-04
325
Show Commands
The following example shows PIM SM information when there is traffic from source 30.0.0.10. An (S,G)
entry is created and the LHR has joined the SPT.
Device2#show ip pimsm-snooping cache
OIF Info:
TR - OIF Belongs to Trunk/LAG, Primary port is displayed
SG - (*,g)/(s,g) downstream fsm state:
NI : No Info, J : Join, PP : Prune Pending, CLEAN : cleanup in progress
RPT - (s,g,rpt) downstream fsm state:
NI : No Info, P : Pruned, PP : Prune Pending, Px : Temp step in (*,G)
join processing, PPx : Temp State in (*,G) processing, CLEAN : cleanup
in progress.
1
(* 225.1.1.1) Up Time: 5d 18:44:28
OIFs: 2
TR(e4/5) G : J(195) ET: 210, Up Time: 5d 18:44:28 , CCEP, Remote
TR(e4/23) G : J(170) ET: 210, Up Time: 1d 19:42:18 , CEP, Local
2
(30.0.0.10 225.1.1.1) Up Time: 00:00:58
OIFs: 2
TR(e4/5) SG : J(202) ET: 210, Up Time: 00:00:58 , CCEP, Remote
TR(e4/23) SG : J(168) ET: 210, Up Time: 00:00:58 , CEP, Local
The following example shows PIM SM resource information.
Device#show ip pimsm-snooping resources
alloc in-use avail get-fail
pimsm group entry
1000
10
990
0
pimsm source entry
2000
20
1980
0
pimsm oif entry
2000
30
1970
0
limit
232000
464000
464000
get-mem
10
40
59
size
61
65
89
init
1000
2000
2000
Total memory in used: 369000 bytes
326
FastIron Command Reference
53-1003389-04
show ip ssl
show ip ssl
Displays SSL connection details.
Syntax
Parameters
show ip ssl certificate
certificate
Displays the SSL certificate details.
Modes
Privileged EXEC mode
Global configuration mode
Examples
The following example displays the output of the show ip ssl command.
device(config)#show ip ssl
Session Protocol Source IP
1
TLS_1_2 10.20.157.102
Source Port
634
Remote IP
10.25.105.201
Remote Port
60892
The following example displays the SSL certificate details.
device(config)#show ip ssl certificate
Trusted Certificates:
Dynamic:
Index 0:
Signature Algorithm: sha256WithRSAEncryption
Issuer:
CN: 10.25.105.201
Validity:
Not Before: 2014 Aug 22 05:12:45
Not After : 2017 Aug 21 05:12:45
Subject:
CN: 10.25.105.201
X509v3 extensions:
X509v3 Subject Alternative Name:
IP Address: 10.25.105.201
Signature:
12:ec:41:d8:01:45:61:ce:cf:7e:80:de:a6:7c:a7:2e:01:7f:
42:27:22:1d:ac:a2:47:c5:0d:4f:e3:68:24:de:bf:50:40:65:
25:8c:30:bd:ff:a7:d0:21:73:d2:ba:5e:67:42:1f:bb:97:4a:
d9:1d:c3:ca:31:c4:59:10:79:d1:42:f4:b6:1a:b0:98:4e:a8:
ef:e2:a2:98:c3:14:16:63:50:02:a0:18:9c:7a:e3:17:39:0d:
b7:30:ab:23:9f:63:bd:0f:9e:d8:67:b0:fe:ec:3b:fa:4c:f4:
3d:34:e2:99:0e:99:24:ec:93:fb:8a:e5:4a:bf:74:d6:ff:91:
0a:dc:fb:b9:4f:91:5d:d4:f6:77:23:eb:ec:eb:3a:62:08:e1:
a6:ea:a8:52:b6:39:62:db:29:fa:61:1d:fd:d5:02:31:04:73:
50:ad:de:41:54:a5:e2:96:2d:9c:f4:68:b2:68:05:bb:39:47:
ee:74:89:a2:8c:30:f0:f9:d7:d5:4b:3b:e2:95:6f:82:61:a3:
c2:79:4c:f2:11:56:f8:2f:cc:fc:2b:4b:cb:3b:54:59:f0:8b:
5b:70:e1:27:c3:57:25:eb:35:c6:07:ea:6d:0b:34:04:95:81:
35:e6:64:c6:b8:72:e8:24:18:bd:ca:90:99:74:45:44:85:71:
9e:7f:13:96:
FastIron Command Reference
53-1003389-04
327
show ip static mroute
show ip static mroute
Displays information for configured multicast routes.
Syntax
Parameters
show ip static mroute [ vrf vrf-name ] ip-subnet mask]
vrf vrf-name
Specifies an optional VRF route.
ip-subnet mask
Specifies an IP address and an optional address mask.
Modes
Usage Guidelines
Examples
Privileged EXEC mode
Only resolved and best static mroutes are added to the mRTM table. These routes are prefixed with an
asterisk in the output from the show ip static mroute command.
The following example displays information for configured multicast routes:
Device(config)# show ip static mroute
IP Static Routing Table - 2 entries:
IP Prefix
Next Hop
Interface
*20.20.20.0/24
220.220.220.1
20.20.20.0/24
50.50.50.2
21.21.21.0/24
1.2.3.4
-
History
328
Dis/Metric/Tag
1/1/0
1/2/0
1/1/0
Release version
Command history
8.0.10a
This command was introduced.
Name
FastIron Command Reference
53-1003389-04
show ipv6 mroute
show ipv6 mroute
Displays information on IPv6 multicast routes. You can specify displaying information either from static
or connected mroutes or from a particular mroute.
Syntax
Parameters
show ipv6 mroute [vrf vrf-name ] { ipv6-address ipv6-prefix/prefix-length | static | connect |
summary }
vrf vrf-name
Specifies displaying mroutes for a particular VRF.
ipv6-address ipv6-prefix/prefix-length
Displays an IPv6 mroute for the specified destination.
static
Displays only static multicast routes.
connect
Displays only connected multicast routes.
summary
Displays summary information.
Modes
Examples
Privileged EXEC mode
The following example displays information for IPv6 multicast routes:
Device(config)# show ipv6 mroute
IPv6 Routing Table - 7 entries:
Type Codes - B:BGP C:Connected S:Static
Type IPv6 Prefix
Next Hop Router
S
1:1::1:0/120
::
C
2090::/64
::
C
2100::/64
::
C
2110::/64
::
C
2120::/64
::
C
2130::/64
::
C
8811::1/128
::
Interface
ve 90
ve 90
ve 100
ve 110
ve 120
ve 130
loopback 1
Dis/Metric
1/1
0/0
0/0
0/0
0/0
0/0
0/0
Uptime
2d16h
6d21h
1d21h
1d21h
1d21h
6d21h
6d21h
The following example displays information for static IPv6 multicast routes:
Device(config)# show ipv6 mroute static
Type Codes - B:BGP C:Connected S:Static
Type IPv6 Prefix
Next Hop Router
S
1:1::1:0/120
::
Interface
ve 90
Dis/Metric
1/1
Uptime
2d16h
The following example displays information for directly attached (connected) IPv6 multicast routes:
Device(config)#show ipv6 mroute connect
Type Codes - B:BGP C:Connected S:Static
Type IPv6 Prefix
Next Hop Router
C
2090::/64
::
C
2100::/64
::
C
2110::/64
::
C
2120::/64
::
C
2130::/64
::
C
8811::1/128
::
Interface
ve 90
ve 100
ve 110
ve 120
ve 130
loopback 1
Dis/Metric
0/0
0/0
0/0
0/0
0/0
0/0
Uptime
6d21h
1d21h
1d21h
1d21h
6d21h
6d21h
The following example displays information for IPv6 multicast route 2090::1:
Device(config)# show ipv6 mroute 2090::1
Type Codes - B:BGP C:Connected S:Static
Type IPv6 Prefix
Next Hop Router
C
2090::/64
::
History
Interface
ve 90
Release version
Command history
8.0.10a
This command was introduced.
FastIron Command Reference
53-1003389-04
Dis/Metric
0/0
Uptime
6d21h
329
show ipv6 multicast mcache
show ipv6 multicast mcache
Displays information in the IPv6 multicast forwarding mcache (multicast listening discovery [MLD]).
Syntax
show ipv6 multicast mcache
Modes
Privileged EXEC mode
Command Output
The show ipv6 multicast mcache command displays the following information:
Output Field
Description
(abcd:ef50 0:100): The lowest 32 bits of source and group. It is displayed in XXXX:XXXX hex format. Here XXXX
is a 16-bit hex number.
Examples
cnt
The number of packets processed in software.
OIF
Output interfaces.
age
The mcache age in seconds. The mcache is reset to 0 if traffic continues to arrive, otherwise it
is aged out when it reaches the time defined by the ipv6 multicast mcache-age command.
uptime
The up time of this mcache in seconds.
vidx
The vidx is shared among mcaches using the same output interfaces. The vidx specifies the
output port list, which shows the index. Valid range is from 4096 to 8191.
ref-cnt
The number of mcaches using this vidx.
This example shows information in the multicast forwarding mcache:
Device#show ipv6 multicast mcache
Example: (S G) cnt=: (S G) are the lowest 32 bits, cnt: SW proc. count
OIF: 1/22 TR(1/32,1/33), TR is trunk, 1/32 primary, 1/33 output
vlan 1, has 2 cache
1
(abcd:ef50 0:100), cnt=121
OIF: 1/11 1/9
age=0s up-time=120s vidx=4130 (ref-cnt=1)
2
(abcd:ef50 0:101), cnt=0
OIF: entire vlan
age=0s up-time=0s vidx=8191 (ref-cnt=1)
vlan 70, has 0 cache
330
FastIron Command Reference
53-1003389-04
show ipv6 multicast group
show ipv6 multicast group
Displays information about multicast listening discovery (MLD) groups.
Syntax
Parameters
show ipv6 multicast group [group-address [detail] [tracking]]
group-address
Specifies information for a particular group.
detail
Specifies the source list of a specific VLAN.
tracking
Specifies tracking information on interfaces that have tracking enabled.
Modes
Command Output
Privileged EXEC mode
The show ipv6 multicast group command displays the following information:
Output Field Description
group
The address of the IPv6 group (destination IPv6 address).
p-port
The physical port on which the group membership was received.
ST
Yes indicates that the MLD group was configured as a static group; No means it was learned from
reports.
QR
Yes means the port is a querier port; No means it is not. A port becomes a non-querier port when it
receives a query from a source with a lower source IP address than the port.
life
The number of seconds the group can remain in EXCLUDE mode. An EXCLUDE mode changes to
INCLUDE if it does not receive an IS_EX or TO_EX message during a specified period of time. The
default is 140 seconds. There is no life displayed in INCLUDE mode.
mode
The current mode of the interface: INCLUDE or EXCLUDE. If the interface is in INCLUDE mode, it
admits traffic only from the source list. If the interface is in EXCLUDE mode, it denies traffic from the
source list and accepts the rest.
source
Identifies the source list that will be included or excluded on the interface.
An MLDv1 group is in EXCLUDE mode with a source of 0. The group excludes traffic from 0 (zero)
source list, which actually means that all traffic sources are included.
group
If you requested a detailed report, the following information is displayed:
• The multicast group address
• The mode of the group
• Sources from which traffic will be admitted (INCLUDE) or denied (EXCLUDE) on the interface.
• The life of each source list.
If you requested a tracking/fast leave report, the clients from which reports were received are
identified.
FastIron Command Reference
53-1003389-04
331
Show Commands
Examples
This example shows that an MLDv1 group is in EXCLUDE mode with a source of 0. The group excludes
only traffic from the 0 (zero) source list, which means that all traffic sources are included.
Device#show ipv6 multicast group
p-:physical, ST:static, QR:querier, EX:exclude, IN:include, Y:yes, N:no
VL1 : 263 grp, 263 grp-port, tracking_enabled
group
p-port ST QR life mode source
1
ff0e::ef00:a0e3
1/7
N Y 120 EX
0
2
ff01::1:f123:f567
1/9
N Y
IN
1
This example displays detailed MLD group information for multicast group ff0e::ef00:a096:
Device#show ipv6 multicast group ff0e::ef00:a096 detail
Display group ff0e::ef00:a096 in all interfaces in details.
p-:physical, ST:static, QR:querier, EX:exclude, IN:include, Y:yes, N:no
VL1 : 1 grp, 1 grp-port, tracking_enabled
group
p-port ST QR life mode source
1
ff0e::ef00:a096
1/7
N Y 100 EX
0
group: ff0e::ef00:a096, EX, permit 0 (source, life):
life=100, deny 0:
This example displays the list of clients that belong to multicast group ff0e::ef00:a096 when tracking and
fast leave are enabled:
Device#show ipv6 multicast group ff0e::ef00:a096 tracking
Display group ff0e::ef00:a096 in all interfaces with tracking enabled.
p-:physical, ST:static, QR:querier, EX:exclude, IN:include, Y:yes, N:no
VL1 : 1 grp, 1 grp-port, tracking_enabled
group
p-port ST QR life mode source
1
ff0e::ef00:a096
1/7
N Y 80
EX
0
receive reports from 1 clients: (age)
(2001:DB8::1011:1213:1415 60)
332
FastIron Command Reference
53-1003389-04
show ipv6 multicast mcache
show ipv6 multicast mcache
Displays information in the IPv6 multicast forwarding mcache (multicast listening discovery [MLD]).
Syntax
show ipv6 multicast mcache
Modes
Privileged EXEC mode
Command Output
The show ipv6 multicast mcache command displays the following information:
Output Field
Description
(abcd:ef50 0:100): The lowest 32 bits of source and group. It is displayed in XXXX:XXXX hex format. Here XXXX
is a 16-bit hex number.
Examples
cnt
The number of packets processed in software.
OIF
Output interfaces.
age
The mcache age in seconds. The mcache is reset to 0 if traffic continues to arrive, otherwise it
is aged out when it reaches the time defined by the ipv6 multicast mcache-age command.
uptime
The up time of this mcache in seconds.
vidx
The vidx is shared among mcaches using the same output interfaces. The vidx specifies the
output port list, which shows the index. Valid range is from 4096 to 8191.
ref-cnt
The number of mcaches using this vidx.
This example shows information in the multicast forwarding mcache:
Device#show ipv6 multicast mcache
Example: (S G) cnt=: (S G) are the lowest 32 bits, cnt: SW proc. count
OIF: 1/22 TR(1/32,1/33), TR is trunk, 1/32 primary, 1/33 output
vlan 1, has 2 cache
1
(abcd:ef50 0:100), cnt=121
OIF: 1/11 1/9
age=0s up-time=120s vidx=4130 (ref-cnt=1)
2
(abcd:ef50 0:101), cnt=0
OIF: entire vlan
age=0s up-time=0s vidx=8191 (ref-cnt=1)
vlan 70, has 0 cache
FastIron Command Reference
53-1003389-04
333
show ipv6 multicast optimization
show ipv6 multicast optimization
Displays multicast listening discovery (MLD) snooping hardware resource-sharing information.
Syntax
Parameters
show ipv6 multicast optimization [ l2mc ]
l2mc
Specifies the L2MC group index.
Modes
Privileged EXEC mode
VLAN configuration mode
Usage Guidelines
The show ipv6 multicast optimization command is supported only on ICX 7750 devices.
Use this command to display the availability of Layer 2 multicast (L2MC) group indexes in the hardware
and how it is used and shared
Examples
The following example displays resource information showing that L2MC group index 4 is shared by two
users and the ports included in the set are 1/1/6 and 1/1/1:
Device (config)# vlan 150
Device (config-vlan-150)# show ipv6 multicast optimization
Total L2MCs Allocated:
0; Available: 8192; Failed:
0
Index
L2MC
SetId
Users
Set
1.
4
0x161fcbd8
2 {<1/1/6>,<1/1/1>,}
2.
1
0x161d0930
10 {<1/1/6>,<1/1/4>,<1/1/3>,<1/1/2>,
<1/1/1>,}
Sharability Coefficient: 76%
History
334
Release version
Command history
8.0.10
This command was introduced.
FastIron Command Reference
53-1003389-04
show ipv6 multicast pimsm-snooping
show ipv6 multicast pimsm-snooping
Displays information related to PIM sparse mode (SM) snooping on the mcache.
Syntax
Parameters
show ipv6 multicast pimsm-snooping [ vlan vlan-id ] [ cache ipv6-address ] [ resources ]
cache ipv6-address
Specifies the PIM SM Snooping cache.
vlan vlan-id
Specifies snooping for a VLAN.
resources
Specifies PIM SM snooping resources.
Modes
Usage Guidelines
Examples
Privileged exec mode
Use the show ipv6 pimsm-snooping cache command to display information related to the PIM SM
snooping outgoing interface (OIF) in the mcache.
The following example shows PIM SM information for the mcache:
Device#show ipv6 multicast pimsm-snooping
Example: Port: 7/3 (ref_count=1)
ref_count: no of entries in pimsm snoop cache added this oif)
vlan 503, has 1 caches.
1
(* 2:3) has 1 pim join ports out of 1 OIF
1/1/4 (ref_count=2),
FastIron Command Reference
53-1003389-04
335
show ipv6 multicast vlan
show ipv6 multicast vlan
Displays display multicast listening discovery (MLD) snooping information for all VLANs or for a
specific VLAN.
Syntax
Parameters
show ipv6 multicast vlan vlan-id
vlan-id
Specifies the VLAN for which you want information. If you do not specify a vlanid, information for all VLANs is displayed.
Modes
Command Output
Privileged EXEC mode
The show ipv6 multicast vlan command displays the following information:
Output Field Description
version
The MLD version number.
query-t
How often a querier sends a general query on the interface.
group-aging-t Number of seconds membership groups can be members of this group before aging out.
Examples
rtr-port
The router ports which are the ports receiving queries. The display router ports: 1/36(120)
2001:DB8::2e0:52ff:fe00:9900 means port 1/36 has a querier with
2001:DB8::2e0:52ff:fe00:9900 as the link-local address, and the remaining life is 120 seconds.
max-resp-t
The maximum number of seconds a client can wait before it replies to the query.
non-QR
Indicates that the port is a non-querier.
QR
Indicates that the port is a querier.
This example shows MLD snooping information for VLAN 70:
Device#show ipv6 multicast vlan 70
version=1, query-t=60, group-aging-t=140, max-resp-t=3, other-qr-present-t=123
VL70: cfg V2, vlan cfg passive, 2 grp, 0 (SG) cache, rtr ports,
router ports: 1/36(120) 2001:DB8::2e0:52ff:fe00:9900,
1/26 has 2 grp, non-QR (passive), cfg V1
1/26 has 2 grp, non-QR (passive), cfg V1
group: ff10:1234::5679, life = 100
group: ff10:1234::5678, life = 100
1/35 has 0 grp, non-QR (QR=2001:DB8::2e0:52ff:fe00:9900, age=20), dft V2 trunk
336
FastIron Command Reference
53-1003389-04
show ipv6 neighbor
show ipv6 neighbor
Displays the status of the neighbor discovery (ND) inspection configuration, details of the VLANs on
which ND inspection is enabled, ND static entries, and ND inspection statistics.
Syntax
Parameters
show ipv6 neighbor [ vrf vrf-name ] inspection [static-entry | statistics | vlan vlan-number ]
static-entry
Specifies the manually configured static ND inspection entries that are used to
validate the packets received on untrusted ports.
statistics
Specifies the total number of neighbor discovery messages received and the
number of packets discarded after ND inspection.
vlan
Specifies the VLANs on which ND inspection is enabled.
vlan-number
Specifies the ID of the configured VLAN.
vrf
Specifies the VRF instance.
vrf-name
Specifies the ID of the VRF instance.
inspection
Specifies that the neighbor discovery messages are verified against the static
ND inspection entries or dynamically learned DHCPv6 snoop entries.
Modes
Privileged EXEC mode
Global configuration mode
VRF configuration mode
Command Output
The show ipv6 neighbor command displays the following information.
Output field
Description
VLAN
The list of VLANs on which ND inspection is enabled.
IPv6 Address
The IPv6 addresses of the hosts that are added as static ND inspection
entries.
LinkLayer-Addr
The MAC addresses of the hosts that are added as static ND inspection
entries.
Total number of ND Solicit received The total number of neighbor solicitation messages received.
Total number of ND Advert
received
The total number of neighbor advertisement messages received.
Total number of Router Solicit
received
The total number of router solicitation messages received.
Total number of ND dropped
The total number of neighbor discovery messages that are discarded
because of the IP-to-MAC address binding discrepancy.
IPv6 Neighbor inspection VLAN
vlan-number
The status of ND inspection on a VLAN.
FastIron Command Reference
53-1003389-04
337
Show Commands
Examples
Output field
Description
Untrusted Ports
The interfaces or member ports on which trust mode is not enabled.
Trusted Ports
The interfaces or member ports on which trust mode is enabled.
The following example shows the output of the show ipv6 neighbor inspection command.
device(config)# show ipv6 neighbor inspection
IPv6 Neighbor inspection enabled on 2 VLAN(s):
VLAN: 2
VLAN: 3
The following example shows the output of the ND inspection configuration details for a VRF.
device(config-vrf-3)# show ipv6 neighbor vrf 3 inspection
IPv6 Neighbor inspection enabled on 2 VLAN(s):
VLAN: 2
VLAN: 3
The following example shows the output of the show ipv6 neighbor inspection static-entry
command.
device(config)# show ipv6 neighbor inspection static-entry
Total number of ND Inspect entries: 3
IPv6 Address
LinkLayer-Addr
2001::1
0000.0000.1234
2001::3
0000.1234.4567
2001::2
0000.0000.4567
The following example shows the ND static entries of a VRF.
device(config-vrf-3)# show ipv6 neighbor vrf 3 inspection static-entry
Total number of ND Inspect entries: 1
IPv6 Address
LinkLayer-Addr
2001:201:1:1::34
cc4e.246d.2038
The following example shows the output of the show ipv6 neighbor inspection statistics command.
device(config)#
Total number of
Total number of
Total number of
Total number of
show ipv6 neighbor inspection statistics
ND Solicit received
11
ND Advert received
29
Router Solicit received 20
ND dropped
6
The following example shows the ND inspection statistics of a VRF.
device(config-vrf-3)# show ipv6 neighbor vrf 3 inspection statistics
Total number of ND Solicit received
11
Total number of ND Advert received
29
Total number of Router Solicit received 20
Total number of ND dropped
6
The following example shows the output of the show ipv6 neighbor inspection vlan vlan-number
command.
device (config)# show ipv6 neighbor inspection vlan 2
IPv6 Neighbor inspection VLAN 2: Enabled
Untrusted Ports : ethe 1/1/1 to 1/1/2
Trusted Ports : ethe 1/1/3
The following example shows the details of the VLANs on which ND inspection is enabled for a VRF.
device (config-vrf-3)# show ipv6 neighbor vrf 3 inspection vlan 2
IPv6 Neighbor inspection VLAN 2: Enabled
Untrusted Ports : ethe 1/1/1 to 1/1/2
Trusted Ports : ethe 1/1/3
338
FastIron Command Reference
53-1003389-04
Show Commands
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
339
show ipv6 pim interface
show ipv6 pim interface
Displays information for IPv6 PIM interfaces.
Syntax
Parameters
show ipv6 pim interface { ethernetstackid/slot/port-id | loopback loopback-number | ve ve-number }
ethernetstackid/slot/port-id
Specifies a physical interface. On standalone devices specify the interface ID in
the format slot/port-id; on stacked devices you must also specify the stack ID, in
the format stack-id/slot/port-id.
loopback loopback-number
Specifies a loopback interface.
ve ve-number
Specifies a virtual interface.
Modes
Examples
Privileged EXEC mode
The following example displays output from the show ipv6 pim interface command, showing that ACL
f10 is applied to interface 1/1/9 to control neighbor access.
Device# show ipv6 pim interface
Flags
: SM - Sparse Mode v2
--------+---------------+-----+---+-------+---+-----+-------+-------+----+--------+
Int'face|Local
|Mode |St |Des Rtr|TTL|Mcast| Filter| VRF
|DR |Override
|Address
|
|
|Add Prt|Thr|Bndry| ACL |
|Prio|Interval
--------+---------------+-----+---+-------+---+-----+-------+-------+----+--------+
e1/1/1
3000::2
SM
Ena Itself
1 None
None
default 1
3000ms
e1/1/9
201::1
SM
Ena Itself
1 None
f10
default 1
3000ms
e1/1/12 1222::1
SM
Dis Itself
1 None
None
default 1
3000ms
v20
2000::2
SM
Ena Itself
1 None
None
default 1
3000ms
v60
6000::1
SM
Ena Itself
1 None
None
default 1
3000ms
v310
1100::2
SM
Dis Itself
1 None
None
default 1
3000ms
v360
1600::1
SM
Dis Itself
1 None
None
default 1
3000ms
l2
4444::2
SM
Ena Itself
1 None
None
default 1
3000ms
l3
7711::11
SM
Ena Itself
1 None
None
default 1
3000ms
Total Number of Interfaces : 9
History
340
Release version
Command history
8.0.20a
This command was modified to display neighbor filter information.
FastIron Command Reference
53-1003389-04
show ipv6 pim traffic
show ipv6 pim traffic
Displays IPv6 PIM traffic statistics.
Syntax
Parameters
show ipv6 pim traffic [ vrf vrf-name ] [ join-prune ] [ rx | tx ]
vrf vrf-name
Specifies information for a VRF instance.
join-prune
Specifies displaying join and prune statistics.
rx
Specifies displaying received PIM traffic statistics.
tx
Specifies displaying transmitted PIM traffic statistics.
Modes
Privileged EXEC mode
Usage Guidelines
PIM control packet statistics for interfaces that are configured for standard PIM are listed first by the
display.
Command Output
The show ipv6 pim traffic command displays the following information:
Output Field
Description
Port
The port or virtual interface on which the IPv6 PIM interface is configured.
HELLO
The number of IPv6 PIM Hello messages sent or received on the interface.
JOIN-PRUNE
The number of Join or Prune messages sent or received on the interface.
NOTE
Unlike PIM dense, PIM Sparse uses the same messages for Joins and Prunes.
ASSERT
The number of Assert messages sent or received on the interface.
REGISTER GRAFT (DM)
The number of Register messages sent or received on the interface.
REGISTER STOP (SM)
The number of Register Stop messages sent or received on the interface.
BOOTSTRAP MSGS (SM) The number of bootstrap messages sent or received on the interface.
CAND. RP ADV. (SM)
The total number of Candidate-RP-Advertisement messages sent or received on the
interface.
Register Graft (DM)
Err
FastIron Command Reference
53-1003389-04
The total number of MLD messages discarded, including a separate counter for those
that failed the checksum comparison.
341
Show Commands
Examples
This example shows PIM traffic statistics:
Device# show ipv6 pim traffic
Port
HELLO
JOIN-PRUNE ASSERT
REGISTER REGISTER BOOTSTRAP CAND. RP Err
GRAFT(DM) STOP(SM) MSGS (SM) ADV. (SM)
-------+---------+-----------+---------+---------+---------+---------+---------+--Rx
Rx
Rx
Rx
Rx
Rx
Rx
Rx
------+---------+-----------+---------+---------+---------+---------+---------+--v170
0
0
0
0
0
0
0
0
v501
0
0
0
0
0
0
0
0
v503
3302
2524
0
0
0
0
0
0
Port
HELLO
JOIN-PRUNE ASSERT
REGISTER REGISTER BOOTSTRAP CAND. RP Err
GRAFT(DM) STOP(SM) MSGS (SM) ADV. (SM)
-------+---------+-----------+---------+---------+---------+---------+---------+--Tx
Tx
Tx
Tx
Tx
Tx
Tx
------+---------+-----------+---------+---------+---------+---------+---------+--v170
3576
0
0
0
0
0
0
v501
1456
0
0
0
0
0
0
v503
1456
1314
0
0
0
2
0
This example shows the number of received IPv6 PIM Hello packets dropped on interface 1/1/9 to
because an ACL to control neighbor access is configured on it.
Device#show ipv6 pim traffic rx
Port
HELLO JN-PRN ASSERT REG
REG
BTSTRP
CAND RP Err
GRFT(DM) STOP(SM) MSGS(SM) ADV.(SM)
-------+--------+------+------+------+------+---------+----------+----Rx
Rx
Rx
Rx
Rx
Rx
Rx
Rx
-------+-------+------+------+-------+------+---------+---------+-----e1/1/1 0
0
0
0
0
0
0
0
e1/1/9 924
0
0
0
0
5
0
914
e1/1/12 0
0
0
0
0
0
0
0
v20
0
0
0
0
0
0
0
0
v60
0
0
0
0
0
0
0
0
v310
0
0
0
0
0
0
0
0
v360
0
0
0
0
0
0
0
0
History
342
Release version
Command history
8.0.20a
This command was modified to display, in the Err column, received Hello
packets dropped on an interface because of an ACL to control neighbor
access.
FastIron Command Reference
53-1003389-04
show ipv6 pimsm-snooping cache
show ipv6 pimsm-snooping cache
Displays the downstream PIM join/prune information for both source-path tree (SPT) and rendezvouspoint tree (RPT).
Syntax
Parameters
show ipv6 pimsm-snooping cache [ vlan vlan-id ] ipv6-address [ resources ]
ipv6-address
Specifies the IP address.
vlan vlan-id
Specifies snooping for a VLAN.
resources
Specifies PIM SM snooping resources.
Modes
Command Output
Privileged exec mode
The show ipv6 pimsm-snooping cache command displays the following information:
Output field
Description
SG
(s,g) downstream fsm state for SPT.
G
(*,g) downstream fsm state for RPT
The show ipv6 pimsm-snooping cache command displays the following information only when multichassis trunking (MCT) is enabled on the VLAN:
Examples
Output field
Description
CCEP
Cluster-client-edge port
CEP
Cluster-edge port
Remote/Local
Join/Prune received on MCT peer or local
The following example shows PIM SM information.
Device#show ipv6 pimsm-snooping cache
OIF Info:
TR - OIF Belongs to Trunk/LAG, Primary port is displayed
SG - (s,g) downstream fsm state:
G - (*,g) downstream fsm state:
NI : No Info, J : Join, PP : Prune Pending, CLEAN : cleanup in progress
RPT - (s,g,rpt) downstream fsm state:
NI : No Info, P : Pruned, PP : Prune Pending, Px : Temp step in (*,G)
join processing, PPx : Temp State in (*,G) processing, CLEAN : cleanup
in progress.
PIMSM Snoop cache for vlan 503
1
(* ff7e::1:2:3) Up Time: 03:43:40
OIF: 1
TR(e1/1/4) G : J(183) ET: 210, Up Time: 03:43:40
2
FastIron Command Reference
53-1003389-04
(3000::10 ff7e::1:2:3) Up Time: 00:02:52
OIF: 1
TR(e1/1/4) SG : J(185) ET: 210, Up Time: 00:02:52
343
Show Commands
The following example shows PIM SM information for a VLAN.
Device#show ipv6 pimsm-snooping vlan 503
OIF Info:
TR - OIF Belongs to Trunk/LAG, Primary port is displayed
SG - (s,g) downstream fsm state:
G - (*,g) downstream fsm state:
NI : No Info, J : Join, PP : Prune Pending, CLEAN : cleanup in progress
RPT - (s,g,rpt) downstream fsm state:
NI : No Info, P : Pruned, PP : Prune Pending, Px : Temp step in (*,G)
join processing, PPx : Temp State in (*,G) processing, CLEAN : cleanup
in progress.
PIMSM Snoop cache for vlan 503
1
(* ff7e::1:2:3) Up Time: 03:43:46
OIF: 1
TR(e1/1/4) G : J(177) ET: 210, Up Time: 03:43:46
2
(3000::10 ff7e::1:2:3) Up Time: 00:02:58
OIF: 1
TR(e1/1/4) SG : J(179) ET: 210, Up Time: 00:02:58
The following example shows PIM SM resource information.
Device#show ipv6 pimsm-snooping resources
alloc in-use avail get-fail
pimsm group entry
1000
1
999
0
pimsm source entry
2000
1
1999
0
pimsm oif entry
2000
1
1999
0
limit
232000
464000
464000
get-mem
2
2
2
size
64
68
89
init
1000
2000
2000
Total memory in used: 378000 bytes
344
FastIron Command Reference
53-1003389-04
show ipv6 static mroute
show ipv6 static mroute
Displays information for configured IPv6 multicast routes.
Syntax
Parameters
show ipv6 static mroute [ vrf vrf-name | ipv6-address-prefix/prefix-length ]
vrf vrf-name
Specifies a VRF route.
ipv6-address-prefix/prefix-length
Specifies an IPv6 address.
Modes
Privileged EXEC mode
Global configuration mode
Usage Guidelines
Examples
Only resolved and best static mroutes are added to the mRTM table. These routes are prefixed with an
asterisk in the output from the show ipv6 static mroute command.
Thie following example displays information for configured IPv6 multicast routes:
Device(config)# show ipv6 static mroute
IPv6 Static Routing Table - 1 entries:
IPv6 Prefix
Interface
*1:1::1:0/120
ve 90
History
Next Hop Router
::
Release version
Command history
8.0.10a
This command was introduced.
FastIron Command Reference
53-1003389-04
Met/Dis/Tag Name
1/1/0
345
show loop-detect no-shutdown-status
show loop-detect no-shutdown-status
Shows the status of interfaces in a loop.
Syntax
show loop-detect no-shutdown-status
Modes
Privileged EXEC mode
Command Output
Examples
The show loop-detect no-shutdown-status command displays the following information:
Output field
Description
Port
The specific interface
Loop status
The duration the port has been in a loop
The following example shows the ports and their loop statuses.
device# show loop-detection no-shutdown-status
loop detection no shutdown syslog interval : 5
(unit 1 min /Default 5 min)
loop detection no shutdown port status
:
Note: Port's loop status gets cleared if loop is not detected in a particular
interval window
Port
|| Loop Status
==================||==========================
ethernet 1/1/7 || (In Loop For 2309 Seconds)
ethernet 1/1/15 || (In Loop For 2309 Seconds
History
346
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
show mac-auth configuration
show mac-auth configuration
Displays the global or interface level MAC authentication configuration.
Syntax
Parameters
show mac-auth configuration [ all | ethernet device/slot/port ]
all
Displays the MAC authentication configuration on all interfaces.
ethernet device/slot/port
Displays the MAC authentication configuration for a specific interface.
Modes
EXEC or Privileged EXEC mode
Global configuration mode
Command Output
The show mac-auth configuration command displays the following information.
Output field
Description
Status
Displays if MAC authentication is enabled or disabled
Auth-order
The authentication order enabled on the device
Default VLAN
The default VLAN specified on the device
Restricted VLAN
The restricted VLAN specified on the device
Critical VLAN
The critical VLAN specified on the device
Action on Auth failure
The action to be taken on authentication failure
MAC Session Aging
The status of the MAC session aging
Filter Strict Security
The status of filter strict security
Re-authentication
The status of re-authentication
Dot1x Override
The status of dot1x override
Password Override
The status of password override
Password Format
The configured password format
Reauth-period
The re-authentication period specified in seconds
Session max sw-age
The maximum software age configured on the device
Session max hw-age
The maximum hardware age configured on the device
The show mac-auth configuration all | ethernetdevice/slot/port command displays the following
information.
Output field
Description
Auth Order
Displays the authentication order
Action on Auth failure
Displays the action to be taken on authentication failure
Action on Auth timeout
Displays the action to be taken on authentication timeout
FastIron Command Reference
53-1003389-04
347
Show Commands
Examples
Output field
Description
Filter Strict Security
Displays if filter strict security is enabled or disabled
DoS Protection
Displays if DoS protection is enabled or disabled
Source-guard Protection
Displays if Source-Guard Protection is enabled or disabled
Aging
Displays if aging is enabled or disabled
Max-sessions
Displays the count of the maximum sessions
Ingress-filtering
Displays if ingress filtering is enabled or disabled
The following example displays the system level MAC authentication configuration.
device# show mac-authentication configuration
Status : Enabled
Auth Order : dot1x mac-auth
Default VLAN : 4
Restricted VLAN : Not configured
Critical VLAN : Not configured
Action on Auth failure : Block traffic
MAC Session Aging : Enabled
Filter Strict Security : Enabled
Re-authentication : Enabled
Dot1x Override : Disabled
Password Override : Disabled
Password Format : xxxx.xxxx.xxxx
Reauth-period : 600 seconds
Session max sw-age : 120 seconds
Session max hw-age : 70 seconds
The following example displays the MAC authentication configuration for port 1/1/15.
device# configure terminal
device(config)# show mac-auth configuration 1/1/15
Port 1/1/15 Configuration:
Auth Order
Action on Auth failure
Action on Auth timeout
Filter Strict Security
DoS Protection
Source-guard Protection
Aging
Max-sessions
Auth Filter List (Filter/VLAN)
348
:
:
:
:
:
:
:
:
:
dot1x mac-auth
Block traffic
Treat as a failed authentication
Enabled
Disabled (limit = 512)
Disabled
Enabled
32
1/2
FastIron Command Reference
53-1003389-04
Show Commands
The following example displays the MAC authentication information on all interfaces.
device# configure terminal
device(config)# show mac-auth configuration all
History
Port 1/1/1 Configuration:
Auth Order
Action on Auth failure
Action on Auth timeout
Filter Strict Security
DoS Protection
Source-guard Protection
Reauth-timeout
Aging
Max-sessions
:
:
:
:
:
:
:
:
:
dot1x mac-auth
Block traffic
Treat as a failed authentication
Enabled
Disabled (limit = 512)
Disabled
60 seconds
Enabled
2
Port 1/1/3 Configuration:
Auth Order
Action on Auth failure
Action on Auth timeout
Filter Strict Security
DoS Protection
Source-guard Protection
Reauth-timeout
Aging
Max-sessions
:
:
:
:
:
:
:
:
:
dot1x mac-auth
Block traffic
Treat as a failed authentication
Enabled
Disabled (limit = 512)
Disabled
60 seconds
Enabled
2
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
349
show mac-auth ip-acl
show mac-auth ip-acl
Shows the layer 3 access lists (ACLs) for MAC authentication.
Syntax
Parameters
show mac-auth ip-acl { all | ethernet device/slot/port }
all
Specifies the ACLs at the global level.
ethernet device/slot/port
Specifies the ACLs at the interface level.
Modes
Global configuration mode
Interface configuration mode
Examples
The show mac-auth ip-acl command displays the following information.
device(config)# show mac-auth ip-acl all
MAC-Auth IP ACL Information :
Port 1/1/15 : 0010.9400.0010
In-bound IP ACL : 101
Port 1/1/15 : 0010.9400.0020
In-bound IP ACL : 101
Port 2/1/15 : 0015.9400.0020
In-bound IP ACL : 102
device(config)# show mac-auth ip-acl eth 1/1/15
MAC-Auth IP ACL Information :
Port 1/1/15 : 0010.9400.0010
In-bound IP ACL : 101
Port 1/1/15 : 0010.9400.0020
In-bound IP ACL : 101
History
350
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
show mac-auth sessions
show mac-auth sessions
Shows MAC authentication configuration sessions at a global and interface level.
Syntax
Parameters
show mac-auth sessions { all | ethernet device/slot/port }
all
Specifies the sessions at the global level.
ethernet device/slot/port
Specifies the sessions at the interface level.
Modes
Privileged EXEC mode
Global configuration
Interface configuration
Command Output
Examples
The show mac-auth sessions command displays the following information:
Output field
Description
Port
The port number.
MAC Address
The MAC address of the client.
IP Address
The IP address of the client.
VLAN
The VLAN
Auth State
The authentication state.
ACL
The specific ACL applied.
Age
The age of the session.
The following example displays MAC sessions for all interfaces.
device# show mac-auth sessions all
----------------------------------------------------------------------------Port
MAC
IP
Vlan
Auth
ACL
Age
Addr
Addr
State
----------------------------------------------------------------------------1/1/15 0010.9400.0010 192.85.10.1
20
Yes
in-101
1/1/15 0010.9400.0020 192.85.20.1
20
Yes
in-101
2/1/15 0015.9400.0020 192.85.30.1
30
Yes
in-102
The following example displays MAC sessions for a specified interface.
device# show mac-auth sessions ethernet 1/1/15
----------------------------------------------------------------------------Port
MAC
IP
Vlan
Auth
ACL
Age
Addr
Addr
State
----------------------------------------------------------------------------1/1/15 0010.9400.0010 192.85.10.1
20
Yes
in-101
1/1/15 0010.9400.0020 192.85.20.1
20
Yes
in-101
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
351
show mac-auth statistics
show mac-auth statistics
Displays the MAC authentication statistics.
Syntax
Parameters
show mac-auth statistics { all | ethernet device/slot/port }
all
Displays the MAC authentication statistics for all interfaces.
ethernet device/slot/port
Displays the MAC authentication statistics for the specified interface.
Modes
Command Output
Examples
Privileged EXEC mode
The show mac-auth statistics command displays the following information:
Output field
Description
Accepted sessions
Number of accepted sessions
Rejected sessions
Number of rejected sessions
Inprogress sessions
Number of inprogress sessions
Attempted sessions
Number of attempted sessions
Number of errors
The number of errors.
The following example displays MAC authentication statistics for all interfaces.
device# show mac-auth statistics all
Port 1/1/15 Statistics:
Accepted Sessions
Rejected Sessions
Inprogress Sessions
Attempted Sessions
Number of Errors
:
:
:
:
:
2
0
0
0
0
Port 2/1/15 Statistics:
Accepted Sessions
Rejected Sessions
Inprogress Sessions
Attempted Sessions
Number of Errors
:
:
:
:
:
1
0
0
0
0
The following example displays MAC authentication statistics for Ethernet interface 1/1/15.
device# show mac-auth statistics ethernet 1/1/15
Port 1/1/15 Statistics:
Accepted Sessions
Rejected Sessions
Inprogress Sessions
Attempted Sessions
Number of Errors
History
352
:
:
:
:
:
2
0
0
0
0
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
show macsec statistics ethernet
show macsec statistics ethernet
Displays status information and secure channel statistics for the designated MACsec interface.
Syntax
Parameters
show macsec statistics ethernet device/slot/port
device/slot/port
Interface for which MACsec status information is to be displayed. The interface
is designated by device number in stack/slot on the device/interface on the slot.
Modes
User EXEC mode
Privileged EXEC mode
Global configuration mode
dot1x-mka configuration mode
dot1x-mka-interface configuration mode
Usage Guidelines
This command is supported only on the ICX 6610.
It is recommended that you use the clear macsec ethernet command to clear previous results for the
show macsec statistics ethernet command before re-executing it.
Command Output
The show macsec statistics ethernet command displays the following information:
Output field
Description
Interface (Device/slot/port)
The information that follows describes the designated interface.
Replay Protection (Enabled,
Disabled)
Indicates whether replay protection is applied on the interface.
Replay Window (0 through 127)
If out-of-order packets are allowed, indicates allowable window within which
an out-of-order packet can be received.
Frame Validation (Enabled,
Disabled)
Indicates whether MACsec frame headers are checked.
Secure Channel Statistics:
The fields that follow describe activity on a secure channel established over
the designated interface.
TxPktProtectedOnly
Number of transmitted packets with integrity protection only.
TxOctetProtectedOnly
Number of bytes transmitted in packets with integrity protection only.
TxPktEncrypted
Number of transmitted packets that are encrypted.
TxOctetEncrypted
Number of bytes transmitted in encrypted packets.
TxPktMiss
Number of transmitted packets that are neither encrypted nor protected by
integrity check.
TxOctetMiss
Number of bytes transmitted in packets that are neither encrypted nor
protected by integrity checking.
TxPktDrop
Number of packets dropped at transmission because SAK has been
exhausted.
TxPktBad
Number of transmitted packets marked as bad.
FastIron Command Reference
53-1003389-04
353
Show Commands
Examples
Output field
Description
RxPktDecryptedAuth
Number of packets received, decrypted, and checked for integrity protection.
RxOctetTotal
Number of bytes received.
RxOctetAuthOnly
Number of bytes received with Integrity protection only.
RxOctetDecrypted
Number of bytes received and decrypted.
RxPktFailReplayCheck
Number of packets received out of order.
RxPktFailICVCheck
Number of packets received that failed Integrity checking.
RxPktNoMACsecTag
Number of packets received without a MACSec Tag.
RxPktFrameValFail
Number of packets received that failed MACsec frame validation.
RxPktMiss
Number of packets received that did not find a key for decryption.
RxOctetMiss
Number of bytes received that did not find a key for decryption.
RxPktDrop
Number of received packets that were dropped.
The following code sample shows details for Ethernet interface 1/3/1 (device 1, slot 3, port 1). The
interface is verifying MACsec frames and is providing strict replay protection. Based on counter
statistics, transmitted packets are being encrypted. A smaller number of packets have been received,
have passed integrity checking, and have been decrypted. No packets have been received out of order,
and no packets have been dropped. No packets have failed integrity checking. A number of packets
have been received without MACsec headers, and numerous bytes did not have a decryption key.
device(config-dot1x-mka-1/3/1)# clear macsec ethernet 1/3/1
device(config-dot1x-mka-1/3/1)# show macsec statistics ethernet 1/3/1
Interface
Replay Protection
Replay Window
Frame Validation
: 1/3/1
: Enabled
: 0
: Check
Secure Channel Statistics:
TxPktProtectedOnly
TxPktEncrypted
TxPktMiss
TxPktDrop
RxPktDecryptedAuth
RxOctetAuthOnly
RxPktFailReplayCheck
RxPktNoMACsecTag
RxPktMiss
RxPktDrop
History
354
165074761
0
0
0
TxOctetProtectedOnly
TxOctetEncrypted
TxOctetMiss
TxPktBad
20491766144
0
0
0
3455
230740
0
414
414
0
RxOctetTotal
RxOctetDecrypted
RxPktFailICVCheck
RxPktFrameValFail
RxOctetMiss
257506
0
0
0
26766
Release version
Command history
08.0.20
This command was introduced.
08.0.20a
This command was modified. The show macsec ethernet command was
changed to show macsec statistics ethernet command.
FastIron Command Reference
53-1003389-04
show notification-mac
show notification-mac
Displays whether MAC-notification for SNMP traps is enabled or disabled.
Syntax
show notification-mac
Modes
Privileged EXEC mode
Usage Guidelines
Examples
You can view statistics such as the configured interval, the number of traps sent, and the number of
events sent.
The following example displays the MAC-notification statistics:
device# show notification-mac
Mac-notification SNMP trap is ENABLED
Configured Interval: 40 seconds
Number of trap messages sent: 2
Number of mac-notification events sent: 20
History
Release version
Command history
08.0.10
This command was introduced.
FastIron Command Reference
53-1003389-04
355
show openflow
show openflow
Displays the configured OpenFlow parameters.
Syntax
show openflow
Modes
EXEC and Privileged EXEC mode
Global configuration mode
Command Output
Examples
The show openflow command displays the following information:
Output field
Description
Administrative Status
Enable or disable status
Controller Type
OpenFlow 1.0 or OpenFlow1.3 controller
Controller
Number of controllers
device#show openflow
Administrative Status:
Controller Type:
Number of Controllers: 4
Controller 1:
Connection Mode:
Listening Address:
Connection Port:
Connection Status:
Role:
Asynchronous Configuration:
delete)
Controller 2:
Connection Mode:
Controller Address:
Connection Port:
Connection Status:
Role:
Asynchronous Configuration:
delete)
Controller 3:
Connection Mode:
Controller Address:
Connection Port:
Connection Status:
Role:
Asynchronous Configuration:
Controller 4:
Connection Mode:
Controller Address:
Connection Port:
Connection Status:
Role:
Asynchronous Configuration:
Enabled
OFV 130
passive, TCP
0.0.0.0
6633
TCP_LISTENING
Equal
Packet-in (no-match|action|invalid-ttl)
Port-status (add|delete|modify)
Flow-removed (idle-timeout|hard-timeout|delete|grp-
active, TCP
10.25.128.243
2001
OPENFLOW_ESABLISHED
Master
Packet-in (no-match|action|invalid-ttl)
Port-status (add|delete|modify)
Flow-removed (idle-timeout|hard-timeout|delete|grpactive, TCP
10.25.128.242
6633
OPENFLOW_ESABLISHED
Slave
Port-status (add|delete|modify)
active, TCP
10.25.128.250
2002
OPENFLOW_ESABLISHED
Slave
Port-status (add|delete|modify)
Match Capability:
Port, Destination MAC, Vlan, Vlan PCP
Openflow Enabled Ports:
e1/1 e1/2
356
FastIron Command Reference
53-1003389-04
Show Commands
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
357
show openflow controller
show openflow controller
Displays the controller information in a flow.
Syntax
show openflow controller
Modes
EXEC and Privileged EXEC mode
Global configuration mode
Command Output
Examples
History
358
The show openflow controller command displays the following information:
Output field
Description
Mode
Gives the active and passive connection of the controller.
IP address
IP address of the port
Port
Port number
Status
After the connection and OpenFlow handshake, the controller gives the role
of OpenFlow channel.
Role
Equal, Master and Slave role for the controller.
device# show openflow controller
-----------------------------------------------------------------------Contlr Mode TCP/SSL IP-address
Port
Status
Role
-----------------------------------------------------------------------1
(Equal)
passive TCP
0.0.0.0
6633
TCP_LISTENING
2
(Master)
active
TCP
10.25.128.179
6633
OPENFLOW_ESABLISHED
3
(Slave)
active
TCP
10.25.128.177
6633
OPENFLOW_ESABLISHED
3
(Equal)
active
TCP
10.25.128.165
6633
OPENFLOW_ESABLISHED
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
show openflow flows
show openflow flows
Displays the flows information on the OpenFlow ports.
Syntax
show openflow flows
Modes
User EXEC mode
Privileged EXEC mode
Global configuration mode
Command Output
Examples
The show openflow flows command displays the following information:
Output field
Description
Flow
Number of flows
Packet
Total Number of data packets trapped to be sent to controller
Byte
Total Number of data bytes trapped to be sent to controller
This command displays the output for flows.
device# show openflow flows
Total Number of data packets sent to controller:
Total Number of data bytes sent to controller :
0
0
Total Number of Flows: 1
Total Number of Port based Flows: 1
Total Number of L2 Generic Flows: 0
Total Number of L3 Generic Flows: 0
………………...
………………………
Flow ID: 1 Priority: 32768 Status: Active
Rule:
In Port:
e2/5
Instructions: Apply-Actions
Action: FORWARD
Out Port: e2/1
Meter id: 1023
Statistics:
Total Pkts: 0
Total Bytes: 0
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
359
show openflow groups
show openflow groups
Displays the maximum number of actions in a bucket, the maximum number of buckets in a group and
the maximum number of groups.
Syntax
Parameters
show openflow groups group-id
groups group-id
Shows details of a specific OpenFlow group.
Modes
User EXEC mode
Privileged EXEC mode
Global configuration mode
Command Output
Examples
The show openflow groups command displays the following information:
Output field
Description
Group
Maximum number of group in a flow
Bucket
Number of bucket per group
Action
Number of action per bucket
device#show openflow groups
Max number of groups
: 512
Max number of buckets per group : 64
Max number of actions per bucket :
1
Max number of SELECT groups
: 120
Max number of buckets in SELECT group: 8
Starting Trunk ID for SELECT groups : 257
Group id 1
Transaction id
4043243760
Type
ALL
Packet Count
0
Byte
Count
0
Flow
Count
0
Number of buckets
2
bucket #1
Weight
0
Number of actions
1
action 1: out port: 2/3
bucket #2
Weight
0
Number of actions
1
action 1: out port: 2/4
---Total no. of entries printed: 1
History
360
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
show openflow interfaces
show openflow interfaces
Displays the information about the interfaces in a OpenFlow flow.
Syntax
show openflow interfaces
Modes
User EXEC mode
Privileged EXEC mode
Global configuration mode
Usage Guidelines
Command Output
Examples
The show openflow interfaces command displays the following information:
Output field
Description
Port
Port Number
Link
Link status
Speed
Configured speed
Tag
Tag status
Mac Address
MAC address of the port
Mode
Gives the information about the layers
device# openflow enable layer3 hybrid
device# show openflow interfaces
Total number of Openflow interfaces: 5
Port
1/1
1/2
1/3
1/4
1/5
FastIron Command Reference
53-1003389-04
Link
Up
Up
Up
Up
Up
Speed
1G
1G
1G
1G
1G
Tag
Yes
Yes
Yes
Yes
Yes
MAC
000c.dbf5.bd00
000c.dbf5.bd01
000c.dbf5.bd01
000c.dbf5.bd01
000c.dbf5.bd01
OF-portid Name
1
2
3
4
5
Mode
Layer2
Layer2
Hybrid-Layer3
Hybrid-Layer3
Hybrid-Layer3
361
Show Commands
This command displays information for a particular interface on a specific slot and port..
device# show interface ethernet 1/1/6
GigabitEthernet1/1/6 is up, line protocol is up
Port up for 51 minutes 53 seconds
Hardware is GigabitEthernet, address is 748e.f8e7.d901 (bia 748e.f8e7.d901)
Configured speed auto, actual 1Gbit, configured duplex fdx, actual fdx
Configured mdi mode AUTO, actual MDI
Member of L2 VLAN ID 100, port is untagged, port state is FORWARDING
BPDU guard is Disabled, ROOT protect is Disabled, Designated protect is Disabled
Link Error Dampening is Disabled
STP configured to ON, priority is level0, mac-learning is enabled
OpenFlow enabled, Openflow Index 1, Flow Type Layer2
Flow Control is config enabled, oper enabled, negotiation disabled
Mirror disabled, Monitor disabled
Not member of any active trunks
Not member of any configured trunks
No port name
Inter-Packet Gap (IPG) is 96 bit times
MTU 1500 bytes, encapsulation ethernet
300 second input rate: 3904 bits/sec, 7 packets/sec, 0.00% utilization
300 second output rate: 0 bits/sec, 0 packets/sec, 0.00% utilization
23153 packets input, 1530094 bytes, 0 no buffer
Received 1721 broadcasts, 21432 multicasts, 0 unicasts
0 input errors, 0 CRC, 0 frame, 0 ignored
0 runts, 0 giants
0 packets output, 0 bytes, 0 underruns
Transmitted 0 broadcasts, 0 multicasts, 0 unicasts
0 output errors, 0 collisions
Relay Agent Information option: Disabled
Egress queues:
Queue counters
0
1
2
3
4
5
6
7
History
362
Queued packets
0
0
0
0
0
0
0
0
Dropped Packets
0
0
0
0
0
0
0
0
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
show openflow meters
show openflow meters
Displays all the meters in a OpenFlow flow.
Syntax
Parameters
show openflow meters meter-id
meters meter-id
Shows details of a specific OpenFlow meter.
Modes
User EXEC mode
Privileged EXEC mode
Global configuration mode
Command Output
Examples
The show openflow meters command displays the following information:
Output field
Description
Meter-id
Meter number
Band
Number of bands in a meter
Band type
Band type ( supported type: Drop, DSCP_REMARK)
Rate
Rate of the band
Counter
Band specific counter
The following example displays output with single meter band.
device(config)# show openflow meters 1
Meter id: 1
Transaction id:
Meter Flags:
Flow Count:
Number of bands:
In packet count:
In byte count:
Band Type:
1437
KBPS BURST STATS
0
1
-NA0
DROP
Rate:
Burst size:
In packet band count:
In byte band count:
FastIron Command Reference
53-1003389-04
750000
1500
-NA0
kb
363
Show Commands
The following example displays output with two meter bands.
device(config)# show openflow meters 2
Meter id: 2
Transaction id:
Meter Flags:
Flow Count:
Number of bands:
In packet count:
In byte count:
Band Type:
1438
KBPS BURST STATS
0
2
-NA0
DSCP-REMARK
Rate:
Burst size:
Prec level:
In packet band count:
In byte band count:
Band Type:
364
kb
DROP
Rate:
Burst size:
In packet band count:
In byte band count:
History
750000
1500
1
-NA0
1000000
2000
-NA0
kb
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
show packet-inerror-detect
show packet-inerror-detect
Displays details related to the monitoring for inError packets for configured ports.
Syntax
show packet-inerror-detect
Modes
Privileged EXEC mode
Global configuration mode
Interface configuration mode
Usage Guidelines
Use this show command to view details related to the monitoring of inError packets for configured ports.
Command Output
The show packet-inerror-detect command displays the following information:
Examples
Output field
Description
Sampling interval
Displays the configured sampling interval.
Port
Identifies a port.
Packet inError count
The number of inError packets received in the sampling interval for the
specific port.
State
Displays the status for the specific port.
The following example displays details related to the monitoring for inError packets for configured ports.
device# show packet-inerror-detect
Sampling interval 5 secs
Port
1/1/1
1/1/37
2/1/1
History
Packet inError count State
30
Operational
10
ERR-DISABLED
100
Operational
Release version
Command history
07.3.00g
This command was introduced.
FastIron Command Reference
53-1003389-04
365
show priority-flow-control
show priority-flow-control
Displays the priority flow control (PFC) on the system.
Syntax
show priority-flow-control
Modes
Privileged EXEC mode
Examples
The following example shows the PFC status of all priority groups.
Device# show priority-flow-control
Global PFC Status: Enabled
PFC Enabled on PG0
PFC Disabled on PG1
PFC Disabled on PG2
PFC Disabled on PG3
The following example shows the PFC status disabled.
Device# show priority-flow-control
Global PFC Status: Disabled
History
366
Release version
Command history
8.0.10
This command was introduced.
FastIron Command Reference
53-1003389-04
show qos egress-buffer-profile
show qos egress-buffer-profile
Displays information about egress buffer profiles.
Syntax
Parameters
show qos egress-buffer-profile [ user-profile-name | all ]
user-profile-name
Displays information for the specified egress buffer profile.
all
Displays information for all egress buffer profiles configured in the system and a
list of all ports attached to any egress buffer profile.
Modes
Examples
Global configuration mode
The following example displays information for an egress buffer profile named egress1.
Device(config)# show qos egress-buffer-profile egress1
Egress Buffer Profile: egress1
Ports attached: 1/1/2
Per Queue Details:
Share Level:
Queue 0
level4-1/9
Queue 1
level3-1/16
Queue 2
level3-1/16
Queue 3
level3-1/16
Queue 4
level3-1/16
Queue 5
level3-1/16
Queue 6
level3-1/16
Queue 7
level2-1/32
History
Release version
Command history
8.0.10
This command was introduced.
FastIron Command Reference
53-1003389-04
367
show qos ingress-buffer-profile
show qos ingress-buffer-profile
Displays information about ingress buffer profiles.
Syntax
Parameters
show qos ingress-buffer-profile [ user-profile-name | all ]
user-profile-name
Displays information for the specified ingress buffer profile.
all
Displays information for all the ingress buffer profiles configured in the system
and a list of their XOFF threshold levels.
Modes
Examples
Global configuration mode
The following example displays information for all the ingress buffer profiles configured in the system
and their XOFF threshold levels.
Device(config)# show qos ingress-buffer-profile all
Ingress Buffer Profile: i1
Ports attached: 1/1/1
Per PG Detail:
XOFF Level:
PG 0
level1-1/64
PG 1
level3-1/16
PG 2
level4-1/9
PG 3
level5-1/5
Ingress Buffer Profile: ing1
Ports attached: -Per PG Detail:
XOFF Level:
PG 0
level6-1/3
PG 1
level2-1/32
PG 2
level2-1/32
PG 3
level2-1/32
History
368
Release version
Command history
8.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
show qos-internal-trunk-queue
show qos-internal-trunk-queue
Displays the queue-share level of inter-packet-processor (inter-pp) links used to connect master and
slave units in ICX 7450 devices.
Syntax
show qos-internal-trunk-queue
Modes
Global configuration mode
Examples
The following example displays the queue-share level applied on egress queues of inter-pp links in a
system.
device(config)#show qos-internal-trunk-queue
Per Queue Details:
Share Level:
Queue 0
level7-1/2
Queue 1
level3-1/16
Queue 2
level3-1/16
Queue 3
level3-1/16
Queue 4
level3-1/16
Queue 5
level3-1/16
Queue 6
level3-1/16
Queue 7
level3-1/16
History
Release version
Command history
08.0.20
This command was introduced.
FastIron Command Reference
53-1003389-04
369
show qos priority-to-pg
show qos priority-to-pg
Displays priority-to-priority-group (PG) mapping for priority flow control (PFC).
Syntax
show qos priority-to-pg
Modes
Global configuration mode
Usage Guidelines
This command displays priority-to-PG mapping for the following flow control modes:
• PFC
• Symmetrical flow control
• Asymmetrical flow control
Examples
The following example shows priority-to-PG mapping for PFC.
Device(config)# show qos priority-to-pg
QoS
QoS
QoS
QoS
QoS
QoS
QoS
QoS
Internal
Internal
Internal
Internal
Internal
Internal
Internal
Internal
Priority
Priority
Priority
Priority
Priority
Priority
Priority
Priority
0
1
2
3
4
5
6
7
mapped
mapped
mapped
mapped
mapped
mapped
mapped
mapped
to
to
to
to
to
to
to
to
Priority
Priority
Priority
Priority
Priority
Priority
Priority
Priority
Group
Group
Group
Group
Group
Group
Group
Group
0
0
1
1
1
2
2
4
The following example shows priority-to-PG mapping for 802.3x (Flow-Control). Honor is enabled.
Device(config)# show qos priority-to-pg
QoS
QoS
QoS
QoS
QoS
QoS
QoS
QoS
Internal
Internal
Internal
Internal
Internal
Internal
Internal
Internal
Priority
Priority
Priority
Priority
Priority
Priority
Priority
Priority
0
1
2
3
4
5
6
7
mapped
mapped
mapped
mapped
mapped
mapped
mapped
mapped
to
to
to
to
to
to
to
to
Priority
Priority
Priority
Priority
Priority
Priority
Priority
Priority
Group
Group
Group
Group
Group
Group
Group
Group
0
0
1
1
1
2
2
4
The following example shows priority-to-PG mapping for symmetrical flow control for 802.3x (FlowControl) in Both mode (Generate and Honor are enabled) or Generate-only mode.
Device(config)# symmetrical-flow-control enable
Device(config)# show qos priority-to-pg
QoS
QoS
QoS
QoS
QoS
QoS
QoS
QoS
Internal
Internal
Internal
Internal
Internal
Internal
Internal
Internal
Priority
Priority
Priority
Priority
Priority
Priority
Priority
Priority
0
1
2
3
4
5
6
7
mapped
mapped
mapped
mapped
mapped
mapped
mapped
mapped
to
to
to
to
to
to
to
to
Priority
Priority
Priority
Priority
Priority
Priority
Priority
Priority
Group
Group
Group
Group
Group
Group
Group
Group
7
7
7
7
7
2
2
4
The following example enables flow control on all priorities and shows the priority-to-PG mapping.
Device(config)# symmetrical-flow-control enable all
Device(config)# show qos priority-to-pg
QoS
QoS
QoS
QoS
QoS
QoS
QoS
QoS
370
Internal
Internal
Internal
Internal
Internal
Internal
Internal
Internal
Priority
Priority
Priority
Priority
Priority
Priority
Priority
Priority
0
1
2
3
4
5
6
7
mapped
mapped
mapped
mapped
mapped
mapped
mapped
mapped
to
to
to
to
to
to
to
to
Priority
Priority
Priority
Priority
Priority
Priority
Priority
Priority
Group
Group
Group
Group
Group
Group
Group
Group
7
7
7
7
7
7
7
4
FastIron Command Reference
53-1003389-04
Show Commands
History
Release version
Command history
8.0.10
This command was introduced.
FastIron Command Reference
53-1003389-04
371
show qos-profiles
show qos-profiles
Displays information about QoS profiles
Syntax
Parameters
show qos-profiles { all | name }
all
Displays information for all profiles.
name
Displays information for the specified profile.
Modes
Examples
Global configuration mode
The following example displays information for all the queues on an FSX device.
Device# show qos-profiles all
bandwidth scheduling mechanism:
Profile qosp7
: Priority7
Profile qosp6
: Priority6
Profile qosp5
: Priority5
Profile qosp4
: Priority4
Profile qosp3
: Priority3
Profile qosp2
: Priority2
Profile qosp1
: Priority1
Profile qosp0
: Priority0
weighted priority
bandwidth requested
bandwidth requested
bandwidth requested
bandwidth requested
bandwidth requested
bandwidth requested
bandwidth requested
bandwidth requested
25%
15%
12%
12%
10%
10%
10%
6%
calculated
calculated
calculated
calculated
calculated
calculated
calculated
calculated
25%
15%
12%
12%
10%
10%
10%
6%
The following example displays information, including multicast queue weights, for all the queues on an
ICX 7450 device.
Device#show qos-profiles all
bandwidth scheduling mechanism: mixed weighted priority with strict priority
Unicast Traffic
Profile qosp7
: Priority7(Highest) Set as strict priority
Profile qosp6
: Priority6
Set as strict priority
Profile qosp5
: Priority5
bandwidth requested 25% calculated 25%
Profile qosp4
: Priority4
bandwidth requested 15% calculated 15%
Profile qosp3
: Priority3
bandwidth requested 15% calculated 15%
Profile qosp2
: Priority2
bandwidth requested 15% calculated 15%
Profile qosp1
: Priority1
bandwidth requested 15% calculated 15%
Profile qosp0
: Priority0(Lowest) bandwidth requested 15% calculated 15%
Multicast Traffic
Profile qosp7+qosp6
: Priority7(Highest),6
Set as strict
priority
Profile qosp5
: Priority5
bandwidth
requested 25% calculated 25%
Profile qosp4+qosp3+qosp2
: Priority4,3,2
bandwidth
requested 45% calculated 45%
Profile qosp1+qosp0
: Priority1,0(Lowest)
bandwidth
requested 30% calculated 30%
History
372
Release version
Command history
08.0.20
This command was modified to display information for multicast queue
weights on ICX 7450 and ICX 7750 devices.
FastIron Command Reference
53-1003389-04
show qos scheduler-profile
show qos scheduler-profile
Displays information about scheduler profiles.
Syntax
Parameters
show qos scheduler-profile { all user-profile-name}
all
Displays information for all the scheduler profiles configured in the system and
a list of all the ports attached to any scheduler profile.
user-profile-name
Displays information for the specified scheduler profile only.
Modes
Usage Guidelines
Global configuration mode
A scheduler profile must be configured before it can be displayed.
Information can be displayed for a maximum of eight scheduler profiles.
On ICX 7750 and ICX 7450 devices this command also displays information for multicast queue
weights.
Examples
The following example displays information for a scheduler profile named user1.
Device(config)# show qos scheduler-profile user1
User Scheduler Profile: user1
Scheduling Option: Weighted round-robin
Ports attached: 1/1/1
Per Queue details:
Bandwidth%
Traffic Class 0
1%
Traffic Class 1
1%
Traffic Class 2
10%
Traffic Class 3
10%
Traffic Class 4
10%
Traffic Class 5
10%
Traffic Class 6
20%
Traffic Class 7
38%
FastIron Command Reference
53-1003389-04
373
Show Commands
The following example displays information for all the scheduler profiles configured in the system.
Device(config)# show qos scheduler-profile all
User Scheduler Profile: user1
Scheduling Option: Weighted round-robin
Ports attached: 1/1/1
Per Queue details:
Bandwidth%
Traffic Class 0
1%
Traffic Class 1
1%
Traffic Class 2
10%
Traffic Class 3
10%
Traffic Class 4
10%
Traffic Class 5
10%
Traffic Class 6
20%
Traffic Class 7
38%
User Scheduler Profile: user2
Ports attached: --
Scheduling Option: Strict scheduling
User Scheduler Profile: user3
Scheduling Option: Mixed-SP-WRR
Ports attached: -Per Queue details:
Bandwidth%
Traffic Class 0
15%
Traffic Class 1
15%
Traffic Class 2
15%
Traffic Class 3
15%
Traffic Class 4
15%
Traffic Class 5
25%
Traffic Class 6
sp
Traffic Class 7
sp
User Scheduler Profile: user4
Scheduling Option: Weighted round-robin
Ports attached: -Per Queue details:
Bandwidth%
Traffic Class 0
3%
Traffic Class 1
3%
Traffic Class 2
3%
Traffic Class 3
3%
Traffic Class 4
3%
Traffic Class 5
3%
Traffic Class 6
7%
Traffic Class 7
75%
The following example displays information, including multicast queue weights, for a scheduler profile
named profle1 on ICX 7450 anf ICX 7750 devices.
Device(config)# show qos scheduler-profile profile1
User Scheduler Profile: profile1
Scheduling Option: Weighted round-robin
Unicast per Queue details:
Bandwidth%
Traffic Class 0
8%
Traffic Class 1
8%
Traffic Class 2
8%
Traffic Class 3
8%
Traffic Class 4
8%
Traffic Class 5
8%
Traffic Class 6
8%
Traffic Class 7
44%
Multicast per Queue details:
Bandwidth%
Traffic Class 0,1
16%
Traffic Class 2,3,4
24%
Traffic Class 5
8%
Traffic Class 6,7
52%
History
374
Release version
Command history
8.0.10
This command was introduced.
8.0.20
This command was modified to display information for multicast queue
weights on ICX 7450 and ICX 7750 devices.
FastIron Command Reference
53-1003389-04
show rmon
show rmon
Displays the Remote monitoring (RMON) agent status and information about RMON alarms, events,
history, logs, and statistics on the interface.
Syntax
Parameters
show rmon { alarm alarm-number | event event-number | history history-index | logs event-index |
statistics [ number | interface-type | interface-number ] }
alarm
Specifies to display the RMON alarm table.
alarm-number
Specifies the alarm index identification number. Valid values range from 1
through 65535.
event
Specifies to display the RMON event table.
event-number
Specifies the event index identification number. Valid values range from 1
through 65535.
history
Specifies to display the history control data entries for port or interface.
history-number
Specifies the history index identification number of the history entry.
logs
Specifies to display the RMON logging table where RMON log entries are
stored.
event-index
Specifies the event index identification number. Valid values range from 1
through 65535.
statistics
Specifies to display the RMON Ethernet statistics; and the statistics group that
collects statistics on promiscuous traffic across an interface and total traffic into
and out of the agent interface. Valid values range from 1 through 65535.
statistics-number
Specifies the statistics index identification number of the statistics entry.
interface-type
Specifies the ethernet interface or management port.
interface-number
Specifies the interface or management port number.
Modes
Privileged EXEC mode
Global configuration mode
Command Output
The show rmon command displays the following information:
Output field
Description
Rising threshold
The sampling value limit, beyond which the rising alarm is triggered.
Falling threshold
The sampling value limit, beyond which the falling alarm is triggered.
FastIron Command Reference
53-1003389-04
375
Show Commands
Output field
Description
Octets
The total number of octets of data received on the network. This number
includes octets in bad packets. This number does not include framing bits but
does include Frame Check Sequence (FCS) octets.
Drop events
Indicates an overrun at the port. The port logic could not receive the traffic at
full line rate and had to drop some packets as a result. The counter indicates
the total number of events in which packets were dropped by the RMON
probe due to lack of resources. This number is not necessarily the number of
packets dropped, but is the number of times an overrun condition has been
detected.
Packets
The total number of packets received. This number includes bad packets,
broadcast packets, and multicast packets.
Broadcast pkts
The total number of good packets received that were directed to the
broadcast address. This number does not include multicast packets.
Multicast pkts
The total number of good packets received that were directed to a multicast
address. This number does not include packets directed to the broadcast
address.
CRC align errors
The total number of packets received that were from 64 - 1518 octets long,
but had either a bad FCS with an integral number of octets (FCS Error) or a
bad FCS with a non-integral number of octets (Alignment Error). The packet
length does not include framing bits but does include FCS octets.
Undersize pkts
The total number of packets received that were less than 64 octets long and
were otherwise well formed. This number does not include framing bits but
does include FCS octets.
Fragments
The total number of packets received that were less than 64 octets long and
had either a bad FCS with an integral number of octets (FCS Error) or a bad
FCS with a non-integral number of octets (Alignment Error). It is normal for
this counter to increment, since it counts both runts (which are normal
occurrences due to collisions) and noise hits. This number does not include
framing bits but does include FCS octets.
Oversize packets
The total number of packets received that were longer than 1518 octets and
were otherwise well formed. This number does not include framing bits but
does include FCS octets.
NOTE
48GC modules do not support count information on oversized packets and
report 0.
376
FastIron Command Reference
53-1003389-04
Show Commands
Output field
Description
Jabbers
The total number of packets received that were longer than 1518 octets and
had either a bad FCS with an integral number of octets (FCS Error) or a bad
FCS with a non-integral number of octets (Alignment Error).
NOTE
This definition of jabber is different from the definition in IEEE-802.3 section
8.2.1.5 (10BASE5) and section 10.3.1.4 (10BASE2). These documents define
jabber as the condition where any packet exceeds 20 ms. The allowed range
to detect jabber is between 20 ms and 150 ms.
This number does not include framing bits but does include FCS octets.
NOTE
48GC modules do not support count information on jabbers and report 0.
Collisions
The best estimate of the total number of collisions on this Ethernet segment.
64 octets pkts
The total number of packets received that were 64 octets long. This number
includes bad packets. This number does not include framing bits but does
include FCS octets.
65 to 127 octets pkts
The total number of packets received that were 65 - 127 octets long. This
number includes bad packets. This number does not include framing bits but
does include FCS octets.
128 to 255 octets pkts
The total number of packets received that were 128 - 255 octets long. This
number includes bad packets. This number does not include framing bits but
does include FCS octets.
256 to 511 octets pkts
The total number of packets received that were 256 - 511 octets long. This
number includes bad packets. This number does not include framing bits but
does include FCS octets.
512 to 1023 octets pkts
The total number of packets received that were 512 - 1023 octets long. This
number includes bad packets. This number does not include framing bits but
does include FCS octets.
1024 to 1518 octets pkts
The total number of packets received that were 1024 - 1518 octets long. This
number includes bad packets. This number does not include framing bits but
does include FCS octets.
Event Index
The event index identification number.
Log Index
The log index identification number.
Log Generated time
The time at which the log is generated.
Log Description
Indicates the type of alarm; whether it is a rising or falling alarm.
FastIron Command Reference
53-1003389-04
377
Show Commands
Examples
The following example shows the output of the show rmon alarm command.
device(config)# show rmon alarm
Alarm 1 is active, owned by monitor
Monitors etherStatsPkts.13 every 5 seconds
Taking absolute samples, last value was 675
Rising threshold is 100, assigned to event 1
Falling threshold is 0, assigned to event 1
On startup enable rising or falling alarm
Alarm 2 is active, owned by monitor
Monitors etherStatsPkts.2 every 5 seconds
Taking absolute samples, last value was 414
Rising threshold is 100, assigned to event 3
Falling threshold is 0, assigned to event 3
On startup enable rising or falling alarm
The following example shows the output of the show rmon event command.
device(config)# show rmon event
Event 1 is active, owned by monitor
Description is testing
Event firing causes log, community
Batch ID 0, argument
Last fired at system up time 3 minutes 52 seconds
Event 2 is active, owned by monitor
Description is logging
Event firing causes log and trap, community public
Batch ID 0, argument
Last fired at system up time 8 minutes 12 seconds
The following example shows the output of the show rmon history history-index command.
device(config)# show rmon history 1
History 1 is active, owned by monitor
Monitors interface mgmt1 (ifIndex 25) every 30 seconds
25 buckets were granted to store statistics
The following example shows the output of the show rmon logs command.
device(config)# show rmon logs
Event Index = 1
Log Index = 1
Log Generated time = 00:03:52 (23200)
Log Description = rising alarm
Event Index = 2
Log Index = 1
Log Generated time = 00:08:12 (49200)
Log Description = rising alarm
Event Index = 3
Log Index = 1
Log Generated time = 00:05:12 (31200)
Log Description = rising alarm
Event Index = 4
Log Index = 1
Log Generated time = 00:01:32 (9200)
Log Description = falling alarm
Log Index = 2
Log Generated time = 00:02:52 (17200)
Log Description = rising alarm
The following example shows the output of the show rmon logs event-index command.
device(config)# show rmon logs 2
Event Index = 2
Log Index = 1
Log Generated time = 00:08:12 (49200)
Log Description = rising alarm
378
FastIron Command Reference
53-1003389-04
Show Commands
The following example shows the output of the show rmon statistics number command.
device(config)# show rmon statistics 1
Ethernet statistics 1 is active, owned by monitor
Interface 1/1/1 (ifIndex 1) counters
Octets
0
Drop events
0
Packets
Broadcast pkts
0
Multicast pkts
CRC align errors
0
Undersize pkts
Oversize pkts
0
Fragments
Jabbers
0
Collisions
Packet size counters
64
128 to 255
512 to 1023
0
0
0
65 to 127
256 to 511
1024 to 1518
0
0
0
0
0
0
0
0
The following example shows the statistics of the ethernet interface 1/2/1.
device(config)# show rmon statistics ethernet 1/2/1
Ethernet statistics 65 is active, owned by monitor
Interface 1/2/1 (ifIndex 65) counters
Octets
30170677670
Drop events
0
Packets
Broadcast pkts
0
Multicast pkts
CRC align errors
0
Undersize pkts
Oversize pkts
0
Fragments
Jabbers
0
Collisions
Packet size counters
64
128 to 255
512 to 1023
History
0
19353559
17980963
65 to 127
256 to 511
1024 to 1518
Release version
Command history
08.0.20
The logs keyword was introduced.
FastIron Command Reference
53-1003389-04
72281139
66309417
0
0
0
10703415
18658554
5584648
379
show running interface
show running interface
Displays information about the interface.
Syntax
Parameters
show running interface [ ethernet stack/slot/port [ to ethernet stack/slot/port ] | loopback loopbacknumber | management por-id | tunnel tunnel-id | ve ve-number]
ethernet stack/slot/port
Specifies the configuration on a physical interface. On standalone devices
specify the interface ID in the format slot/port-id; on stacked devices you must
also specify the stack ID, in the format stack-id/slot/port-id.
to
Specifies information for a range of physical interfaces.
loopback loopback-number
Specifies information for a loopback interface.
management port-id
Specifiesinformation for a management port.
tunnel tunnel-id
Specifies information for a tunnel interface.
ve ve-number
Specifies information for a virtual interface.
Modes
Examples
Privileged EXEC mode
The following example displays output from the show running interface command, showing that ACLs
10 and f10 are applied to interface 1/1/9 to control neighbor access.
Device#show running interface ethernet 1/1/9
interface ethernet 1/1/9
ip address 15.1.1.5 255.255.255.0
ip pim-sparse
ip pim neighbor-filter 10
ip ospf area 0
ipv6 address 201::1/64
ipv6 ospf area 0
ipv6 pim-sparse
ipv6 pim neighbor-filter f10
History
380
Release version
Command history
8.0.20a
This command was modified to display neighbor filter information.
FastIron Command Reference
53-1003389-04
show span designated-protect
show span designated-protect
Displays a list of all ports that are not allowed to go into the designated forwarding state.
Syntax
show span designated-protect
Modes
Privileged EXEC mode
Global configuration mode
Interface configuration mode
Examples
The following example indicates that the designated forwarding state is disallowed for interfaces 2/1/7,
2/1/19, and 2/2/3.
device(config)# show span designated-protect
Designated Protection Enabled on:
Ports: (U2/M1)
7 19
Ports: (U2/M2)
3
History
Release version
Command history
07.3.00g
This command was introduced.
FastIron Command Reference
53-1003389-04
381
show stack
show stack
Displays information about the units in a stack and a representation of the stack topology.
Syntax
Parameters
show stack num
num
Displays information for the specified stack unit ID.
Modes
Command Output
382
Privileged EXEC mode
The show stack command displays the following information:
Output field
Description
ID
Specifies the identification number of the stack unit. Each unit in the stack has
a unique ID number.
Type
Specifies the type (model) of the stack unit.
Role
Specifies the role of the stack unit. The roles are controller, standby, or
member.
Mac Address
Specifies the MAC address of the stack unit. The roles are controller,
standby, or member.
Pri
Specifies the priority value assigned to the stack unit. The default value is
128.
State
Specifies whether the stack unit is local or remote. A unit with a State value of
Local is the active controller. Units with a State value of Remote are either
standby units or member units.
Comment
Indicates if the stack unit is ready (available).
FastIron Command Reference
53-1003389-04
Show Commands
Examples
The following example displays information about a stack with six stack trunks, including a
representation of the stack topology.
device# show stack
T=21h22m31.3: alone: standalone, D: dynamic cfg, S: static, A=10, B=11, C=12
ID
Type
Role
Mac Address
Pri State
Comment
1 S ICX7750-48XGF active cc4e.246d.9e00 128 local
Ready
2 S ICX7750-48XGF standby cc4e.246d.8d80
0 remote Ready
3 S ICX7750-48XGF member cc4e.246d.9b00
0 remote Ready
4 S ICX7750-48XGF member cc4e.246d.9c80
0 remote Ready
5 S ICX7750-20QXG member cc4e.2439.2a80
0 remote Ready
6 S ICX7750-20QXG member cc4e.2439.3700
0 remote Ready
7 S ICX7750-20QXG member cc4e.2439.3880
0 remote Ready
8 S ICX7750-20QXG member cc4e.2439.2d00
0 remote Ready
9 S ICX7750-48XGC member cc4e.2439.1a00
0 remote Ready
10 S ICX7750-48XGC member cc4e.2439.1680
0 remote Ready
11 S ICX7750-48XGC member cc4e.2439.1d80
0 remote Ready
12 S ICX7750-48XGC member cc4e.2439.1280
0 remote Ready
active
+---+
+---+
+---+
+---+
+---+
+---+
-2/1| 1 |2/4--3/1| C |3/4==2/1| B |2/4==2/1| A |2/4--2/1| 9 |2/4--2/1| 8 |2/4=
|
+---+
+---+
+---+
+---+
+---+
+---+
|
|
|
| standby
|
|
+---+
+---+
+---+
+---+
+---+
+---+
|
-2/4| 2 |2/1==2/4| 3 |2/1--2/4| 4 |2/1==2/4| 5 |2/1--2/4| 6 |2/1==2/4| 7 |2/1=
+---+
+---+
+---+
+---+
+---+
+---+
Standby u2 - protocols ready, can failover
Current stack management MAC is cc4e.246d.9e00
FastIron Command Reference
53-1003389-04
383
show stack connection
show stack connection
Displays a representation of stack topology and a detailed connection report that contains information
on connection errors or hardware failures.
Syntax
show stack connection
Modes
Privileged EXEC mode
Examples
The following example displays a representation of a ring topology that has seven stack units and
details on each of the trunk link connections.
device# show stack connection
Probing the topology. Please wait ...
device#
active
+---+
+---+
+---+
+---+
+---+
+---+
=2/1| 4 |2/6==2/6| 3 |2/1==2/1| 2 |2/6==2/6| 1 |2/1==2/1| 7 |2/6==2/6| 6 |2/1=
|
+---+
+---+
+---+
+---+
+---+
+---+
|
|
|
|
standby |
|
+---+
|
------------------------------------------------------------------2/1| 5 |2/6=
+---+
trunk probe results: 7 links
Link 1: u7 -- u1, num=5
1: 1/2/1 (T0) <---> 7/2/1 (T0)
2: 1/2/2 (T0) <---> 7/2/2 (T0)
3: 1/2/3 (T0) <---> 7/2/3 (T0)
4: 1/2/4 (T0) <---> 7/2/4 (T0)
5: 1/2/5 (T0) <---> 7/2/5 (T0)
Link 2: u2 -- u1, num=5
1: 1/2/6 (T1) <---> 2/2/6 (T1)
2: 1/2/7 (T1) <---> 2/2/7 (T1)
3: 1/2/8 (T1) <---> 2/2/8 (T1)
4: 1/2/9 (T1) <---> 2/2/9 (T1)
5: 1/2/10(T1) <---> 2/2/10(T1)
Link 3: u3 -- u2, num=5
1: 2/2/1 (T0) <---> 3/2/1 (T0)
2: 2/2/2 (T0) <---> 3/2/2 (T0)
3: 2/2/3 (T0) <---> 3/2/3 (T0)
4: 2/2/4 (T0) <---> 3/2/4 (T0)
5: 2/2/5 (T0) <---> 3/2/5 (T0)
Link 4: u4 -- u3, num=5
1: 3/2/6 (T1) <---> 4/2/6 (T1)
2: 3/2/7 (T1) <---> 4/2/7 (T1)
3: 3/2/8 (T1) <---> 4/2/8 (T1)
4: 3/2/9 (T1) <---> 4/2/9 (T1)
5: 3/2/10(T1) <---> 4/2/10(T1)
Link 5: u5 -- u4, num=5
1: 4/2/1 (T0) <---> 5/2/1 (T0)
2: 4/2/2 (T0) <---> 5/2/2 (T0)
3: 4/2/3 (T0) <---> 5/2/3 (T0)
4: 4/2/4 (T0) <---> 5/2/4 (T0)
5: 4/2/5 (T0) <---> 5/2/5 (T0)
Link 6: u6 -- u5, num=5
1: 5/2/6 (T1) <---> 6/2/1 (T0)
2: 5/2/7 (T1) <---> 6/2/2 (T0)
3: 5/2/8 (T1) <---> 6/2/3 (T0)
4: 5/2/9 (T1) <---> 6/2/4 (T0)
5: 5/2/10(T1) <---> 6/2/5 (T0)
Link 7: u7 -- u6, num=5
1: 6/2/6 (T1) <---> 7/2/6 (T1)
2: 6/2/7 (T1) <---> 7/2/7 (T1)
3: 6/2/8 (T1) <---> 7/2/8 (T1)
4: 6/2/9 (T1) <---> 7/2/9 (T1)
5: 6/2/10(T1) <---> 7/2/10(T1)
CPU to CPU packets are fine between 7 units.
384
FastIron Command Reference
53-1003389-04
show stack detail
show stack detail
Displays information on all units in the stack, including the role, MAC address, priority, status, and stack
connections for each stack unit.
Syntax
show stack detail
Modes
Privileged EXEC mode
Command Output
The show stack detail command displays the following information:
Output field
Description
ID
Specifies the identification number of the stack unit. Each unit in the stack has
a unique ID number.
Type
Specifies the type (model) of the stack unit.
Role
Specifies the role of the stack unit. The roles are controller, standby, or
member.
Mac Address
Specifies the MAC address of the stack unit. The roles are controller,
standby, or member.
Pri
Specifies the priority value assigned to the stack unit. The default value is
128.
State
Specifies whether the stack unit is local or remote. A unit with a State value of
Local is the active controller. Units with a State value of Remote are either
standby units or member units.
Comment
Indicates if the stack unit is ready (available).
Unit #
Specifies the number assigned to the stack unit. Each unit in the stack has a
unique unit number. (This is the same as the ID of the stack unit.)
Stack Port Status
Indicates whether the stack port is connected or disconnected. A port with the
up status of up is connected to the stack, and a ports with the status of down
(dn) is not connected to the stack.
Neighbors
Indicates units in the stack that are connected together. Each unit in the stack
is connected to at least one other stack unit.
System uptime
Indicates the amount of time that the stack unit has been running since the
last reset. The System uptime is listed for each unit in the stack.
FastIron Command Reference
53-1003389-04
385
Show Commands
Examples
The following example displays information on a full ICX 7450 stack containing 12 units, with six
different models.
device# show stack detail
T=17h38m45.2: alone: standalone, D: dynamic cfg, S: static, A=10, B=11, C=12
ID
Type
Role
Mac Address
Pri State
Comment
1 S ICX7450-24G
active cc4e.246c.ff80 128 local
Ready
2 S ICX7450-24G
standby cc4e.246d.02c8
0 remote Ready
3 S ICX7450-24G
member cc4e.246c.ffd0
0 remote Ready
4 S ICX7450-24P
member cc4e.246d.0520
0 remote Ready
5 S ICX7450-48G
member cc4e.246d.1c78
0 remote Ready
6 S ICX7450-48G
member cc4e.246d.1b78
0 remote Ready
7 S ICX7450-48G
member cc4e.246d.1df8
0 remote Ready
8 S ICX7450-48P
member cc4e.2489.8640
0 remote Ready
9 S ICX7450-48GF member cc4e.246d.1478
0 remote Ready
10 D ICX7450-24P
member cc4e.246d.0638
0 remote Ready
11 D ICX7450-24P
member cc4e.246d.0778
0 remote Ready
12 D ICX7450-48P
member cc4e.246d.2938
0 remote Ready
active
standby
+---+
+---+
+---+
+---+
+---+
+---+
3/1| 1 |4/1--3/1| 2 |4/1--3/1| 3 |4/1--3/1| 4 |4/1--3/1| 5 |4/1--3/1| 6 |4/1+---+
+---+
+---+
+---+
+---+
+---+
|
|
|
+---+
+---+
+---+
+---+
+---+
+---+
|
| C |3/1--4/1| B |3/1--4/1| A |3/1--4/1| 9 |3/1--4/1| 8 |3/1--4/1| 7 |3/1+---+
+---+
+---+
+---+
+---+
+---+
Will assign standby in 53 sec due to all ready
Standby u2 - wait for standby assignment due to election
Current stack management MAC is cc4e.246c.ff80
Image-Auto-Copy is Enabled.
Unit#
1
2
3
4
5
6
7
8
9
10
11
12
Stack Port Status
Stack-port1
dn (1/3/1)
up (2/3/1)
up (3/3/1)
up (4/3/1)
up (5/3/1)
up (6/3/1)
up (7/3/1)
up (8/3/1)
up (9/3/1)
up (10/3/1)
up (11/3/1)
up (12/3/1)
Stack-port2
up (1/4/1)
up (2/4/1)
up (3/4/1)
up (4/4/1)
up (5/4/1)
up (6/4/1)
up (7/4/1)
up (8/4/1)
up (9/4/1)
up (10/4/1)
up (11/4/1)
none
Unit# System uptime
1
17 hours 38 minutes
2
17 hours 38 minutes
3
17 hours 38 minutes
4
17 hours 38 minutes
5
17 hours 38 minutes
6
17 hours 38 minutes
7
17 hours 38 minutes
8
17 hours 38 minutes
9
17 hours 38 minutes
10
17 hours 32 minutes
11
1 minutes 9 seconds
12
1 minutes 9 seconds
ICX7450-24 Route
386
45
43
45
44
44
44
44
45
43
24
Neighbors
Stack-port1
none
U1 (1/4/1)
U2 (2/4/1)
U3 (3/4/1)
U4 (4/4/1)
U5 (5/4/1)
U6 (6/4/1)
U7 (7/4/1)
U8 (8/4/1)
U9 (9/4/1)
U10 (10/4/1)
U11 (11/4/1)
Stack-port2
U2 (2/3/1)
U3 (3/3/1)
U4 (4/3/1)
U5 (5/3/1)
U6 (6/3/1)
U7 (7/3/1)
U8 (8/3/1)
U9 (9/3/1)
U10 (10/3/1)
U11 (11/3/1)
U12 (12/3/1)
none
seconds
seconds
seconds
seconds
seconds
seconds
seconds
seconds
seconds
seconds
FastIron Command Reference
53-1003389-04
show stack failover
show stack failover
Displays information about stack failover.
Syntax
show stack failover
Modes
Privileged EXEC mode
Usage Guidelines
Examples
Use the show stack failover command to view information about rapid failover for the stack. This
command displays if the standby is ready to takeover or not.
The following example shows which unit is the current standby device and its status.
device# show stack failover
Current standby is unit 2. state=ready
Standby u2 - protocols ready, can failover
FastIron Command Reference
53-1003389-04
387
show stack flash
show stack flash
Displays information about flash memory for stack members.
Syntax
show stack flash
Modes
Privileged EXEC mode
Usage Guidelines
Use the show stack flash command to display information about flash memory for stack members.
Command Output
The show stack flash command displays the following information:
Output field
Description
ID
Specifies the identification number of the stack unit. Each unit in the stack has
a unique ID number.
role
Specifies the role of the stack unit. The roles are controller, standby, or
member.
priority
Specifies the priority value assigned to the stack unit. The default value is
128.
config
Indicates the port state (up or down) and identifies the port by number (stackID/slot/port). A port with the up status of up is connected to the stack, and a
ports with the status of down (dn) is not connected to the stack.
The rest of the fields are used for debug purposes only.
Examples
The following example display flash memory information for an ICX 6610.
device# show stack flash
There is no startup-config.old
Stack flash that was read in bootup:
ICX6610-48P, ID =4, role= active, pri=200, config=1, jumbo=X
stack p: [0]=4/2/1 [1]=4/2/6 default p: 4/2/1(5) 4/2/6(5), ,
ve#=X stp#=X
active-chg=0
Current written stack flash:
ICX6610-48P, ID =4, role= active, pri=200, config=1, jumbo=X
stack p: [0]=4/2/1 [1]=4/2/6 default p: 4/2/1(5) 4/2/6(5), ,
ve#=X stp#=X
388
PPVLAN=X S2M=0 FIPS=X
, hash-chain=X vlan#=X
PPVLAN=X S2M=0 FIPS=X
, hash-chain=X vlan#=X
FastIron Command Reference
53-1003389-04
show stack link-sync
show stack link-sync
Displays the status of the link synchronization.
Syntax
Parameters
show stack link-sync status
status
Displays link status information.
Modes
Command Output
Examples
Privileged EXEC mode
The show stack link-sync status command displays the following information:
Output field
Description
STACKING_LINK_GLOBAL_CTRL
messages (sent, received)
Number of global control messages sent and received.
STACKING_LINK_INDIVIDUAL_CTRL
messages (sent, received)
Number of individual link control messages sent and received.
STACKING_LINK_STATUS messages
(sent, received)
Number of link status control messages sent and received.
STACKING_POE_SCTRL messages
(sent, received)
Number of Power over Ethernet (POE) control messages sent and
received.
STACKING_POE_STATUS messages
(sent, received)
Number of POE status messages sent and received.
global_ctrl_dest
Hexadecimal address of the global control destination.
individual_ctrl_dest
Hexadecimal address of the individual link control destination
status_dest
Number representing the destination status.
The following example shows link synchronization information for an ICX 6610.
device# show stack link-sync status
STACKING_LINK_GLOBAL_CTRL messages sent: 0, received: 0
STACKING_LINK_INDIVIDUAL_CTRL messages sent: 359, received: 0
STACKING_LINK_STATUS messages sent: 22300, received: 128883
STACKING_POE_SCTRL messages sent: 0, received: 0
STACKING_POE_STATUS messages sent: 0, received: 0
global_ctrl_dest: ffffffff
individual_ctrl_dest: ee
status_dest: 30
FastIron Command Reference
53-1003389-04
389
show stack neighbors
show stack neighbors
Displays information about stack member neighbors.
Syntax
show stack neighbors
Modes
Privileged EXEC mode
Usage Guidelines
Stack neighbors are identified by unit ID for each stack unit.
Command Output
The show stack neighbors command displays the following information:
Examples
Output field
Description
U#
The identification number of the unit in the stack. Each unit in the
stack has a unique identification number.
Stack-port1
Identifies the neighbor stack unit for stack-port1 of the stack unit
with this unit identification number (U#). The neighbor stack unit
for stack-port1 of each unit in the stack is listed.
Stack-port2
Identifies the neighbor stack unit for stack-port2 of the stack unit
with this unit identification number (U#). The neighbor stack unit
for stack-port2 of each unit in the stack is listed.
The following example output is for an ICX 6610 device in a stack with seven members.
device# show stack neighbors
U# Stack-port1
Stack-port2
1
unit7 (7/2/1-7/2/5)
unit2 (2/2/6-2/2/10)
2
unit3 (3/2/1-3/2/5)
unit1 (1/2/6-1/2/10)
3
unit2 (2/2/1-2/2/5)
unit4 (4/2/6-4/2/10)
4
unit5 (5/2/1-5/2/5)
unit3 (3/2/6-3/2/10)
5
unit4 (4/2/1-4/2/5)
unit6 (6/2/1-6/2/5)
6
unit5 (5/2/6-5/2/10)
unit7 (7/2/6-7/2/10)
7
unit1 (1/2/1-1/2/5)
unit6 (6/2/6-6/2/10)
Topology: Ring, 7 unit(s), order: 4 3 2 1 7 6 5
active
+-+
+-+
+-+
+-+
+-+
+-+
=2/1|4|2/6==2/6|3|2/1==2/1|2|2/6==2/6|1|2/1==2/1|7|2/6==2/6|6|2/1=
|
+-+
+-+
+-+
+-+
+-+
+-+
|
|
|
|
standby|
|
+-+
|
--------------------------------------------------------2/1|5|2/6=
+-+
390
FastIron Command Reference
53-1003389-04
show stack rel-ipc stats
show stack rel-ipc stats
Displays statistics on reliable Interprocessor Communications (IPC) communications that occur
between stack units during a session.
Syntax
Parameters
show stack rel-ipc stats { unit num }
rel-ipc
Abbreviation for reliable Interprocessor Communications, which designates the
proprietary packets exchanged between stack units during a communications
session.
stats
Session statistics.
unit num
Optional parameter used to specify the stack unit number for which session
statistics are to be displayed. If you do not specify a stack unit, session
statistics are displayed for all units in the stack.
Modes
Usage Guidelines
Privileged EXEC mode
To display session statistics for a particular stack unit, specify the stack unit using the unit num
parameters.
To display session statistics for all units in the stack, do not specify a stack unit.
Command Output
Depending on whether you specify a stack unit, the show stack rel-ipc stats command displays
reliable IPC statistics for all units in the stack, or for a single unit in the stack. See the example output
below.
FastIron Command Reference
53-1003389-04
391
Show Commands
Examples
The following example is reliable IPC statistics for an ICX 6610 stack.
device# show stack rel-ipc stats
Reliable IPC statistics:
Global statistics:
Pkts rcvd w/no session: 0
Msgs rcvd w/no handler: 0
Unit statistics:
Unit 2 statistics:
Msgs sent: 41384 Msgs received: 14052, Pkt sends failed: 0
Message types sent:
[9]=21674,
[10]=19703,
[11]=2,
[13]=5,
Message types received:
[9]=14016,
[10]=2,
[11]=28,
[13]=6,
Session statistics: base-channel, unit 2, channel 0:
Session state: established (last established 15 hours 33 minutes 31 seconds ago)
Connections established: 1
Remote resets: 0, Reset packets sent: 0
Connection statistics (for current connection, if established):
Msgs sent: 14636, Msgs received: 14039
Atomic batches sent: 0, Atomic batches received: 0
Pkts sent: 30892, Pkts received: 30842
Msg bytes sent: 1828190, Msg bytes received: 1232988
Pkt bytes sent: 2659848, Pkt bytes received: 1763028
Flushes requested: 30, Suspends: 0, Resumes: 0
Packets sent with data (DAT), ACKs, and window updates (WND):
Other: 888, ACK: 14010, WND: 437, ACK+WND: 0
DAT: 15556, DAT+ACK: 1, DAT+WND: 0, DAT+ACK+WND: 0
Data retransmits done: 1069, Zero-window probes sent: 0
Dup ACK pkts rcvd: 1224, Pkts rcvd w/dup data: 0
Pkts rcvd w/data past window: 0
Session statistics: image-transfer, unit 2, channel 1:
Session state: established (last established 15 hours 11 minutes 2 seconds ago)
Connections established: 1
Remote resets: 0, Reset packets sent: 0
Connection statistics (for current connection, if established):
Msgs sent: 9850, Msgs received: 1
Atomic batches sent: 0, Atomic batches received: 0
Pkts sent: 9899, Pkts received: 10606
Msg bytes sent: 10124076, Msg bytes received: 8
Pkt bytes sent: 10341308, Pkt bytes received: 127284
Flushes requested: 1, Suspends: 0, Resumes: 0
Packets sent with data (DAT), ACKs, and window updates (WND):
Other: 1, ACK: 1, WND: 0, ACK+WND: 0
DAT: 9897, DAT+ACK: 0, DAT+WND: 0, DAT+ACK+WND: 0
Data retransmits done: 49, Zero-window probes sent: 0
Dup ACK pkts rcvd: 757, Pkts rcvd w/dup data: 0
Pkts rcvd w/data past window: 0
Session statistics: ACL, unit 2, channel 3:
Session state: established (last established 15 hours 33 minutes 31 seconds ago)
Connections established: 1
Remote resets: 0, Reset packets sent: 0
Connection statistics (for current connection, if established):
Msgs sent: 7011, Msgs received: 4
Atomic batches sent: 0, Atomic batches received: 0
Pkts sent: 7588, Pkts received: 7617
Msg bytes sent: 629316, Msg bytes received: 5840
Pkt bytes sent: 802504, Pkt bytes received: 107508
Flushes requested: 0, Suspends: 0, Resumes: 0
Packets sent with data (DAT), ACKs, and window updates (WND):
Other: 1, ACK: 1, WND: 0, ACK+WND: 2
DAT: 7584, DAT+ACK: 0, DAT+WND: 0, DAT+ACK+WND: 0
Data retransmits done: 573, Zero-window probes sent: 0
Dup ACK pkts rcvd: 596, Pkts rcvd w/dup data: 0
Pkts rcvd w/data past window: 0
Session statistics: sync-reliable, unit 2, channel 4:
Session state: established (last established 15 hours 32 minutes 27 seconds ago)
Connections established: 1
Remote resets: 0, Reset packets sent: 0
Connection statistics (for current connection, if established):
Msgs sent: 27, Msgs received: 1
Atomic batches sent: 0, Atomic batches received: 0
Pkts sent: 53, Pkts received: 40
Msg bytes sent: 39420, Msg bytes received: 1460
Pkt bytes sent: 73836, Pkt bytes received: 1944
Flushes requested: 0, Suspends: 0, Resumes: 0
Packets sent with data (DAT), ACKs, and window updates (WND):
392
FastIron Command Reference
53-1003389-04
Show Commands
Other: 2, ACK: 1, WND: 0, ACK+WND: 0
DAT: 50, DAT+ACK: 0, DAT+WND: 0, DAT+ACK+WND: 0
Data retransmits done: 22, Zero-window probes sent: 0
Dup ACK pkts rcvd: 6, Pkts rcvd w/dup data: 0
Pkts rcvd w/data past window: 0
Session statistics: rconsole-server-to-2, unit 2, channel 6:
Session state: established (last established 15 hours 33 minutes 30 seconds ago)
Connections established: 1
Remote resets: 0, Reset packets sent: 0
Connection statistics (for current connection, if established):
Msgs sent: 5, Msgs received: 6
Atomic batches sent: 0, Atomic batches received: 0
Pkts sent: 14, Pkts received: 40
Msg bytes sent: 183, Msg bytes received: 56
Pkt bytes sent: 384, Pkt bytes received: 1052
Flushes requested: 5, Suspends: 0, Resumes: 0
Packets sent with data (DAT), ACKs, and window updates (WND):
Other: 4, ACK: 5, WND: 0, ACK+WND: 0
DAT: 5, DAT+ACK: 0, DAT+WND: 0, DAT+ACK+WND: 0
Data retransmits done: 0, Zero-window probes sent: 0
Dup ACK pkts rcvd: 0, Pkts rcvd w/dup data: 0
Pkts rcvd w/data past window: 0
Unit 3 statistics:
Msgs sent: 41356 Msgs received: 14007, Pkt sends failed: 0
Message types sent:
[9]=21623,
[10]=19703,
[11]=29,
[13]=1,
Message types received:
[9]=14003,
[10]=2,
[13]=2,
Session statistics: base-channel, unit 3, channel 0:
Session state: established (last established 15 hours 33 minutes 49 seconds ago)
Connections established: 1
Remote resets: 0, Reset packets sent: 0
Connection statistics (for current connection, if established):
Msgs sent: 14647, Msgs received: 14003
Atomic batches sent: 0, Atomic batches received: 0
Pkts sent: 31055, Pkts received: 31403
Msg bytes sent: 1801742, Msg bytes received: 1232204
Pkt bytes sent: 2402644, Pkt bytes received: 1877788
Flushes requested: 32, Suspends: 0, Resumes: 0
Packets sent with data (DAT), ACKs, and window updates (WND):
Other: 1269, ACK: 13911, WND: 437, ACK+WND: 0
DAT: 15346, DAT+ACK: 92, DAT+WND: 0, DAT+ACK+WND: 0
Data retransmits done: 966, Zero-window probes sent: 0
Dup ACK pkts rcvd: 661, Pkts rcvd w/dup data: 0
Pkts rcvd w/data past window: 0
Session statistics: image-transfer, unit 3, channel 1:
Session state: established (last established 15 hours 11 minutes 2 seconds ago)
Connections established: 1
Remote resets: 0, Reset packets sent: 0
Connection statistics (for current connection, if established):
Msgs sent: 9850, Msgs received: 1
Atomic batches sent: 0, Atomic batches received: 0
Pkts sent: 9930, Pkts received: 10599
Msg bytes sent: 10124076, Msg bytes received: 8
Pkt bytes sent: 10457352, Pkt bytes received: 127200
Flushes requested: 1, Suspends: 0, Resumes: 0
Packets sent with data (DAT), ACKs, and window updates (WND):
Other: 1, ACK: 1, WND: 0, ACK+WND: 0
DAT: 9928, DAT+ACK: 0, DAT+WND: 0, DAT+ACK+WND: 0
Data retransmits done: 140, Zero-window probes sent: 0
Dup ACK pkts rcvd: 798, Pkts rcvd w/dup data: 0
Pkts rcvd w/data past window: 0
Session statistics: ACL, unit 3, channel 3:
Session state: established (last established 15 hours 33 minutes 49 seconds ago)
Connections established: 1
Remote resets: 0, Reset packets sent: 0
Connection statistics (for current connection, if established):
Msgs sent: 7004, Msgs received: 0
Atomic batches sent: 0, Atomic batches received: 0
Pkts sent: 7447, Pkts received: 7300
Msg bytes sent: 616352, Msg bytes received: 0
Pkt bytes sent: 774304, Pkt bytes received: 87600
Flushes requested: 0, Suspends: 0, Resumes: 0
Packets sent with data (DAT), ACKs, and window updates (WND):
Other: 2, ACK: 0, WND: 0, ACK+WND: 0
DAT: 7445, DAT+ACK: 0, DAT+WND: 0, DAT+ACK+WND: 0
Data retransmits done: 441, Zero-window probes sent: 0
FastIron Command Reference
53-1003389-04
393
Show Commands
Dup ACK pkts rcvd: 295, Pkts rcvd w/dup data: 0
Pkts rcvd w/data past window: 0
Session statistics: rconsole-server-to-3, unit 3, channel 7:
Session state: established (last established 15 hours 33 minutes 48 seconds ago)
Connections established: 1
Remote resets: 0, Reset packets sent: 0
Connection statistics (for current connection, if established):
Msgs sent: 1, Msgs received: 2
Atomic batches sent: 0, Atomic batches received: 0
Pkts sent: 3, Pkts received: 2
Msg bytes sent: 35, Msg bytes received: 20
Pkt bytes sent: 76, Pkt bytes received: 52
Flushes requested: 1, Suspends: 0, Resumes: 0
Packets sent with data (DAT), ACKs, and window updates (WND):
Other: 1, ACK: 1, WND: 0, ACK+WND: 0
DAT: 1, DAT+ACK: 0, DAT+WND: 0, DAT+ACK+WND: 0
Data retransmits done: 0, Zero-window probes sent: 0
Dup ACK pkts rcvd: 0, Pkts rcvd w/dup data: 0
Pkts rcvd w/data past window: 0
Unit 4 statistics:
Msgs sent: 41337 Msgs received: 14035, Pkt sends failed: 0
Message types sent:
[9]=21632,
[10]=19702,
[11]=2,
[13]=1,
Message types received:
[9]=14031,
[10]=2,
[13]=2,
Session statistics: base-channel, unit 4, channel 0:
Session state: established (last established 15 hours 33 minutes 49 seconds ago)
Connections established: 1
Remote resets: 0, Reset packets sent: 0
Connection statistics (for current connection, if established):
Msgs sent: 14630, Msgs received: 14031
Atomic batches sent: 0, Atomic batches received: 0
Pkts sent: 30186, Pkts received: 31052
Msg bytes sent: 1801548, Msg bytes received: 1234680
Pkt bytes sent: 2325044, Pkt bytes received: 1857824
Flushes requested: 30, Suspends: 0, Resumes: 0
Packets sent with data (DAT), ACKs, and window updates (WND):
Other: 1199, ACK: 13879, WND: 434, ACK+WND: 4
DAT: 14522, DAT+ACK: 148, DAT+WND: 0, DAT+ACK+WND: 0
Data retransmits done: 197, Zero-window probes sent: 0
Dup ACK pkts rcvd: 560, Pkts rcvd w/dup data: 0
Pkts rcvd w/data past window: 0
Session statistics: image-transfer, unit 4, channel 1:
Session state: established (last established 15 hours 11 minutes 2 seconds ago)
Connections established: 1
Remote resets: 0, Reset packets sent: 0
Connection statistics (for current connection, if established):
Msgs sent: 9850, Msgs received: 1
Atomic batches sent: 0, Atomic batches received: 0
Pkts sent: 9852, Pkts received: 10675
Msg bytes sent: 10124076, Msg bytes received: 8
Pkt bytes sent: 10284896, Pkt bytes received: 128112
Flushes requested: 1, Suspends: 0, Resumes: 0
Packets sent with data (DAT), ACKs, and window updates (WND):
Other: 1, ACK: 1, WND: 0, ACK+WND: 0
DAT: 9850, DAT+ACK: 0, DAT+WND: 0, DAT+ACK+WND: 0
Data retransmits done: 2, Zero-window probes sent: 0
Dup ACK pkts rcvd: 826, Pkts rcvd w/dup data: 0
Pkts rcvd w/data past window: 0
Session statistics: ACL, unit 4, channel 3:
Session state: established (last established 15 hours 33 minutes 49 seconds ago)
Connections established: 1
Remote resets: 0, Reset packets sent: 0
Connection statistics (for current connection, if established):
Msgs sent: 7004, Msgs received: 0
Atomic batches sent: 0, Atomic batches received: 0
Pkts sent: 7051, Pkts received: 7240
Msg bytes sent: 616352, Msg bytes received: 0
Pkt bytes sent: 733028, Pkt bytes received: 86880
Flushes requested: 0, Suspends: 0, Resumes: 0
Packets sent with data (DAT), ACKs, and window updates (WND):
Other: 3, ACK: 0, WND: 0, ACK+WND: 0
DAT: 7048, DAT+ACK: 0, DAT+WND: 0, DAT+ACK+WND: 0
Data retransmits done: 44, Zero-window probes sent: 0
Dup ACK pkts rcvd: 234, Pkts rcvd w/dup data: 0
Pkts rcvd w/data past window: 0
Session statistics: rconsole-server-to-4, unit 4, channel 8:
Session state: established (last established 15 hours 33 minutes 48 seconds ago)
394
FastIron Command Reference
53-1003389-04
Show Commands
Connections established: 1
Remote resets: 0, Reset packets sent: 0
Connection statistics (for current connection, if established):
Msgs sent: 1, Msgs received: 2
Atomic batches sent: 0, Atomic batches received: 0
Pkts sent: 5, Pkts received: 8
Msg bytes sent: 35, Msg bytes received: 20
Pkt bytes sent: 140, Pkt bytes received: 264
Flushes requested: 1, Suspends: 0, Resumes: 0
Packets sent with data (DAT), ACKs, and window updates (WND):
Other: 2, ACK: 1, WND: 0, ACK+WND: 0
DAT: 2, DAT+ACK: 0, DAT+WND: 0, DAT+ACK+WND: 0
Data retransmits done: 1, Zero-window probes sent: 0
Dup ACK pkts rcvd: 1, Pkts rcvd w/dup data: 0
Pkts rcvd w/data past window: 0
FastIron Command Reference
53-1003389-04
395
Show Commands
The following example displays session statistics for stack unit 3.
device# show stack rel-ipc stats unit 3
Unit 3 statistics:
Msgs sent: 1217 Msgs received: 509, Pkt sends failed: 0
Message types sent:
[9]=1182,
[10]=2,
[11]=2,
[13]=2,
[19]=29,
Message types received:
[9]=506,
[10]=1,
[13]=2,
Session statistics, unit 3, channel 0:
Session state: established (last established 32 minutes 19 seconds
Connections established: 1
Remote resets: 0, Reset packets sent: 0
Connection statistics (for current connection, if established):
Msgs sent: 971, Msgs received: 506
Atomic batches sent: 0, Atomic batches received: 0
Pkts sent: 1205, Pkts received: 1088
Msg bytes sent: 44281, Msg bytes received: 19308
Pkt bytes sent: 238004, Pkt bytes received: 34652
Flushes requested: 59, Suspends: 0, Resumes: 0
Packets sent with data (DAT), ACKs, and window updates (WND):
Other: 2, ACK: 504, WND: 7, ACK+WND: 0
DAT: 691, DAT+ACK: 1, DAT+WND: 0, DAT+ACK+WND: 0
Data retransmits done: 129, Zero-window probes sent: 0
Dup ACK pkts rcvd: 18, Pkts rcvd w/dup data: 0
Pkts rcvd w/data past window: 0
Session statistics, unit 3, channel 2:
Session state: established (last established 32 minutes 17 seconds
Connections established: 1
Remote resets: 0, Reset packets sent: 0
Connection statistics (for current connection, if established):
Msgs sent: 0, Msgs received: 0
Atomic batches sent: 0, Atomic batches received: 0
Pkts sent: 1, Pkts received: 7
Msg bytes sent: 0, Msg bytes received: 0
Pkt bytes sent: 12, Pkt bytes received: 84
Flushes requested: 0, Suspends: 0, Resumes: 0
Packets sent with data (DAT), ACKs, and window updates (WND):
Other: 1, ACK: 0, WND: 0, ACK+WND: 0
DAT: 0, DAT+ACK: 0, DAT+WND: 0, DAT+ACK+WND: 0
Data retransmits done: 0, Zero-window probes sent: 0
Dup ACK pkts rcvd: 7, Pkts rcvd w/dup data: 0
Pkts rcvd w/data past window: 0
Session statistics, unit 3, channel 3:
Session state: established (last established 32 minutes 19 seconds
Connections established: 1
Remote resets: 0, Reset packets sent: 0
Connection statistics (for current connection, if established):
Msgs sent: 242, Msgs received: 0
Atomic batches sent: 0, Atomic batches received: 0
Pkts sent: 243, Pkts received: 246
Msg bytes sent: 8712, Msg bytes received: 0
Pkt bytes sent: 12596, Pkt bytes received: 2952
Flushes requested: 0, Suspends: 0, Resumes: 0
Packets sent with data (DAT), ACKs, and window updates (WND):
Other: 1, ACK: 0, WND: 0, ACK+WND: 0
DAT: 242, DAT+ACK: 0, DAT+WND: 0, DAT+ACK+WND: 0
Data retransmits done: 0, Zero-window probes sent: 0
Dup ACK pkts rcvd: 4, Pkts rcvd w/dup data: 0
Pkts rcvd w/data past window: 0
Session statistics, unit 3, channel 6:
Session state: established (last established 32 minutes 17 seconds
Connections established: 1
Remote resets: 0, Reset packets sent: 0
Connection statistics (for current connection, if established):
Msgs sent: 2, Msgs received: 2
Atomic batches sent: 0, Atomic batches received: 0
Pkts sent: 8, Pkts received: 13
Msg bytes sent: 123, Msg bytes received: 20
Pkt bytes sent: 232, Pkt bytes received: 296
Flushes requested: 2, Suspends: 0, Resumes: 0
Packets sent with data (DAT), ACKs, and window updates (WND):
Other: 5, ACK: 1, WND: 0, ACK+WND: 0
DAT: 2, DAT+ACK: 0, DAT+WND: 0, DAT+ACK+WND: 0
Data retransmits done: 0, Zero-window probes sent: 0
396
ago)
ago)
ago)
ago)
FastIron Command Reference
53-1003389-04
Show Commands
Dup ACK pkts rcvd: 6, Pkts rcvd w/dup data: 0
Pkts rcvd w/data past window: 0
FastIron Command Reference
53-1003389-04
397
show stack resource
show stack resource
Displays resource information for a stack unit.
Syntax
show stack resource
Modes
Privileged EXEC mode
Command Output
Examples
The show stack resource command displays the following information:
Output field
Description
alloc
Memory allocated
in-use
Memory in use
avail
Available memory
get-fail
The number of get requests that have failed
limit
The maximum memory allocation
get-mem
The number of get-memory requests
size
The size
init
The number of requests initiated
The following example displays stack resource statistics for an ICX 6610 stack unit.
device# show stack resource
register attribute
general 12B data
RB-tree node
variable length link
AU msg dev0
AU msg dev1
398
alloc in-use avail get-fail
4800
2710 2090
0
32
10
22
0
4096
2714 1382
0
3905
4 3901
0
4092
0 4092
0
4092
0 4092
0
limit get-mem size init
556800
4810 334 2400
7424
12
12
32
237568
3026
18 1024
905960
4
8 3905
16368
0
16 4092
16368
0
16 4092
FastIron Command Reference
53-1003389-04
show stack stack-ports
show stack stack-ports
Displays status information about stack-ports.
Syntax
show stack stack-ports
Modes
Privileged EXEC mode
Global configuration mode
Command Output
Examples
For ICX devices, an equal sign is used to indicate connections between trunk ports and the up port
status is listed for all trunked ports. The show stack stack-ports command displays the following
information:
Output field
Description
U# or ID
Stack unit identification number.
Stack-port 1
Indicates port status (up or down) and identifies the port by number (stack-ID/
slot/port).
Stack-port 2
Indicates port status (up or down) and identifies the port by number (stack-ID/
slot/port).
Stack-ID up (stack-ID/slot/port)
Indicates status (up or down) for the stack unit and the status (up or down) of
all configured stacking ports on the unit by number (stack-ID/slot/port).
The following output is for an FCX stack with five stacking units.
device(config)# show stack stack-ports
ID
Stack-port1
Stack-port2
1
up (1/2/1)
up (1/2/2)
2
up (2/2/1)
up (2/2/2)
3
up (3/2/1)
up (3/3/1)
4
up (4/2/1)
up (4/3/1)
5
up (5/2/1)
up (5/3/1)
FastIron Command Reference
53-1003389-04
399
Show Commands
The following output is for an ICX 6610 in a seven-unit stack configured in a ring topology.
device# show stack stack-ports
active
+-+
+-+
+-+
+-+
+-+
+-+
=2/1|4|2/6==2/6|3|2/1==2/1|2|2/6==2/6|1|2/1==2/1|7|2/6==2/6|6|2/1=
|
+-+
+-+
+-+
+-+
+-+
+-+
|
|
|
|
standby|
|
+-+
|
--------------------------------------------------------2/1|5|2/6=
+-+
U# Stack-port1
Stack-port2
1
up (1/2/1-1/2/5)
up (1/2/6-1/2/10)
up ports: 1/2/1, 1/2/2, 1/2/3, 1/2/4, 1/2/5
up ports: 1/2/6, 1/2/7, 1/2/8, 1/2/9, 1/2/10
2
up (2/2/1-2/2/5)
up (2/2/6-2/2/10)
up ports: 2/2/1, 2/2/2, 2/2/3, 2/2/4, 2/2/5
up ports: 2/2/6, 2/2/7, 2/2/8, 2/2/9, 2/2/10
3
up (3/2/1-3/2/5)
up (3/2/6-3/2/10)
up ports: 3/2/1, 3/2/2, 3/2/3, 3/2/4, 3/2/5
up ports: 3/2/6, 3/2/7, 3/2/8, 3/2/9, 3/2/10
4
up (4/2/1-4/2/5)
up (4/2/6-4/2/10)
up ports: 4/2/1, 4/2/2, 4/2/3, 4/2/4, 4/2/5
up ports: 4/2/6, 4/2/7, 4/2/8, 4/2/9, 4/2/10
5
up (5/2/1-5/2/5)
up (5/2/6-5/2/10)
up ports: 5/2/1, 5/2/2, 5/2/3, 5/2/4, 5/2/5
up ports: 5/2/6, 5/2/7, 5/2/8, 5/2/9, 5/2/10
6
up (6/2/1-6/2/5)
up (6/2/6-6/2/10)
up ports: 6/2/1, 6/2/2, 6/2/3, 6/2/4, 6/2/5
up ports: 6/2/6, 6/2/7, 6/2/8, 6/2/9, 6/2/10
7
up (7/2/1-7/2/5)
up (7/2/6-7/2/10)
up ports: 7/2/1, 7/2/2, 7/2/3, 7/2/4, 7/2/5
up ports: 7/2/6, 7/2/7, 7/2/8, 7/2/9, 7/2/10
400
FastIron Command Reference
53-1003389-04
show statistics l2-tunnel
show statistics l2-tunnel
Displays Layer 2 tunnel statistics such as the status of the tunnel and packet flow.
Syntax
Parameters
show statistics l2-tunnel tunnel-id
tunnel-id
Specifies the tunnel ID for the Layer 2 tunnel interface.
Modes
Privileged EXEC mode
Global configuration mode
Command Output
Examples
The show statistics l2-tunnel command displays the following information.
Output field
Description
Type
VXLAN tunnels
Tunnel Status
Status of the tunnel
Packet Received / Packet Sent
Statistics of the packet flow
KA received / KA sent
Statistics of Keepalive (Currently not supported)
The following example shows the output of the show statistics l2-tunnel command:
device# show statistics l2-tunnel
L2 Tunnels
Type
Tunnel Status Packet Received
VXLAN1
down/down
0
VXLAN2
up/up
0
History
Packet Sent
0
0
Release version
Command history
8.0.10d
This command was introduced.
FastIron Command Reference
53-1003389-04
KA recv
0
0
KA sent
0
0
401
show statistics stack-ports
show statistics stack-ports
Displays information about all stacking ports in a stack topology.
Syntax
show statistics stack-ports
Modes
Privileged EXEC mode
Command Output
Examples
The show statistics stack-ports command displays the following information:
Output field
Description
Port
The number of the port (stack-unit number, slot number, and port number).
In Packets
The number of packets received on this port (incoming packets).
Out Packets
The number of packets sent from this port (outgoing packets).
In Errors
The number of errors received on this port (incoming errors).
Out Errors
The number of errors sent from this port (outgoing errors).
The following example output is statistics for all stack ports in a stack with seven member units.
device# show statistics stack-ports
Port
1/2/1
1/2/2
2/2/1
2/2/2
3/2/1
3/2/2
4/2/1
4/2/2
5/2/1
5/2/2
6/2/1
6/3/1
7/2/1
7/3/1
TOTAL
402
In Packets
22223
35506
3161
24721
3048
13540
2862
3626
3183
3265
14020
3652
17705
4047
154559
Out Packets
4528
3844
34173
3676
23881
2857
13537
3184
3621
13508
3655
17705
3658
21802
153629
In Errors
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
Out Errors
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
FastIron Command Reference
53-1003389-04
Commands Sn - Z
FastIron Command Reference
53-1003389-04
403
snmp-server enable traps mac-notification
snmp-server enable traps mac-notification
Enables the MAC-notification trap whenever a MAC address event is generated on a device or an
interface.
Syntax
snmp-server enable traps mac-notification
no snmp-server enable traps mac-notification
Command Default
Modes
MAC-notification traps are disabled on the device.
Global configuration
Interface configuration
Usage Guidelines
Examples
The no form of this command disables SNMP traps for MAC-notification events. The SNMP MACnotification trap functionality allows an SNMPv3 trap to be sent to the SNMP manager when MAC
addresses are added or deleted in the device.
The following example enables SNMP traps on the device for MAC-notification globally:
device(config)# snmp-server enable traps mac-notification
The following example disables SNMP traps on the device for MAC-notification globally:
device(config)# no snmp-server enable traps mac-notification
History
404
Release version
Command history
08.0.10
This command was introduced.
FastIron Command Reference
53-1003389-04
snmp-server group
snmp-server group
Creates user-defined groups for SNMPv1/v2c/v3 and configures read, write, and notify permissions to
access the MIB view.
Syntax
snmp-server group groupname { v1 | v2c } [ access { standard-ACL-id | ipv6 ipv6-ACL-name } ] [
notify viewname ] [ read viewname ] [ write viewname ]
no snmp-server group groupname { v1 | v2c } [ access { standard-ACL-id | ipv6 ipv6-ACL-name } ] [
notify viewname ] [ read viewname ] [ write viewname ]
snmp-server group groupname v3 { auth | noauth | priv } [ access { standard-ACL-id | ipv6 ipv6ACL-name } ] [ notify viewname ] [ read viewname ] [ write viewname ]
no snmp-server group groupname v3 { auth | noauth | priv } [ access { standard-ACL-id | ipv6 ipv6ACL-name } ] [ notify viewname ] [ read viewname ] [ write viewname ]
Command Default
Six default groups are supported to associate the default SNMPv3 user groups and the default
SNMPv1/v2c community groups with the view configuration.
NOTE
This command is not used for SNMP version 1 and SNMP version 2. In these versions, groups and
group views are created internally using community strings. When a community string is created, two
groups are created, based on the community string name. One group is for SNMP version 1 packets,
while the other is for SNMP version 2 packets.
Parameters
groupname
Specifies the name of the SNMP group to be created.
v1
Specifies SNMP version 1.
v2c
Specifies SNMP version 2.
v3
Specifies SNMP version 3.
auth
Specifies that only authenticated packets with no privacy are allowed to access
the specified view. This parameter is available only for SNMPv3 user groups.
noauth
Specifies that no authentication and no privacy are required to access the
specified view. This parameter is available only for SNMPv3 user groups.
priv
Specifies that authentication and privacy are required from the users to access
the view. This parameter is available only for SNMPv3 user groups.
access
Specifies an access list associated with the SNMP group.
standard-ACL-id
Specifies the standard IP access list and allows the incoming SNMP packets to
be filtered based on the standard ACL attached to the group.
ipv6
Specifies the IPv6 ACL for the SNMP group.
ipv6-ACL-name
FastIron Command Reference
53-1003389-04
405
Commands Sn - Z
Specifies the IPv6 access list and allows incoming SNMP packets to be filtered
based on the IPv6 ACL attached to the group.
notify viewname
Specifies the name of the view that enables you to provide access to the MIB
for trap or inform. This allows the administrators to restrict the scope of varbind
objects that will be part of the notification. All of the varbinds need to be in the
included view for the notification to be created.
read viewname
Specifies the name of the view that enables you to provide read access.
write viewname
Specifies the name of the view that enables you to provide both read and write
access.
viewname
Specifies the name of the view to which the SNMP group members have
access. If no view is specified, then the group has no access to the MIB. The
default viewname is "all", which allows access to the entire MIB.
Modes
Usage Guidelines
Global configuration mode
Maximum number of SNMP groups supported is 10.
The no form of the command removes the configured SNMP server group.
Examples
The following example creates SNMP server group entries for SNMPv3 user group with auth
permission.
device(config)# snmp-server group admin v3 auth ipv6 acl_1 read all write all notify
all
History
406
Release version
Command history
08.0.20a
The ipv6 ipv6-ACL-name keyword-argument pair was introduced.
FastIron Command Reference
53-1003389-04
spanning-tree designated-protect
spanning-tree designated-protect
Disallows the designated forwarding state on a port in STP 802.1d or 802.1w.
Syntax
spanning-tree designated-protect
no spanning-tree designated-protect
Command Default
Modes
Usage Guidelines
STP (802.1d or 802.1w) can put a port into designated forwarding state.
Interface configuration mode
The no form of this command allows the designated forwarding state on a port in STP 802.1d or
802.1w. If STP tries to put a port into designated forwarding state, the device puts this port into the
designated inconsistent STP state. This is effectively equivalent to the listening state in STP in which a
port cannot forward any user traffic. When STP no longer marks this port as a designated port, the port
is automatically removed from the designated inconsistent state.
NOTE
You use this command to enable Designated Protection at the port-level while the designated
inconsistent state is a per-STP-instance, per-port state.
NOTE
You cannot enable Designated Protection and Root Guard on the same port.
Examples
The following example disallows the designated forwarding state on interface 1/1/1.
device(config)# ethernet interface 1/1/1
device(config-if-e1000-1/1/1)# spanning-tree designated-protect
History
Release version
Command history
07.3.00g
This command was introduced.
FastIron Command Reference
53-1003389-04
407
stack disable
stack disable
Prevents a device from joining a traditional stack and from listening for, or sending, stacking packets.
Syntax
stack disable
no stack disable
Command Default
Modes
Usage Guidelines
Examples
Stacking is disabled by default.
Global configuration mode and Stack unit configuration mode
To remove the restriction that prevents the unit from joining a stack, use the no stack disable
command.
The following example disables the device from joining a stack.
device# configure terminal
device(config)# stack disable
Disable stacking. This unit will not be a part of any stack
History
408
Release version
Command history
08.0.00a
This command was introduced.
FastIron Command Reference
53-1003389-04
stack enable
stack enable
Enables stack configuration on the device. Enter this command on the intended active controller.
Syntax
stack enable
no stack enable
Command Default
Modes
Stacking is not enabled on the device.
Global configuration mode
Stack unit configuration mode
Usage Guidelines
Use the no form of the command to remove stacking capability from the device.
NOTE
When you use the no stack enable command, the unit can still be called to join an active stack. To
prevent this, use the stack disable command instead.
You must remove all configuration information from the port before issuing the stack enable command.
For manual configuration, the stack enable command must be issued on each device in the stack.
Examples
The following example enables stack configuration on the device.
device# config terminal
device(config)# stack enable
Enable stacking. This unit actively participates in stacking
History
Release version
Command history
08.0.00a
This command was introduced.
FastIron Command Reference
53-1003389-04
409
stack mac
stack mac
Manually configures a specific MAC address for a traditional stack.
Syntax
stack mac mac-address
no stack mac mac-address
Command Default
Parameters
Beginning with FastIron release 08.0.20, when a stack is enabled or when hitless-failover occurs, a
default stack MAC address is assigned if none is configured. In earlier releases, the stack assumed the
MAC address of the active controller by default.
mac-address
Specifies the MAC address to be used for the stack.
Modes
Usage Guidelines
Active stack controller configuration mode
Enter the no form of this command to revert to the use of the active controllers' MAC address.
The MAC address is a hexadecimal value entered in the format xxxx.xxxx.xxxx.
Examples
The following example configures the stack MAC address manually as 0000.0000.0011.
device(config)# stack mac 0000.0000.0011
device(config)# show running-config
Current configuration:
!
ver 05.0.01 100T7e1
!
stack 1
module 1 fcx-48-port-copper-base-module
module 2 fcx-cx4-1-port-10g-module
priority 80
stack 2
module 1 fcx-24-port-copper-base-module
module 2 fcx-cx4-1-port-10g-module
module 3 fcx-cx4-1-port-10g-module
stack enable
stack mac 0000.0000.0011
History
410
Release version
Command history
08.0.00a
This command was introduced.
08.0.20
Stack behavior was modified so that a default MAC address is assigned when
the stack is enabled or when hitless failover occurs if no stack MAC address
has been configured.
FastIron Command Reference
53-1003389-04
stack-port
stack-port
Selects only one of the two stacking ports as a stacking port, which allows you to use the other port as a
data port.
Syntax
stack-port unit/slot/port
no stack-port
Command Default
Parameters
By default, both default ports serve as stacking ports on an FCX or ICX stack unit.
unit
Stack unit ID
slot
Slot or module on the unit where the interface resides.
port
Interface to be configured as the sole stack port on the unit.
Modes
Usage Guidelines
Stack-unit configuration mode.
The no form of the command restores both default stacking ports on the device.
The stack-port command should not be used on a live stack.
Examples
The following example configures Port 3/2/1 as the only stacking port on stack unit 3.
device# configure terminal
device(config)# stack unit 3
device(config-unit-3)# stack-port 3/2/1
Set only one stacking port 3/2/1
FastIron Command Reference
53-1003389-04
411
stack secure-setup
stack secure-setup
Configures a stack automatically, to add units to an existing traditional stack, or to change stack
member IDs.
Syntax
stack secure-setup
Modes
Privileged EXEC mode of a stack unit
Usage Guidelines
Stacking must be enabled with the stack enable command before the stack secure-setup command
can be issued.
When the stack secure-setup command is issued on a unit that is not already the active controller, the
unit becomes the active controller.
Examples
In the following example, an FCX traditional stack is formed using stack secure-setup.
device# stack secure-setup
device# Discovering the stack topology...
Current Discovered Topology - RING
Available UPSTREAM units
Hop(s) Type MAC Address
1 FCX624 0000.0039.2d40
2 FCX624 0000.00d5.2100
Available DOWNSTREAM units
Hop(s) Type MAC Address
1 FCX624 0000.00d5.2100
2 FCX624 0000.0039.2d40
Do you accept the topology (RING) (y/n)?: y
Selected Topology:
Active Id Type MAC Address
1 FCX648 0000.00ab.cd00
Selected UPSTREAM units
Hop(s) Id Type MAC Address
1 3 FCX624 0000.0039.2d40
2 2 FCX624 0000.00d5.2100
Selected DOWNSTREAM units
Hop(s) Id Type MAC Address
1 2 FCX624 0000.00d5.2100
2 3 FCX624 0000.0039.2d40
Do you accept the unit ids (y/n)?: y
412
FastIron Command Reference
53-1003389-04
stack stack-port-resiliency
stack stack-port-resiliency
Configures different levels of corrective steps that an active controller can take to fix stacking ports that
cannot send or receive packets, despite the ports being logically operational.
Syntax
stack stack-port-resiliency level
no stack stack-port-resiliency level
Command Default
Parameters
The stack-port-resiliency feature is enabled with the level variable value set to 1.
level
The value determines the corrective steps that an active controller can take
when a stack port is malfunctioning. Then value can range from 0 through 3.
Modes
Usage Guidelines
Global configuration mode
The no form of the stack stack-port-resiliency command sets the level variable value to 1.
The stack stack-port-resiliency command is only supported on an ICX 6610 in a stack.
The corrective steps that can be taken depend on the value of the level variable and involve errordisabling malfunctioning ports or reloading one or more stack units. Traffic may be disrupted for a few
seconds or longer while the port malfunction is detected and fixed.
If the level value is set to 1 and the unit with the malfunctioning port is not an active controller:
• The active controller checks whether other ports in the same static LAG are fully operational.
• If the total bandwidth of the operational static LAG is greater than or equal to 20 Gbps, the
malfunctioning port is error-disabled.
• If the total bandwidth of the operational static LAG is less than 20 Gbps and error-disabling all ports
of the LAG could disconnect one or more other units from the stack, the unit reloads.
• If the total bandwidth of the operational static LAG is less than 20 Gbps and error-disabling all ports
of the LAG would not disconnect any other units from the stack, all the ports of the LAG are errordisabled.
If the level value is set to 2 and the unit with the malfunctioning port is not the active controller, the unit
reloads. After the reload, if any other non-active controller unit is not able to communicate with the
active controller, it also reloads.
If the level value is set to 3, the corrective steps in level 2 are performed. If the port is still not operating
correctly, the entire stack reloads.
If you use the command and set the level variable value to 1, this configuration shows in the show run
command output. If you use the no form of the command, the level variable value is set to 1, but the
value does not show in the show run command output.
NOTE
You can use the show errdisable summary command to view a list of all error-disabled ports, along
with the reason the ports were error-disabled.
Examples
The following example shows the configuration of stack port resiliency on a stack with the level variable
value set to 2.
Device# configure terminal
Device(config)# stack stack-port-resiliency 2
FastIron Command Reference
53-1003389-04
413
Commands Sn - Z
History
414
Release version
Command history
07.3.00g
This command was introduced.
FastIron Command Reference
53-1003389-04
stack suggested-id
stack suggested-id
Specifies the preferred stack unit ID for a standalone device before it joins a stack.
Syntax
stack suggested-id stack-unit
no stack suggested-id stack-unit
Parameters
stack-unit
Specifies the numeric stack unit ID.
Modes
Usage Guidelines
Global configuration mode
The no form of this command removes the stack unit ID.
The stack suggested-id command is configured on a standalone device before it joins a stack and
becomes a member. The command is not for the active controller. Because the active controller always
keeps its bootup ID during stack formation, it does not use the suggested-id value.
The system attempts to assign a bootup ID of a device as its stack unit ID. However, due to timing
issues or the possible unavailability of the bootup ID, a device might not get the stack unit ID that you
want when the stack is formed. The optional stack suggested-id command allows you to specify the
stack unit ID for member devices when you are configuring a traditional or mixed stack using the
manual configuration method.
Examples
The following example sets the stack unit ID on a standalone device to 3.
device# configure terminal
device(config)# stack suggested-id 3
FastIron Command Reference
53-1003389-04
415
stack suppress-warning
stack suppress-warning
Stops periodic output of background stack diagnostic reports.
Syntax
stack suppress-warning
no stack suppress-warning
Command Default
Modes
Usage Guidelines
Examples
By default, background diagnostics are displayed periodically on the active stack controller.
Stack active controller configuration mode
Use the no form of the command to restore periodic output of background diagnostic reports.
In the following example, background diagnostic reports are turned off for the stack.
Device# configure terminal
Device(config)# stack suppress-warning
416
FastIron Command Reference
53-1003389-04
stack switch-over
stack switch-over
Switches active controllers without reloading the stack and without packet loss to services and protocols
supported by hitless stacking.
Syntax
Command Default
Modes
Usage Guidelines
stack switch-over
With FastIron release 08.0.20, the stack switch-over command is allowed by default. In earlier
releases, hitless failover must first be enabled.
Global configuration mode on a stack controller
Use the stack switch-over command before reloading or performing maintenance on the currently
active controller. Hitless failover must be enabled for the command to be used; otherwise, an error
message is issued.
The command cannot be used during stack election or during configuration of a multi-stack-trunk.
A standby controller must exist and must have learned stack protocols for the command to be used.
The standby controller must have the same priority as the active controller for the command to be used.
More than 120 seconds must have passed since the previous switchover or failover for the command to
be accepted.
Examples
The following example shows the stack switch-over command being entered and the resulting output.
You must confirm the switch-over before it can take effect by entering y when prompted.
device# stack switch-over
Standby unit 8 will become active controller, and unit 1 will become standby
Are you sure? (enter 'y' or 'n'): y
Unit 1 is no longer the active controller
History
Release version
Command history
08.0.00a
This command was introduced.
08.0.20
Hitless failover is enabled by default. The stack switch-over command is
allowed by default as a result.
FastIron Command Reference
53-1003389-04
417
stack-trunk
stack-trunk
Configures a stack to form a trunk from contiguous links on one side of a stack connection.
Syntax
stack-trunk stack-unit/slotnum/portnum to stack-unit/slotnum/portnum
no stack-trunk stack-unit/slotnum/portnum to stack-unit/slotnum/portnum
Parameters
stack-unit
Specifies the stack unit ID.
slotnum
Specifies the slot number.
portnum
Specifies the port number in the slot.
Modes
Usage Guidelines
Stack unit configuration mode
Use the no form of the command to disable the stack trunk configuration.
The stack-trunk command must be configured on the stack units on both ends of the trunk. Use this
command in a new environment on the first deployment of a stack.
To enable the stack-trunk command, the primary port in the trunk must be configured under the stackport command configuration.
Do not use the stack-trunk command in a production environment. Use the multi-stack-trunk
command instead.
Examples
In the following example, ports 1/2/3 and 1/2/4 are configured as a stacking trunk on stack unit 1.
Device# configure terminal
Device(config)# stack unit 1
Device(config-unit-1)# stack-trunk 1/2/3 to 1/2/4
418
FastIron Command Reference
53-1003389-04
stack unconfigure
stack unconfigure
Returns a stack member to its pre-stacking configuration or state.
Syntax
Parameters
stack unconfigure [ stack-unit | all | me | clean | mixed-stack ]
stack-unit
Specifies the numerical ID of a stack member. This option is available on the
active controller only.
all
Specifies all stack members. This option is available on the active controller
only.
me
Specifies the stack member from which the command is executed. The
command removes the unit from the stack and boots it up as a standalone.
When the unit rejoins the stack, its standalone startup-config file is saved in a
backup file. This option is available on stack member consoles only.
clean
Specifies that the startup configuration be removed from the unit on which the
command is executed and that the unit be rebooted as a clean unit. This option
is available on stack member consoles only.
mixed-stack
Specifies removal of all peripheral ports and peripheral trunks from ICX 6610
devices. It also specifies recovery and reload of prior ICX 6450 peripheral
device configurations, from before the ICX 6450 units were members of the
mixed stack. This option is available only on the active controller in a mixed
stack.
Modes
Usage Guidelines
Examples
Privileged EXEC mode
When a stack unit that did not have an original startup configuration file is unconfigured, it becomes a
clean unit. It is possible that this unit could automatically rejoin the stack if its module configuration
matches the configuration of the active controller. To prevent this from happening accidentally,
disconnect the unit to be unconfigured, and then issue the stack unconfigure me command on it.
Traditional stack example
In the following example, stack unit 2 is unconfigured in a traditional stack.
Device(config)# show stack
alone: standalone, D: dynamic config,
ID Typ
Role
Mac Address
Pri
1 S FCX624 active 0012.f2eb.a900 128
2 S FCX648 standby 00f0.424f.4243 0
3 S FCX624 member 00e0.5201.0100 0
S: static config
State Comment
local Ready
remote Ready
remote Ready
Device# stack unconfigure 2
Will recover pre-stacking startup config of this unit, and reset it. Are you sure?
(enter 'y' or 'n'): y
Stack 2 deletes stack bootup flash and recover startup-config.txt from .old
Device# show stack
alone: standalone,
ID Type
Role
1 S FCX624 active
2 S FCX648 member
3 S FCX624 standby
FastIron Command Reference
53-1003389-04
D: dynamic config,
Mac Address
Pri
0012.f2eb.a900 128
0000.0000.0000 0
00e0.5201.0100 0
S: static config
State
Comment
local
Ready
reserved
remote Ready
419
Commands Sn - Z
Mixed stack example
In the following example, ICX 6450 peripheral devices are removed from a mixed stack. The mixed
stack contains two ICX 6610 devices in a ring configuration in the backbone. There are two sub-stacks
of three ICX 6450 devices each in the mixed stack.
The following show stack output shows the configuration of the mixed stack before the stack
unconfigure mixed-stack command is executed. The show stack command is executed on the active
controller.
Brocade(config)# show stack
alone: standalone, D: dynamic config,
ID Typ
Role
Mac Address
Pri
1 S FCX624 active 0012.f2eb.a900 128
2 S FCX648 standby 00f0.424f.4243 0
3 S FCX624 member 00e0.5201.0100 0
S: static config
State Comment
local Ready
remote Ready
remote Ready
Brocade# stack unconfigure 2
Will recover pre-stacking startup config of this unit, and reset it. Are you sure?
(enter 'y' or 'n'): y
Stack 2 deletes stack bootup flash and recover startup-config.txt from .old
Brocade# show stack
alone: standalone, D: dynamic config,
ID Type
Role
Mac Address
Pri
1 S FCX624 active 0012.f2eb.a900 128
2 S FCX648 member 0000.0000.0000 0
3 S FCX624 standby 00e0.5201.0100 0
S: static config
State
Comment
local
Ready
reserved
remote Ready
active
standby
+---+
+---+
=2/6| 1 |2/1==2/6| 2 |2/1=
|
+---+
+---+
|
|
|
|------------------------|
active
standby
--+---+
+---+
+---+
--( 1 )3/7--2/1| 6 |2/3==2/1| 7 |2/3==2/1| 8 |2/3==3/7( 2 )
--+---+
+---+
+---+
--standby
active
--+---+
+---+
+---+
--( 2 )3/1==2/1| 5 |2/3==2/1| 4 |2/3==2/1| 3 |2/3--3/1( 1 )
--+---+
+---+
+---+
---
The following sequence shows the stack unconfigure mixed-stack command being executed on the
active controller. After confirmation, all peripheral ports and peripheral trunks are removed from the ICX
6610 units. The peripheral ICX 6450 devices recover their configurations from before they were
members of the mixed stack, and they are reloaded.
Brocade# stack unconfigure mixed-stack
All the peri-ports/trunks will be removed and all the ICX6450 units will recover
pre-mixed-stacking configuration. Are you sure? (enter 'y' or 'n'): y
Removed peri-ports from configuration: 1/3/1 1/3/7
Removed peri-trunks from configuration: 2/3/1-to-2/3/2 2/3/7-to-2/3/8
The show stack command is executed on the active controller. The output shows that the ICX 6450
devices are no longer part of the mixed stack because the MAC addresses are all zeroes, the State
column shows “reserve,” and the device status in the Comment column does not show “Ready.”
The Role column still shows “member” because the active controller holds the configuration of the
former stack member in reserve so that it can form a stack later if a stack is merged or formed.
Brocade# show stack
alone: standalone, D: dynamic config, S: static config
ID
Type
Role
Mac Address
Pri State
Comment
1 S ICX6610-24F active 748e.f891.c5b8 128 local
Ready
2 S ICX6610-48P standby 748e.f834.4d14
0 remote Ready
3 S ICX6450-24
member 0000.0000.0000
0 reserve
420
FastIron Command Reference
53-1003389-04
Commands Sn - Z
4
5
6
7
8
S
S
S
S
S
ICX6450-24P
ICX6450-24P
ICX6450-48
ICX6450-48
ICX6450-24P
member
member
member
member
member
0000.0000.0000
0000.0000.0000
0000.0000.0000
0000.0000.0000
0000.0000.0000
0
0
0
0
0
reserve
reserve
reserve
reserve
reserve
active
standby
+---+
+---+
=2/6| 1 |2/1==2/6| 2 |2/1=
|
+---+
+---+
|
|
|
|------------------------|
Use the show stack command to verify that peripheral devices, such as ICX 6450 devices, are no
longer part of the mixed stack.
In the following example, the Role column shows “alone,” which indicates a standalone device. This
means that the device was a standalone device before joining the mixed stack.
Brocade# show stack
***** Warning! stack is not enabled. *****
alone: standalone, D: dynamic config, S: static config
ID
Type
Role
Mac Address
Pri State
Comment
1 S ICX6450-24P alone
748e.f8b0.6c00
0 local
None:0
+---+
2/1| 1 |2/3
+---+
Current stack management MAC is 748e.f8b0.6c00
Note: no "stack mac" config. My MAC will change after failover.
In the following example, the Role column shows “active,” “standby,” or “member,” which indicates that
these devices are part of a stack. This means that the devices were part of a traditional stack before
joining the mixed stack.
Brocade# show stack
alone: standalone, D: dynamic config, S: static config
ID
Type
Role
Mac Address
Pri State
Comment
1 S ICX6450-24P active 748e.f8b0.6c00 128 local
Ready
2 S ICX6450-48
standby 748e.f8d4.2300
0 remote Ready
3 S ICX6450-48
member 748e.f8d4.02c0
0 remote Ready
standby
active
+---+
+---+
+---+
2/1| 3 |2/3--2/1| 2 |2/3--2/1| 1 |2/3
+---+
+---+
+---+
Standby u2 - No hitless failover. Reason: hitless-failover not configured
Current stack management MAC is 748e.f8b0.6c00
Note: no "stack mac" config. My MAC will change after failover.
History
Release
Command History
07.4.00
This command was introduced.
08.0.00a
The mixed-stack option was added. The rollback
option was deprecated.
FastIron Command Reference
53-1003389-04
421
store-and-forward
store-and-forward
Resets the switching method for forwarding packets from cut-through to store-and-forward.
Syntax
store-and-forward
no store-and-forward
Command Default
Modes
Usage Guidelines
The switching method is cut-through.
Global configuration mode
The no form of this command restores the default packet-forwarding method to cut-through.
Ethernet devices support two basic switching methods for packet forwarding: store-and-forward and cutthrough. The default method on ICX 7750 devices is cut-through. You can configure the store-and
forward command to change it to store-and-forward.
NOTE
You must save the configuration and reload for the change to take effect.
A store-and-forward device does not make a forwarding decision on a data packet until it has received
the whole frame and checked its integrity; a cut-through device starts the forwarding process soon after
it makes the forwarding decision on an incoming frame that is, it might start forwarding before the entire
packet is received. This reduces forwarding latency, especially for longer packets. However, there are
many factors to consider when selecting which switching method is best for your environment and in
some cases it is desirable to change from the default method and configure a device to store-andforward.
The following table describes some of the differences in how packets are handled depending on the
switching method.
Examples
Feature
Cut-through
Store-and-forward
Forwarding
Data forwarding starts before an entire packet
is received
Device waits for entire packet received before
processing.
Latency
Low latency, less than 1 micro second.
Higher latency; latency depends on frame size.
FCS Errors
FCS errors may be propagated from one
device to another.
FCS errors are checked and error packets are
discarded in the MAC receive.
MTU size
MTU size is validated by MAC receive.
Oversize packets are marked as error packets
but not dropped in the MAC receive.
MTU size is validated by MAC receive. Oversize
packets are dropped at the MAC layer.
This example globally enables store-and-forward packet switching and saves the configuration.
Device(config)# store-and-forward
Device(config)# write memory
Device(config)# end
History
422
Release version
Command history
08.0.10b
This command was introduced.
FastIron Command Reference
53-1003389-04
symmetrical-flow-control enable
symmetrical-flow-control enable
Enables symmetrical flow control (SFC) globally for priorities.
Syntax
symmetrical-flow-control enable [ all ]
no symmetrical-flow-control enable
Command Default
Parameters
SFC is globally disabled.
all
Specifies SFC on all priorities. If you do not specify the all keyword, SFC is
enabled only on priorities 0-4. This parameter is optional.
Modes
Usage Guidelines
Global configuration mode
The no form of this restores the default flow-control settings.
Configuring the symmetrical-flow-control enable command enables SFC globally for priorities 0-4 by
default and optionally for all priorities (0-7)
By default, the system runs in tail-drop mode, with all ports honoring 802.3x flow control and disabling
802.3x transmit. The symmetrical-flow-control enable command enables transmission of 802.3x
pause frames.
Configuring the symmetrical-flow-control enable command changes priority-to-PG mapping.
You cannot configure the symmetrical-flow-control enable command if the priority-flow-control
command is enabled.
If the symmetrical-flow-control enable command is not enabled, you cannot configure the flowcontrol generate-only or the flow-control both commands in interface configuration mode.
NOTE
In FastIron Release 08.0.20 and later releases, SFC is not supported for ports across stack units in ICX
7750 devices or across stack units or for ports across master and slave packet-processor (pp) devices
in ICX7450-48 units.
Examples
The following example shows how to enable SFC:
Device(config)# symmetrical-flow-control enable
The following example shows how to enable all priorities to send the IEEE 802.3x pause:
Device(config)# symmetrical-flow-control enable all
The following example shows how to enable SFC for Generate-only mode:
Device(config)# symmetrical-flow-control enable
Device(config)# flow-control generate-only
The following example shows how to enable SFC for both Honor and Generate-only mode:
Device(config)# symmetrical-flow-control enable
Device(config)# flow-control both
History
Release version
Command history
8.0.10
This command was introduced.
FastIron Command Reference
53-1003389-04
423
system-max igmp-snoop-group-addr
system-max igmp-snoop-group-addr
Sets the maximum number of IGMP group addresses on a device.
Syntax
system-max igmp-snoop-group-addr num
no system-max igmp-snoop-group-addr
Command Default
Parameters
The default number of IGMP group addresses is supported.
num
Specifies the maximum number of IGMP group addresses supported. The
range is a value from 256 through 8192. The default for IGMP snooping group
addresses is 4096, except for ICX 6430 devices where the default is 1024.
Modes
Usage Guidelines
Global configuration mode
The no form of this command restores the default maximum.
The configured number of IGMP group addresses is the upper limit of an expandable database. Client
memberships exceeding the group limit are not processed.
The following describes the IGMP group address limits for Brocade devices:
•
•
•
•
•
Examples
FCX, FSX, ICX 6610, and ICX 6450 devices support up to 8192 IGMP group addresses.
ICX 6430 devices support up to 4096 IGMP group addresses.
ICX 6650 devices support 8192 IGMP group addresses.
ICX 7750 switches support 8192 IGMP group addresses.
ICX 7750 routers support 6K IGMP group addresses.
This example shows how to set maximum number of IGMP snooping group addresses to 1600.
Device(config)#system-max igmp-snoop-group-addr 1600
424
FastIron Command Reference
53-1003389-04
system-max igmp-snoop-mcache
system-max igmp-snoop-mcache
Configures the maximum number of IGMP snooping cache entries supported on a device.
Syntax
system-max igmp-snoop-mcache num
no system-max igmp-snoop-mcache
Command Default
Parameters
The default number of IGMP snooping cache entries is supported.
num
Specifies the maximum number of IGMP snooping cache entries supported.
The range is a value from 256 through 8192. The default is 512 entries except
on ICX 6430 devices, where the default is 256.
Modes
Usage Guidelines
Global configuration mode
The no form of this command restores the default maximum.
The following describes the IGMP snooping multicast cache (mcache) resource limits for Brocade
devices:
•
•
•
•
•
Examples
FCX, FSX, ICX 6610, and ICX 6450 devices support up to 8192 IGMP snooping mcache entries.
ICX 6430 devices support up to 2048 IGMP snooping mcache entries.
ICX 6650 devices support 8192 IGMP snooping mcache entries.
ICX 7750 switches support 8192 IGMP snooping mcache entries.
ICX 7750 routers support 6K IGMP snooping mcache entries.
This example shows how to configure the maximum number of IGMP snooping mcache entries
supported on the device to 2000.
Device(config)#system-max igmp-snoop-mcache 2000
FastIron Command Reference
53-1003389-04
425
system-max mac-notification-buffer
system-max mac-notification-buffer
Changes the value of the MAC-notification buffer.
Syntax
system-max mac-notification-buffer size
no system-max mac-notification-buffer size
Command Default
Parameters
The default buffer size is 4000.
size
Sets the buffer queue size to maintain MAC-notification events.
Modes
Global configuration
Usage Guidelines
Examples
This example changes the value of the MAC-notification buffer:
device(config)# system-max mac-notification-buffer 8000
This example sets the MAC-notification buffer to default size:
device(config)# no system-max mac-notification-buffer 4000
History
426
Release version
Command history
08.0.10
This command was introduced.
FastIron Command Reference
53-1003389-04
system-max mld-snoop-group-addr
system-max mld-snoop-group-addr
Sets the maximum number of multicast listening discovery (MLD) group addresses on a device.
Syntax
system-max mld-snoop-group-addr num
no system-max mld-snoop-group-addr
Command Default
Parameters
The default number of MLD group addresses is supported.
num
Specifies the maximum number of MLD group addresses supported. The range
is a value from 256 through 8192. The default for MLD snooping group
addresses is 4096, except for ICX 6430 devices where the default is 1024.
Modes
Usage Guidelines
Global configuration mode
The no form of this command restores the default maximum.
The configured number of MLD group addresses is the upper limit of an expandable database. Client
memberships exceeding the group limit are not processed.
The following describes the MLD group address limits for Brocade devices:
•
•
•
•
•
Examples
FCX, FSX, ICX 6610, and ICX 6450 devices support up to 8192 MLD group addresses.
ICX 6430 devices support up to 4096 MLD group addresses.
ICX 6650 devices support 8192 MLD group addresses.
ICX 7750 switches support 8192 MLD group addresses.
ICX 7750 routers support 6K MLD group addresses.
This example shows how to set maximum number of MLD snooping group addresses to 4000.
Device(config)#system-max mld-snoop-group-addr 4000
FastIron Command Reference
53-1003389-04
427
system-max mld-snoop-mcache
system-max mld-snoop-mcache
Configures the maximum number of multicast listening discovery (MLD) snooping cache entries
supported on a device.
Syntax
system-max mld-snoop-mcache num
no system-max mld-snoop-mcache
Command Default
Parameters
The default number of MLD snooping cache entries is supported.
num
Specifies the maximum number of MLD snooping cache entries supported. The
range is 256 to 8192. The default is 512 entries except on ICX 6430 devices,
where the default is 256.
Modes
Usage Guidelines
Global configuration mode
The no form of this command restores the default maximum.
The following describes the MLD snooping multicast cache (mcache) resource limits for Brocade
devices:
• FCX, FSX, ICX 6610, ICX 6450 and ICX 6650 devices support up to 8192 MLD snooping mcache
entries.
• ICX 6430 devices support up to 2048 MLD snooping mcache entries.
• ICX 7750 routers support 3072 MLD snooping mcache entries; ICX 7750 switches support 8192
MLD snooping mcache entries.
• In Release 8.0.10a and later releases, ICX 7750 routers support 6144 MLD snooping mcache
entries; ICX 7750 switches support 8192 MLD snooping mcache entries.
Examples
This example shows how to set the maximum number of MLD snooping mcache entries to 8000.
Device(config)#system-max mld-snoop-mcache 8000
428
FastIron Command Reference
53-1003389-04
traffic-policy count
traffic-policy count
Configures a traffic policy and enables counting the number of bytes and the conformance level per
packet.
Syntax
traffic-policy traffic-policy-def count
no traffic-policy traffic-policy-def count
Command Default
Parameters
No traffic policy is applied.
traffic-policy-def
Specifies the name of the traffic policy definition, in no more than seven
alphanumeric characters.
Modes
Usage Guidelines
Examples
Global configuration mode
The no form of this command deletes a traffic policy definition.
This example configures a traffic policy named TPD and enables counting of bytes and conformance
levels.
device#configure terminal
device(config)#traffic-policy TPD count
FastIron Command Reference
53-1003389-04
429
traffic-policy rate-limit adaptive
traffic-policy rate-limit adaptive
Configures an ACL-based flexible-bandwidth traffic policy to define rate limits on packets so that you
can allow for bursts above the limit.
Syntax
traffic-policy traffic-policy-def rate-limit adaptive cir cir-value cbs cbs-value pir pir-value pbs pbsvalue count
traffic-policy traffic-policy-def rate-limit adaptive cir cir-value cbs cbs-value pir pir-value pbs pbsvalue exceed-action drop [ count ]
traffic-policy traffic-policy-def rate-limit adaptive cir cir-value cbs cbs-value pir pir-value pbs pbsvalue exceed-action permit-at-low-pri [ count | remark-cos [ count ] ]
no traffic-policy traffic-policy-def rate-limit adaptive cir cir-value cbs cbs-value pir pir-value pbs pbsvalue count
no traffic-policy traffic-policy-def rate-limit adaptive cir cir-value cbs cbs-value pir pir-value pbs pbsvalue exceed-action drop [ count ]
no traffic-policy traffic-policy-def rate-limit adaptive cir cir-value cbs cbs-value pir pir-value pbs pbsvalue exceed-action permit-at-low-pri [ count | remark-cos [ count ] ]
Command Default
Parameters
No traffic policy is applied.
traffic-policy-def
Specifies the name of the traffic policy definition, in no more than seven
alphanumeric characters.
count
Enables counting the number of bytes and the conformance level per packet.
The single-rate three-color marker (srTCM) mechanism described in RFC 2697
is used.
cir cir-value
Specifies the committed information rate (CIR) in Kbps, that is, the guaranteed
rate of inbound traffic that is allowed on a port. The range is 64 through
1,000,000 Kbps. On ICX 6650 devices, the cir-value is the rate in packets per
second. The range is 125 through 15,000,000 packets per second.
cbs cbs-value
Specifies the committed burst size (CBS), that is, the number of bytes per
second allowed on a port before some packets exceed the CIR. You must
specify a value greater than 0. On ICX 6650 devices, the cbs-value is the rate
in packets per second.
pir pir-value
Specifies the peak information rate (PIR) in Kbps, that is, the most inbound
traffic that is allowed on a port. On ICX 6650 devices, the cir-value is the rate in
packets per second. The pir-valuemust be equal to or greater than the cir-value.
pbs pbs-value
Specifies the peak burst size (PBS), that is, the most bytes per second allowed
in a burst before all packets exceed the PIR. You must specify a value greater
than 0. On ICX 6650 devices, the pbs-value is the rate in packets per second.
exceed-action
430
FastIron Command Reference
53-1003389-04
Commands Sn - Z
Specifies the action for traffic that is more than is configured in the cir-value
variable. If you do not configure this keyword, traffic that exceeds the cir-value
is dropped
drop
Specifies dropping traffic that exceeds the rate limit.
count
Enables counting the number of bytes and the conformance level per packet.
The two-rate three-color marker (trTCM) mechanism described in RFC 2698 is
used.
permit-at-low-pri
Specifies permitting packets that exceed the cir-value and forward them at the
lowest priority.
remark-cos
Sets the 802.1p priority of dropped packets to 0, that is, it sets the COS/PCP
field value to 0 for the low priority traffic for any packet exceeding the rate limit
set by the traffic policy
Modes
Usage Guidelines
Global configuration mode
The no form of this command deletes a traffic policy definition.
Traffic policies must be referenced by one or more ACLs before they can be effective. The policies are
effective on ports to which the ACLs that reference them are bound.
NOTE
You cannot delete a traffic policy definition that a port is currently using. To delete a traffic policy, you
must first unbind the associated ACL.
It is recommended that you specify a PBS value that is equal to or greater than the size of the largest
possible IP packet in the stream.
Examples
This example configures a traffic policy named TPDA4 that specifies a CIR of 10000 Kbps, a CBS of
1600 Kbps, a PIR of 20000 Kbps, and a PBS of 1000 Kbps a and dropping any traffic that exceeds
those limits.
device#configure terminal
device(config)#traffic-policy TPDA4 rate-limit adaptive cir 10000 cbs 1600 pir
20000 pbs 4000 exceed-action drop
FastIron Command Reference
53-1003389-04
431
traffic-policy rate-limit fixed
traffic-policy rate-limit fixed
Configures an ACL-based fixed-rate traffic policy to define rate limits on packets. It either drops all
traffic that exceeds the limit, or forwards it at the lowest priority level.
Syntax
traffic-policy traffic-policy-def rate-limit fixed cir-value count
traffic-policy traffic-policy-def rate-limit fixed cir-value exceed-action drop [ count ]
traffic-policy traffic-policy-def rate-limit fixed cir-value exceed-action permit-at-low-pri [ count |
remark-cos [ count ] ]
no traffic-policy traffic-policy-def rate-limit fixed cir-value count
no traffic-policy traffic-policy-def rate-limit fixed cir-value exceed-action drop [ count ]
no traffic-policy traffic-policy-def rate-limit fixed cir-value exceed-action permit-at-low-pri [ count |
remark-cos [ count ] ]
Command Default
Parameters
No traffic policy is applied.
traffic-policy-def
Specifies the name of the traffic policy definition, in no more than seven
alphanumeric characters.
cir-value
Specifies the committed information rate (CIR) in Kbps, that is, the guaranteed
rate of inbound traffic that is allowed on a port. The range is 64 through
1,000,000 Kbps. On ICX 6650 devices, the cir-value is the rate in packets per
second. The range is 125 through 15,000,000 packets per second
count
Enables counting the number of bytes and the conformance level per packet.
The single-rate three-color marker (srTCM) mechanism described in RFC 2697
is used.
exceed-action
Specifies the action for traffic that is more than is configured in the cir-value
variable. If you do not configure this keyword, traffic that exceeds the cir-value
is dropped
drop
Specifies dropping traffic that exceeds the rate limit.
count
Enables counting the number of bytes and the conformance level per packet.
The single-rate three-color marker (srTCM) mechanism described in RFC 2697
is used.
permit-at-low-pri
Specifies permitting packets that exceed the cir-value and forward them at the
lowest priority.
remark-cos
Sets the 802.1p priority of dropped packets to 0, that is, it sets the COS/PCP
field value to 0 for the low priority traffic for any packet exceeding the rate limit
set by the traffic policy
Modes
432
Global configuration mode
FastIron Command Reference
53-1003389-04
Commands Sn - Z
Usage Guidelines
The no form of this command deletes a traffic policy definition.
Traffic policies must be referenced by one or more ACLs before they can be effective. The policies are
effective on ports to which the ACLs that reference them are bound.
NOTE
You cannot delete a traffic policy definition that is currently in use on a port. To delete a traffic policy,
you must first unbind the associated ACL.
Examples
This example configures a traffic policy named TPD1 that specifies a CIR of 100 Kbps and dropping any
traffic that exceeds the limit.
device#configure terminal
device(config)#traffic-policy TPD1 rate-limit fixed 100 exceed-action drop
FastIron Command Reference
53-1003389-04
433
use-v2-checksum
use-v2-checksum
Enables the v2 checksum computation method for a VRRPv3 IPv4 session.
Syntax
use-v2-checksum
no use-v2-checksum
Command Default
Modes
Usage Guidelines
VRRPv3 uses v3 checksum computation method.
VRRP configuration mode
The no form of this command enables the default v3 checksum computation method in VRRPv3
sessions.
Some non-Brocade devices only use the v2 checksum computation method in VRRPv3. This command
enables v2 checksum computation method in VRRPv3 and provides interoperability with these nonBrocade devices.
Examples
The following example shows the v2 checksum computation method enabled in IPv4 and IPv6 VRRPv3
instances.
IPv6 :
Brocade(config)# interface ve 3
Brocade(config-vif-3)# ipv6 vrrp vrid 2
Brocade(config-vif-3-vrid-2)# use-v2-checksum
IPv4 :
Brocade(config)# interface ve 3
Brocade(config-vif-3)# ipv4 vrrp vrid 2
Brocade(config-vif-3-vrid-2)# version v3
Brocade(config-vif-3-vrid-2)# use-v2-checksum
History
434
Release version
Command history
08.0.01
This command was introduced for IPv6 VRRPv3 sessions running on
FastIron device images.
08.0.10b
This command was introduced for IPv4 VRRPv3 sessions running on
FastIron device images.
FastIron Command Reference
53-1003389-04
version
version
Allows you to select either version 2 or version 3 of VRRP.
Syntax
version {v2 |v3}
no version v3
Command Default
Parameters
The default is VRRP version 2.
v2
Selects version 2 of VRRP.
v3
Selects version 3 of VRRP.
Modes
Usage Guidelines
Examples
VRRP virtual router ID configuration.
You can choose either version 2 or version 3 of IPv4 VRRP. The default IPv4 VRRP configuration is
VRRPv2. The VRRPv3 functionality is enabled only after you configure version 3. Use the no version
v3 or version v2 commands to roll back to the default (VRRPv2).
The following example configures the VRRP owner router for IPv4.
device(config)#router vrrp
device(config)#interface ethernet 1/6
device(config-if-1/6)#ip-address 192.53.5.1
device(config-if-1/6)#ip vrrp vrid 1
device(config-if-1/6-vrid-1)#owner
device(config-if-1/6-vrid-1)# version v3 | v2
device(config-if-1/6-vrid-1)#ip-address 192.53.5.1
device(config-if-1/6-vrid-1)#activate
The following example configures the VRRP backup router for IPv4.
device(config)#router vrrp
device(config)#interface ethernet 1/5
device(config-if-1/5)#ip-address 192.53.5.3
device(config-if-1/5)#ip vrrp vrid 1
device(config-if-1/5-vrid-1)#backup
device(config-if-1/6-vrid-1)# version v3 |v2
device(config-if-1/5-vrid-1)#advertise backup
device(config-if-1/5-vrid-1)#ip-address 192.53.5.1
device(config-if-1/5-vrid-1)#activate
History
Release version
Command history
08.0.10
This command was introduced.
FastIron Command Reference
53-1003389-04
435
vxlan vlan
vxlan vlan
Configures the VXLAN membership of the port by specifying the VLAN port and VNI for VXLAN
mapping.
Syntax
vxlan vlan vlan-id vni vni-id l2-tunnel tunnel-id
no vxlan vlan vlan-id vni vni-id l2-tunnel tunnel-id
Command Default
Parameters
No VXLAN mapping to the tunnel.
vlan-id
Specifies the VLAN ID mapped to the VXLAN segment.
vni vni-id
Specifies the VXLAN segment ID to which the VLAN is mapped. This allows the
extension of the Layer 2 VLAN segment to a remote location.
l2-tunnel tunnel-id
Specifies the Layer 2 tunnel that carries the specified VNI.
Modes
Usage Guidelines
Interface configuration mode
The command enables VLAN-to-VXLAN translation.
Using the VXLAN maps, a VLAN is mapped to a VNI on a VXLAN Layer 2 tunnel and vice versa. Once
the VXLAN mapping is configured, all frames belonging to a given {Port, VLAN} pair are "switched" into
the VXLAN Layer 2 tunnel, using the VNI configured in the mapping.
When a VXLAN packet destined to the VXLAN gateway (identified by the UDP destination port) is
received, the gateway strips off the VXLAN header. The VNI carried in the VXLAN header identifies the
VXLAN segment and assigns a unique outgoing port and a VLAN for the frame.
The no form of the command disables VLAN-to-VXLAN translation.
NOTE
No {DMAC, VLAN} based bridging is performed in the E-Line service.
Examples
The following example configures the VXLAN mapping to the tunnel:
device# configure terminal
device(config)# interface ethernet 1/1/1
device(config-if-e10000-1/1/1)# vxlan vlan 10 vni 1010 l2-tunnel 1
The details of the VXLAN mapping to the tunnel are displayed in the show interface ethernet
command output for the specified .
device# show interface ethernet 1/1/1
VXLAN mappings:
vlan 10 vni 1010 L2-Tunnel 1
History
436
Release version
Command history
08.0.10d
This command was introduced.
FastIron Command Reference
53-1003389-04
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.6 Linearized : Yes Author : Brocade Communications Inc Create Date : 2016:01:21 19:47:56-08:00 Modify Date : 2016:01:30 06:44:02-08:00 Language : EN XMP Toolkit : Adobe XMP Core 5.2-c001 63.139439, 2010/09/27-13:37:26 Creator Tool : AH Formatter V5.3 MR3 (5,3,2011,1116) for Windows (x64) Metadata Date : 2016:01:30 06:44:02-08:00 Producer : Antenna House PDF Output Library 2.6.0 (Windows (x64)) Trapped : False Format : application/pdf Title : FastIron Command Reference, 08.0.20c Creator : Brocade Communications Inc Document ID : uuid:e19d04b3-5495-4e0c-86cc-12cd4bad4962 Instance ID : uuid:7783a86c-beae-4988-b005-6760e7bfbac5 Page Mode : UseOutlines Page Count : 436EXIF Metadata provided by EXIF.tools