Basic Configuration Commands - Romsat · 2016-02-03 · Baisc Configuration Commands format...

Basic Configuration Commands

Table of Contents

Table of Contents

Chapter 1 System Management Commands........................................................................................................................ 1 1.1 Configuring File Management Commands............................................................................................................ 1

1.1.1 Copy.......................................................................................................................................................... 1 1.1.2 Delete........................................................................................................................................................ 2 1.1.3 dir .............................................................................................................................................................. 2 1.1.4 ip address.................................................................................................................................................. 3 1.1.5 ip route ...................................................................................................................................................... 3 1.1.6 show configuration .................................................................................................................................... 4 1.1.7 format ........................................................................................................................................................ 4 1.1.8 more .......................................................................................................................................................... 5

1.2 BasicSystemManagementCommands .................................................................................................................. 5 1.2.1 boot flash................................................................................................................................................... 6 1.2.2 cd............................................................................................................................................................... 7 1.2.3 chinese...................................................................................................................................................... 7 1.2.4 chram ........................................................................................................................................................ 8 1.2.5 date ........................................................................................................................................................... 8 1.2.6 english ....................................................................................................................................................... 9 1.2.7 md ........................................................................................................................................................... 10 1.2.8 pwd.......................................................................................................................................................... 10 1.2.9 rd ............................................................................................................................................................. 11 1.2.10 rename .................................................................................................................................................. 11 1.2.11 reboot .................................................................................................................................................... 12 1.2.12 alias ....................................................................................................................................................... 12 1.2.13 boot system flash .................................................................................................................................. 13 1.2.14 help........................................................................................................................................................ 14 1.2.15 history.................................................................................................................................................... 14 1.2.16 show alias.............................................................................................................................................. 15 1.2.17 show job ................................................................................................................................................ 16 1.2.18 show break............................................................................................................................................ 17 1.2.19 show memory........................................................................................................................................ 17

1.3 HTTP Configuration Command ........................................................................................................................... 18 1.3.1 ip http access-class ................................................................................................................................. 18 1.3.2 ip http port ............................................................................................................................................... 19 1.3.3 ip http server............................................................................................................................................ 19 1.3.4 debug ip http............................................................................................................................................ 20

Chapter 2 Terminal Service Configuration Command........................................................................................................ 21 2.1 Telnet Configuration Command ........................................................................................................................... 21

2.1.1 telnet........................................................................................................................................................ 21 2.1.2 ip telnet.................................................................................................................................................... 23 2.1.3 ctrl-shift-6+x (the current connection is mounted) ................................................................................... 24 2.1.4 where....................................................................................................................................................... 25 2.1.5 resume .................................................................................................................................................... 26 2.1.6 disconnect ............................................................................................................................................... 27

- I -

Table of Contents

2.1.7 switchkey................................................................................................................................................. 28 2.1.8 switchmsg................................................................................................................................................ 29 2.1.9 sequence-char......................................................................................................................................... 29 2.1.10 clear telnet............................................................................................................................................. 31 2.1.11 show telnet ............................................................................................................................................ 32 2.1.12 debug telnet........................................................................................................................................... 32

2.2 Terminal Configuration Command....................................................................................................................... 33 2.2.1 attach-port ............................................................................................................................................... 34 2.2.2 autocommand.......................................................................................................................................... 34 2.2.3 clear line .................................................................................................................................................. 35 2.2.4 connect.................................................................................................................................................... 35 2.2.5 disconnect ............................................................................................................................................... 35 2.2.6 exec-timeout............................................................................................................................................ 36 2.2.7 length....................................................................................................................................................... 36 2.2.8 line........................................................................................................................................................... 37 2.2.9 location .................................................................................................................................................... 37 2.2.10 login authentication ............................................................................................................................... 38 2.2.11 monitor................................................................................................................................................... 38 2.2.12 no debug all........................................................................................................................................... 38 2.2.13 password............................................................................................................................................... 39 2.2.14 resume .................................................................................................................................................. 39 2.2.15 switchkey............................................................................................................................................... 40 2.2.16 sequence-char....................................................................................................................................... 40 2.2.17 show debug........................................................................................................................................... 41 2.2.18 show line ............................................................................................................................................... 41 2.2.19 switchmsg.............................................................................................................................................. 41 2.2.20 terminal length....................................................................................................................................... 42 2.2.21 terminal monitor..................................................................................................................................... 43 2.2.22 terminal width ........................................................................................................................................ 43 2.2.23 terminal-type.......................................................................................................................................... 44 2.2.24 where..................................................................................................................................................... 44 2.2.25 width...................................................................................................................................................... 45

Chapter 3 Network Management Configuration Commands.............................................................................................. 46 3.1 SNMP Commands............................................................................................................................................... 46

3.1.1 snmp-server community .......................................................................................................................... 46 3.1.2 snmp-server contact................................................................................................................................ 47 3.1.3 snmp-server host..................................................................................................................................... 48 3.1.4 snmp-server location............................................................................................................................... 49 3.1.5 snmp-server packetsize .......................................................................................................................... 50 3.1.6 snmp-server queue-length ...................................................................................................................... 50 3.1.7 snmp-server trap-source ......................................................................................................................... 51 3.1.8 snmp-server trap-timeout ........................................................................................................................ 52 3.1.9 snmp-server view .................................................................................................................................... 52 3.1.10 snmp-server udp-port ............................................................................................................................ 54 3.1.11 snmp-server source-addr ...................................................................................................................... 54 3.1.12 snmp-server encryption......................................................................................................................... 55

- II -

Table of Contents

3.1.13 show snmp ............................................................................................................................................ 56 3.1.14 debug snmp........................................................................................................................................... 58

3.2 Configuring RMON Commands........................................................................................................................... 60 3.2.1 rmon alarm .............................................................................................................................................. 60 3.2.2 rmon event .............................................................................................................................................. 61 3.2.3 rmon collection stat ................................................................................................................................. 62 3.2.4 rmon collection history............................................................................................................................. 62 3.2.5 show rmon............................................................................................................................................... 63

3.3 Configuring PDP Commands .............................................................................................................................. 63 3.3.1 pdp timer ................................................................................................................................................. 64 3.3.2 pdp holdtime............................................................................................................................................ 64 3.3.3 pdp version.............................................................................................................................................. 65 3.3.4 pdp run .................................................................................................................................................... 65 3.3.5 pdp enable............................................................................................................................................... 66 3.3.6 show pdp traffic ....................................................................................................................................... 66 3.3.7 show pdp neighbour ................................................................................................................................ 67

Chapter 4 Maintenance and Debugging Tool Commands.................................................................................................. 68 4.1 Network Testing Tool Commands ........................................................................................................................ 68

4.1.1 ping.......................................................................................................................................................... 68 4.2 System Debugging Commands........................................................................................................................... 70 4.3 Fault Diagnosis Commands ................................................................................................................................ 70

4.3.1 logging..................................................................................................................................................... 70 4.3.2 logging buffered....................................................................................................................................... 71 4.3.3 logging console ....................................................................................................................................... 72 4.3.4 logging facility.......................................................................................................................................... 73 4.3.5 logging monitor........................................................................................................................................ 74 4.3.6 logging on................................................................................................................................................ 75 4.3.7 logging trap.............................................................................................................................................. 77 4.3.8 service timestamps.................................................................................................................................. 78 4.3.9 clear logging............................................................................................................................................ 78 4.3.10 show break............................................................................................................................................ 79 4.3.11 show controller ...................................................................................................................................... 80 4.3.12 show debug........................................................................................................................................... 82 4.3.13 show logging ......................................................................................................................................... 83

Chapter 5 SSH Configuration Commands.......................................................................................................................... 84 5.1.1 ip sshd enable ......................................................................................................................................... 84 5.1.2 ip sshd timeout ........................................................................................................................................ 84 5.1.3 ip sshd auth-method................................................................................................................................ 85 5.1.4 ip sshd access-class ............................................................................................................................... 85 5.1.5 ip sshd auth-retries.................................................................................................................................. 86 5.1.6 ip sshd clear ............................................................................................................................................ 87 5.1.7 ssh........................................................................................................................................................... 87 5.1.8 show ssh ................................................................................................................................................. 88 5.1.9 show ip sshd............................................................................................................................................ 89

Chapter 6 Other system Command.................................................................................................................................... 90

- III -

Table of Contents

6.1 The link scan command....................................................................................................................................... 90

- IV -

Baisc Configuration Commands

Chapter 1 System Management Commands

1.1 Configuring File Management Commands copy

delete

dir

ip address

ip route

show configuration

format

more

1.1.1 Copy

To read a file from the tftp server to a switch, use the copy command.

copy tftp<:filename> {flash<:filename>|rom} [ip_addr]

Parameter

Parameter Description

tftp<:filename> Read a file from the tftp server. Filename indicates the relevant filename. If not specified the filename, the system will prompt user to input the filename after executing the copy command.

flash <:filename> Write a file to the flash memory of the switch. Filename indicates the relevant filename. If not specified the filename, the system will prompt user to input the filename after executing the copy command.

rom Updates bootrom for the switch. ip_addr Specifies the IP address of tftp srever. If not specified, the

system will prompt user to input the IP address after executing the copy command.

Default

none

Command mode

monitor mode

Instrution

none

- 1 -


Example

monitor#copy tftp:switch.bin flash:switch.bin 192.2.2.1 The example shows how to read the switch.bin file from the tftp server to the

flash memory of the switch.

Related commands

none

1.1.2 Delete

To delete a file, use the delete command.

delete file-name

Parameter


file-name Specifies the filename (maximum 20 characters)

Default

If the file name is not specified, the system will delete the startup-config file by default.

Command mode

monitor mode

Instruction

none

Related commands

none

1.1.3 dir

To display filename, use the dir command.

dir file-name

Parameter


file-name Specifies the filename (maximum 20 characters)

- 2 -


Default

none

Command mode

monitor mode

Instruction

none

Related commands

none

1.1.4 ip address

To set an IP address for an Ethernet interface, use the ip address command.

ip address ip-address mask

Parameter


ip-address IP address mask IP network mask

Default

none

Command mode

monitor mode

Instruction

none

Example

monitor#ip address 192.168.1.1 255.255.255.0

Related commands

ip route

ping

1.1.5 ip route

To specify a default gateway, use the ip route default command.

ip route default gw_ip_addr

- 3 -


Parameter


gw_ip_addr Default gateway address

Default

none

Command mode

monitor mode

Instrution

none

Example

monitor#ip route default 192.168.1.3

Related commands

ip address

1.1.6 show configuration

To display the running configuration file, use the show configuration command.

show configuration

Parameter

none

Default

none

Command mode

monitor mode

Instrution

none

Related commands

none

1.1.7 format

To format file system, use the format command.

- 4 -


format

Parameter

none

Default

none

Command mode

EXEC

Instrution

All files in the file system will de deleted after executing the format command.

Related commands

none

1.1.8 more

To display the contents of a file, use the more command.

more file-name

Parameter


file-name Specifies the name of a file (maximum 20 characters)

Default

none

Command mode

EXEC

Instrution

If all files are displayable characters, they will be displayed in ASCII format, or they will be displayed binary format.

Related commands

none

1.2 BasicSystemManagementCommands bootflash

- 5 -


cd

chinese

english

chram

date

debub job

md

pwd

rd

rename

reboot

show break

show memory

alias

boot system flash

help

history

job

jobd

show alias

show job

1.2.1 boot flash

To enable the system from the specified file in monitor mode, use the boot flash command.

boot flash filename

parameter

parameter Description

filename The specified file name.

default

none

command mode

monitor mode

command mode

Use the boot flash command to enable the device after user entering the monitor mode.

- 6 -


example

monitor#boot flash switch.bin

related commands

none

1.2.2 cd

To change the current directory, use the cd command.

cd directory|..

parameter:

parameter description

directory Name of the directory. (maximum 20 characters)

.. Upper directory.

default

none

command mode

monitor mode

command mode

none

example

monitor#cd my_dir

related commands

pwd

1.2.3 chinese

To switch command prompt to chinese mode, use the chinese command.

parameter

(1) none

default

none

- 7 -


command mode

monitor mode

command mode

none

example

none

related commands

none

1.2.4 chram

To modify memory data, use the chram command.

chram mem_addr value

parameter


mem_addr Memory address in Hex format. Range is from 0 to 0x01FFFF00 (it depends on the memory volume of the switch)

value Memory data in Hex format

default

none

command mode

Monitor mode

command mode

This is a debugging command which is not recommended for user to use.

example

none

related commands

none

1.2.5 date

To set the absolute time, use the date command.

- 8 -


parameter

none

default

none

command mode

monitor mode

command mode

This command is used to set the abslute time for the system. For the switch with a battery-powered clock, the clock will be powered by the battery. If the clock doesn’t keep good time, you need to change the battery.

For the swich without a battery-powered clock, the system date is configured to July 1st, 1970 after the reboot of the switch, and user needs to set the current time each time when starting the switch.

example

monitor#date The current date is 2000-7-27 21:17:24 Enter the new date(yyyy-mm-dd):2000-7-27 Enter the new time(hh:mm:ss):21:17:00

related commands

1.2.6 english

To switch the command prompt to english mode, use the english command.

parameter

none

default

none

command mode

monitor

instruction

none

- 9 -


example

none

related commands

none

1.2.7 md

md directory

parameter


directory Name of directory (maximum 20 characters)

default

none

command mode

monitor

instruction

To set a directory, use the md command

related commands

none

1.2.8 pwd

parameter

none

default

none

command mode

monitor mode

instruction

to display the current directory, use the pwd command

- 10 -


related commands

none

1.2.9 rd

rd directory

parameter


directory Name of the directory( maximum 20 characters)

default

none

command mode

monitor mode

instruction

The system prompts if the directory is not empty. The system prompts if the directory doesn’t exist. To delete a command, use the rd command.

related commands

none

1.2.10 rename

To rename a file in a file system, use the rename command.

rename old_file_name new_file_name

parameter


old_file_name The original filename. new_file_name The new filename.

default

none

command mode

monitor mode

- 11 -


instruction

none

related commands

none

1.2.11 reboot

To reboot a switch, use the reboot command.

parameter

none

default

none

command mode

monitor mode

instruction

none

related commands

none

1.2.12 alias

[no] history [ + <count> | - <count> | clear]

parameter


+ <count> To display the count<1-20> historial command from the beginning to the end

- <count> To display the count<1-20> historial command from the end to the beginning

default

If there are no more than 20 commands executed, all historical command lines will be displayed from the beginning to the end. If there are more than 20 commands executed, all historical command lines will be displayed from the beginning to the end.

comand mode

Random command mode

- 12 -


explanation

The modularized switch can save up to 20 historical commands. You can invoke these commands with the "up" or “down” key or directly use it after edition. The command is used to browse the history command. You can run the [no] history command to delete the history command.

example

The following example shows the latest five historical commands from the end to the beginning: switch#history - 5 config int e0/1 no ip addr ip addr 192.2.2.49 255.255.255.0 exit

relative command

None

1.2.13 boot system flash

Run the boot system flash command to specify the systematic mirroring files when the system is started up. Run the no boot system flash command to delete the previous configuration.

boot system flash filename

no boot system flash filename

Parameter


filename It is the specified filename, which contains no more than 20 characters.

Default

None

Command mode

Global configuration mode

Instruction

If you have not configured the command, the system will execute the first systematic mirroring file in the flash file system. If you have configured multiple commands, the system will execute the mirroring files one by one. If the file does not exist or the check sum is wrong, the system will execute the next file. If both fail, the system will run at the monitoring state.

- 13 -


Example

config#boot system flash switch.bin

Relative command

None

1.2.14 help

help

Parameter

None

Default

None

Command mode

Management mode

Instruction

The command is used to display the help system of the switch.

Example

After you enter the command, the help system of the switch is displayed. switch# help Help may be requested at any point in a command by entering a question mark '?',If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1. Full help is available when you are ready to enter a command argument (e.g.'show ?') and describes each possible argument. 2. Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input (e.g. 'interface e?'.)

Relative command

None

1.2.15 history

The command is used to check the historical commands. Run the [no] history command to delete the historical commands.

[no] history [ + <count> | - <count> | clear]

Parameter


- 14 -


+ <count> Displays the count<1-20> historial command from the beginning to the end.

- <count> Displays the count<1-20> historial command from the end to the beginning.

Default

If there are no more than 20 commands executed, all historical command lines will be displayed from the beginning to the end. If there are more than 20 commands executed, all historical command lines will be displayed from the beginning to the end.

Command mode

Abandom command mode

Instruction

The modularized switch can save up to 20 historical commands. You can invoke these commands with the "up" or “down” key or directly use it after edition.

Example

The following example shows the latest five commands from the end to the beginning: switch#history - 5 config int e1/1 no ip addr ip addr 192.2.2.49 255.255.255.0 exit

Relative command

None

1.2.16 show alias

It is used to display all aliases or the designated alias.

show alias [<alias name>]

Parameter


alias name The alias of the command

Default

Display all aliases according the format “alias name=command line”.

Command mode

Management mode or configuration mode

- 15 -


Instruction

None

Example

The following example shows how to display all aliases of the current system: switch_config#show alias hualab=date router=snmp

Relative command

alias

1.2.17 show job

It is used to display the parameters of the job and the information about job execution:

show job {paramter | status}

Parameter


paramter Displays the parameters of the job.

status Displays the execution state of the job.

Default

None

Command mode

Management mode or configuration mode

Instruction

Run the show job command to browse the defined parameters and the dynamic execution state of the job.

Example

The following example shows how to display the parameters of the job: switch_config#show job parameter <showver> fires interval, first at 5, re-fires per 5 secs, on error stop will do "show ver"

The following example shows how to display the dynamic execution state of the job: Jobd disabled at 245218 seconds Name: job's name Type: none - Not scheduled, interval - Fire interval, one-shot - Fire once Status: null - Not scheduled, idle - To fire first started - Fired ever, to fire again, stopped - Can't fire

- 16 -


First: first time to fire Last: last time of firing or restarting Next-due: next time to fire(after now) Times: times fired ever Cause: auto - Automatic, error - Error meeting, command - By command

Job's status and statistics ===========================

Name Type State First Last Next-due Times Cause ------------------------------------------------------------------------------

showver interval idle 5 * * 2 auto ------------------------------------------------------------------------------

Total 1 jobs, 0 null, 1 idle, 0 started, 0 stopped

Relative command

debug job

job

jobd

1.2.18 show break

It is used to display the abnormal information of the system. The system stores all abnormal information in the latest running. The abnormal information contains the times of abnormity, the stack content and the invoked functions when abnormity occurs.

Parameter

None

Default

None

Command mode

Monitoring state

Instruction

The command is only used for debugging.

Relative command

None

1.2.19 show memory

It is used to display the content of the system memory.

show memory mem_addr

Parameter


- 17 -


mem_addr Memory address in hex, which ranges from 0 to 0x01FFFF00 (decided by the memory capacity of the switch).

Default

None

Command mode

Monitoring state

Instruction

None

Relative command

None

1.3 HTTP Configuration Command The following are HTTP configuration commands:

ip http access-class

ip http port

ip http server

debug ip http

1.3.1 ip http access-class

Command description

ip http access-class string

no ip http access-class

Run the command ip http access-class to ensure the designated HTTP query is accepted.

Parameter


string The designated standard access list whose range is N/A.

Default

no ip http access-class

Instruction

Set the designated standard access list before running the command.

Run the command no ip http access-class to cancel the HTTP service limitation of the access list.

- 18 -


Command mode


Example

switch_config# ip access-list standard http-acl switch_config_std_nacl# permit 192.2.2.37 255.255.255.0 switch _config_std_nacl# exit switch _config# ip http access-class http-acl

1.3.2 ip http port

Command description

ip http port number

Run the command ip http port to designate the listening port of the http service.

Parameter


number The service port number, ranging from 1 to 65535

Default

The default HTTP service port number of the browser is 80.

Explanation

After running the http port command, shut down the previous listening port and then use the designated port to accept the http service request if the http service is started up. If the http service is not started, the ip http port command is temporarily useless.

Command mode


Example

The following example shows how to modify the http port from 80 to 90: switch _config# ip http server switch _config# ip http port 90

1.3.3 ip http server

Command description

ip http server

no ip http server

To start up the http service, run the command ip http server.

- 19 -


Parameter

None

Default

no ip http server

Instruction

Run the command ip http server to enable the switch to accept the HTTP service request through the designated port, handle the request and return the result to the browser.

Command mode


Example

The following example shows how to start up the http service: switch _config# ip http server

1.3.4 debug ip http

Command description

debug ip http

The previous command is used to export the debugging information during http service running. You can use the no command to resume the default value.

Parameter

None

Default

no debug ip http

Instruction

None

Command mode


Example

The following example shows how to enable HTTP debugging output: switch# debug ip http switch#

- 20 -


Chapter 2 Terminal Service Configuration Command

2.1 Telnet Configuration Command The chapter describes telnet and relative commands. The telnet command is used to establish a session with the remote server. The telnet command is always working at the UNIX operating systems. Option negotiation is required. Telnet does not provide itself the login authentication. Telnet is different from Rlogin because telnet does not provide itself password check.

The following are telnet configuration commands:

telnet

ip telnet

where

disconnect

resume

switchkey

switchmsg

sequence-char

clear Telnet

show Telnet

debug Telnet

2.1.1 telnet

The following is a command sentence for establishing a telnet session:

telnet server-ip-addr/server-host-name [/port port][/source-interface interface] [/local local-ip-addr] [/debug][echo/noecho] [/script scriptname]

Parameter


server-ip-addr Dotted-decimal IP address of the remote server

server-host-name Name of the remote server, which is configured by the ip host command

port Telnet port of the remote server interface Local interface where the telnet connection is originated local-ip-addr Local IP address where the telnet connection is originated

/debug A negotiation process for openning the debug at the client side and printing the connection

echo/noecho Enable or disable the local echo. The default value is noecho. scriptname A script name used for auto login

- 21 -


Default

The default port number is 23. The interface has no default number.

Command mode

Management mode

Instruction

You can use one of the following command lines to establish a remote login. telnet server-ip-addr/server-host-name

In this case, the application program directly sends the telnet login request to port 23 of the remote server. The local IP address is the IP address which is nearest to the peer and found by the routing table.

telnet server-ip-addr/server-host-name /port port

In this case, the application program sends a telnet login request to the port of the peer. telnet server-ip-addr/server-host-name /source-interface interface

In this case, the application program uses the IP address on the interface ass the local IP address.

telnet server-ip-addr/server-host-name /debug

In this case, the application program opens the debug and exports the connection at the client side. telnet server-ip-addr/server-host-name echo/noecho

In this case, the application program enables or disables the local echo. The local echo is disabled by default. The echo is completed at the server side. Only when the server is not in charge of echo is the local echo enabled.

telnet server-ip-addr/server-host-name /script scriptname

Before executing the automatic login command of the script, run the command ip telnet script to configure the script.

The previous commands can be used together.

During the session with the remote server, you can press the Q button to exit the session. If the session is not manually closed, the session will be complete after a 10-second timeout.

Example

Suppose you want to telnet server 192.168.20.124, the telnet port of the server is port 23 and port 2323, and the local two interfaces are e1/1(192.168.20.240) and s1/0(202.96.124.240). You can run the following operations to complete the remote login.

1．telnet 192.168.20.124 /port 2323

In this case, the telnet connection with port 2323 of the peer is to be established. The local IP address of the peer is 192.168.20.240.

2．telnet 192.168.20.124 /source-interface s1/0 In this case, the telnet connection with port 23 of the peer is to be established. The local IP address of the peer is 202.96.124.240.

3．telnet 192.168.20.124 /local 192.168.20.240

- 22 -


In this case, the telnet connection with port 23 of the peer is to be established. The local IP address of the peer is 192.168.20.240.

4．telnet 192.168.20.124 /debug In this case, the telnet connection negotiation with port 23 of the peer will be printed out.

5．telnet 192.168.20.124 /echo In this case, the local echo is enabled. If the echo is also enabled at the server side, all input will be echoed twice.

6．telnet 192.168.20.124 /script s1 Use login script S1 for automatic login.

2.1.2 ip telnet

The following are the configuration command formats of the telnet session:

ip telnet source-interface vlan value

ip telnet access-class accesslist

ip telnet listen-port start-port [end-port]

ip telnet script scriptname ‘user_prompt’ user_answer ‘pwd_prompt’ pwd_answer

Parameter


value Local interface where the telnet request is originated

accesslist Access list name to limit the source address when the local client receives the connection

start-port Starting port number designated at the listening port area end-port End port number designated at the listening port area scriptname Name of the login script user_prompt Username prompt returned by the telnet server user_answer Username response information from the client side pwd_prompt Password prompt returned by the telnet server pwd_answer Password response information submitted by the client side

Default

None

Command mode

Global configuration

Instruction

Run the following command to configure the local interface for originating the telnet connection:

ip telnet source-interface interface

- 23 -


In this case, all telnet connections originated afterwards are through the interface. The configuration command is similar to the command telnet source-interface interface. However, the telnet command has no interface parameters followed. When the interface is configured and the telnet command has interface parameters, the interface followed the telnet command is used.

Run the following command to configure the name of the access list which performs limitation on local telnet connection reception.

ip telnet access-class accesslist In this case, the access list will be checked when the server accepts all telnet connections.

Run the following command to configure a port, except the default port 23, to receive the telnet service.

ip telnet listen-port start-port [end-port] Explanation: If the end port number is not designated, the listening will be executed at a specific port. The number of the designated ports cannot be bigger than 16 and the port number ranges between 3001 and 3999.

Run the following command to configure the telnet login script.

ip telnet script s1 ‘login:’ switch ‘Password:’ test Explanation: When the script is configured, the username prompt and password

prompt and their answers must be correctly matched, especially the prompt information is capital sensitive and has inverted comma (‘’). If one of them is wrongly configured, the automatic login cannot be performed.

Note:

You can add the NO prefix on the above four commands and then run them to cancel previous configuration.

Example

1．ip telnet source-interface s1/0

In this case, the s1/0 interface will be adopted to originate all telnet connections afterwards.

2．ip telnet access-class abc

In this case, all the received telnet connections use access list abc to perform the access list check.

3．ip telnet listen-port 3001 3010

Except port 23, all ports from port 3001 to port 3010 can receive the telnet connection.

4．ip telnet script s1 ‘login:’ switch ‘Password:’ test

The login script s1 is configured. The username prompt is login: and the answer is switch. The password prompt is Password: and the answer is test.

2.1.3 ctrl-shift-6+x (the current connection is mounted)

Run the following command to mount the current telnet connection:

ctrl-shift-6+x

- 24 -


Parameter

None

Default

None

Command mode

Any moment in the current telnet session

Instruction

You can use the shortcut key to mount the current telnet connection at the client side.

Example

switchA>telnet 192.168.20.1 Welcome to Multi-Protocol 2000 Series switch switchB>ena switchB#(press ctrl-shift-6+x) switchA>

You press ctrl-shift-6+x to mount the telnet connection to switch B and return to the current state of switch A.

2.1.4 where

Run the following command to check the currently mounted telnet session:

where

Parameter

None

Default

None

Command mode


Instruction

You can use the command to check the mounted outward telnet connection at the client side. The displayed information contains the serial number, peer address, local address and local port.

Note: The where command is different from the show telnet command. The former is used at the client side and the displayed information is the outward telnet connection. The latter is used at the server and the displayed information is the inward telnet connection.

- 25 -


Example

switchA>telnet 192.168.20.1 Welcome to Multi-Protocol 2000 Series switch switchB>ena switchB#(Press ctrl-shift-6+x) switchA> telnet 192.168.20.2 Welcome to Multi-Protocol 2000 Series switch switchC>ena switchC#(Press ctrl-shift-6+x) switchA>where NO. Remote Addr Remote Port Local Addr Local Port 1 192.168.20.1 23 192.168.20.180 20034 2 192.168.20.2 23 192.168.20.180 20035

Enter where at switch A. The mounted outward connection is displayed.

2.1.5 resume

It is used to resume the currently mounted outward telnet connection:

resume no

Parameter


no Number of the currently mounted telnet session that is checked through the where command

Default

None

Command mode


Instruction

The command can be used to resume the currently mounted outward telnet connection at the client side.

Example

switchA>telnet 192.168.20.1 Welcome to Multi-Protocol 2000 Series switch switchB>ena switchB#( press ctrl-shift-6+x) switchA> telnet 192.168.20.2 Welcome to Multi-Protocol 2000 Series switch switchC>ena switchC#( press ctrl-shift-6+x) switchA>where

- 26 -


NO. Remote Addr Remote Port Local Addr Local Port 1 192.168.20.1 23 192.168.20.180 20034 2 192.168.20.2 23 192.168.20.180 20035 switchA>Resume 1 [Resuming connection 1 to 192.168.20.73 . . . ] (enter) switchB#

After you enter where at switch A and the mounted outward connection of switch A is displayed, enter Resume1. You will be prompted that connection 1 is resumed. The command prompts of switch B are displayed after the Enter key is pressed.

2.1.6 disconnect

The following command is used to clear the currently mounted outward telnet session:

disconnect no

Parameter


no Number of the currently mounted telnet session that is checked through the where command

Default

None

Command mode


Instruction

The command can be used to clear the currently mounted outward telnet connection at the client side.

Note: The disconnect command is different from the clear telnet command. The former is used at the client side and clears the outward telnet connection. The latter is used at the server and clears the inward telnet connection.

Example

switchA>telnet 192.168.20.1 Welcome to Multi-Protocol 2000 Series switch switchB>ena switchB#(press ctrl-shift-6+x) switchA> telnet 192.168.20.2 Welcome to Multi-Protocol 2000 Series switch switchC>ena switchC#(press ctrl-shift-6+x) switchA>where NO. Remote Addr Remote Port Local Addr Local Port 1 192.168.20.1 23 192.168.20.180 20034

- 27 -


2 192.168.20.2 23 192.168.20.180 20035 switchA>disconnect 1 <Closing connection to 192.168.20.1> <y/n>y Connection closed by remote host. switchA> After you enter where at switch A and the mounted outward connection of switch A is displayed, enter disconnect 1. You will be prompted whether the connection of switch B is closed. After you enter Y, the connection is closed.

2.1.7 switchkey

The following is a command to configure the terminal switch key on the line.

switchkey key cmdalias server-name

Parameter


key Compound key can be the ctrl key plus any key from A to Z, except the letter h.

cmdalias Alias of the connect command

server－name Name of the remote host, which appears in the switchover prompt and the switchover menu

Default

None

Command mode

Line configuration mode

Instruction

The command is used to configure the terminal switchover key and the corresponding command alias, and the name of the remote host on the line.

Note: 1) The parameter cmdalias must be applied at a correct command.

2) The parameter key cannot be ctrl-h.

3) The parameter server-name will appear at the switchover prompt and the switchover menu.

4) The parameter autocommand cannot be configured at the line, or the terminal switchover function is invalid.

Example

switchA>switchkey ctrl-a cona ServerA

The previous command is to configure the switchover key ctrl-a. The alias of the used command is cona. You switch to Server A.

- 28 -


2.1.8 switchmsg

The following command is used to configure whether the prompt information about the terminal switchover is exported:

switchmsg enable/disable

Parameter


enable Exports the terminal switchover prompt. disable Do not export the terminal switchover prompt.

Default

disable

Command mode


Instruction

The command can be used to decide whether the switchover prompt information is exported when the terminal is switched.

Example

switchA>switchmsg enable

When the terminal is switched, export the switchover prompt information.

2.1.9 sequence-char

The following is a command to configure the terminal switchover key on the line:

sequence-char key char1 char2 char3 …

Parameter


key Compound key can be the ctrl key plus any key from A to Z, except the letter h.

char1 char2 char3 … Screen character sequence relative to the specific terminal

Default

None

Command mode


- 29 -


Instruction

The command can be used to configure the switchover key and the corresponding terminal character sequence on the line.

Note: 1) The key parameter can not be ctrl-h.

2) The character sequence parameter is relative to the detailed terminal. You can find it by checking the terminal manual.

3) The character sequence parameter must be a hex value and starts from 0x. Each character is differentiated by space.

Example

Switch_config_line# sequence-char ctrl-a 0x1b 0x21 0x38 0x51 Set the character sequence of the switchover key ctrl-a to 0x1b 0x21 0x38 0x5. For other commands about alias and async, refer to relative configuration explanation.

Application Example:

The switch is configured as follows: … … … interface Serial1/1 physical-layer mode async no ip directed-broadcast async mode interactive line tty 1 switchkey CTRL-U cona ServerA sequence-char CTRL-U 0x1b 0x21 0x38 0x51 switchkey CTRL-V conb ServerB sequence-char CTRL-V 0x1b 0x21 0x39 0x51 switchkey CTRL-W conc ServerC sequence-char CTRL-W 0x1b 0x21 0x31 0x30 0x51 switchmsg enable … ... alias cona connect 192.168.20.1 alias conb connect 192.168.20.2 alias conc connect 192.168.20.3 When all the configurations are complete and the connection is established, open the terminal. The switchover menu automatically appears. After you press CTRL-U, the system automatically switches to server A and exports the prompt information about server A. After you press CTRL-V, the system automatically switches to server B on the new screen and exports the prompt information about server B. After you press CTRL-W, the system automatically switches to server C on the new screen and exports the prompt information about server C. If you press CTRL-\, the switchover menu appears on the current screen and add the asterisk mark (*) behind the current server.

The following is a result after you press CTRL-\:

- 30 -


====================================== Terminal Switch Menu 1) CTRL-U ServerA * 2) CTRL-V ServerB 3) CTRL-W ServerC

Note:

4) During multiple connection operations, if the system exits from one connection, the system will take the first connection as the current connection and the interface of the first host will appear. If the system has already exited from the first connection, it will take the second connection as the current connection and the interface of the second host will appear.

5) After all services are complete, you are recommended to directly shut down the terminal no matter how many connections are currently open.

6) Before other connections exit, you'd better not enable the system to exit from the first connection.

7) Try not to exit from a connection during operations. Switching connections is a better choice. After all operations are completer, shut down the terminal.

8) During terminal switchover, the functions to mount and resume the connection by pressing ctrl-shift-6+x are forbidden.

2.1.10 clear telnet

The following is a command format to clear the telnet session at the server:

clear telnet no

Parameter


no Number of the telnet session that is displayed after the show telnet command is run

Default

None

Command mode

Management mode

Instruction

The command is used to clear the telnet session at the server.

Example

clear telnet 1 The telnet session whose sequence number is 1 is cleared at the server.

- 31 -


2.1.11 show telnet

The following is a command format to display the telnet session at the server:

show telnet

Parameter

None

Default

None

Command mode

All command modes except the user mode

Instruction

The command is used to display the telnet session at the server. The displayed information includes the sequence number, peer address, peer port, local address and local port.

Example

Switch# show telnet If you run the previous command, the result is shown as follows: NO. Remote Addr Remote Port Local Addr Local Port

1 192.168.20.220 1097 192.168.20.240 23 2 192.168.20.180 14034 192.168.20.240 23

2.1.12 debug telnet

The following is a format of the debug command for the telnet session:

debug telnet

Parameter

None

Default

None

Command mode

Management mode

Instruction

The command is used to open the switch of the telnet debug.

If the switch of the telnet debug is opened, the negotiation processes of all the incoming telnet sessions are printed on the window that the debug command invokes. The

- 32 -


debug telnet command is different from the telnet debug command. The former is to export the debug information of the telnet session connected to the server. The latter is to export the debug information of the telnet session that the client originates.

Example

debug telnet The debug information of the telnet session that is connected to the server is displayed.

2.2 Terminal Configuration Command The following are terminal configuration commands:

attach-port

autocommand

clear line

connect

disconnect

exec-timeout

length

line

location

login authentication

monitor

no debug all

password

printer enable

printer start

printer stop

resume

script activation

script callback

script connection

script dialer

script reset

script startup

sequence-char

show debug

show line

show tty-status

switchkey

switchmsg

- 33 -


terminal-type

terminal monitor

terminal width

terminal length

where

width

2.2.1 attach-port

The following command is to bind the telnet listening port to the line vty number and enable the telnet connection at a specific port generates vty according to the designated sequence number.

[no] attach-port PORT

Parameter


port Listening port of the telnet server (3001-3999)

Default

None

Command mode


Example

Bind listening port 3001 to line vty 2 3. switch_config# line vty 2 3 switch_config_line#attach-port 3001

2.2.2 autocommand

It is used to set the automatically-run command when user logs in to the terminal. The connection is cut off after the command is executed.

autocommand LINE

no autocommand

Parameter


LINE Command to be executed

Command mode


- 34 -


Example

switch_conf#line vty 1 switch_conf_line#autocommand pad 123456 After you successfully log in, the host whose X.121 address is 123456 will be automatically padded.

2.2.3 clear line

It is to clear the designated line.

clear line [aux | tty | vty] [number]

Parameter

Similar to the line command

Command mode

Management mode

Example

switch#clear line vty 0

2.2.4 connect

It is to connect the telnet server.

connect server-ip-addr/server-host-name {[/port port][/source-interface interface] [/local local-ip-addr]}

Parameter


server-ip-addr/server-host-name IP address of the server or the host name of the server port Port number interface Name of the interface where the connection is originated local-ip-addr Local IP address where the connection is originated

Command mode

All configuration modes

Example

switch# connect 192.168.20.1

2.2.5 disconnect

It is used to delete the mounted telnet session.

disconnect N

- 35 -


Parameter


N Number of the mounted telnet session

Command mode


Example

switch#disconnect 1

2.2.6 exec-timeout

It is to set the maximum spare time for the terminal.

[no] exec-timeout [time]

Parameter


time Spare time whose unit is second

Default

0 (No time-out limitation)

Command mode


Example

Set the spare time of the line to one hour. switch_config_line#exec-timeout 3600

2.2.7 length

It is used to set the line number on the screen of the terminal.

[no] length [value]

Parameter


value A value between 0 and 512 The value 0 means there is no pause.

- 36 -


Default

24

Command mode


2.2.8 line

It is used to enter the line configuration mode.

line [aux | console | tty | vty] [number]

Parameter


aux Auxiliary line, which has only one number 0

console Monitoring line, which has only one number 0

tty Asynchronous line

vty Virtual lines such as Telnet, PAD and Rlogin

number Number in the line of the type

Command mode


Example

The following example shows how to enter the line configuration mode of VTY 0 to 10. switch_config#line vty 0 10

2.2.9 location

It is used to recoded the description of the current line.

location [LINE]

no location

Parameter


LINE Description of the current line

Command mode


- 37 -


2.2.10 login authentication

It is used to set line login authentication:

[no] line login authentication [default | WORD]

Parameter


default Default authentication mode WORD Name of the authentication list

Command mode


Example

switch_conf_line#login authentication test In the example, the authentication list of the line is set to test.

2.2.11 monitor

It is used to export the log and debugging information to the line:

[no] monitor

Parameter

None

Command mode


Example

switch_config_line#monitor

2.2.12 no debug all

It is used to shut down all debugging output of the current VTY:

no debug all

Parameter

None

Command mode

Management mode

- 38 -


Example

switch#no debug all

2.2.13 password

It is used to set the password for the terminal:

password {password | [encryption-type] encrypted-password }

no password

Parameter


password Password configured on the line, which is entered in the plaintext form and whose maximum length is 30 bits.

[encryption-type] encrypted-password

encryption-type means the encryption type of the password.

Currently, products only support two encryption modes: 0 and 7. The number 0 means the password is not encrypted and the plaintext of password is directly entered. It is the same as the way of directly entering the password. The number 7 means the password is encrypted through an algorithm . You need to enter the encryption text for the encrypted password. The encryption text can be copied from the configuration files of other switches.

For password encryption, refer to the explanation of the commands service password-encryption and enable password.

Command mode

(2) Line configuration mode

Example

switch_conf#line vty 1 switch_conf_line#password test The previous example shows the login password of VTY1 is set to test.

2.2.14 resume

It is used to resume the mounted telnet session:

resume N

Parameter


N Number of the mounted telnet session

- 39 -


Command mode


Example

switch#resume 1

2.2.15 switchkey

It is used to configure the terminal switchover key:

switchkey key cmdalias server-name

Parameter


key Terminal switchover key, ranging from CTRL-A to CTRL-Z except CTRL-H

cmdalias Alias of the command that is executed when terminal switchover is performed

server-name Server name of each terminal's screen corresponds to

Command mode


Example

The following example shows how to connect to the sco1 server by the con_sco command when the switchover is performed through pressing ctrl-a: switch_config_line#switchkey ctrl-a con_sco sco1

2.2.16 sequence-char

It is used to configure the character sequence of terminal call-back when the terminal is switched:

sequence-char key char1 char2 char3 …

Parameter


key Terminal switchover key char1 char2 char3 … Character sequence for call-back

Command mode


- 40 -


Example

The following example shows how to configure the character sequence of terminal call-back to 0x1b 0x21 0x38 0x51 when the terminal is switched.

switch_config_line#sequence-char ctrl-a 0x1b 0x21 0x38 0x51

2.2.17 show debug

It is used to display all debugging information of the current VTY:

show debug

Parameter

None

Command mode

Management mode or global configuration mode

Example

Switch# show debug http authentication debug is on http cli debug is on http request debug is on http response debug is on http session debug is on http erro debug is on http file debug is on TELNET: Incoming Telnet debugging is on

2.2.18 show line

It is used to display the status of the current effective line:

show line {[console | aux | tty | vty] [number]}

Parameter

(3) If there is no parameter followed, the status of all effective lines will be displayed.

The definition of other parameters is similar to that of the line command.

Command mode

All configuration modes except the user mode

2.2.19 switchmsg

It is used to decide whether the prompt information is displayed when the terminal is switched:

switchmsg enable

switchmsg disable

- 41 -


Parameter

Parameter Parameter

enable Displays the prompt information when the terminal is switched.

disable Does not display the prompt information when the terminal is switched.

Default

disable

Command mode


Example

The following example shows how to display the prompt information when the terminal is switched: switch_config_line#switchmsg enable

2.2.20 terminal length

It is used to change the line number on the current terminal screen. The parameter can be obtained by the remote host. The rlogin protocol uses the parameter to notify the remote UNIX host. Run the no terminal length command to resume the default value:

terminal length length

no terminal length

Parameter


length Line number displayed on each screen

Default

Pause when 24 lines are displayed on the screen.

Command mode


Instruction

The command is effective only to the current terminal. When the session is complete, the terminal attribute is invalid.

Example

switch#terminal length 40

- 42 -


Relative command

line

2.2.21 terminal monitor

It is used to display the debugging output information and system faulty information at the current terminal. The negative form of the command is used to disable the monitoring:

terminal monitor

no terminal monitor

Parameter

None

Default

The system monitoring port (console) is open by default. Other terminals are closed by default.

Command mode


Instruction


Example

switch#terminal monitor

Relative command

line

debug

2.2.22 terminal width

In default settings, the switch is to export 80 characters in each line. If the default settings cannot meet your requirements, you can reset it. The parameter can be obtained by the remote host. Run the terminal width command to set the character number in each line. Run the no terminal width command to resume to the default value.

terminal width number

no terminal width

Parameter


number Character number of each line

- 43 -


Default

80 characters in each line

Command mode


Instruction


Example

switch#terminal width 40

Relative command

line

2.2.23 terminal-type

It is used to set the terminal type:

[no] terminal-type [name]

Parameter


name Terminal name Terminal types currently supported are VT100, ANSI and VT100J.

Default

ANSI

Command mode


2.2.24 where

It is used to check the currently mounted outward telnet session at the client side:

where

Parameter

None

Command mode


- 44 -


Example

switch#where

2.2.25 width

It is used to set the terminal width of the line:

[no] width [value]

Parameter


value A value between 0 and 512 The value 0 means no execution.

Default

80

Command mode


- 45 -


Chapter 3 Network Management Configuration Commands

3.1 SNMP Commands The following are SNMP commands:

snmp-server community

snmp-server contact

snmp-server host

snmp-server location

snmp-server packetsize

snmp-server queue-length

snmp-server trap-source

snmp-server trap-timeout

snmp-server view

show snmp

debug snmp

3.1.1 snmp-server community

Run the command snmp-server community in global configuration mode to permit accessing the community character string of SNMP. Use the negative form of the command to delete the designated community character string.

snmp-server community string [view view-name] [ro | rw] [word]

no snmp-server community string

Parameter


string Community character string to access SNMP as the password does

view view-name View name that is predefined (optional) The view defines the MIB objects effective to the community.

ro Designates the read-only permission (optional). The authorized management station can only read MIB objects.

rw Designates the read-write permission (optional). The authorized management station can read and modify MIB objects.

word Designates the access list name of the SNMP agent which can be accessed through the community character string.

- 46 -


Default

The SNMP community character string can only read all objects.

Command mode


Instruction

If no parameter is followed, the configuration information of all community character strings are listed.

Example

The following example shows how to distribute the character string comaccess to the SNMP, how to permit the read-only access and how to designate the IP access list allowed to use the community character string: snmp-server community comaccess ro allowed

The following example shows how to distribute the character string mgr to the SNMP, how to permit the read-write access to the objects in the restricted view: snmp-server community mgr view restricted rw

In the following example, the community comaccess is deleted: no snmp-server community comaccess

Relative command

access-list

snmp-server view

3.1.2 snmp-server contact

Run the command snmp-server contact in global configuration mode to set the sysContact information of the management node. Run the negative form of the command to delete the sysContact information.

snmp-server contact text

no snmp-server contact

Parameter


text Character string of the sysContact information of the node

Default

The sysContact information of the node is not set.

Command mode


- 47 -


Instruction

It corresponds to the sysContact value of the MIB variable in the system group.

Example

The following is an example of the node contact: snmp-server contact Dial_System_Operator_at_beeper_#_27345

3.1.3 snmp-server host

Run the command snmp-server host in global configuration mode to designate the receiver of SNMP trap operation. Run the command no snmp-server host to cancel the designated host.

snmp-server host host community-string [trap-type]

no snmp-server host host

Parameter


host Host name or internet address community-string Password-like community string sent with the trap operation trap-type If no trap is designated, all traps will be sent to the host.

Authentication: allowing to send the traps with wrong authentication

Configure: allowing to send SNMP-configure traps

Snmp: allowing to send all SNMP traps

Default

The command is invalid by default. The trap is not sent. If the command with keyword is not entered, all traps are sent by default.

Command mode


Instruction

If the snmp-server host command is not entered, the trap is not sent. To configure the switch to send SNMP traps, you need to run the snmp-server host command. If the command without the keyword trap-type is entered, all types of traps of the host are activated. If the command with the keyword trap-type is entered, you can designate multiple trap types in each host.

When you specify multiple snmp-server host commands at the same host, the SNMP trap information sent to the host will be filtered according to the character string and the trap type in the command. To the same host and the community character string, only one trap type can be configured.

The usability of the option trap-type depends on the switch type and the characteristics of the routing software supported by the switch.

- 48 -


Example

In the following example, the SNMP trap defined by RFC1157 to the host whose IP address is 10.20.30.40. The community character string is comaccess.

snmp-server host 10.20.30.40 comaccess snmp

In the following example, the switch uses the community character string public to send all types of traps to the host whose IP address is 10.20.30.40. snmp-server host 10.20.30.40 public

In the following example, only authentication traps are valid and can be sent to host bob. snmp-server host bob public authentication

Relative command


snmp-server trap-source

snmp-server trap-timeout

3.1.4 snmp-server location

Run the command snmp-server location in global configuration mode to set the character string of the node location. Run the negative form of the command to delete the location character string.

snmp-server location text

no snmp-server location

Parameter


text Describes the character string of the node location.

Default

The character string of the node location is not set.

Command mode


Instruction

It corresponds to the value of sysLocation of the MIB variable in the system group.

Example

In the following example, the actual location of the switch is defined: snmp-server location Building_3/Room_214

Relative command

snmp-server contact

- 49 -


3.1.5 snmp-server packetsize

Run the command snmp-server packetsize in global configuration mode to define the maximum SNMP packet size when the SNMP server receives the request or generates the response:

snmp-server packetsize byte-count

no snmp-server packetsize

Parameter


byte-count Integer byte ranging between 484 and 17940 The default value is 3000 bytes.

Default

3000 bytes

Command mode


Instruction

It corresponds to the value of sysLocation of the MIB variable in the system group.

Example

In the following example, a filter is created for the packet with maximum length of 1024 bytes: snmp-server location Building_3/Room_214

Relative command


3.1.6 snmp-server queue-length

Run the command snmp-server queue-length in global configuration mode to set the queue length for each trap host:

snmp-server queue-length length

Parameter


length Trap event number that can be saved in the queue (1～1000)

Default

10 events

- 50 -


Command mode


Instruction

The command is used to define the queue length for each trap host. Once the trap message is successfully transmitted, the switch will clear the queue.

Example

The following example shows that a message queue that can capture four events is created. snmp-server queue-length 4

Relative command

snmp-server packetsize

3.1.7 snmp-server trap-source

Run the command snmp-server trap-source in global configuration mode to designate a source address of an interface for all traps. Run no snmp-server trap-source to delete the interface with such a source address.

snmp-server trap-source interface

no snmp-server trap-source

Parameter


interface Interface where the SNMP trap occurs It contains the interface type with specific platform syntax mode and the sequence number.

Default

No interface is designated.

Command mode


Instruction

When the SNMP server sends the SNMP trap, the SNMP trap has a trap address no matter from which interface it is sent out. If you want use the trap address to track the trap, you can use the command.

Example

The following example shows that the address of the Ethernet’s 1/0 interface is designated as the source address of all traps.

snmp-server trap-source ethernet 1/0

- 51 -


The following example shows that the IP address of the Ethernet’s 1/0 interface is designated as the source address of all traps. snmp-server trap-source ethernet 1/0

Relative command


snmp-server host

3.1.8 snmp-server trap-timeout

Run the command snmp-server trap-timeout in global configuration mode to define the timeout value of resending the trap message.

snmp-server trap-timeout seconds

Parameter


seconds An interval integer from 1 to 1000 (unit: second), which is set for resending the message

Default

30 seconds

Command mode


Instruction

Before the switch software sends the trap, it will look for the route of the destination address. If there is no route, the trap is stored in the resending queue. The command server trap-timeout decides the interval for resending the trap.

Example

The following example shows the trap message at the resending queue will be resent after an interval of 20 seconds:

snmp-server trap-timeout 20

Relative command

snmp-server host


3.1.9 snmp-server view

Run the command snmp-server view in global configuration mode to create or update an MIB view. Run the command no snmp-server view to delete a view of the SNMP server.

- 52 -


snmp-server view view-name oid-tree {included | excluded}

no snmp-server view view-name

Parameter


view-name Updates or creates a logo of the view. oid-tree Object identifier of the ASN.1 sub-tree contained or declined by

the view Identify the sub-tree, specify a character string containing numbers, such as 1.3.6.2.4 or a system sub-tree. The sub-tree name can be the name which can be found in the MIB tree.

included excluded Type of the view The parameter included or excluded must be designated.

Default

None

Command mode


Instruction

If other SNMP commands need a view as a parameter, you can run the command to create a view to take as the parameter of these SNMP commands. In default settings, the view need not be defined. You can see all objects, which is similar to the everything view predefined by Cisco. You can use the command to define the objects that can seen from the view.

Example

The following example shows that the views of all objects in the MIB-II sub-tree are created: snmp-server view mib2 mib-2 included

The following example shows that the views of all objects in the system group are created: snmp-server view phred system included

The following example shows that the views of all objects in the system group are created, while all objects in sysServices.7 and in the No.1 interface of the interface group are excluded.

snmp-server view agon system included snmp-server view agon system.7 excluded

Relative command


- 53 -


3.1.10 snmp-server udp-port

Run the command snmp-server trap-source in global configuration mode to designate a port for all traps sent by the destination port. Run the command no snmp-server trap-source to disable the designated function.

snmp-server trap-source ipaddress

no snmp-server trap-source

Parameter


Udp-port Send SNMP traps to the destination port number. Can’t use the commonly used port number.

Default

The default trap destination port ,port 161

Command mode


Instruction

When the issue SNMP traps from the SNMP server, specify a special destination port number can use this command.

Example

The following example shows that trap sent to host the 1234 port. snmp-server udp-port 1234

Relative command

Snmp-server host

3.1.11 snmp-server source-addr

Run the command snmp-server source-addr in global configuration mode to designate a source address for the SNMP message. Run the command no snmp-server source-addr to disable the designated function.

snmp-server source-addr ipaddress

no snmp-server source-addr

Parameter


ipaddress Designates the source address where the SNMP generates the message. The parameter is the set IP address of the device.

- 54 -


Default

The interface is not designated.

Command mode


Instruction

The command is used to configure the source address of the SNMP message.

Example

The following example shows that the IP address of the Ethernet’s 1/0 interface is designated as the source address of all SNMP messages. snmp-server source-addr 192.168.213.15

Relative command

None

3.1.12 snmp-server encryption

Run the command snmp-server encryption in global configuration mode the configured snmp community,SHA encrypted passwords amd MD5 encrypted password ciphertext. The command is a one-time command, it can not to save,not to cancel with NO command. Command format is as follows:

snmp-server encryption

Parameter

NONE

Default

The default is expressly show snmp community, SHA encrypted passwords and MD5 encrypted password.

Command mode


Instruction

The SNMP community SHA encrypted passwords and MD5 encrypted password ciphertext display. Used to ensure password security.

- 55 -


Example

In the following example, configure the snmp community ,SHA encrypted passwords and MD5 encryption password ciphertext for the remote host 90.0.0.3 .

snmp-server encryption

Relative command


3.1.13 show snmp

Run the command show snmp to monitor the SNMP input or output statistics, including the incorrect community character string, the number of faults and requests.

Run the command show snmp host to display information about the SNMP trap host.

Run the command show snmp view to display the information about SNMP views. The following is the format of the command:

show snmp [ host | view ]

Parameter


host Displays information about the SNMP trap host. view Displays the information about SNMP views.

Default

None

Command mode

Management mode,Global configuration

Instruction

Run the command show snmp to monitor the SNMP input or output statistics.

Run the command show snmp host to display information about the SNMP trap host.

Run the command show snmp view to display the information about SNMP views.

Example

The following example shows that the SNMP input or output statistics is listed out: #show snmp 37 SNMP packets input 0 Bad SNMP version errors 4 Unknown community name

- 56 -


0 Illegal operation for community name supplied 0 Snmp encoding errors 24 Number of requested variables 0 Number of altered variables 0 Get-request PDUs 28 Get-next PDUs 0 Set-request PDUs 78 SNMP packets output 0 Too big errors (Maximum packet size 1500) 0 No such name errors 0 Bad values errors 0 General errors 24 Get-response PDUs PDUs 13 SNMP trap PDUs

The fields for the SNMP Agent to send and receive the message statistics information are shown as follows:

Field Meaning Unknown community name Community name that can not be recognized Illegal operation for community name supplied Incorrect operation Encoding errors Errors that occurs in encoding Get-request PDUs Get-request message Get-next PDUs Get-next message Set-request PDUs Set-request message Too big errors Response message is too big to be generated.

No such name errors No specified instance exists. Bad values errors The value type is wrongly set. General errors Common errors Get-response PDUs Get-response message Trap PDUs SNMP trap message

In the following example, the information about the SNMP trap message is displayed: #show snmp host Notification host: 192.2.2.1 udp-port: 162 type: trap user: public security model: v1

In the following example, information about SNMP views is displayed: #show snmp view mib2 mib-2 - included permanent active

Relative command

snmp-server host

snmp-server view

- 57 -


3.1.14 debug snmp

It is used to display the SNMP event, message sending and receiving, and errors:

debug snmp [ error | event | packet ]

Run the command no debug snmp to stop displaying information.

Parameter


error Enables the debug switch of the SNMP errors. event Enables the debug switch of SNMP events. packet Enables the debug switch of SNMP incoming or outgoing

message.

Command mode

Management mode

Instruction

After the switch of the SNMP debugging information is enabled, SNMP events and information about message sending and receiving are exported. The exported information helps to diagnose SNMP faults.

Example

The following example shows how to debug SNMP message receiving and sending: switch#debug snmp packet Received 49 bytes from 192.168.0.29:1433 0000: 30 82 00 2D 02 01 00 04 06 70 75 62 6C 69 63 A0 0..-.....public. 0016: 82 00 1E 02 02 7D 01 02 01 00 02 01 00 30 82 00 .....}.......0.. 0032: 10 30 82 00 0C 06 08 2B 06 01 02 01 01 03 00 05 .0.....+........ 0048: 00 . Sending 52 bytes to 192.168.0.29:1433 0000: 30 82 00 30 02 01 00 04 06 70 75 62 6C 69 63 A2 0..0.....public. 0016: 82 00 21 02 02 7D 01 02 01 00 02 01 00 30 82 00 ..!..}.......0.. 0032: 13 30 82 00 0F 06 08 2B 06 01 02 01 01 03 00 43 .0.....+.......C 0048: 03 00 F4 36 ...6 Received 51 bytes from 1192.168.0.29:1434 0000: 30 82 00 2F 02 01 00 04 06 70 75 62 6C 69 63 A0 0../.....public. 0016: 82 00 20 02 02 6B 84 02 01 00 02 01 00 30 82 00 .. ..k.......0.. 0032: 12 30 82 00 0E 06 0A 2B 06 01 02 01 02 02 01 02 .0.....+........ 0048: 01 05 00 ... Sending 62 bytes to 192.168.0.29:1434 0000: 30 82 00 3A 02 01 00 04 06 70 75 62 6C 69 63 A2 0..:.....public. 0016: 82 00 2B 02 02 6B 84 02 01 00 02 01 00 30 82 00 ..+..k.......0.. 0032: 1D 30 82 00 19 06 0A 2B 06 01 02 01 02 02 01 02 .0.....+........ 0048: 01 04 0B 45 74 68 65 72 6E 65 74 30 2F 31 ...Ethernet0/1

- 58 -


Field Description Received SNM receives message. 192.168.0.29 Source IP address 1433 Port number of the source

address 51 bytes Length of the received

message 30 82 00 2D 02 01 00 04 06 70 75 62 6C 69 63 A0

82 00 1E 02 02 7D 01 02 01 00 02 01 00 30 82 00

10 30 82 00 0C 06 08 2B 06 01 02 01 01 03 00 05

00

Message after being encoded by SNMP ASN

0..-.....public.

.....}.......0..

.0.....+........

.

Presentation of the ASCII code which is used to receive message Content that is not in the scope of ASCII code is presented by the full stop.

sending SNMP sends message. 192.168.0.29 Destination IP address 1433 Port number of the destination

address 52 bytes Length of the sent message 30 82 00 30 02 01 00 04 06 70 75 62 6C 69 63 A2

82 00 21 02 02 7D 01 02 01 00 02 01 00 30 82 00

13 30 82 00 0F 06 08 2B 06 01 02 01 01 03 00 43

03 00 F4 36

Message encoded by SNMP ASN

0..0.....public.

..!..}.......0..

.0.....+.......C

...6

Presentation of the ASCII code which is used to receive message Content that is not in the scope of ASCII code is presented by the full stop.

The following example shows how to debug the SNMP event: switch#debug snmp event Received SNMP packet(s) from 192.2.2.51 SNMP: GETNEXT request -- ip.ipReasmFails.0 SNMP: Response >> ip.ipFragOKs.0 = 1 Received SNMP packet(s) from 192.2.2.51 SNMP: GETNEXT request -- ip.ipFragOKs.0 SNMP: Response >> ip.ipFragFails.0 = 0 Received SNMP packet(s) from 192.2.2.51 SNMP: GETNEXT request -- ip.ipFragFails.0

- 59 -


SNMP: Response >> ip.ipFragCreates.0 = 2

Field Description SNMP SNMP is currently being debugged. GETNEXT request getnext request of SNMP RESPONSE SNMP response -- Receiving message >> Sending message ip.ipReasmFails.0 MIB OID that requires to be accessed ip.ipFragOKs.0 = 1 Accessed MIB OID and the returned value

3.2 Configuring RMON Commands The following are RMON configuration commands:

rmon alarm

rmon event

rmon collection stat

rmon collection history

show rmon

3.2.1 rmon alarm

Command description

Run the following command to configure a rmon alarm item: rmon alarm index variable interval {absolute | delta} rising-threshold value [eventnumber] falling-threshold value [eventnumber] [owner string]

Parameter


variable Objects that need be monitored Value range: oid of the monitored objects

interval Interval for the sampling Value range: 1-4294967295 seconds

value Alarm threshold Value range: -2147483648-2147483647

eventnumber Index of the event that is triggered when the threshold is reached Value range: 1-65535

string Holder description information Value range: 1-127 characters

- 60 -


Default

eventnumberDefault is not set.

Instruction

The command is configured in global configuration mode. It is used to monitor the value of the designated object. When the value exceeds the threshold, the specified event is triggered.

Example

In the following example, an alarm item is configured. The monitored object is ifInOctets.2. The sampling interval is 10. When the rising threshold value exceeds 15, event 1 is triggered. When the falling threshold value exceeds 25, event 2 is triggered. rmon alarm 1 1.3.6.1.2.1.2.2.1.10.2 10 absolute rising-threshold 15 1 falling-threshold 25 2 owner switch

3.2.2 rmon event

Command description

It is used to configure an rmon event item:

rmon event index [description des-string] [log] [owner owner-string] [trap community]

Parameter


index Index of the event item Value range: 1-65535

des-string Character string of event description Value range: 1-127 characters

owner-string Character string of event description Value range: 1-127 characters

community Community name when the trap is generated Value range: 1-127 characters

Default

None

Instruction

It is used to configure an rmon event item for alarm usage.

Example

In the following example, an rmon event item is configured. The index is 6. The description character string is example. When the event is triggered, items will be added to the log table and the trap will be generated by taking public as the community name.

- 61 -


rmon event 6 log trap public description example owner switch

3.2.3 rmon collection stat

Command description

rmon collection stat index [owner string]

The previous command is used to configure the rmon statistics function

Parameter


index Index of the statistics table Value range: 1-65535

string Character string for the owner Value range: 1-127 characters

Default

None

Instruction

It is configured in interface mode and used for the statistics on the interface.

Example

In the following example, the statistics function is enabled on interface 8 of fast Ethernet. int f 0/8 rmon collection stats 2 owner switch

3.2.4 rmon collection history

Command description

rmon collection history index [buckets bucket-number] [interval second] [owner owner-name]

The previous command is used to configure a history control item.

Parameter


index Its value ranges from 1 to 65535.

bucket-number Among the data collected in the history control table, the latest bucket-number items are saved.

Value range: 1-65535

second Interval, whose value ranges from 1 to 3600

owner-name Character string of the owner

- 62 -


Value range: 1-127 characters

Default

The value of bucket-numberDefault is 50. The value of secondDefault is 1800.

Instruction

It is configured in interface mode and used for adding an item to the history control table.

Example

In the following example, the history control item is added to interface 8 of fast Ethernet. The statistics data in the latest 20 intervals is saved. The interval is 20 seconds.

int f 0/8 rmon collection history 2 buckets 20 interval 10 owner switch

3.2.5 show rmon

Command description

show rmon [alarm] [event] [statistics] [history]

The previous command is used to display the rmon configuration.

Parameter

None

Default

None

Instruction

It is used to display the rmon configuration.

Example

In the following example, the rmon configuration is displayed. show rmon

3.3 Configuring PDP Commands The following are RMON configuration commands:

pdp timer

pdp holdtime

pdp version

pdp run

pdp enable

show pdp traffic

- 63 -


show pdp neighbour

3.3.1 pdp timer

Command description

[no|default] pdp timer seconds

The previous command is to configure the time of the PDP timer.

Parameter


seconds Interval of sending message out by the PDP

Value range: 5-24

Unit: seconds

Default

60 seconds

Instruction

It is configured in global configuration mode.

Example

In the following example, the switch is configured to send out the PDP message every five seconds. pdp timer 5

3.3.2 pdp holdtime

Command description

[no|default] pdp holdtime seconds

The previous command is used to configure the PDP timer's time.

Parameter


seconds Duration from when the neighbour information is received to when the neighbour information is deleted from the database

Value range: 10-255

Default

180 seconds

Instruction


- 64 -


Example

In the following example, the switch is configured to save the received neighbour information for 15 seconds

pdp holdtime 15

3.3.3 pdp version

Command description

[no] pdp version <1|2>

The previous command is used to configure the PDP version.

Parameter


version PDP version

Version 1 or 2 can be selected.

Default

Version 2

Instruction


Example

In the following example, the PDP version of the switch is set to version 1: pdp version 1

3.3.4 pdp run

Command description

[no] pdp run

The previous command is to start up the PDP.

Parameter

None.

Default

PDP is started up.

Instruction


- 65 -


Example

In the following example, PDP is forbidden. no pdp run

3.3.5 pdp enable

Command description

[no] pdp enable

The previous command is used to enable PDP.

Parameter

None

Default

PDP is configured to enable.

Instruction

It is configured in interface configuration mode. PDP must be enabled in port mode and global mode. PDP can then be effective. Generally, PDP is forbidden only on several ports.

Example

In the following example, PDP is forbidden on port f0/1. switch_config_f0/1#no pdp enable

3.3.6 show pdp traffic

Command description

show pdp traffic

The previous command is used to display the number of the received or sent PDP messages.

Parameter

None

Default

None

Instruction

It is used to check PDP running.

Example

config#show pdp traffic

- 66 -


Packets output: 253491, Input: 0 Hdr syntax: 0, Chksum error: 0 No memory: 0, Invalid packet: 0

3.3.7 show pdp neighbour

Command description

show pdp neighbour

The previous command is used to display the PDP neighbour.

Parameter

None

Default

None

Instruction

It is used to check the running PDP neighbour.

Example

config#show pdp neighbors Capability Codes:R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater Device ID Local IntrfceHoldtmeCapabilityPlatform Port ID joeEth 0 133 4500 Eth 0 samEth 0 152 R AS5200 Eth 0

- 67 -


Chapter 4 Maintenance and Debugging Tool Commands

4.1 Network Testing Tool Commands

4.1.1 ping

It is used to test host accessibility and network connectivity. After the ping command is run, an ICMP request message is sent to the destination host, and then the destination host returns an ICMP response message.

ping [-f] [-i {source-ip-address | source-interface}] [-j host1 [host2 host3 …]] [–k host1 [host2, host3 …]] [-l length] [-n number] [-r hops] [-s tos] [-t ttl] [-v] [-w waittime] host

Parameter


-f Sets the DF digit (message is not segmented).

If the message required to be sent is larger than the MTU of the path, the message will be dropped by the routing switch on the path and the routing switch will then return an ICMP error message to the source host. If network performance has problems, one node in the network may be configured to a small MTU. You can use the –f option to decide the smallest MTU on the path.

Default value: No resetting -i Sets the source IP address of the message or the IP address of

an interface.

Default value: Main IP address of the message-sending interface

source-ip-address Source IP address adopted by the message source-interface Message takes the IP address of the source-interface interface

as the source address. -j host1 [host2 host3…] Sets the relaxation source route.

Default: Not set -k host1 [host2 host3…] Sets the strict source route

Default: Not set -l length Sets the length of ICMP data in the message.

Default: 56 bytes -n number Sets the total number of messages.

Default: 5 messages -r hops Records routes.

Up to hops routes are recorded.

Default: not record

- 68 -


-s tos Sets IP TOS of the message to tos.

Default: 0 -t ttl Sets IP TTL of the message to ttl.

Default: 255 -v Detailed output

Default: simple output -w waittime Time for each message to wait for response

Default: 2 seconds host Destination host

Command mode

Management mode, global configuration mode and interface configuration mode

Instruction

The command supports that the destination address is the broadcast address or the multicast address. If the destination address is the broadcast address (255.255.255.255) or the multicast address, the ICMP request message is sent on all interfaces that support broadcast or multicast. The routing switch is to export the addresses of all response hosts. By pinging multicast address 224.0.0.1, you can obtain the information about all hosts in directly-connected network segment that support multicast transmission.

Press the Q key to stop the ping command.

Simple output is adopted by default.


! A response message is received.

. Response message is not received in the timeout time.

U The message that the ICMP destination cannot be reached is received.

Q The ICMP source control message is received.

R The ICMP redirection message is received.

T The ICMP timeout message is received.

P The ICMP parameter problem message is received.

The statistics information is exported:


packets transmitted Number of transmitted messages

packets received Number of received response messages, excluding other ICMP messages

packet loss Rate of messages that are not responded to

round-trip min/avg/max Minimum/average/maximum time of a round trip (ms)

- 69 -


Example

switch#ping -l 10000 -n 30 192.168.20.125 PING 192.168.20.125 (192.168.20.125): 10000 data bytes !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! --- 192.168.20.125 ping statistics --- 30 packets transmitted, 30 packets received, 0% packet loss round-trip min/avg/max = 50/64/110 ms

4.2 System Debugging Commands

4.3 Fault Diagnosis Commands The chapter describes the commands used for fault diagnosis. All the following commands are used to detect the reason of the fault. You can use other commands to remove the fault, such as the debug command.

The following are fault diagnosis commands:

logging

logging buffered

logging console

logging facility

logging monitor

logging on

logging trap

service timestamps

clear logging

show break

show controller

show debug

show logging

4.3.1 logging

It is used to record the log information to the syslog server.

logging A.B.C.D

no logging A.B.C.D

Parameter


A.B.C.D IP address of the syslog server

- 70 -


Default:

The log information is not recorded to the server.

Command mode


Instruction

It is used to record the log information to the designated syslog server. It can be used for many times to designate multiple syslog servers.

Example

logging 192.168.1.1

Relative command

logging trap

4.3.2 logging buffered

It is used to record the log information to the memory of the switch.

logging buffered [size | level | dump ]

no logging buffered

Parameter


size Size of memory cache

Value range: 4096-2147483647

Unit: byte

level Information level of the log recorded to memory cache

Refer to table 1.

dump When the system has abnormality, the information in the current memory is currently recorded to the flash and the information is resumed after the system is restarted.

Default

The information is not recorded to the memory cache.

Command mode


- 71 -


Instruction

The command records the log information to the memory cache of the switch. The memory cache is circularly used. After the memory cache is fully occupied, the latter information will cover the previous information.

You can use the show logging command to display the log information recorded in the memory cache of the switch.

Do not use big memory for it causes the shortage of memory.

Table 1 Level of log recording

Prompt Level Description Syslog Definition

emergencies 0 System unusable LOG_EMERG

alerts 1 Immediate action needed

LOG_ALERT

critical 2 Critical conditions LOG_CRIT

errors 3 Error conditions LOG_ERR

warnings 4 Warning conditions LOG_WARNING

notifications 5 Normal but significant condition

LOG_NOTICE

informational 6 Informational messages only

LOG_INFO

debugging 7 Debugging messages LOG_DEBUG

Relative command

clear logging

show loggin

4.3.3 logging console

Run the command logging console to control the information volume displayed on the console.

Run the command no logging console to forbid the log information to be displayed on the console:

logging console level

no logging console

Parameter


level Information level of the logs displayed on the console

Refer to table 2.

Default

None

- 72 -


Command mode


Instruction

After the information level is specified, information of this level or the lower level will be displayed on the console.

Run the command show logging to display the currently configured level and the statistics information recorded in the log.



emergencies 0 System unusable LOG_EMERG


LOG_ALERT





LOG_NOTICE


LOG_INFO


Example

logging console alerts

Relative command

logging facility show logging

4.3.4 logging facility

Run the command logging facility to configure to record specified error information. To restore to local7, run the command no logging facility.

logging facility facility-type

no logging facility

Parameter


facility-type Facility type

Refer to table 3.

- 73 -


Default

local7

Command mode


Instruction

Table 3 Facility type

Type Description

auth Authorization system

cron Cron facility

daemon System daemon

kern Kernel

local0-7 Reserved for locally defined messages

lpr Line printer system

mail Mail system

news USENET news

sys9 System use

sys10 System use

sys11 System use

sys12 System use

sys13 System use

sys14 System use

syslog System log

user User process

uucp UNIX-to-UNIX copy system

Example

logging facility kern

Relative command

logging console

4.3.5 logging monitor

Run the command logging monitor to control the information volume displayed on the terminal line.

Run the command no logging monitor to forbid the log information to be displayed on the terminal line.

- 74 -


logging monitor level

no logging monitor

Parameter


level Information level of the logs displayed on the terminal line

Refer to table 4.

Default

debugging

Command mode


Instruction



emergencies 0 System is unusable LOG_EMERG


LOG_ALERT





LOG_NOTICE


LOG_INFO


Example

logging monitor errors

Relative command

terminal monitor

4.3.6 logging on

Run the command logging on to control the recording of error information.

Run the command no logging on to forbid all records.

logging on

- 75 -


no logging on

Parameter

None

Default

logging on

Command mode


Example

switch_config# logging on switch_config# ^Z switch# Configured from console 0 by DEFAULT switch# ping 192.167.1.1 switch#ping 192.167.1.1 PING 192.167.1.1 (192.167.1.1): 56 data bytes !!!!! --- 192.167.1.1 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max = 0/4/10 ms switch#IP: s=192.167.1.111 (local), d=192.167.1.1 (FastEthernet0/0), g=192.167.1.1, len=84, sending IP: s=192.167.1.1 (FastEthernet0/0), d=192.167.1.111 (FastEthernet0/0), len=84,rcvd IP: s=192.167.1.111 (local), d=192.167.1.1 (FastEthernet0/0), g=192.167.1.1, len=84, sending IP: s=192.167.1.1 (FastEthernet0/0), d=192.167.1.111 (FastEthernet0/0), len=84,rcvd IP: s=192.167.1.111 (local), d=192.167.1.1 (FastEthernet0/0), g=192.167.1.1, len=84, sending IP: s=192.167.1.1 (FastEthernet0/0), d=192.167.1.111 (FastEthernet0/0), len=84,rcvd IP: s=192.167.1.111 (local), d=192.167.1.1 (FastEthernet0/0), g=192.167.1.1, len=84, sending IP: s=192.167.1.1 (FastEthernet0/0), d=192.167.1.111 (FastEthernet0/0), len=84,rcvd IP: s=192.167.1.111 (local), d=192.167.1.1 (FastEthernet0/0), g=192.167.1.1, len=84, sending IP: s=192.167.1.1 (FastEthernet0/0), d=192.167.1.111 (FastEthernet0/0), len=84,rcvd switch_config# no logging on switch_config# ^Z switch# switch# ping 192.167.1.1 PING 192.167.1.1 (192.167.1.1): 56 data bytes !!!!! --- 192.167.1.1 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max = 0/4/10 ms

Relative command

logging

- 76 -


logging buffered

logging monitor

logging console

4.3.7 logging trap

Run the command logging trap to control the information volume recorded to the syslog server.

Run the command no logging trap to forbid the information to be recorded to the syslog server.

logging trap level

no logging trap

Parameter


level Information level of the logs displayed on the syslog server

Refer to table 5.

Default

Informational

Command mode


Instruction


Prompt Level Description Syslog Definition emergencies 0 System is unusable LOG_EMERG


LOG_ALERT





LOG_NOTICE


LOG_INFO


- 77 -


Example

logging 192.168.1.1 logging trap notifications

Relative command

logging

4.3.8 service timestamps

Run the command service timestamps to configure the time stamp that is added when the system is debugged or records the log information.

Run the command no service timestamps to cancel the time stamp that is added when the system is debugged or records the log information.

service timestamps [log|debug] [uptime| datetime]

no service timestamps [log|debug]

Parameter


log Adds the time stamp before the log information.

debug Adds the time stamp before the debug information.

uptime Duration between the startup of the switch and the current time

datetime Real-time clock time

Default

service timestamps log date

service timestamps debug date

Command mode


Instruction

The time stamp in the uptime form is displayed like HHHH:MM:SS, meaning the duration from the start-up of the switch to the current time.

The time stamp in the date form is displayed like YEAR-MON-DAY HH:MM:SS, meaning the real-time clock time.

Example

service timestamps debug uptime

4.3.9 clear logging

It is used to clear the log information recorded in the memory cache.

- 78 -


clear logging

Parameter

None

Command mode

Management mode

Relative command

logging buffered

show logging

4.3.10 show break

It is used to display the information about abnormal breakdown of the switch.

show break [map-filename]

Parameter


map-filename Specifies the filename of the function mapping table.

Default

None

Command mode

Management mode

Instruction

It is used to display the information about abnormal breakdown of the switch, helping to find the cause of the abnormality.

Example

switch#sh break Exception Type:1400-Data TLB error BreakNum: 1 s date: 2000-1-1 time: 0:34:6 r0 r1 r2 r3 r4 r5 r6 00008538-01dbc970-0054ca18-00000003-80808080-fefefeff-01dbcca1- r7 r8 r9 r10 r11 r12 r13 00000000-00009032-00000000-7ffffff0-00008588-44444444-0054c190- r14 r15 r16 r17 r18 r19 r20 000083f4-000083f4-00000000-00000000-00000000-00000000-00000000- r21 r22 r23 r24 r25 r26 r27 00000000-0000000a-00000001-00000000-00000000-004d6ce8-01dbd15c- r28 r29 r30 r31 spr8 spr9 ip 00000002-00467078-00010300-00000300-00000310-00008588-00000370-

- 79 -


Variables : 00008538-44444444-01dbd15c-01dbcaac-00000002-00000000-004d6ce8- 01dbca18- 00008538 --- do_chram_mem_sys_addr---bspcfg.o 0001060c --- subcmd---cmdparse.o---libcmd.a 000083e4 --- do_chram_mem_sys---bspcfg.o 0000fb24 --- lookupcmd---cmdparse.o---libcmd.a 0000f05c --- cmdparse---cmdparse.o---libcmd.a 003e220c --- vty---vty.o---libvty.a 00499820 --- pSOS_qcv_broadcast---ksppc.o---os\libsys.a

The whole displayed content can be divided into six parts: 1 RROR:file function.map not found

The prompt information means that the system has not been installed the software function.map, which does not affect the system running.

If the version of the software function.map is not consistent with that of the switch, the system prompts that the version is not consistent.

2 Exception Type—Abnormal hex code plus abnormal name

3 BreakNum

It is the current abnormal number. It means the number of abnormalities that the system has since it is powered on in the latest time. It is followed by the time when the abnormality occurs.

4 Content of the register

The common content of the register is listed out.

5 Variable area

The content in the stack is listed out.

6 数的调用关系 Calling relationship of the number

If the map file is not installed on the system, only the function's address is displayed. If the map file is installed on the system, the corresponding function name, .o file name and .a file name are displayed.

The calling relationship is from bottom to top.

4.3.11 show controller

It is used to display the information about the interface control of the switch.

show controller [interface]

Parameter


interface Specifies the interface name.

- 80 -


Default

None

Command mode

Management mode

Instruction

It is used to display the controller state and the configuration information of the specified interface. When the fault occurs, you can analyze the data to discover the cause of the fault.

Example

switch#show controller s1/0 Interface Serial1/0 Hardware is PowerQUICC MPC860T SCC Registers: General [GSMR]=0x68034:0x22, Protocol-specific [PSMR]=0x3000 Events [SCCE]=0, Mask [SCCM]=0xcf, Status [SCCS]=0x3 Transmit on Demand [TODR]=0, Data Async [DSR]=0x7e7e Interrupt Registers: [CICR]=00e49f80 [CIPR]=4000c006 [CIMR]=48000000, [CISR]=00000000 Command register [CR]=0x6c0 SICR=0900002c, BRG=00000000:00010288:00000000:00000000 (aux=0) Statistics: scc4, port3 int 751229 bad_first 0 too_long 0 drop 0 tx_count 1 bk_count 0 h_Q 81 s_Q 0 Port A [PADIR]=0000 [PAPAR]=53c3 [PAODR]=0000 [PADAT]=fefe Port B [PBDIR]=00021001 [PBPAR]=00001020 [PBODR]=0000 [PBDAT]=0001e3be Port C [PCDIR]=0000 [PCPAR]=0008 [PCSO]=0438 [PCDAT]=0fe7 [PCINT]=0008 Receive Ring rmd(fff02320): status=9000 length=0000 address=01155f58 rmd(fff02328): status=9000 length=0000 address=01156c90 rmd(fff02330): status=9000 length=0000 address=01156b18 rmd(fff02338): status=9000 length=0000 address=011569a0 rmd(fff02340): status=9000 length=0000 address=01156828 rmd(fff02348): status=9000 length=0000 address=011566b0 rmd(fff02350): status=9000 length=0000 address=01156538 rmd(fff02358): status=b000 length=0000 address=01156f80 Transmit Ring tmd(fff02360): status=0000 length=0000 address=00000000 tmd(fff02368): status=0000 length=0000 address=00000000 tmd(fff02370): status=0000 length=0000 address=00000000 tmd(fff02378): status=0000 length=0000 address=00000000 tmd(fff02380): status=0000 length=0000 address=00000000 tmd(fff02388): status=9000 length=0051 address=01156df4 tmd(fff02390): status=0000 length=0000 address=00000000 tmd(fff02398): status=2000 length=0000 address=00000000 SCC GENERAL PARAMETER RAM (at 0xfff03f00) Rx BD Base [RBASE]=0x2320, Fn Code [RFCR]=0x15 Tx BD Base [TBASE]=0x2360, Fn Code [TFCR]=0x15 Max Rx Buff Len [MRBLR]=252

- 81 -


Current Rx(2) State [RSTATE]=0x9000, BD Ptr [RBPTR]=0x1156b18 Current Tx(5) State [TSTATE]=0x9000, BD Ptr [TBPTR]=0x1156df4 SCC UART PARAMETER RAM (at 0xfff03f30) Maximum idle characters 1 Break Character 1 Received Parity Error 58445 Received Frame Error 65261 Received Noise Error 39256 Number of break conditions 22595 Last Received Break length 1524 uart1 63220 uart2 1 Transmit Out of sequence 0 cc[0] = 4011 cc[1] = 4013 cc[2] = 8000 cc[3] = 4011 cc[4] = 4013 cc[5] = 8000 cc[6] = 9c80 cc[7] = 7051 rccm = c0ff rccr = bf28 rlbc = a6fe RxBufSiz 254 flow 1 flag=00000120, size=00000008, X=11, Xoff=13 DCR_B3#

The whole displayed information can be divided into the following parts:

(4) Name and type of interface control

Here it is MPC860 and SCC.

(5) Running state of the controller

Statistics data about breakdown, error and resetting Length of the receiving and transmitting queue

(6) Controller configuration parameter

Register content parameter Controller partial parameter Physical protocol parameter

(7) State when BD is received or sent

The length, state and indicator of BD are listed out. The location where BD is received or sent and relative states

4.3.12 show debug

It is used to display all the enabled debugging options of the switch.

show debug

Parameter

None

Command mode

Management mode

Example

switch# show debug

- 82 -


Crypto Subsystem: Crypto Ipsec debugging is on Crypto Isakmp debugging is on Crypto Packet debugging is on

Relative command

debug

4.3.13 show logging

It is used to display the state of logging (syslog).

show logging

Parameter

None

Command mode

Management mode

Instruction

It is used to display the state of logging (syslog), including the login information about the console, monitor and syslog.

Example

switch# show logging Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns) Console logging: level debugging, 12 messages logged Monitor logging: level debugging, 0 messages logged Buffer logging: level debugging, 4 messages logged Trap logging: level informations, 0 message lines logged Log Buffer (4096 bytes): 2000-1-4 00:30:11 Configured from console 0 by DEFAULT 2000-1-4 00:30:28 User DEFAULT enter privilege mode from console 0, level = 15

Relative command

clear logging

- 83 -


Chapter 5 SSH Configuration Commands

5.1.1 ip sshd enable

Command description

ip sshd enable

no ip sshd enable

Parameter

None

Default

1024 bits

Instruction

It is used to generate the rsa encryption key and then monitor the connection to the ssh server. The process of generating encryption key is a process of consuming the calculation time. It takes one or two minutes.

Command mode


Example

In the following example, the SSH service is generated. device_config#ip sshd enable

5.1.2 ip sshd timeout

Command description

ip sshd timout time-length

no ip timeout

Parameter


time-length Maximum time from the establishment of connection to the authentication approval Value range: 60-65535

Default

180 seconds

- 84 -


Instruction

To prevent the illegal user from occupying the connection resources, the connections that are not approved will be shut down after the set duration is exceeded.

Command mode


Example

In the following example, the timeout time is set to 360 seconds: device_config#ip sshd timeout 360

5.1.3 ip sshd auth-method

Command description

ip sshd auth-method method

no sshd auth-method

Parameter


method Sets authentication method list.

Default

The default authentication method list is used.

Instrunction

The ssh server uses the authentication method list of the login type.

Command mode


Example

In the following example, an auth-ssh authentication method list is configured and it is applied to the ssh server: device_config#aaa authentication login auth-ssh local device_config#ip sshd auth-method auth-ssh

5.1.4 ip sshd access-class

Command description

ip sshd access-class access-list

no ip sshd access-class

- 85 -


Parameter


access-list Standard IP access list

Default

No access control list

Instrunction

It is used to configure the access control list for the ssh server. Only the connections complying with the regulations in the access control list can be approved.

Command mode


Example

In the following example, an ssh-accesslist access control list is configured and applied in the ssh server: device_config# ip access-list standard ssh-accesslist device_config_std_nacl#deny 192.168.20.40 device_config#ip sshd access-class ssh-accesslist

5.1.5 ip sshd auth-retries

Command description

ip sshd auth-retries times

no ip sshd auth-retries

Parameter


times Maximum re-authentication times Value range: 0-65535

Default

3 times

Instrunction

The connection will be shut down when the re-authentication times exceeds the set times.

Command mode


- 86 -


Example

In the following example, the maximum re-authentication times is set to five times: device_config#ip sshd auth-retries 5

5.1.6 ip sshd clear

Command description

ip sshd clear ID

Parameter


ID Number of the SSH connection to the local device Value range: 0-65535

Default

N/A

Instruction

It is used to mandatorily close the incoming ssh connection with the specified number. You can run the command show ip sshd line to check the current incoming connection’s number.

Command mode


Example

In the following example, the No.0 incoming connection is mandatorily closed: device_config#ip sshd clear 0

5.1.7 ssh

Command description

ssh –l userid –d destIP [-c {des|3des|blowfish }] [-o numberofpasswdprompts] [-p port]

Parameter


–l userid User account on the server

–d destI Destination IP address in the dotted decimal system

-o numberofpasswdprompts

Re-authentication times after the first authentication fails

Actual re-authentication times is the set value plus the smallest value set

- 87 -


on the server. Its default value is three times.


-p port Port number that the server monitors

Its default value is 22.


-c {des|3des|blowfish}

Encryption algorithm used during communication

The encryption algorithm is 3des by default.

Default

N/A

Instruction

The command is used to create a connection with the remote ssh server.

Command mode

Privileged mode

Example

In the following example, a connection with the ssh server whose IP address is 192.168.20.41 is created. The account is zmz and the encryption algorithm is blowfish: device#ip ssh –l zmz –d 192.168.20.41 –c blowfish

5.1.8 show ssh

Command description

show ssh

Parameter

None

Default

N/A

Instrunction

It is used to display the sessions on the ssh server.

Command mode

Privileged mode

Example

In the following example, the sessions on the ssh server are displayed: device#show ssh

- 88 -


5.1.9 show ip sshd

Command description

show ip sshd

Parameter

None

Default

N/A

Instrunction

It is used to display the current state of the ssh server.

Command mode

Privileged mode

Example

In the following example, the current state of the ssh server is displayed: device#show ip sshd

- 89 -


Chapter 6 Other system Command

6.1 The link scan command

Command description

This command is to configure the scan interval of the port

[no] link scan time

Parameter


time Port scan interval,the range of 10 to 1000 milliseconds

Default

Default IES model is 10ms, and the general switch models is 1000ms.

Command mode


Example

In the following example, Configure the switch every 20 milliseconds to do a port scan:

Link scan 20

- 90 -

Interface Configuration Commands

Table of Contents

Table of Contents

Chapter 1 Interface Configuration Commands................................................................................... 1 1.1 Interface Configuration Commands...................................................................................... 1

1.1.1 description .................................................................................................................. 1 1.1.2 bandwidth ................................................................................................................... 2 1.1.3 delay........................................................................................................................... 2

- I -


Chapter 1 Interface Configuration Commands

1.1 Interface Configuration Commands

Interface configuration commands include：

description

bandwidth

delay

1.1.1 description

description

To configure the description information on an interface, use the description command. [no] description line

parameter


line Specifies the description character string, including the spaces in the middle of the line.

default

disabled

instruction

Use this command in the interface configuration mode.

example

The following example configures ‘up link’ as the interface f0/1 description:

Switch(config)# interface FastEthernet0/1 Switch(Switch_config_g0/1)# description up link

- 1 -


1.1.2 bandwidth

description

To configure the bandwidth on an interface, use the bandwidth command.

bandwidth kilobps

parameter


kilobps Specifies the interface bandwidth. The value is the same as the interface type.

default

default:10000.

instruction

Use this command in the interface configuration mode.

Note：

The configured bandwidth isn’t the actural bandwidth of the interface. It is only used to compute the interface cost by certain protocols (like spanning-tree).

Example

The following example configures 1000000 as the interface f0/1 bandwidth:

Switch(config)# interface FastEthernet1/1 Switch(config-if)# bandwidth 10000000

1.1.3 delay

description

To set a delay value for an interface, use the delay command in interface configuration mode.

delay tensofmicroseconds

- 2 -


parameter


tensofmicroseconds specifies the interface delay.

default

1

instruction

Use this command in the interface configuration come.

example

The following example configures 10 as the delay value for an interface:

Switch(config-if)# delay 10

- 3 -

Port Additional Characteristics Configuration Commands

Table of Contents

Table of Contents

Chapter 1 Port Security ...................................................................................................................... 1 1.1 switchport port-security mode static ..................................................................................... 1 1.2 switchport port-security mode dynamic ................................................................................ 1 1.3 switchport port-security static mac-address.......................................................................... 1 1.4 switchport port-security dynamic maximum.......................................................................... 1

Chapter 2 Port Protection................................................................................................................... 2 2.1 switchport protected.............................................................................................................. 2

Chapter 3 Port Storm Control............................................................................................................. 3 3.1 storm-control ......................................................................................................................... 3

Chapter 4 Port Rate Limitation ........................................................................................................... 4 4.1 switchport rate-limit ............................................................................................................... 4

- I -


Chapter 1 Port Security

1.1 switchport port-security mode static

Command description

switchport port-security mode static {accept | reject}

no switchport port-security mode

Set the static mode of the security port.

1.2 switchport port-security mode dynamic

Command description

switchport port-security mode dynamic

no switchport port-security mode

Add/delete the dynamic mode of the security port.

1.3 switchport port-security static mac-address

Command description

switchport port-security static mac-address mac-addr

no switchport port-security static mac-address

Configure the static MAC address of the security port.

1.4 switchport port-security dynamic maximum

Command description

switchport port-security dynamic maximum value

no switchport port-security dynamic maximum

Add/delete the maximum number of dynamic MAC addresses of the security port.

- 1 -


Chapter 2 Port Protection

2.1 switchport protected

Command description

[no] switchport protected

Configure the port isolation function.

Parameter

None

Default

The port is not isolated.

Explanation

The command must be configured in layer-2 port configuration mode.

Example

Configure port f0/1 not to forward the unknown unicast frame. Switch(config)# interface fastethernet0/1

Switch(config-if)# switchport protected

- 2 -


Chapter 3 Port Storm Control

3.1 storm-control

Command description

Configure the storm control function of the port.

storm-control {broadcast | multicast | unicast} threshold count

no storm-control {broadcast | multicast | unicast} threshold count

Parameter


broadcast | multicast | unicast

Defines the storm control of the broadcast, multicast and unicast.

threshold count

Defines the flow percent of the storm control. The count parameter defines the flow caps that lead to the storm.

<1-127>, n*64Kbps(n<=28);(n-27)Mbps(n>28)

Default

The storm control function is not enabled.

Explanation

The command must be configured in layer-2 port configuration mode.

Example

Set the storm control of the unknown unicast frame on port f0/1 to 192 Kbps. Switch(config)# interface fastethernet0/1 Switch(config-f0/1)# storm-control unicast threshold 3

- 3 -


Chapter 4 Port Rate Limitation

4.1 switchport rate-limit

Command description

[no] switchport rate-limit band { ingress|egress}

Configure the flow rate limitation for the port.

Parameter


Band Flow rate

n*64Kbps(n<=28); (n-27)Mbps(n>28)

ingress Functions at the incoming port. egress Functions at the outgoing port.

Default

The port has no port rate limitation.

Explanation

Layer-2 port configuration mode

Example

Set the incoming flow rate limitation on port f0/1 to 1M. Switch(config)# interface f0/1 Switch(config-if)# switchport rate-limit 28 ingress

- 4 -

Interface Range Command

Table of Contents

Table of Contents

Chapter 1 Interface range command.................................................................................................. 1 1.1 interface range...................................................................................................................... 1

- I -

Interface Range Commands

Chapter 1 Interface Range Command

1.1 Interface Range

Description

interface range type slot/<port1 - port2 | port3>[<port1 - port2|port3>]

Parameter

Name Description Description

type Interface type All legal interface types except for the management interface on the main contril board of the rack-mounted switch.

slot Slot number All legal slot numbers

port1 Beginning value of the port number

All legal port numbers on the slot.

port2 Ending value of the port number

All legal port numbers on the slot except for port 1.

port3 A single port. All legal port numbers on the slot.

Default

none

Instruction

Use this command to enter the interface range mode.

Example

Use the following command to enter the enterface configuration mode, including slot 0 and fast Ethernet port 1,2,3,6,8,10,11,12:

switch_config#interface range 1 - 3 , 6 , 8 , 10 - 12 switch_config_if_range#

- 1 -

Port Mirroring Configuration Commands

Table of Contents

Table of Contents

Chapter 1 Configuring Port Mirroring Commands.............................................................................. 1 1.1 Port Mirroring Configuration Commands .............................................................................. 1

1.1.1 mirror .......................................................................................................................... 1 1.1.2 show mirror................................................................................................................. 1

- I -


Chapter 1 Configuring Port Mirroring Commands

1.1 Port Mirroring Configuration Commands The following are port mirroring configuration commands:

mirror

show mirror

1.1.1 mirror

Description

[no] mirror session session_number {destination {interface interface-id } | source {interface interface-id [, | -] [both | rx | tx ] }

It is used to configure the command.

Parameters


session_number Number of port mirroring, whose value is 1

destination Information about the destination port mirroring

source Information about the mirrored port

both | rx | tx Data flow that will be mirrored

rx means that the input data is mirrored. tx means that the output data is mirrored. both means that input and output data are mirrored.

Instruction

Configure the command at the global configuration mode.

Example

Port g0/2 functions as the output mirror of port g0/1. Switch(config)# mirror session 1 destination interface g0/2 Switch(config)# mirror session 1 source interface g0/1 tx

1.1.2 show mirror

Description

show mirror [session session_number]

It is used to display the port mirroring information.

- 1 -


Parameter


session_number Number of port mirroring, whose value is 1

Default

None

Instruction

It is used to display the port mirroring information.

Example

All port mirroring information are displayed. Switch# show mirror Session 1 --------- Source Ports: RX Only: Fe0/3 TX Only: None Both: None Source VLANs: RX Only: None TX Only: None Both: None

- 2 -

VLAN Configuration Commands

Table of Contents

Table of Contents

Chapter 1 VLAN Configuration Commands ....................................................................................... 1 1.1 VLAN Configuration Commands........................................................................................... 1

1.1.1 vlan............................................................................................................................. 1 1.1.2 name .......................................................................................................................... 2 1.1.3 switchport pvid............................................................................................................ 3 1.1.4 switchport mode ......................................................................................................... 3 1.1.5 switchport trunk .......................................................................................................... 4 1.1.6 show vlan ................................................................................................................... 6

- I -


Chapter 1 VLAN Configuration Commands

1.1 VLAN Configuration Commands

VLAN configuration commands include：

vlan

name

switchport pvid

switchport mode

switchport trunk

show vlan

1.1.1 vlan

To add a VLAN, use the vlan command. Use the no form of this command to delete a VLAN.

[no] vlan vlan-id

Parameter


vlan-id ID of the VLAN. Range is from 1 to 4094。

Default

none

Command mode

global

Instruction

Use this command to enter VLAN configuration mode and to modify some attributes of the VLAN.

- 1 -


Example

This example shows how to add a new VLAN:

Switch_config# Switch_config#vlan 2 Switch_config_vlan_2#

1.1.2 name

To assign a name to a VLAN, use the name command. Use the no form of this command to remove the name assigned to a VLAN.

[no] name str

Parameter


str Name of the defined VLAN。The name consists of up to 32 characters.

Default

The default VLAN name is ‘Default’. Other VLAN name is VLANxxxx (xxxx is 4-digit stack ID)

Command mode

VLAN configuration mode

Instruction

This command can modify VLAN name to indicate special VLAN according to special requirements.

Example

The following command modify vlan200 to main405.

Switch_config# Switch_config# Switch_config#vlan 200 Switch_config_vlan_200#name ? WORD The ascii name of VLAN(32bytes) Switch_config_vlan_200#name main405

- 2 -


1.1.3 switchport pvid

To configure port VLAN of in the access mode, use the switchport pvid command.

switchport pvid vlan-id

no switchport pvid

Parameter


vlan-id VLAN ID of the port。 Range is from 1 to 4094。

Default

All ports are subordinate to VLAN 1.

Command mode

interface configuration mode

Instruction

Vlan of the pvid must exist before configuring this command. The port can be access mode or frame relay mode.

Example

The following example configures interface fastethernet 0/1 as the access interface of VLAN 10:

Switch(config)#interface f0/1 Switch(config)#vlan10 Switch(config-f0/1)#switchport pvid 10

1.1.4 switchport mode

To configure the interface mode, use the switchport mode command.

switchport mode {access | dot1q-tunnel | trunk}

Parameter


access Sets a nontrunking, nontagged single VLAN Layer 2 interface.

- 3 -


dot1q-tunnel Sets the trunking mode to TUNNEL unconditionally.

trunk Specifies a trunking VLAN Layer 2 interface.

Default

Access mode

Command mode


Instruction

If you enter access mode, the interface goes into permanent nontrunking mode and negotiates to convert the link into a nontrunk link even if the neighboring interface does not agree to the change.

If you enter trunk mode, the interface goes into permanent trunking mode and negotiates to convert the link into a trunk link even if the neighboring interface does not agree to the change.

If you enter dot1q-tunnel mode, the port is set unconditionally as an 802.1Q tunnel port.

The switchport mode command conflicts with 802.1X protocol. You cannot configure 802.1X protocol in trunk mode. 802.1X protocol is valid only in access mode.

Example

The following example configures the port to the trunk mode:

Switch(config-f0/1)#switchport mode trunk

1.1.5 switchport trunk

To set the trunk characteristics, use the switchport trunk commands. To reset all of the trunking characteristics back to the original defaults, use the no form of this command.

[no] switchport trunk {vlan-allowed vlan-list} | {vlan-untagged vlan-list }

Parameter


vlan-allowed Sets the list of allowed VLANs that transmit traffic from this interface in tagged format. Value is from 1 to 4094.

vlan-untagged Sets the list of allowed VLANs that transmit traffic from this interface in untagged format.Value is from 1 to 4094.

- 4 -


Default

The default native vlan ID is 1.

The valid VLAN ID is from 1 to 4094 (all VLANs).

Command mode

interface configuration

Instruction

You can use this command on an interface no matter it is in access or trunk mode. But this command is valid only when the interface is in trunking mode.

The vlan-allowed parameter sets the list of allowed VLANs that transmit traffic from this interface in tagged format. The vlan-untagged parameter sets the list of allowed VLANs that transmit traffic from this interface in untagged format.

The vlan-list format is all | none | add | remove | except vlan-list[,vlan-list...] where:

•all—Specifies all VLANs from 1 to 1005. Beginning with Cisco IOS Release 12.4(15)T, the valid VLAN ID range is from 1 to 4094.

•none—Indicates an empty list. This keyword is not supported in the switchport trunk allowed vlan form of the command.

•add—Adds the defined list of VLANs to those currently set instead of replacing the list.

•remove—Removes the defined list of VLANs from those currently set instead of replacing the list.

•except—Lists the VLANs that should be calculated by inverting the defined list of VLANs.

•vlan-list—Is either a single VLAN number from 1 to 1005 or a continuous range of VLANs described by two VLAN numbers, the lesser one first, separated by a hyphen that represents the VLAN IDs of the allowed VLANs when this port is in trunking mode. Beginning with Cisco IOS Release 12.4(15)T, the valid VLAN ID range is from 1 to 4094.

Example

The following example configures VLAN ID range to 1-10:

Switch(config-f0/1)#switchport trunk vlan-allowed 1-10,20-30,55 Switch(config-f0/1)#switchport trunk vlan-untagged 2-1000

- 5 -


1.1.6 show vlan

To display VLAN information, use the show vlan command.

show vlan [id vlan-id | interface intf-id]

Parameter


id Displays information about a single VLAN that is identified by a VLAN ID number; valid values are from 1 to 4094.

interface Displays the specified interface

Default

none

Command mode

EXEC/ All configuration modes

Instruction

none

Example

The following example shows all VLAN information:

Switch#sho vlan VLAN Status Name Ports ---- ------- ---------------- ------------------------------------------------- 1 Static Default F0/1, F0/2, F0/3, F0/4, F0/5, F0/6, F0/7, F0/8 F0/9, F0/10, F0/11, F0/12, F0/13, F0/14, F0/15 F0/16, F0/17, F0/18, F0/19, F0/20, F0/21, F0/22 F0/23, F0/24, G1/1, G2/1, P1 2 Static VLAN0002 F0/3 3 Static VLAN0003 F0/3 4 Static VLAN0004 F0/3 5 Static VLAN0005 F0/3 6 Static VLAN0006 F0/3

Status： indicates the source of VLAN. Static: indicates the VLAN is formed by configuration. Dynamic: indicates the VLAN is dynamically formed by GVRP protocol.

The following example shows the concrete information of a VLAN:

- 6 -


Switch> show vlan id 1 VLAN id: 1, Name: default, TotalPorts:11 Ports Atttributes ----------------------------------------------------------------- F0/1 Trunk,Untagged F0/2 Access F0/5 Trunk,Untagged F0/7 Trunk,Tagged F0/8 Trunk,Tagged F0/9 Trunk,Tagged F0/11 Access F0/12 Access F0/14 Trunk,Tagged F0/15 Trunk,Tagged F0/16 Trunk,Untagged

The following example shows the relevant information about a VLAN on an interface:

Switch#sho vlan int f0/6

Interface VLAN Name Property PVID Vlan-Map uTagg-VLan-Map -------------------- -------- ---- ---------------- ---------------- FastEthernet0/6 Trunk 1 3,5,7,9,11,13,15 none 17,19 Switch#sho vlan int f0/7 Interface VLAN Name Property PVID Vlan-Map uTagg-VLan-Map -------------------- -------- ---- ---------------- ---------------- FastEthernet0/7 Access 7 7 ----

- 7 -

STP Configuration Commands

Table of Contents

Table of Contents

Chapter 1 STP Configuration Commands ............................................................................................................................ 1 1.1 SSTP Configuration Commands ........................................................................................................................... 1

1.1.1 spanning-tree mode .................................................................................................................................. 1 1.1.2 spanning-tree sstp priority ......................................................................................................................... 2 1.1.3 spanning-tree sstp hello-time .................................................................................................................... 2 1.1.4 spanning-tree sstp max-age...................................................................................................................... 3 1.1.5 spanning-tree sstp forward-time................................................................................................................ 4 1.1.6 spanning-tree sstp cost ............................................................................................................................. 5 1.1.7 spanning-tree cost..................................................................................................................................... 6 1.1.8 spanning-tree sstp port-priority.................................................................................................................. 7 1.1.9 spanning-tree port-priority ......................................................................................................................... 8 1.1.10 show spanning-tree................................................................................................................................. 9

1.2 RSTP Configuration Commands ......................................................................................................................... 10 1.2.1 spanning-tree mode rstp ......................................................................................................................... 10 1.2.2 spanning-tree rstp forward-time .............................................................................................................. 10 1.2.3 spanning-tree rstp hello-time................................................................................................................... 11 1.2.4 spanning-tree rstp max-age .................................................................................................................... 12 1.2.5 spanning-tree rstp priority........................................................................................................................ 13 1.2.6 spanning-tree rstp cost............................................................................................................................ 13 1.2.7 spanning-tree rstp port-priority ................................................................................................................ 14 1.2.8 spanning-tree rstp migration-check ......................................................................................................... 15

Chapter 2 MSTP Configuration Commands ....................................................................................................................... 16 2.1 MSTP Configuration Command........................................................................................................................... 16

2.1.1 spanning-tree mode mstp........................................................................................................................ 16 2.1.2 spanning-tree mstp name........................................................................................................................ 16 2.1.3 spanning-tree mstp revision .................................................................................................................... 17 2.1.4 spanning-tree mstp instance ................................................................................................................... 18 2.1.5 spanning-tree mstp root .......................................................................................................................... 19 2.1.6 spanning-tree mstp priority...................................................................................................................... 20 2.1.7 spanning-tree mstp hello-time................................................................................................................. 21 2.1.8 spanning-tree mstp forward-time............................................................................................................. 21 2.1.9 spanning-tree mstp max-age................................................................................................................... 22 2.1.10 spanning-tree mstp diameter................................................................................................................. 23 2.1.11 spanning-tree mstp max-hops ............................................................................................................... 24 2.1.12 spanning-tree mstp port-priority ............................................................................................................ 24 2.1.13 spanning-tree mstp cost ........................................................................................................................ 25 2.1.14 spanning-tree mstp mst-compatible ...................................................................................................... 26 2.1.15 spanning-tree mstp migration-check ..................................................................................................... 27 2.1.16 show spanning-tree mstp ...................................................................................................................... 27 2.1.17 show spanning-tree mstp region ........................................................................................................... 29 2.1.18 show spanning-tree mstp detail............................................................................................................. 29

- I -

Table of Contents

2.1.19 show spanning-tree mstp interface ....................................................................................................... 31

- II -


Chapter 1 STP Configuration Commands

1.1 SSTP Configuration Commands

1.1.1 spanning-tree mode

description

To switch between RSTP and SSTP modes, use the spanning-tree mode command. To return to the default settings, use the no form of this command.

spanning-tree mode {rstp|sstp}

no spanning-tree mode

parameter


rstp Enables RSTP mode

sstp Enbales SSRP mode

default

SSTP

instruction

none

command mode

global configuration

example

The following example enables SSTP mode:

Switch(config)# spanning-tree mode sstp Switch(config)#

- 1 -


1.1.2 spanning-tree sstp priority

description

To set the sstp bridge priority, use the spanning-tree sstp priority command. To return to the default settings, use the no form of this command.

spanning-tree sstp priority value

no spanning-tree sstp priority

parameter


value Value is from 0 to 61440.

default

32768

Instruction

The switch becomes the root of the whole network spanning-tree when configured the priority value. You can set the bridge priority in increments of 4096 only. When you set the priority, valid values are 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440.

Command mode


example

This example shows how to set the SSTP priority:

Switch(config)# spanning-tree sstp priority 4096 Switch(config)#

1.1.3 spanning-tree sstp hello-time

description

To set the hello-time delay timer, use the spanning-tree sstp hello-time command. To return to the default settings, use the no form of this command.

spanning-tree sstp hello-time time

- 2 -


no spanning-tree sstp hello-time

parameter


time Number of seconds to set the hello-time delay timer; valid values are from 1 to 10 seconds.

default

4s

Instruction

The hello-time configured by the local switch is valid only when the local switch is the root switch.

Command mode


Example

The following example sets the SSTP hello-time to 8 seconds:

Switch(config)# spanning-tree sstp hello-time 8 Switch(config)#

1.1.4 spanning-tree sstp max-age

description

To set the SSTP max-age timer, use the spanning-tree sstp max-age command. To return to the default settings, use the no form of this command.

spanning-tree sstp max-age time

no spanning-tree sstp max-age

parameter


seconds Number of seconds to set the max-age timer; valid values are from 6 to 40 seconds.

- 3 -


default

20s

instruction

none

command mode


example

This example shows how to set the max-age timer： Switch(config)# spanning-tree sstp max-age 24 Switch(config)#

1.1.5 spanning-tree sstp forward-time

description

To set the forward-delay timer, use the spanning-tree sstp forward-time command in global configuration mode. To return to the default settings, use the no form of this command.

spanning-tree sstp forward-time time

no spanning-tree sstp forward-time

parameter


time Number of seconds to set the forward-delay timer; valid values are from 4 to 30 seconds.

default

15 seconds

instruction

none

- 4 -


command mode


example

The following example shows how to set forward delay timer:

Switch(config)# spanning-tree sstp forward-delay 20 Switch(config)#

1.1.6 spanning-tree sstp cost

description

To set the path cost of the interface for SSTP calculations, use the spanning-tree sstp cost command in interface configuration mode. To revert to the default value, use the no form of this command.

spanning-tree sstp cost value

no spanning-tree sstp cost

parameter


value Path cost. Valid values are from 1 to 200000000

default

10M Ethernet:100 。

100M Ethernet: 19 。

1000M Ethernet: 1 。

instruction

none

command mode


- 5 -


example

This example shows how to set a path cost value of 100 for the spanning tree VLAN associated with the interface F1/10:

Switch(config_f0/10)#spanning-tree sstp cost 100 Switch(config_f0/10)#

1.1.7 spanning-tree cost

description

To set the path cost of the interface for Spanning Tree Protocol (STP) calculations, use the spanning-tree cost command in interface configuration mode. To revert to the default value, use the no form of this command.

spanning-tree cost value

no spanning-tree cost

parameter


value Path cost; valid values are from 1 to 200000000

default

The default path cost is computed from the bandwidth setting of the interface.

instruction

The configuration result of this command is valid to all spanning-tree modes. In STP mode, the path cost of all VLAN spanning-trees on the interface will be updated. In MSTP mode, the path cost of all spanning-tree examples will be updated.

But the configuration result of the command will not influence the independent configuration in various modes. For example, the switch respectively configured with the spanning-tree sstp cost 100 and the spanning-tree cost 110 in SSTP mode, the port priority will be 100.

command mode


- 6 -


example

This example shows how to set a path cost value of 24 for the spanning tree VLAN associated with that interface:

Switch(config_f0/0)# spanning-tree cost 24 Switch(config_f0/0)#

1.1.8 spanning-tree sstp port-priority

description

To set the priority value in SSTP mode, use the spanning-tree sstp port-priority command. Use the no form of this command to restore the default value.

spanning-tree sstp port-priority value

no spanning-tree sstp port-priority

parameter


value Port priority。Value is from 0 to 255

default

128（0x80）

instruction

The port priority must be set in increments of 16 only.

command mode


example

The following example sets 32 as the priority value on interface f0/0:

Switch(config_f0/0)# spanning-tree sstp port-priority 32 Switch(config_f0/0)#

- 7 -


1.1.9 spanning-tree port-priority

description

To prioritize an interface when two bridges compete for position as the root bridge, use the spanning-tree port-priority command. The priority you set breaks the tie. To revert to the default setting, use the no form of this command.

spanning-tree port-priority value

no spanning-tree port-priority

parameter

parameter parameter

value Port priority。Value is from 0 to 255，

default

Port priority value is 128

instruction

The configuration result of this command is valid to all spanning-tree modes. In STP mode, the priority of all VLAN spanning-trees on the interface will be updated. In MSTP mode, the priority of all spanning-tree examples will be updated.

But the configuration result of the command will not influence the independent configuration in various modes. For example, the switch respectively configured with the spanning-tree sstp port-priority 100 and the spanning-tree port-priority 110 in SSTP mode, the port priority will be 100.

command mode


example

This example shows how to set the priority value:

Switch(config_f1/10)#spanning-tree port-priority 16 Switch(config_f1/10)#

- 8 -


1.1.10 show spanning-tree

description

To display spanning-tree information for the specified spanning-tree instances, use the show spanning-tree command.

show spanning-tree [detail | interface intf-i]

parameter


intf-i Pory name，like F0/10, G1/1

default

none

instruction

Show spanning-tree state.

command mode

Interface configuration/EXEC/global configuration

example

Switch_config#show span Spanning tree enabled protocol SSTP SSTP Root ID This bridge is the root Bridge ID Priority 32768 Address 00E0.0F64.8365 Hello/MaxAge/FwdDly 4/20/15(s) Intf Port ID Designated Port ID Name Pri.Nbr Role Sts Cost Bridge ID Pri.Nbr Cost -------- ------- ---- --- --------- -------------------- ------- --------- F0/47 128.47 Desg LIS 12 32768 00E0.0F64.8365 128.47 0 Switch_config#

- 9 -


1.2 RSTP Configuration Commands

1.2.1 spanning-tree mode rstp

description

To enable RSTP feature, use the spanning-tree mode rstp command. Use the no form of this command to disable RSTP.

spanning-tree mode rstp


parameter

none

default

RSTP disabled，SSTP enabled

instruction

none

example

The following example enables rstp on the switch:

switch(config)# spanning-tree mode rstp switch(config)#

1.2.2 spanning-tree rstp forward-time

description

To set the rstp forward-delay timer, use the spanning-tree rstp forward-time command in global configuration mode. To return to the default settings, use the no form of this command.

spanning-tree rstp forward-time time

no spanning-tree rstp forward-time

- 10 -


parameter


time Number of seconds to set the forward-delay timer; valid values are from 4 to 30 seconds.

default

15 seconds

instruction

none

example

The following example sets 20 seconds as the rstp forward-delay timer:

switch(config)# spanning-tree rstp forward-time 20 switch(config)#

1.2.3 spanning-tree rstp hello-time

description

To set the RSTP hello-time delay timer, use the spanning-tree rstp hello-time command in global configuration mode. To return to the default settings, use the no form of this command.

spanning-tree rstp hello-time time

no spanning-tree rstp hello-time

parameter


time Number of seconds to set the hello-time delay timer; valid values are from 1 to 10 seconds.

default

4 seconds

- 11 -


instruction

The hello-time configured by the local switch is valid only when the local switch is the root switch.

example

The following example sets 8 seconds as the rstp hello-time:

switch(config)# spanning-tree rstp hello-time 8 switch(config)#

1.2.4 spanning-tree rstp max-age

description

To set the RSTP max-age timer, use the spanning-tree rstp max-age command. To return to the default settings, use the no form of this command.

spanning-tree rstp max-age time

no spanning-tree rstp max-age

parameter


time Number of seconds to set the max-age timer; valid values are from 6 to 40 seconds.

default

20 seconds

instruction

none

example

The following example sets 24 seconds as the rstp max-age timer:

switch(config)# spanning-tree rstp max-age 24 switch(config)#

- 12 -


1.2.5 spanning-tree rstp priority

description

To set the rstp bridge priority, use the spanning-tree rstp priority command. To return to the default settings, use the no form of this command.

spanning-tree rstp priority value

no spanning-tree rstp priority

parameter


value Bridge priority。Value is from 0 to 61440，

default

32768

instruction

none

example

The following example sets 4096 as the bridge priority:

switch(config)# spanning-tree rstp priority 4096 switch(config)#

1.2.6 spanning-tree rstp cost

description

To set the path cost of the interface, use the spanning-tree rstp cost command. To revert to the default value, use the no form of this command.

spanning-tree rstp cost value

no spanning-tree rstp cost

parameter


value Path cost; valid values are from 1 to 200000000

- 13 -


default

The default path cost is computed from the bandwidth setting of the interface

10 Mbps: 2000000

100 Mbps: 200000

1000 Mbps: 20000

instruction

none

example

The following example sets a path cost value of 24 for the interface f0/0:

switch(config_f0/0)# spanning-tree rstp cost 24 switch(config_f0/0)#

1.2.7 spanning-tree rstp port-priority

description

To set an interface priority, use the spanning-tree rstp port-priority command. To revert to the default value, use the no form of this command.

spanning-tree rstp port-priority value

no spanning-tree rstp port-priority

parameter


value Port priority; valid values are from 0 to 255.

default

128

instruction

none

- 14 -


example

The following example sets 24 as the priority value on interface f0/0:

switch(config_f0/0)# spanning-tree rstp port-priority 24 switch(config_f0/0)#

1.2.8 spanning-tree rstp migration-check

Command description

spanning-tree rstp migration-check

Restart the protocol coversion check at the port of the RSTP.

Parameter

None

Default

None

Usage description

It is used to restart the protocol coversion check at the port, change the port from the STP-compatible mode to the RSTP mode, enabling the port to send RSTP BPDU.

The command is supported only in the switches that support IEEE 802.1D 2004 RSTP.

Command mode

Global/port configuration mode

Example

The following example shows the protocol coversion check is performed on port F0/10:

Switch(config_f0/10)#spanning-tree rstp migration-check Switch(config_f0/10)

- 15 -


Chapter 2 MSTP Configuration Commands

2.1 MSTP Configuration Command

2.1.1 spanning-tree mode mstp

Command description

spanning-tree mode mstp


Run the spanning-tree mode mstp command to set the running mode of STP to MSTP. Run the no spanning-tree mode command to disable STP.

Parameter

None

Default

The MSTP mode is closed, while the SSTP mode is running.

Usage description

None

Example

The following commands are used to enable the MSTP protocol on the switch:

switch(config)# spanning-tree mode mstp switch(config)#

2.1.2 spanning-tree mstp name

Command description

spanning-tree mstp name string

no spanning-tree mstp name

- 16 -


Run the spanning-tree mstp name string command to configure the regional name of the STP. Run the no spanning-tree mstp name command to resume the default name.

Parameter


String Configures the character string of the name. The character string can have up to 32 characters, capital sensitive. The default value is in the form of character string like the MAC address of the switch.

Default

Character string form of the switch’s MAC address

Usage description

None

Example

The following commands are used to set the configuration name of the switch’s STP to reg-01.

switch(config)# spanning-tree mstp name reg-01 switch(config)#

2.1.3 spanning-tree mstp revision

Command description

spanning-tree mstp revision value

no spanning-tree mstp revision

Run the spanning-tree mstp revision value command to generate the revision number of STP. Run the no spanning-tree mstp revision to restore the revision number to the default value.

Parameter


Value Revision number: 0 ~65535


- 17 -


Default

The default value of the revision number is 0.

Usage description

None

Example

The following commands are used to set the regional revision number of STP to 100.

switch(config)# spanning-tree mstp revision 100 switch(config)#

2.1.4 spanning-tree mstp instance

Command description

spanning-tree mstp instance instance-id vlan vlan-list

no spanning-tree mstp instance instance-id

Run the command spanning-tree mstp instance instance-id vlan vlan-list to map the VLAN to the MSTI. Run the command no spanning-tree mstp instance instance-id to re-map the VLAN to the CIST.

Parameter


instance-id Instance number of the STP, meaning an MSTI which ranges from 1 to 15.

vlan-list VLAN list which is mapped to the STP, ranging from 1 to 4094.

Default

All VLANs are mapped to the CIST (MST00).

Usage description

instance-id is an unique value representing an STP instance.

vlan-list represents a VLAN group, such as “1,2,3”, “1-5” and “1,2,5-10”.

- 18 -


Example

The following commands map VLAN1 to instance 1 of STP, and VLAN5,7,10-20 to instance 2 of STP, and then re-map these VLANs to MST00.

switch(config)# spanning-tree mstp instance 1 vlan 2 switch(config)# spanning-tree mstp instance 2 vlan 5,7,10-20 switch(config)# no spanning-tree mstp instance 2

2.1.5 spanning-tree mstp root

Command description

spanning-tree mstp instance-id root {primary | secondary}

[ diameter net-diameter [ hello-time seconds ] ]

no spanning-tree mstp root

Configure the specified MSTP instance to the primary/secondary root. Run its negative form to restore the priority of MSTP instance to the default value.

Both the diameter command and the hello-time command can modify the network diameter and the HelloTime parameter of the MSTP when they are setting the root.

Parameter


instance-id MSTP instance, ranging from 0 to 15 Primary Sets the MSTP instance to the primary root.

Secondary Sets the MSTP instance to the secondary root.

net-diameter Network diameter, which is optional

When the instance-id parameter is 0, it is effective.

It ranges from 2 to 7.

Seconds Hello time, an optional parameter, which ranges from 1 to 10 seconds

Default

The priority value of all default roots of all MSTP instances are 32768, the network diameter is 7 and the HelloTime is 2 seconds.

Usage description

Both the diameter command and the hello-time command are valid only when instanc-id is 0.

- 19 -


Generally, after you run the command to set the primary root, the protocol automatically checks the ID of the current network root and then sets the priority field of the root identifier to 24576 if this value gurantees the current switch to be the root of the MSTP instance. If the priority value of the root is smaller than 24576, the protocol will automatically set the MSTP priority of the current root to a value which is 4096 smaller than the root’s priority. Here, 4069 is the step of the root priority.

Different from the configuration of the primary root, the protocol directly sets the MSTP priority of the switch to 28672 after the command for configuring the secondary root is run. Thus, the current switch can be the secondary root when the priorities of other switches are the default value 28672.

Example

The following commands are used to set tbe switch to the primary root in the CIST and recalculate the time parameter of the MSTP through network diameter 3 and HelloTime3, and at last set the switch to the secondary root in the MST01.

switch(config)# spanning-tree mstp 0 root primary diameter 3 hello-time 3 switch(config)# spanning-tree mstp 1 root secondary

2.1.6 spanning-tree mstp priority

Command description

spanning-tree mstp instance-id priority value

no spanning-tree mstp priority

It is used to configure the bridge priority of the MSTP instance. Its negative form is used to resume the default value of the priority.

Parameter


instance-id MSTP instance number, ranging from 0 to 15 Value Bridge priority, which can be one of the given values:

0, 4096, 8192, 12288, 16384, 20480, 24576, 28672,

32768, 36864, 40960, 45056, 49152, 53248, 57344, 61440

Default

The default priority of the bridges of all MSTP instances is 32768.

Usage description

Each priority value in the MSTP instance is independent and can be configured independently.

- 20 -


Example

The following commands are used to set the priority of the switch in the CIST and MST01 to 4096 and 8192 respectively.

switch(config)# spanning-tree mstp 0 priority 4096 switch(config)# spanning-tree mstp 1 priority 8192

2.1.7 spanning-tree mstp hello-time

Command description

spanning-tree mstp hello-time seconds

no spanning-tree mstp hello-time

It is used to configure the hello-time of the MSTP, and its negative form is used to resume the default settings of the HelloTime.

Parameter


Seconds It ranges from 1 to 10 seconds. Its default value is 2 seconds.

Default

Two seconds

Usage description

None

Example

The following commands are used to set the HelloTime of the MSTP to 10.

switch(config)# spanning-tree mstp hello-time 10 switch(config)# no spanning-tree mstp hello-time

2.1.8 spanning-tree mstp forward-time

Command description

spanning-tree mstp forward-time seconds

no spanning-tree mstp forward-time

- 21 -


It is used to configure the Forward Delay of the MTSP. Its negative is used to resume the default settings.

Parameter


Seconds It ranges from 4 to 30 seconds. Its default value is 15 seconds.

Default

15 seconds

Usage description

None

Example

The following commands are used to set the Forward Delay parameter of the MTSP to 10.

switch(config)# spanning-tree mstp forward-time 10 switch(config)# no spanning-tree mstp forward-time

2.1.9 spanning-tree mstp max-age

Command description

spanning-tree mstp max-age seconds

no spanning-tree mstp max-age

It is used to configure the Max Age parameter of the MSTP. Its negative is used to resume the default settings.

Parameter


Seconds Range: 6 – 40 seconds

The default value is 20 seconds.

Default

20 seconds

- 22 -


Usage description

None

Example

The following commands are used to set the MaxAge parameter of the MSTP to 10.

switch(config)# spanning-tree mstp max-age 10 switch(config)# no spanning-tree mstp max-age

2.1.10 spanning-tree mstp diameter

Command description

spanning-tree mstp diameter net-diameter

no spanning-tree mstp diameter

It is used to configure the network diameter of the MSTP. Its negative is used to resume the default settings.


net-diameter Range: 2 – 7


Default

The default network diameter is 7.

Usage description

The net-diameter parameter is not saved as an independent settings in the switch. The time parameter that is modified through network diameter configuration can be saved. The net-diameter parameter is valid in the CIST. After settings, the three time parameters of the STP can be automatically updated to a relatively advantageous value.

It is recommended to set the time parameters of the STP through root configuration or network diameter configuration. In this way, the reasonability of the time parameters can be assured.

Example

The following first command is to set the bridge diameter of MSTP to 5. The second command is to resume the default value of the bridge diameter.

switch(config)# spanning-tree mstp diameter 5

- 23 -


switch(config)# no spanning-tree mstp diameter

2.1.11 spanning-tree mstp max-hops

Command description

spanning-tree mstp max-hops hop-count

no spanning-tree mstp max-hops

The spanning-tree mstp max-hops hop-count command is used to set the maximum number of hops of the MSTP BPDU. Its negative is used to resume the default settings.

Parameter


hop-count Range: 1 -40


Default

The default vaue of the maximum hop counts is 20.

Usage description

None

Example

The first command is to set the maximum hop counts of the MSTP BPDU to 5. The second command is to restore the default value of the maximum hop counts.

switch(config)# spanning-tree mstp max-hops 5 switch(config)# no spanning-tree mstp max-hops

2.1.12 spanning-tree mstp port-priority

Command description

spanning-tree mstp instance-id port-priority value

no spanning-tree instance-id port-priority

The spanning-tree mstp instance-id port-priority value command is used to the port priority in the specified STP instance. Its negative is used to resume the default settings.

- 24 -


Parameter


instance-id Number of the STP instance, ranging from 0 to 15 Value Port priority, which is one of the following values:

0, 16, 32, 48, 64, 80, 96, 112

128, 144, 160, 176, 192, 208, 224, 240

Default

The default priority value of the port in all STP instances is 128.

Usage description

None

Example

The first command is to set the priority of port F0/1 in the CIST to 16. The second command is to resume the default value.

switch(config_f0/1)# spanning-tree mstp 0 port-priority 16 switch(config_f0/1)# no spanning-tree mstp 0 port-priority

2.1.13 spanning-tree mstp cost

Command description

spanning-tree mstp instance-id cost value

no spanning-tree mstp instance-id cost

The command spanning-tree mstp instance-id cost value is used to set the path cost of the port in the specified STP instance. Its negative is used to resume the default settings.

Parameter


instance-id Number of the STP instance, ranging from 0 to 15 Value Path cost of the port, ranging from 1 to 200000000

Default

It depends on the connection rate of the port:

- 25 -


10 Mbps: 2000000

100 Mbps: 200000

1000 Mbps: 20000

Usage description

None

Example

The following commands are used to set the path cost of port F0/1 in the CIST to 200.

switch(config_f0/1)# spanning-tree mstp 0 cost 200 switch(config_f0/1)#

2.1.14 spanning-tree mstp mst-compatible

Command description

spanning-tree mstp mst-compatible

no spanning-tree mstp mst-compatible

Activate or shut down the MST-compatible mode.

Parameter

None

Default

The MSTP-compatible mode is not activated.

Usage description

After the MST-compatible mode is enabled, configure other connected switches that are running other MSTP protocols to the roots of CIST, ensuring that the switch can enter the MSTP-compatible mode by receiving the message.

Example

The following command is to activate the MST-compatible mode in global configuration mode:

switch(config)#spanning-tree mstp mst-compatible

- 26 -


2.1.15 spanning-tree mstp migration-check

Command description

spanning-tree mstp migration-check

Clear the STP information that is checked by the port, and restart the protocol conversion process.

Parameter

None

Default

None

Usage description

The command is valid in global configuration mode and in port configuration mode.

Example

The following commands are used to check the protocol conversion on all ports first, and then check the protocol conversion on port F0/1 again.

switch(config)# spanning-tree mstp migration-check switch(config)# interface f 0/1 switch(config_f0/1)# spanning-tree mstp migration-check

2.1.16 show spanning-tree mstp

Command description

show spanning-tree mstp [ instance instance-id ]

The command above is used to check the MSTP information. If you run the command show spanning-tree mstp, the information about all STP instances is displayed.

Parameter


instance-id Number of the STP instance, ranging from 0 to 15

- 27 -


Default

None

Usage description

It is valid in monitoring mode, global configuration mode or port mode.

Example

The following shows how to view all STP instances through the command. Here, MST00 stands for CIST, and the Type field stands for the port connection type.

Switch#show spanning-tree mstp MST00 Vlans Mapped: 1,4-4094 Root Address 00E0.0F64.8365 Priority 32768 (32768 mst-id 0) Root This root is the CIST and regional root Configured Hello Time 2, Forward Delay 15, Max Age 20, Max Hops 20 Root Times Hello Time 2, Forward Delay 15, Max Age 20 Interface Role Sts Cost Pri.Nbr Type ---------------- ---- --- --------- ------- -------------------------------- F0/1 Desg FWD 200000 128.1 P2p F0/3 Back BLK 200000 128.3 P2p F0/47 Desg FWD 200000 128.47 Edge MST01 Vlans Mapped: 2 Root Address 00E0.0F64.8365 Priority 32769 (32768 mst-id 1) Root This root for MST01 Interface Role Sts Cost Pri.Nbr Type ---------------- ---- --- --------- ------- -------------------------------- F0/1 Desg FWD 200000 128.1 P2p MST02 Vlans Mapped: 3 Root Address 00E0.0F64.8365 Priority 32770 (32768 mst-id 2) Root This root for MST02 Interface Role Sts Cost Pri.Nbr Type ---------------- ---- --- --------- ------- -------------------------------- F0/1 Desg FWD 200000 128.1 P2p

- 28 -


2.1.17 show spanning-tree mstp region

Command description

show spanning-tree mstp region

Check the regional configuration information about the MSTP.

Parameter

None

Default

None

Usage description

None

Example

See the following information. MST Config Table shows the relation between VLAN and STP instance.

switch(config)# show spanning-tree mstp region MST Region: Name: [reg01] Revision:[0] MST Config Table: Instance VLAN IDs ---------- ---------- 0 1,4-4094 1 2 2 3

2.1.18 show spanning-tree mstp detail

Command description

show spanning-tree mstp detail

The command above is used to check the detailed information about MSTP.

- 29 -


Parameter

None

Default

None

Usage description

None

Example

The following example shows the detailed STP information after the command is run, including the port connection type and optional characteristics:

Switch#show spanning-tree mstp detail MST00 Vlans Mapped: 1,4-4094 Root Address 00E0.0F64.8365 Priority 32768 (32768 mst-id 0) Root This root is the CIST and regional root Configured Hello Time 2, Forward Delay 15, Max Age 20, Max Hops 20 Root Times Hello Time 2, Forward Delay 15, Max Age 20 FastEthernet0/1 of MST00 is designated forwarding Port Info Port ID 128.1 Priority 128 Cost 200000 Designated Root Address 00E0.0F64.8365 Priority 32768 Cost 0 CIST Regional Root Address 00E0.0F64.8365 Priority 32768 Cost 0 Designated Root Address 00E0.0F64.8365 Priority 32768 Port ID 128.1 Edge Port: disabled Link Type: point-to-point (auto) Bpdu Guard: disabled (default) Root Guard: disabled (default) Loop Guard: disabled (default) Timers: message expires in 0 sec, forward delay 0 sec, up time 662 sec Number of transitions to forwarding state: 1 Bpdu sent 335, received 5 FastEthernet0/3 of MST00 is backup blocking Port Info Port ID 128.3 Priority 128 Cost 200000 Designated Root Address 00E0.0F64.8365 Priority 32768 Cost 0 CIST Regional Root Address 00E0.0F64.8365 Priority 32768 Cost 0 Designated Root Address 00E0.0F64.8365 Priority 32768 Port ID 128.1 Edge Port: disabled Link Type: point-to-point (auto) Bpdu Guard: disabled (default) Root Guard: disabled (default) Loop Guard: disabled (default) Timers: message expires in 5 sec, forward delay 15 sec, up time 662 sec

- 30 -


Number of transitions to forwarding state: 0 Bpdu sent 5, received 335 FastEthernet0/47 of MST00 is designated forwarding Port Info Port ID 128.47 Priority 128 Cost 200000 Designated Root Address 00E0.0F64.8365 Priority 32768 Cost 0 CIST Regional Root Address 00E0.0F64.8365 Priority 32768 Cost 0 Designated Root Address 00E0.0F64.8365 Priority 32768 Port ID 128.47 Edge Port: enabled (auto) Link Type: point-to-point (auto) Bpdu Guard: disabled (default) Root Guard: disabled (default) Loop Guard: disabled (default) Timers: message expires in 0 sec, forward delay 0 sec, up time 1485 sec Number of transitions to forwarding state: 1 Bpdu sent 744, received 0 MST01 Vlans Mapped: 2 Root Address 00E0.0F64.8365 Priority 32769 (32768 mst-id 1) Root This root for MST01 FastEthernet0/1 of MST01 is designated forwarding Port Info Port ID 128.1 Priority 128 Cost 200000 Designated Root Address 00E0.0F64.8365 Priority 32769 Cost 0 Desingated Root Address 00E0.0F64.8365 Priority 32769 Port ID 128.1 Timers: message expires in 0 sec, forward delay 0 sec, up time 662 sec Number of transitions to forwarding state: 1 MST Config Message transmitted 335, received 0 MST02 Vlans Mapped: 3 Root Address 00E0.0F64.8365 Priority 32770 (32768 mst-id 2) Root This root for MST02 FastEthernet0/1 of MST02 is designated forwarding Port Info Port ID 128.1 Priority 128 Cost 200000 Designated Root Address 00E0.0F64.8365 Priority 32770 Cost 0 Desingated Root Address 00E0.0F64.8365 Priority 32770 Port ID 128.1 Timers: message expires in 0 sec, forward delay 0 sec, up time 662 sec Number of transitions to forwarding state: 1 MST Config Message transmitted 335, received 0

2.1.19 show spanning-tree mstp interface

Command description

show spanning-tree mstp interface interface-id

- 31 -


The command above is used to check the information about the port which is run under MSTP.

Parameter


interface-id Port name, such as F0/1 and FastEtnernet0/3

Default

None

Usage description

None

Example

The following example shows the information about port F0/1 after you run the command show spanning-tree mstp interface f0/1: Switch#show spanning-tree mstp interface f0/1 FastEthernet0/1 of MST00 is designated forwarding Port Info Port ID 128.1 Priority 128 Cost 200000 Designated Root Address 00E0.0F64.8365 Priority 32768 Cost 0 CIST Regional Root Address 00E0.0F64.8365 Priority 32768 Cost 0 Designated Root Address 00E0.0F64.8365 Priority 32768 Port ID 128.1 Edge Port: disabled Link Type: point-to-point (auto) Bpdu Guard: disabled (default) Root Guard: disabled (default) Loop Guard: disabled (default) Timers: message expires in 0 sec, forward delay 0 sec, up time 851 sec Number of transitions to forwarding state: 1 Bpdu sent 430, received 5 FastEthernet0/1 of MST01 is designated forwarding Port Info Port ID 128.1 Priority 128 Cost 200000 Designated Root Address 00E0.0F64.8365 Priority 32769 Cost 0 Desingated Root Address 00E0.0F64.8365 Priority 32769 Port ID 128.1 Timers: message expires in 0 sec, forward delay 0 sec, up time 851 sec Number of transitions to forwarding state: 1 MST Config Message transmitted 430, received 0 FastEthernet0/1 of MST02 is designated forwarding Port Info Port ID 128.1 Priority 128 Cost 200000 Designated Root Address 00E0.0F64.8365 Priority 32770 Cost 0

- 32 -


Desingated Root Address 00E0.0F64.8365 Priority 32770 Port ID 128.1 Timers: message expires in 0 sec, forward delay 0 sec, up time 851 sec Number of transitions to forwarding state: 1 MST Config Message transmitted 430, received 0 Instance Role Sts Cost Pri.Nbr Vlans Mapped -------- ---- --- --------- ------- -------------------- 0 Desg FWD 200000 128.1 1,4-4094 1 Desg FWD 200000 128.1 2 2 Desg FWD 200000 128.1 3show spanning-tree mstp protocol-migration

Command description

show spanning-tree mstp protocol-migration

The command above is used to check the protocol conversion information when the port is running under MSTP.

Parameter

None

Default

None

Usage description

None

Example

The following example shows the information about protocol conversion after the command show spanning-tree mstp protocol-migration is run. Note that port F0/2 has transferred to the 802.1D STP mode.

Switch#show spanning-tree mstp protocol-migration MSTP Port Protocol Migration Interface Protocol Info ---------------- ---------- ------------------------------------------------ F0/2 802.1D

- 33 -

STP Optional Characteristic Configuration Commands

Table of Contents

Table of Contents

Chapter 1 STP Optional Characteristic Configuration Commands .................................................... 1 1.1 STP Optional Characteristic Configuration Commands ....................................................... 1

1.1.1 spanning-tree portfast ................................................................................................ 1 1.1.2 spanning-tree bpduguard ........................................................................................... 2 1.1.3 spanning-tree bpdufilter ............................................................................................. 3 1.1.4 spanning-tree uplinkfast ............................................................................................. 4 1.1.5 spanning-tree backbonefast....................................................................................... 4 1.1.6 spanning-tree guard ................................................................................................... 5 1.1.7 spanning-tree loopguard ............................................................................................ 6

- I -


Chapter 1 STP Optional Characteristic Configuration Commands

1.1 STP Optional Characteristic Configuration Commands

1.1.1 spanning-tree portfast

description

To enable bridge protocol data unit (BPDU) filtering by default on all PortFast ports, use the spanning-tree portfast bpdufilter default command in global configuration mode. To return to the default settings, use the no form of this command.

spanning-tree portfast {bpdufilter default | bpduguard default | default}

no spanning-tree portfast {bpdufilter default | bpduguard default | default}

To enable PortFast mode where the interface is immediately put into the forwarding state upon linkup without waiting for the timer to expire, use the spanning-tree portfast command in interface configuration mode. To return to the default settings, use the no form of this command.

spanning-tree portfast [disable | trunk]

no spanning-tree portfast

parameter


bpdufilter default Enables bpdu flter.

bpduguard default Enables bpdu guard.

default Specifies the default method.

default

disabled

instruction

In SSTP/PVST mode, the Port Fast characteristic makes a port immediately enter Forwarding state without experiencing any status change process. This configuration is invalid in RSTP/MSTP mode.

- 1 -


After configuring Port Fast, BPDU Guard or BPDU Filter needs to be configured for protection.

command mode

global and interface configuration mode

example

This example shows how to enable PortFast mode globally:

Switch(config)# spanning-tree portfast default Switch(config)#

This example shows how to enable PortFast mode on the interface f0/0:

Switch(config_f0/0)# spanning-tree portfast Switch(config_f0/0)#

1.1.2 spanning-tree bpduguard

description

To enable bridge protocol data unit (BPDU) guard on the interface, use the spanning-tree bpduguard command in interface configuration mode. To return to the default settings, use the no form of this command.

spanning-tree bpduguard {disable | enable}

no spanning-tree bpduguard

parameter

none

default

disabled

instruction

In SSTP/PVST mode, if a port that configured BPDU Guard and Port Fast receives BPDU, this port will be forced to shutdown. User can restore it by the manual configuration. In RSTP/MSTP mode, if a port that configured BPDU Guard receives BPDU, this port will be configured to Blocking state for a period of time.

- 2 -


command mode


example

This example shows how to enable BPDU guard on this interface:

Switch(config_f0/0)# spanning-tree bpduguard enable Switch(config_f0/0)#

1.1.3 spanning-tree bpdufilter

description

To enable bridge protocol data unit (BPDU) filtering on the interface, use the spanning-tree bpdufilter command in interface configuration mode. To return to the default settings, use the no form of this command.

spanning-tree bpdufilter {disable | enable}

no spanning-tree bpdufilter

parameter

none

default

disabled

instruction

In SSTP/PVST mode, if a port that configured BPDU Filter and Port Fast receives BPDU, the BPDU Filter and Port Fast characteristics on that port will be disabled automatically to restore the port to an ordinary port. Then this port must endure the wait from Listening to Learning before entering Forwarding state.

This feature is invalid in RSTP/MSTP mode.

command mode


example

This example shows how to enable BPDU filtering on this interface:

Switch(config_f0/0)# spanning-tree bpdufilter enable

- 3 -


Switch(config_f0/0)#

1.1.4 spanning-tree uplinkfast

description

To enable the debugging of the spanning-tree UplinkFast events, use the debug spanning-tree uplinkfast command. To disable the debugging output, use the no form of this command.

spanning-tree uplinkfast [max-update-rate pkts-per-second]

no spanning-tree uplinkfast [max-update-rate]

parameter

none

default

disabled

instruction

Uplink Fast characteristic is only valid in SSTP/PVST mode.

command mode


example

The following example enables uplinkfast characteristic:

Switch(config)# spanning-tree uplinkfast Switch(config)#

1.1.5 spanning-tree backbonefast

description

To enable debugging of the spanning-tree BackboneFast events, use the debug spanning-tree backbonefast command. To disable the debugging output, use the no form of this command.

spanning-tree backbonefast

- 4 -


no spanning-tree backbonefast

parameter

none

default

disabled

instruction

Backbone Fast characteristic is only valid in SSTP/PVST mode.

command mode


example

The following command enables backbonefast characteristic:

Switch(config)# spanning-tree backbonefast Switch(config)#

1.1.6 spanning-tree guard

description

To enable or disable the guard mode, use the spanning-tree guard command in interface configuration mode. To return to the default settings, use the no form of this command.

spanning-tree guard {loop | none | root}

no spanning-tree guard

parameter


loop Enables the loop-guard mode on the interface. Value is from 1 to 0xfe.

none Sets the guard mode to none. Value is 48-bit.

root Enables root-guard mode on the interface.

- 5 -


default

disabled

instruction

Root Guard characteristic can prevent a port from becoming Root port due to receving high priority BPDU.

Loop Guard characteristic can protect a Root Port or a Alternate Port when it becomes the Designated Port. This function can prevent a port from occuring the loop when it cannot continuously receive BPDU.

command mode


example

This example shows how to enable root guard: Switch(config_f0/0)# spanning-tree guard root Switch(config_f0/0)#

1.1.7 spanning-tree loopguard

description

To enable loop guard as a default on all ports of a given bridge, use the spanning-tree loopguard default command in global configuration mode. To disable loop guard, use the no form of this command.

spanning-tree loopguard default

parameter

none

default

none

instruction

none

- 6 -


command mode


example

The following command enables loopguard function:

Switch(config)# spanning-tree loopguard default Switch(config)#

- 7 -

MAC Address Table Characteristics Configuration Commands

Table of Contents

Table of Contents

Chapter 1 MAC Address Table Characteristics Configuration Commands ....................................... 1 1.1 MAC Address Table Characteristic Configuration Commands ............................................. 1

1.1.1 mac address-table static ............................................................................................ 1 1.1.2 mac address-table aging-time.................................................................................... 1 1.1.3 show mac address-table ............................................................................................ 2 1.1.4 clear mac address-table............................................................................................. 3

- I -


Chapter 1 MAC Address Table Characteristics Configuration Commands

1.1 MAC Address Table Characteristic Configuration Commands

1.1.1 mac address-table static

description

To add/delete a static MAC address, use the mac address-table static command.

[no] mac address-table static mac-addr vlan vlan-id interface interface-id

parameter


mac-addr MAC address. Value format: H.H.H.

vlan-id Vlan id of the MAC address, in the range from 1 to 4094.

interface-id Interface id of the MAC address.

Default

none

command mode


example

The following example binds the MAC address 0004.5600.67ab to the interface g0/2 of VLAN 1: Switch(config)# mac address-table static 0004.5600.67ab vlan 1 interface g0/2

1.1.2 mac address-table aging-time

description

To configure the maximum aging time for MAC address table, use the mac-address-table aging-time command in global configuration mode.

mac address-table aging-time [0 | 10-1000000]

parameter


0 The aging time for MAC address table is disabled.

10-1000000 The aging time for MAC address table. Valid values are from 10

- 1 -


to 1000000 seconds.

Default

none

command mode

global configuration mode

example

The following example configures the aging time for MAC address table to 100 seconds: Switch(config)# mac address-table aging-time 100

1.1.3 show mac address-table

description

To display the content of the switch MAC address table, use the show mac address-table command.

show mac address-table {dynamic [interface interface-id | vlan vlan-id] | static}

parameter


dynamic The MAC address table that acquires dynamically.

interface-id Interface name

vlan-id VLAN ID, in the range from 1 to 4094.

static The static MAC address table.

default

none

instruction

Use this command to display MAC address table.

example

The following example displays all static MAC address tables: Switch# show mac address-table static Mac Address Table ------------------------------------------ Vlan Mac Address Type Ports ---- ----------- ---- ----- All 0000.0000.0001 STATIC CPU

- 2 -


All 0000.0000.0002 STATIC CPU All 0000.0000.0003 STATIC CPU All 0000.0000.0009 STATIC CPU All 0000.0000.0012 STATIC CPU All 0180.c200.000b STATIC CPU All 0180.c200.000c STATIC CPU All 0180.c200.000d STATIC CPU All 0180.c200.0010 STATIC CPU

1.1.4 clear mac address-table

description

To delete a dynamic MAC address, use the clear mac address-table

clear mac address-table dynamic [address mac-addr | interface interface-id | vlan vlan-id]

parameter


dynamic The dynamic MAC address

address mac-addr The MAC address. Value range: H.H.H.

interface-id Layer 2 interface name.

vlan-id VLAN ID, in the range from 1 to 4094.

default

none

command mode

EXEC

example

The following example deletes all MAC addresses that acquire dynamically on interface f0/2: Switch# clear mac address-table dynamic interface f0/2

- 3 -

Link Aggregation Configuration Commands

Table of Contents

Table of Contents

Chapter 1 Link Aggregation Configuration Commands...................................................................... 1 1.1 Link Aggregation Configuration Commands ......................................................................... 1

1.1.1 aggregator-group ....................................................................................................... 1 1.1.2 aggregator-group load-balance.................................................................................. 2 1.1.3 show aggregator-port ................................................................................................. 3 1.1.4 show interface port-aggregator .................................................................................. 4 1.1.5 debug lacp errors ....................................................................................................... 5 1.1.6 debug lacp state ......................................................................................................... 6 1.1.7 debug lacp packet ...................................................................................................... 7

- I -


Chapter 1 Link Aggregation Configuration Commands

1.1 Link Aggregation Configuration Commands

1.1.1 aggregator-group

description

To configure interface aggregation, use the aggregator-group command. Use the no form of this command to restore the default value.

aggregator-group id mode {lacp-negotiation |static }

no aggregator-group

parameter


id ID number of the logical port. Value range: none. lacp-negotiation Uses LACP negotiation. Value range:N/A. static Negotiation is not used on an port. Value range:N/A.

default

disabled

instruction

Port link aggregation is to bind several ports with the familiar attrubute to one logical port. LACP negotiation can be used to form binding process. Also the binding process can be forced to be formed without any LACP negotiation .

If the static aggregation is used, please make sure the attribute of the ports to be binded is the same,that is, they are all full-duplex mode and with the same rate. Meantime make sure the connection of the ports to be binded is peer-to-peer connection. Also the remote ports of the peer-to-peer connection are also binded to one logical port.

You can select LACP negotiation mode when configuring port aggregation. Active—Places a port into an active negotiating state, in which the port initiates negotiations with remote ports by sending LACP packets. Passive—Places a

- 1 -


port into a passive negotiating state, in which the port responds to LACP packets it receives but does not initiate LACP negotiation.

Switches of partial models doesn’t support dynamic negotiation mode, therefore relevant configuration commands are not provided.

Command mode


example

Switch(config_f0/24)#aggregator-group 3 mode lacp-negotiation Creating a port-aggregator interface Port-aggregator3 Switch(config_f0/24)#int f0/23 Switch(config_f0/23)#aggregator-group 3 mode lacp-negotiation

1.1.2 aggregator-group load-balance

description

To configure the load balance after port aggregation, use the aggregator-group load-balance command. Use the no form of this command to restore the default value.

aggregator-group load-balance { dst-mac| src-mac| both-mac | src-ip | dst-ip | both-ip }

no aggregator-group load-balance

parameter


dst-mac Sets destination mac address as standard. Value range: N/A. src-mac Sets source mac address as standard. Value range: N/A. both-mac Sets source and destination mac address as standard. Value

range:N/A. dst-ip Sets destination ip address as standard. Value range:N/A. src-ip Sets source ip address as standard. Value range:N/A. both-ip Sets source and destination ip address as standard. Value

range:N/A.

default

dst-mac

- 2 -


instruction

To ensure load balance of each physical port after port aggregation, use this command to equably distribute data flow on each physical port.

When dst-mac mode is selected, the distribution of data flow sets destination MAC address of the data packet as standard. The same MAC address is only sent out on a certain physical interface. The src-mac uses source MAC address as standard.

The supporting capability in load balance policy varies according to different models of switches. The command prompt only shows the sharing policy that the switch supports. If the switch doesn’t support any sharing polich or just supports one of them, the relevant subcommands will not be displayed.

Command mode


Example

The following command modifies load balance of the port-aggregator 3 to src mode:

Switch(config)#port-aggregator load-balance 3 src-mac Switch(config)#

1.1.3 show aggregator-port

description

To show the concrete information of aggregator-group, use the show aggregator-port command.

show aggregator-port [id] {detail|brief|summary}

parameter


id THE CONCRETE LOGICAL PORT ID.

default

none

instruction

This command is used to show port aggregation information.

- 3 -


Command mode

EXEC/ All configuration modes

1.1.4 show interface port-aggregator

description

To show concrete information of the aggregator-group, use the show interface port-aggregator command.

show interface port-aggregator id

parameter


id The concrete port ID, in the range from 1 to 16.

default

none

instruction

This command is used to show port aggregation information.

Command mode

EXEC/All configuration modes

example

The following example shows information about port-aggregator 1.

Switch#sho int po1 Port-aggregator1 is down, line protocol is down Hardware is PortAggregator, Address is 0000.0000.0000(0000.0000.0000) MTU 1500 bytes, BW 1000 kbit, DLY 2000 usec Encapsulation ARPA, loopback not set Members in this Aggregator: 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 multicasts

- 4 -


0 input errors, 0 input discards 0 CRC, 0 frame, 0 overrun, 0 ignored 0 packets output, 0 bytes, 0 underruns Transmited 0 broadcasts, 0 multicasts 0 output errors, , 0 discards 0 output buffer failures, 0 output buffers swapped out

Note: Members in this Aggregator indicates the physical port aggregated to the logical port.

Statistics descriptions are as follows：

Packets input indicates total number of error-free packets received by the system, including unicasts, multicasts and broadcasts.

Bytes indicate total number of in the error-free packets received by the system.

Broadcasts indicate total number of broadcast packets received by the interface.

Multicasts indicate total number of multicast packets received by the interface.

Input errors indicate the received error packets.

Input discards indicate the received packets are discarded, like the received packets when the interface protocol is down.

Packets output indicates total number of messages transmitted by the system, including unicasts, multicasts and broadcasts.

Bytes indicate total number of bytes transmitted by the system.

Broadcasts indicate total number of broadcast packets transmitted by the system.

Multicasts indicate total number of multicast packets transmitted by the system.

Input errors indicate the sending error packets.

Input discards indicate the sending packets are discarded, like the sending packets when the interface protocol is down.

1.1.5 debug lacp errors

description

To debug LACP errors information, use the debug lacp errors command.

debug lacp errors

no debug lacp errors

- 5 -


parameter

none

default

none

instruction

This command is used to debug all errors information during lacp operation to locate the error.

Command mode

EXEC

example

Switch# debug lacp error Switch#

1.1.6 debug lacp state

description

To debug lacp state, use the debug lacp state command.

debug lacp state

no debug lacp state

parameter

none

default

none

command mode

EXEC

- 6 -


example

Switch# debug lacp state Switch#

1.1.7 debug lacp packet

description

To debug lacp packet information, use the debug lacp packet command.

debug lacp packet

no debug lacp packet

parameter

none

default

none

command mode

EXEC

example

Switch# debug lacp packet Switch#

- 7 -

MAC Address List Characteristic Configuration Commands

Table of Contents

Table of Contents

Chapter 1 MAC Access List Configuration Commands........................................................................................................ 1 1.1 MAC Access List Configuration Commands.......................................................................................................... 1

1.1.1 mac access-list.......................................................................................................................................... 1 1.1.2 permit ........................................................................................................................................................ 1 1.1.3 deny........................................................................................................................................................... 2 1.1.4 mac access-group..................................................................................................................................... 3

- I -


Chapter 1 MAC Access List Configuration Commands

1.1 MAC Access List Configuration Commands mac access-list

permit

deny

mac access-group

1.1.1 mac access-list

description

To add a MAC access list, use the mac access-list command. To delete a MAC access list, use the mac access-list command.

[no] mac access-list name

parameter


name MAC access list name.

default

none

command mode


example

The following example establishes MAC access list named mac-acl: Switch-config_# mac access-list mac-acl Switch-config-macl#

1.1.2 permit

description

To add a permit entry to the MAC access list, use the permit command. Use the no form of this command to delete a permit entry from the MAC access list.

[no] permit {any | host src-mac-addr} {any | host dst-mac-addr}[ethertype]

- 1 -


parameter

parameter description Value range

any Any value －

host Host －

src-mac-addr Source MAC address H.H.H

dst-mac-addr Destination MAC address H.H.H

ethertype Types of the matching ethernet data packet.

0-0xFFFF

default

deny all

command mode

MAC access list configuration mode

example

The following example permits host whose source MAC address is 1234.5678.abcd: Switch-config-macl#permit host 1234.5678.abcd any 0x806

1.1.3 deny

description

To add a deny entry to the MAC access list, use the deny command. Use the no form of this command to delete a deny entry from the MAC access list.

[no] deny {any | host src-mac-addr} {any | host dst-mac-addr}[ethertype]

parameter

parameter Description Value range

any Any value －

host Host －

src-mac-addr Source MAC address H.H.H

dst-mac-addr Destination MAC address H.H.H

ethertype Types of the matching ethernet data packet.

0-0xFFFF

default

deny all

- 2 -


comamnd mode

MAC access list configuration mode

example

The following example denies host whose source MAC address is 1234.5678.abcd: Switch-config-macl#deny host 1234.5678.abcd any 0x806

1.1.4 mac access-group

description

To apply the configured MAC access list in global configuration mode, use the mac access-group command. Use the no form of this comand to delete the mac access-list.

[no] mac access-group name

parameter


name Name of the MAC access list.

default

No MAC access list is applied.

Command mode


example

The following example configures MAC access list named macacl: Switch_config#mac access-group macacl

- 3 -

IP Access List Configuration Commands

Table of Contents

Table of Contents

Chapter 1 Configuring Physical Interface IP Access List Command ................................................. 1 1.1 IP Access List Configuration Commands Based on Physical Interface................................ 1

1.1.1 deny............................................................................................................................ 1 1.1.2 ip access-group.......................................................................................................... 3 1.1.3 ip access-list............................................................................................................... 4 1.1.4 permit ......................................................................................................................... 5 1.1.5 show ip access-list ..................................................................................................... 7

- I -

Physical Interface IP Access List Configuration Commands

Chapter 1 Configuring Physical Interface IP Access List Command

1.1 IP Access List Configuration Commands Based on Physical Interface

deny

ip access-group

ip access-list

permit

show ip access-list

1.1.1 deny

To set conditions in a named IP access list that will deny packets, use the deny command in access list configuration mode. To remove a deny condition from an access list, use the no form of this command.

deny source [source-mask]

no deny source [source-mask]

deny protocol source source-mask destination destination-mask [tos tos]

no deny protocol source source-mask destination destination-mask [tos tos]

Internet Control Message Protocol (ICMP)

deny icmp source source-mask destination destination-mask [icmp-type] [tos tos]

Internet Group Management Protocol (IGMP)

deny igmp source source-mask destination destination-mask [igmp-type] [tos tos]

Transmission Control Protocol (TCP)

deny tcp source source-mask [operator port] destination destination-mask [operator port ] [tos tos]

User Datagram Protocol (UDP)

deny udp source source-mask [operator port] destination destination-mask [operator port] [tos tos]

parameter


Name or number of an Internet protocol. The protocol argument can be one of the keywords eigrp, gre, icmp, igmp, ip, ipinip, nos, ospf, tcp, or udp, or an integer in the range from 0 to 255 representing an Internet protocol number.

protocol

source Number of the network or host from which the packet is being sent. There are two alternative ways to specify the source. Use a 32-bit quantity in four-part dotted-decimal format. Use the any keyword as an abbreviation for a source and source-wildcard of 0.0.0.0

- 1 -


0.0.0.0.

Source address network masn. Use the any keyword as an abbreviation for the source mask and source of 0.0.0.0 0.0.0.

source-mask

destination Number of the network or host to which the packet is being sent. There are two alternative ways to specify the destination:

Use a 32-bit quantity in four-part dotted-decimal format.

Use the any keyword as an abbreviation for the destination and destination-wildcard of 0.0.0.0 255.255.255.255.

destination-mask Destination address network mask. Use the any keyword as an abbreviation for the destination address and destination address mask of 0.0.0.0 0.0.0.

tos tos (Optional) Packets can be filtered by type of service (ToS) level, as specified by a number from 0 to 15, or by a name as listed in the "Usage Guidelines" section of the access-list (IP extended) command.

icmp-type (Optional) ICMP packets can be filtered by ICMP message type. The type is a number from 0 to 255.

igmp-type (Optional) IGMP packets can be filtered by IGMP message type or message name. A message type is a number from 0 to 15. IGMP message names are listed in the "Usage Guidelines" section of the access-list (IP extended) command.

operator (Optional) Compares source or destination ports. Operators include lt (less than), gt (greater than), eq (equal), neq (not equal), and range (inclusive range).

If the operator is positioned after the source and source-wildcard arguments, it must match the source port. If the operator is positioned after the destination and destination-wildcard arguments, it must match the destination port.

port (Optional) The decimal number or name of a TCP or UDP port. A port number is a number from 0 to 65535.

Command mode

IP Access List Configuration Mode

Instruction

Use this command following the ip access-list command to specify conditions under which a packet cannot pass the named access list. The time-range keyword allows you to identify a time range by name. The time-range, absolute, and periodic commands specify when this deny statement is in effect.

Note:

- 2 -


After initially establishing an access list, any subsequent adding content(which can be input by terminal) is put in the bottom of the list.

example

The following example denies the network range 192.168.5.0: ip access-list standard filter deny 192.168.5.0 255.255.255.0

Note:

IP access table is concluded in a crytic deny rule.

Related commands

ip access-group

ip access-list

permit

show ip access-list

1.1.2 ip access-group

To apply an access control list to control packet access, use the ip access-group command in the appropriate configuration mode. To remove the specified access group, use the no form of this command.

ip access-group {access-list-name}

no ip access-group {access-list-name}

parameter


Name of an IP access list as specified by an ip access-list command.

access-list-name

Command mode

Interface configuration mode

Instruction

Access lists can be applied on either outbound or inbound interfaces. For standard inbound access lists, after receiving a packet, the Cisco IOS software checks the source address of the packet against the access list. For extended access lists, the router also checks the destination access list. If the access list permits the address, the software continues to process the packet. If the access list rejects the address, the software discards the packet and returns an ICMP host unreachable message. If the specified access list does not exist, all packets are passed.

example

The following example applies list on packets outbound from Ethernet interface g0/10::

- 3 -


Interface f0/10 ip access-group filter

related commands

ip access-list

show ip access-list

1.1.3 ip access-list

To define an IP access list by name or number, use the ip access-list command in global configuration mode. To remove the IP access list, use the no form of this command.

ip access-list {standard | extended} name

no ip access-list {standard | extended} name

parameter


standard Specifies a standard IP access list.

extended Specifies an extended IP access list.

Name of the access list. Names cannot contain a space or quotation mark, and must begin with an alphabetic character to prevent ambiguity with numbered access lists.

name

default

No IP access list is defined.

Command mode


instruction

Use this command to configure a named or numbered IP access list. This command will place the router in access-list configuration mode, where you must define the denied or permitted access conditions with the deny and permit commands.

example

The following example defines a standard access list: ip access-list standard filter deny 192.168.1.0 255.255.255.0 permit any

related commands

deny

ip access-group

- 4 -


permit

show ip access-list

1.1.4 permit

To set conditions to allow a packet to pass a named IP access list, use the permit command in access list configuration mode. To remove a permit condition from an access list, use the no form of this command.

permit source [source-mask]

no permit source [source-mask]

permit protocol source source-mask destination destination-mask [tos tos]

no permit protocol source source-mask destination destination-mask [tos tos]

Internet Control Message Protocol (ICMP)

permit icmp source source-mask destination destination-mask [icmp-type] [tos tos]

Internet Group Management Protocol (IGMP)

permit igmp source source-mask destination destination-mask [igmp-type] [tos tos]

Transmission Control Protocol (TCP)

permit tcp source source-mask [operator port] destination destination-mask [operator port ] [tos tos]

User Datagram Protocol (UDP)

permit udp source source-mask [operator port [port]] destination destination-mask [tos tos]

parameter


protocol Name or number of an Internet protocol. The protocol argument can be one of the keywords eigrp, gre, icmp, igmp, ip, ipinip, nos, ospf, tcp, or udp, or an integer in the range from 0 to 255 representing an Internet protocol number.

source Number of the network or host from which the packet is being sent. There are two alternative ways to specify the source: Use a 32-bit quantity in four-part dotted-decimal format. Use the any keyword as an abbreviation for a source and source-wildcard of 0.0.0.0 0.0.0.0.

Source address network masn. Use the any keyword as an abbreviation for the source mask and source of 0.0.0.0 0.0.0.

source-mask

destination Number of the network or host to which the packet is being sent. There are two alternative ways to specify the destination:

Use a 32-bit quantity in four-part dotted-decimal format.

Use the any keyword as an abbreviation for the destination and destination-wildcard of 0.0.0.0 255.255.255.255.

destination-mask Destination address network mask. Use the any keyword as an abbreviation for the destination address and destination address

- 5 -


mask of 0.0.0.0 0.0.0.

tos tos (Optional) Packets can be filtered by type of service (ToS) level, as specified by a number from 0 to 15, or by a name as listed in the "Usage Guidelines" section of the access-list (IP extended) command.

icmp-type (Optional) ICMP packets can be filtered by ICMP message type. The type is a number from 0 to 255.

(Optional) IGMP packets can be filtered by IGMP message type or message name. A message type is a number from 0 to 15. IGMP message names are listed in the "Usage Guidelines" section of the access-list (IP extended) command.

igmp-type

operator (Optional) Compares source or destination ports. Operators include lt (less than), gt (greater than), eq (equal), neq (not equal), and range (inclusive range).

If the operator is positioned after the source and source-wildcard arguments, it must match the source port. If the operator is positioned after the destination and destination-wildcard arguments, it must match the destination port.

port (Optional) The decimal number or name of a TCP or UDP port. A port number is a number from 0 to 65535.

Command mode

Access list configuration

Instruction

Use this command following the ip access-list command to define the conditions under which a packet passes the named access list.

The time-range keyword allows you to identify a time range by name. The time-range, absolute, and periodic commands specify when this permit statement is in effect.

Note:

After initially establishing an access list, any subsequent adding content(which can be input by terminal) is put in the bottom of the list.

example

The following example permits network range 192.168.5.0: ip access-list standard filter permit 192.168.5.0 255.255.255.0

Note:

IP access table is concluded in a crytic deny rule.

- 6 -


Related commands

deny

ip access-group

ip access-list

show ip access-list

1.1.5 show ip access-list

To display the contents of all current IP access lists, use the show ip access-list command in user EXEC or privileged EXEC mode.

show ip access-list[access-list-name]

parameter


Name of the IP access list to display. access-list-name

default

All standard and extended IP access lists are displayed.

Command mode

EXEC

Instruction

The show ip access-list command provides output identical to the show access-lists command, except that it is IP-specific and allows you to specify a particular access list

example

The following is sample output from the show ip access-list command when the name of a specific access list is not requested:: Switch# show ip access-list ip access-list standard aaa permit 192.2.2.1 permit 192.3.3.0 255.255.255.0 ip access-list extended bbb permit tcp any any eq 25 permit ip any any

The following is sample output from the show ip access-list command when the name of a specific access list is requested:: ip access-list extended bbb permit tcp any any eq 25 permit ip any any

- 7 -

Network Protocol Configuration Commands

Table of Contents

Table of Contents

Chapter 1 IP Address Configuration Commands.................................................................................................................. 1 1.1 IP Address Configuration Commands ................................................................................................................... 1

1.1.1 arp ............................................................................................................................................................. 1 1.1.2 arp timeout ................................................................................................................................................ 2 1.1.3 clear arp-cache.......................................................................................................................................... 3 1.1.4 ip address.................................................................................................................................................. 3 1.1.5 ip host........................................................................................................................................................ 4 1.1.6 ip default-gateway ..................................................................................................................................... 5 1.1.7 show arp.................................................................................................................................................... 6 1.1.8 show hosts ................................................................................................................................................ 6 1.1.9 show ip interface ....................................................................................................................................... 7

Chapter 2 IP Service Configuration Commands................................................................................................................... 9 2.1 IP Service Configuration Commands .................................................................................................................... 9

2.1.1 clear tcp..................................................................................................................................................... 9 2.1.2 clear tcp statistics .................................................................................................................................... 11 2.1.3 debug arp ................................................................................................................................................ 11 2.1.4 debug ip icmp.......................................................................................................................................... 12 2.1.5 debug ip packet ....................................................................................................................................... 15 2.1.6 debug ip raw............................................................................................................................................ 19 2.1.7 debug ip tcp packet ................................................................................................................................. 21 2.1.8 debug ip tcp transactions ........................................................................................................................ 22 2.1.9 debug ip udp............................................................................................................................................ 24 2.1.10 ip mask-reply ......................................................................................................................................... 25 2.1.11 ip mtu..................................................................................................................................................... 26 2.1.12 ip redirects............................................................................................................................................. 26 2.1.13 ip source-route ...................................................................................................................................... 27 2.1.14 ip tcp synwait-time................................................................................................................................. 28 2.1.15 ip tcp window-size ................................................................................................................................. 28 2.1.16 ip unreachables..................................................................................................................................... 29 2.1.17 show ip sockets ..................................................................................................................................... 30 2.1.18 show ip traffic ........................................................................................................................................ 31 2.1.19 show tcp ................................................................................................................................................ 32 2.1.20 show tcp brief ........................................................................................................................................ 36 2.1.21 show tcp statistics ................................................................................................................................. 37 2.1.22 show tcp tcbI ......................................................................................................................................... 39

- I -


Chapter 1 IP Address Configuration Commands

1.1 IP Address Configuration Commands

IP address configuration commands include：

arp

arp timeout

clear arp-cache

ip address

ip directed-broadcast

ip forward-protocol

ip helper-address

ip host

ip default-gateway

ip proxy-arp

show arp

show hosts

show ip interface

1.1.1 arp

To add a static and permanent entry in the Address Resolution Protocol (ARP) cache, use the arp command in global configuration mode. To remove an entry from the ARP cache, use the no form of this command.

arp ip-address hardware-address [alias]

no arp ip-address

parameter


ip-address IP address corresponding to the local data-link address.

hardware-address Physical address of local data-link address

alias (optional) router responds to ARP requests as if it were the interface of the specified address.

default

No entries are permanently installed in the ARP cache.

- 1 -


command mode


instruction

The common host all supports dynamic ARP analysis, so user doesn’t need to configure static ARP entries for host.

Example

The following is an example of a static ARP entry for a typical Ethernet host:

arp 1.1.1.1 00:12:34:56:78:90

related commands

clear arp-cache

1.1.2 arp timeout

To configure the exist time that a dynamic ARP entry remains in the Address Resolution Protocol (ARP) cache, use the arp timeout. To restore the default value, use the no form of this command or default arp timeout command.

arp timeout seconds

no arp timeout

default arp timeout

parameter


seconds Time in seconds that an entry remains in the ARP cache. A value of zero means that entries are never cleared from the cache.

default

14400 seconds (4 hours)

mode


instruction

This command is ignored when it is not configured on interfaces using ARP. The show interface command displays the ARP timeout value, as seen in the following example from the show interfaces command:

ARP type: ARPA, ARP timeout 04:00:00

- 2 -


example

The following example sets the ARP timeout to 900 seconds on Ethernet 1/0 to allow entries to time out more quickly than the default interface vlan 10 arp timeout 900

related commands

show interface

1.1.3 clear arp-cache

To clear all dynamic entries from the ARP cache, use the clear arp-cache command.

clear arp-cache [ ip-address [ mask ] ]

parameter


ip-address IP or subnets

mask Subnets mask

mode

EXEC

example

The following example removes all dynamic entries from the ARP cache: clear arp-cache

related commands

arp

1.1.4 ip address

To set an IP address and mask for an interface, use the ip address command. Currently, there is no strict regulation to distinguish A.B.C IP address. But multicast address and broadcast address can not be used( all host section is ‘1’). Other than the Ethernet,multiple interfaces of other types can be connected to the same network. Other than the unnumbered interface, the configured network range ot the Ethernet interface can not be the same as the arbitrary interfaces of other types. You should configure the primary address before configuring the secondary address. Also you should delete all secondary addresses before deleting the primary address. IP packets generanted by the system, if the upper application does not specify the soruce address, the router will use the IP address configured on the sending interface that on the same network range with the gateway as the source address of the packet. If the IP address is uncertain (like interface route), the router will use the primary address of the sending interface. If the ip address is not configured on an interface, also it is not the

- 3 -


unnumbered interface, and then this interface will not deal with any IP packet.To remove an IP address or disable IP processing, use the no form of this command.

ip address ip-address mask [secondary]

no ip address ip-address mask

no ip address

parameter


ip-address IP address

mask IP mask

secondary (optional) Specifies that the configured address is a secondary IP address. If this keyword is omitted, the configured address is the primary IP address.

default

No IP address is defined for the interface.

command mode


instruction

If any router on a network segment uses a secondary address, all other devices on that same segment must also use a secondary address from the same network or subnet. Inconsistent use of secondary addresses on a network segment can very quickly cause routing loops. When you are routing using the Open Shortest Path First (OSPF) algorithm, ensure that all secondary addresses of an interface fall into the same OSPF area as the primary addresses

example

In the following example, 202.0.0.1 is the primary address, 255.255.255.0 is the mask and 203.0.0.1 and 204.0.0.1 are secondary addresses for Ethernet interface 1/0: interface vlan 10 ip address 202.0.0.1 255.255.255.0 ip address 203.0.0.1 255.255.255.0 secondary ip address 204.0.0.1 255.255.255.0 secondary

1.1.5 ip host

To define a static host name-to-address mapping in the host cache, use the ip host command in global configuration mode. To remove the host name-to-address mapping, use the no form of this command.

ip host name address

- 4 -


no ip host name

parameter


name Host name

Address IP address

default

disabled

command mode


example

The following example shows how to configure host name dns-server to IP host address 202.96.1.3: ip host dns-server 202.96.1.3

1.1.6 ip default-gateway

TO configure the default gateway of switch, use the ip default-gateway command. To delete the default gateway of switch, use the no form of this command.

ip default-gateway address

no ip default-gateway

parameter


address IP address

default

no configuration

mode


example

The following example configure the IP address 202.96.1.3 as default-gateway ip default-gateway 202.96.1.3

- 5 -


1.1.7 show arp

To display the entries in the Address Resolution Protocol (ARP) table, including the ARP mapping of interface IP address, the static ARP mapping that user configures and the dynamic ARP mapping, use the show arp command.

show arp

parameter

this command has no parameters or keywords

mode

EXEC

instruction

The display includes:


Protocol Displays the type of the network address that maps with the physical address. IP, for example.

Address Displays the network address that maps with the physical address. IP address, for example.

Age Displays the age in seconds. The router will refresh the time to 0 when using this ARP entry.

Hardware Address Displays the physical address that corresponds to the network address. It is empty for the unanalyzed entries.

Type Specifies request encapsulation types that the interface use, including ARPA, SNAP and so on.

example

The following command displays ARP cache. switch#show arp Protocol IP Address Age(min) Hardware Address Type Interface IP 192.168.20.77 11 00:30:80:d5:37:e0 ARPA vlan 10 IP 192.168.20.33 0 Incomplete IP 192.168.20.22 - 08:00:3e:33:33:8a ARPA vlan 10 IP 192.168.20.124 0 00:a0:24:9e:53:36 ARPA vlan 10 IP 192.168.0.22 - 08:00:3e:33:33:8b ARPA vlan 11

1.1.8 show hosts

To display all entries of the host name—address cathe, use the show hosts command.

- 6 -


show hosts

parameter

This command has no parameters or keywords.

command mode

EXEC

example

The following command shows how to display all host names/address mappings. show hosts

related commands

clear host

1.1.9 show ip interface

To display the IP configuration on interface, use the show ip interface command

show ip interface [type number]

parameter


type (Optional) Interface type.

number (Optional) Interface number.

command mode

EXEC

instruction

If the interface link layer is usable, the line protocol is marked "Protocol up." If you configure IP address on this interface, the router will add a direct route to the routing table. If the link layer protocol is marked “Protocol down”, the direct route will be deleted. This command displays the specified interface information if specified interface type and number, or IP configuration information of all interfaces will be displayed.

Example

The following example shows how to display IP configuration on interface e0/1.

switch#show ip interface vlan 11 vlan 10 is up, line protocol is up IP address : 192.168.20.167/24 Broadcast address : 192.168.20.255

- 7 -


Helper address : not set MTU : 1500(byte) Forward Directed broadcast : OFF Multicast reserved groups joined: 224.0.0.9 224.0.0.6 224.0.0.5 224.0.0.2 224.0.0.1 Outgoing ACL : not set Incoming ACL : not set IP fast switching : ON IP fast switching on the same interface : OFF ICMP unreachables : ON ICMP mask replies : OFF ICMP redirects : ON

display description :

domain description

Ethernet1/0 is up If the interface hardware is usable, the interface is marked "up." For an interface to be usable, both the interface hardware and line protocol must be up.

line protocol is up If the interface can provide two-way communication, the line protocol is marked "up." For an interface to be usable, both the interface hardware and line protocol must be up.

IP address IP address and mask for interface

Broadcast address Displays broadcast address

MTU Displays the MTU value set on the interface.

- 8 -


Chapter 2 IP Service Configuration Commands

2.1 IP Service Configuration Commands The following are IP service configuration commands:

clear tcp

clear tcp statistics

debug arp

debug ip icmp

debug ip packet

debug ip raw

debug ip tcp packet

debug ip tcp transactions

debug ip udp

ip mask-reply

ip mtu

ip redirects

ip route-cache

ip source-route

ip tcp synwait-time

ip tcp window-size

ip unreachables

show ip cache

show ip irdp

show ip sockets

show ip traffic

show tcp

show tcp brief

show tcp statistics

show tcp tcb

2.1.1 clear tcp

It is used to delete a TCP connection.

clear tcp {local host-name port remote host-name port | tcb address}

- 9 -


Parameter


local host-name port IP address and TCP port of the local host remote host-name port IP address and TCP port of the remote host tcb address TCB address of the to-be-deleted TCP connection

TCB is an identifier of TCP connection in the inner system, which can be obtained by the command show tcp brief.

Command mode

Management mode

Instruction

The clear tcp command is mainly used to delete the terminated TCP connection. In some cases, such as faulty in communication lines, restarting TCP connection or the peer host, the TCP connections are terminated in fact. However, the system cannot obtain information about the terminated TCP connection because there is no communication on the TCP connections. In this case, you can run the clear tcp command to terminate these invalid TCP connections. The command clear tcp local host-name port remote host-name port is used to terminate the connections between the specified host's IP address/port and the remote host’s IP address/port. The command clear tcp tcb address is used to terminate the TCP connections identified by the TCB address.

Example

The following example shows that the TCP connection between 192.168.20.22:23 and 192.168.20.120:4420 is deleted. The show tcp brief command is used to show the information about the local host and the remote host in TCP connection.

switch#show tcp brief TCB Local Address Foreign Address State 0xE85AC8 192.168.20.22:23 192.168.20.120:4420 ESTABLISHED 0xEA38C8 192.168.20.22:23 192.168.20.125:1583 ESTABLISHED switch#clear tcp local 192.168.20.22 23 remote 192.168.20.120 4420 switch#show tcp brief TCB Local Address Foreign Address State 0xEA38C8 192.168.20.22:23 192.168.20.125:1583 ESTABLISHED

In the following example, the TCP connection whose TCB address is 0xea38c8 is deleted. The command show tcp brief displays the TCB address of the TCP connection. switch#show tcp brief TCB Local Address Foreign Address State 0xEA38C8 192.168.20.22:23 192.168.20.125:1583 ESTABLISHED switch#clear tcp tcb 0xea38c8 switch#show tcp brief TCB Local Address Foreign Address State

- 10 -


Related command

show tcp

show tcp brief

show tcp tcb

2.1.2 clear tcp statistics

It is used to clear the TCP statistics data.

clear tcp statistics

Parameter

The command has no parameter or keyword.

Command mode

Management mode

Example

The following command is used to delete the TCP statistics data: switch#clear tcp statistics

Related command

show tcp statistics

2.1.3 debug arp

It is used to display the ARP interaction information, such as sending ARP requests, receiving ARP requests, sending ARP response and receiving ARP response. When the switch cannot communicate with the host, the command is used to analyze the ARP interaction. You can run the no debug arp command to stop displaying the relative information.

debug arp

no debug arp

Parameter


Command mode

Management mode

Example

switch#debug arp switch#IP ARP: rcvd req src 192.168.20.116 00:90:27:a7:a9:c2, dst 192.168.20.111, vlan 10 IP ARP: req filtered src 192.168.20.139 00:90:27:d5:a9:1f, dst 192.168.20.82 00: 00:00:00:00:00, wrong cable, vlan 11 IP ARP: created an incomplete entry for IP address 192.168.20.77, vlan 10

- 11 -


IP ARP: sent req src 192.168.20.22 08:00:3e:33:33:8a, dst 192.168.20.77, vlan 10 IP ARP: rcvd reply src 192.168.20.77 00:30:80:d5:37:e0, dst 192.168.20.22, vlan 10 The first information indicates: the switch receives an ARP request on interface vlan 10; the IP address of the host that sends the ARP request is 192.168.20.116 and the MAC address of the host is 00:90:27:a7:a9:c2; the MAC address of the host 192.168.20.111 is IP ARP: rcvd req src 192.168.20.116 00:90:27:a7:a9:c2, dst 192.168.20.111, vlan 10.

The second information indicates that the switch receives an ARP request from 192.168.20.139 host on interface vlan 10. However, the interface is not in the network the host declares according to the interface configuration on the switch. The host may not be correctly configured. If the switch creates the ARP cache according to the information, it may not communicate with the host that is configured the same address and connected to the normal interface IP ARP: req filtered src 192.168.20.139 00:90:27:d5:a9:1f, dst 192.168.20.82 00: 00:00:00:00:00, wrong cable, vlan 11

In the third information, to resolve the MAC address of host 192.168.20.77, the switch first creates an incomplete ARP item in the ARP cache. After receiving an ARP response, the MAC address is then added to the ARP cache. According to the location of the switch, the host connects the interface vlan 10. IP ARP: created an incomplete entry for IP address 192.168.20.77, vlan 10

In the fourth information, the switch sends out the ARP request from the interface vlan 10. The IP address of the switch is 192.168.20.22. The MAC address of the interface is 08:00:3e:33:33:8a. The IP address of the requested host is 192.168.20.77. The fourth information is relative with the third information. IP ARP: sent req src 192.168.20.22 08:00:3e:33:33:8a, dst 192.168.20.77, vlan 10

In the fifth information, the switch receives the ARP response on interface vlan 10 from host 192.168.20.77 to host 192.168.20.22. The switch is then informed that the MAC address of the host that returns the ARP response is 00:30:80:d5:37:e0. The information is relative to the third and fourth information. IP ARP: rcvd reply src 192.168.20.77 00:30:80:d5:37:e0, dst 192.168.20.22, vlan 10

2.1.4 debug ip icmp

It is used to display the ICMP interaction information. You can run the command no debug ip icmp to close the debugging output.

debug ip icmp

no debug ip icmp

Parameter


Command mode

Management mode

Instruction

The command is used to display the received or transmitted ICMP message, which helps to solve end-to-end connection problems. To know the detailed meaning of the command debug ip icmp, refer to RFC 792, “Internet Control Message Protocol”.

- 12 -


Example

switch#debug ip icmp switch#ICMP: sent pointer indicating to 192.168.20.124 (dst was 192.168.20.22), len 48 ICMP: rcvd echo from 192.168.20.125, len 40 ICMP: sent echo reply, src 192.168.20.22, dst 192.168.20.125, len 40 ICMP: sent dst (202.96.209.133) host unreachable to 192.168.20.124, len 36 ICMP: sent dst (192.168.20.22) protocol unreachable to 192.168.20.124, len 36 ICMP: rcvd host redirect from 192.168.20.77, for dst 22.0.0.3 use gw 192.168.20.26, len 36 ICMP: rcvd dst (22.0.0.3) host unreachable from 192.168.20.26, len 36 ICMP: sent host redirect to 192.168.20.124, for dst 22.0.0.5 use gw 192.168.20.77, len 36 ICMP: rcvd dst (2.2.2.2) host unreachable from 192.168.20.26, len 36

Details about the first information are shown in the following table: ICMP: sent pointer indicating to 192.168.20.124 (dst was 192.168.20.22), len 48

Field Description

ICMP Information about the ICMP message Sent Sending the ICMP message pointer indicating ICMP message which means that the original parameters of the

IP message are incorrect and incorrect domain is pointed out

The following are other types of ICMP message:

echo reply

dst unreachable:

---net unreachable

---host unreachable

---protocol unreachable

---port unreachable

---fragmentation needed and DF set

---source route failed

---net unknown

---destination host unknown

---source host isolated

---net prohibited

---host prohibited

---net tos unreachable

---host tos unreachable

source quench

redirect messages:

---net redirect

---host redirect

---net tos redirect

---host tos redirect

- 13 -


echo

router advertisement

router solicitation

time exceeded :

---ttl exceeded

---reassembly timeout

parameter problem :

---pointer indicating

---option missed

---bad length

timestamp

timestamp reply

information request

information reply

mask request

mask reply

If the ICMP type is unknown, the system is to display the values of the ICMP type and code.

to 192.168.20.124 Destination address of the ICMP message, which is also the source address of the original message that generates the ICMP message

(dst was 192.168.20.22) Destination address of the original message that generates the ICMP message

len 48 Length of the ICMP message, excluding the length of the IP header

Details about the second information are shown in the following table:

ICMP: rcvd echo from 192.168.20.125, len 40

Field Description

rcvd Receiving the ICMP message echo Echo request message, which is a type of the ICMP message from 192.168.20.125 Source address of the ICMP message

Details about the third information are shown in the following table: ICMP: sent echo reply, src 192.168.20.22, dst 192.168.20.125, len 40

Field Description

src 192.168.20.22 Means that the source address of the ICMP message is 192.168.20.22.

dst 192.168.20.125 Means that the destination address of the ICMP message is 192.168.20.125.

- 14 -


According to the type of the ICMP message, the information that generates the ICMP message adopts different formats to display the message content.

For example, the redirect message of ICMP is printed in the following format: ICMP: rcvd host redirect from 192.168.20.77, for dst 22.0.0.3 use gw 192.168.20.26, len 36 ICMP: sent host redirect to 192.168.20.124, for dst 22.0.0.5 use gw 192.168.20.77, len 36

In the first information, an ICMP redirect message from host 192.168.20.77 is received. Gateway 192.168.20.26 is recommended to reach the destination host 22.0.0.3. The length of the ICMP message is 36 bytes.

In the second information, the ICMP redirect message is sent to from host 192.168.20.124 to host 22.0.0.5 through gateway 192.168.20.77. The length of the ICMP message is 36 bytes.

The dst unreachable message of ICMP adopts the following format for printing: ICMP: sent dst (202.96.209.133) host unreachable to 192.168.20.124, len 36 ICMP: rcvd dst (2.2.2.2) host unreachable from 192.168.20.26, len 36

In the first information, the switch cannot route a certain IP message, so it sends the destination (202.96.209.133) unreachable message to the source host (192.168.20.124). The length of the ICMP message is 36 bytes.

In the second information, after receiving an ICMP message from host192.168.20.26, the switch notifies host 192.168.20.26 that the destination address (2.2.2.2) cannot be reached. The length of the ICMP message is 36 bytes.

2.1.5 debug ip packet

It is used to display the IP interaction information. The command no debug ip packet is used to stop displaying information.

debug ip packet [detail] [ip-access-list-name]

no debug ip packet

Parameter


detail An optional parameter, which is used to export the protocol information about IP message encapsulation, such as protocol number, UDP, TCP port number and ICMP message type

ip-access-list-name An optional parameter, which is used to filter the names of the IP access control list in the exported information

Only the information about the IP message in the specified IP access control list can be exported.

access-group An optional parameter, which is used to filter the names of the IP access control list in the exported information


interface An optional parameter, which is used to filter the port name of the exported information

Only the information about the IP message satisfied the designated port can be exported.

- 15 -


Command mode

Management mode

Instruction

The command is used to find the destination of each received or locally generated IP message, which helps to detect the reason of communication problems.

The command is used in the following cases:

forwarded

forwarded as the multicast message or the broadcast message

addressing failure during message forwarding

Sending the redirect message

Rejected because of having the original routing option

Rejected because of illegal IP options

Original route

Message sent from the local machine should be segmented, but the DF is reset.

Receiving message

Receiving IP segment

Sending message

Sending broadcast/multicast

Addressing failure when message is generated locally

Locally generated message is segmented

Received message is filtered

Transmitted message is filtered

Link layer fails to be encapsulated (only for Ethernet)

Unknown protocol

This command may export lots of information. You'd better use it when the switch is in the free state. Otherwise, the performance of the system will be badly affected. You are recommended to filter the output information through the IP access control list, enabling the system to export the useful message.

Command mode

Management mode

Example

switch#debug ip packet switch#IP: s=192.168.20.120 (vlan 10), d=19.0.0.9 (vlan 10), g=192.168.20.1, len=60, redirected IP: s=192.168.20.22 (local), d=192.168.20.120 (vlan 10), g=192.168.20.120, len=56, sending IP: s=192.168.20.120 (vlan 10), d=19.0.0.9 (vlan 10), g=192.168.20.1, len=60, forward IP: s=192.168.20.81 (vlan 10), d=192.168.20.22 (vlan 10), len=56, rcvd

Field Description

IP Means that the information is about the IP message.

- 16 -


s=192.168.20.120 (vlan 10)

Source address of the IP message and the interface name that receives message (for message that is not locally generated)

d=19.0.0.9 (vlan 10) Destination address of the IP message and the interface name that sends message (if routing is successful)

g=192.168.20.1 Next-hop destination address of the IP message, which may be the gateway’s address or the destination address

len Length of the IP message redirected Means that the routing switch is to send the ICMP redirect

message to the source host. Other cases are shown in the following:

forward --- the message is forwarded.

forward directed broadcast---the message is forwarded as the redirect message and the message will become the physical broadcast on the transmitting interface.

unroutable---the message addressing fails and the message will be dropped.

source route---source route

rejected source route---the current system does not support the source route, therefore, the message with the IP source route is declined.

bad options---the IP option is incorrect and the message will be dropped.

need frag but DF set---the local message need be fragmented,while the DF is set.

rcvd---the message is locally received.

rcvd fragment---the message fragment is received.

sending---the locally generated message is sent.

sending broad/multicast---the locally generated broadcast/muticast message is sent.

sending fragment--- the IP message locally fragmented is sent.

denied by in acl---It is declined by the access control list on the reception interface.

denied by out acl---It is declined by the transmitter access control on the transmitter interface.

unknown protocol--- unknown protocol

encapsulation failed---The protocol fails to be encapsulated.It is only for the Ethernet. When the message on the Ethernet is dropped because of the ARP resolution failure, the information is displayed.

In the first information, the switch receives an IP message; the source address of the received message is 192.168.20.120; the message is from the network segment the vlan 10 interface connects; its destination address is 19.0.0.9. According to the routing table, the transmitter interface is vlan 10, the address of the gateway is 192.168.20.1 and the message length is 60 bytes. The gateway and the source host are directly

- 17 -


connected in the same network, that is, the network that vlan 10 connects. In this case, the switch sends out the ICMP redirect message. IP: s=192.168.20.120 (vlan 10), d=19.0.0.9 (vlan 10), g=192.168.20.1, len=60, redirected

In the second information, the transimmission of the ICMP redirect message is described. The source address is the local address 192.168.20.22. The destination address is 192.168.20.120. The message is directly sent from the vlan 10 interface to the destination address. Therefore, the gateway’s address is the detination address 192.168.20.120. The length of the ICMP redirect message is 56 bytes. IP: s=192.168.20.22 (local), d=192.168.20.120 (vlan 10), g=192.168.20.120, len=56, sending

The third information shows that the IP layer receives an IP message. The source address and destination address of the IP message are 192.168.20.120 and 19.0.0.9 respectively. The reception interface is vlan 10. By checking the routing table, the system finds that the IP message need be forwarded to the vlan10 interface. The length of the IP message is 60 bytes. The third information shows that the message shown in the first information will be forwarded after the system sends the ICMP redirect message. IP: s=192.168.20.120 (vlan 10), d=19.0.0.9 (vlan 10), g=192.168.20.77, len=60, forward

The fourth information shows that the IP layer receives an IP message. The source address and destination address of the IP message are 192.168.20.81 and 192.168.20.22 respectively. The reception interface is vlan 10. The length of the IP message is 56 bytes. The IP message is locally received. IP: s=192.168.20.81 (vlan 10), d=192.168.20.22 (vlan 10), len=56, rcvd

The following is an example about the output information after running the debug ip packet detail command. Only the newly added parts are described.

switch#debug ip packet detail switch#IP: s=192.168.12.8 (vlan 10), d=255.255.255.255 (vlan 10), len=328, rcvd, UDP: src=68, dst=67 IP: s=192.168.20.26 (vlan 10), d=224.0.0.5 (vlan 10), len=68, rcvd, proto=89 IP: s=192.168.20.125 (vlan 10), d=192.168.20.22 (vlan 10), len=84, rcvd, ICMP: type=0, code = 0 IP: s=192.168.20.22 (local), d=192.168.20.124 (vlan 10), g=192.168.20.124, len=40, sending, TCP: src=1024, dst=23, seq=75098622, ack=161000466, win=17520, ACK

Field Description

UDP Name of the protocol, such as UDP, ICMP and TCP

Other protocols are represented by their protocol number. type, code Type and code of the ICMP message src, dst Source address and destination address of the UDP message

and the TCP message seq Sequence number of the TCP message ack Acknowledge number of the TCP message win Window value of the TCP message ACK If ACK is set in the control bit of the TCP message, the

acknowledge number is valid. Other control bits include SYN, URG, FIN, PSH and RST.

- 18 -


The first information indicates that the UDP message is received. The source port is port 68 and the destination port is port 67. IP: s=192.168.12.8 (vlan 10), d=255.255.255.255 (vlan 10), len=328, rcvd, UDP: src=68, dst=67

The second information indicates that the protocol number of the received message is 89.

IP: s=192.168.20.26 (vlan 10), d=224.0.0.5 (vlan 10), len=68, rcvd, proto=89

The third information indicates that the ICMP message is received. Both the type and the code of the message are represented by the number 0.

IP: s=192.168.20.125 (vlan 10), d=192.168.20.22 (vlan 10), len=84, rcvd, ICMP: type=0, code = 0

The fourth information indicates that the TCP message is sent. The source port and destination port are port 1024 and port 23 respectively. The sequence number and the acknowledge number are 75098622 and 161000466 respectively. The size of the receiption window is 17520. The ACK logo is set. For details, refer to RFC 793— Transmission Control Protocol.

IP: s=192.168.20.22 (local), d=192.168.20.124 (vlan 10), g=192.168.20.124, len=40, sending, TCP: src=1024, dst=23, seq=75098622, ack=161000466, win=17520, ACK

The access control list is described in the following. For example, if the messages with the source address 192.168.20.125 require to be displayed, you need to define the standard access control list to permit only the IP message whose source address is 192.168.20.125. You then run the command debug ip packet to use the access control list. switch#config switch_config#ip access-list standard abc switch_config_std_nacl#permit 192.168.20.125 switch_config_std_nacl#exit switch_config#exit switch#debug ip packet abc switch#IP: s=192.168.20.125 (vlan 101), d=192.168.20.22 (vlan 101), len=48, rcvd

In the previous commands, the standard access control list is used. You can also use the extensible access control list.

Related command

debug ip tcp packet

2.1.6 debug ip raw

It is used to display the IP interaction information. Run the command no debug ip raw to stop displaying the information.

debug ip raw [detail] [access-list-group] [interface]

no debug ip raw

Parameter


detail An optional parameter, which is used to export the protocol information about IP message encapsulation, such as protocol number, UDP, TCP port number and ICMP message type

- 19 -


access-group An optional parameter, which is used to filter the names of the IP access control list in the exported information


interface An optional parameter, which is used to filter the port name of the exported information

Only the information about the IP message satisfied the designated port can be exported.

Command mode

Management mode

Instruction

The command is used to find the destination of each received or locally generated IP message, which helps to detect the reason of communication problems.

The command is used in the following cases:

Forwarded

Forwarded as the multicast message or the broadcast message

Addressing failure during message forwarding

Sending the redirect message

Rejected because of having the original routing option

Rejected because of illegal IP options

Original route

Message sent from the local machine should be segmented, but the DF is reset.

Receiving message

Receiving IP segment

Sending message

Sending broadcast/multicast

Addressing failure when message is generated locally

Locally generated message is segmented

Received message is filtered

Transmitted message is filtered

Link layer fails to be encapsulated (only for Ethernet)

Unknown protocol

This command may export lots of information. You'd better use it when the switch is in the free state. Otherwise, the performance of the system will be badly affected. You are recommended to filter the output information through the IP access control list, enabling the system to export the useful message.

Example

Similar to the debug ip packet command

- 20 -


Related command

debug ip tcp packet 8.1content

2.1.7 debug ip tcp packet

It is used to display the TCP message. To stop displaying the TCP message, run the command no debug ip tcp packet.

debug ip tcp packet

no debug ip tcp packet

Parameter


Command mode

Management mode

Example

switch#debug ip tcp packet switch#tcp: O ESTABLISHED 192.168.20.22:23 192.168.20.125:3828 seq 50659460 DATA 1 ACK 3130379810 PSH WIN 4380 tcp: I ESTABLISHED 192.168.20.22:23 192.168.20.125:3828 seq 3130379810 DATA 2 ACK 50659460 PSH WIN 16372 tcp: O ESTABLISHED 192.168.20.22:23 192.168.20.125:3828 seq 50659461 DATA 50 ACK 3130379812 PSH WIN 4380 tcp: O FIN_WAIT_1 192.168.20.22:23 192.168.20.125:3828 seq 50659511 ACK 3130379812 FIN WIN 4380 tcp: I FIN_WAIT_1 192.168.20.22:23 192.168.20.125:3828 seq 3130379812 ACK 50659511 WIN 16321 tcp: I FIN_WAIT_1 192.168.20.22:23 192.168.20.125:3828 seq 3130379812 ACK 50659512 WIN 16321 tcp: I FIN_WAIT_2 192.168.20.22:23 192.168.20.125:3828 seq 3130379812 ACK 50659512 FIN WIN 16321 tcp: O TIME_WAIT 192.168.20.22:23 192.168.20.125:3828 seq 50659512 ACK 3130379813 WIN 4380 tcp: I LISTEN 0.0.0.0:23 0.0.0.0:0 seq 3813109318 DATA 2 ACK 8057944 PSH WIN 17440 tcp: O LISTEN 0.0.0.0:23 0.0.0.0:0 seq 8057944 RST

Field Description

tcp: Information about the TCP message O Sending the TCP message ESTABLISHED Current state of the TCP connection

For the description of the TCP connection state, refer to the description of the command debug ip tcp transactions.

192.168.20.22:23 Means that the source address of the message is 192.168.20.22 and the source port is port 23.

- 21 -


192.168.20.125:3828 Means that the destination address of the message is 192.168.20.125 and the destination port is port 3828.

seq 50659460 Means that the sequence number of the message is 50659460. DATA 1 Means that the number of valid data bytes contained in the

message is 1. ACK 3130379810 Means that the acknowledge number of the message is

3130379810. PSH Means that PSH in the control bits of the message is set.

Other control bits include ACK, FIN, SYN, URG and RST.

WIN 4380 It is used to notify the peer reception end of the cache size. The current cache size is 4380 sizes.

I Receiving the TCP message

If the previous fields are not displayed, the field in the TCP message does not have the valid value.

Related command


2.1.8 debug ip tcp transactions

It is used to display the TCP interaction information, such as the change of the TCP connection state. Run the command no debug ip tcp transactions to stop displaying the information.


no debug ip tcp transactions

Parameter


Command mode

Management mode

Example

switch#debug ip tcp transactions switch#TCP: rcvd connection attempt to port 23 TCP: TCB 0xE88AC8 created TCP: state was LISTEN -> SYN_RCVD [23 -> 192.168.20.125:3828] TCP: sending SYN, seq 50658312, ack 3130379657 [23 -> 192.168.20.125:3828] TCP: state was SYN_RCVD -> ESTABLISHED [23 -> 192.168.20.125:3828] TCP: connection closed by user, state was LISTEN [23 -> 0.0.0.0:0] TCP: state was TIME_WAIT -> CLOSED [23 -> 192.168.20.125:3827] TCP: TCB 0xE923C8 deleted TCP: TCB 0xE7DBC8 created TCP: connection to 192.168.20.124:513 from 192.168.20.22:1022, state was CLOSED to SYN_SENT

- 22 -


TCP: sending SYN, seq 52188680, ack 0 [1022 -> 192.168.20.124:513] TCP: state was SYN_SENT -> ESTABLISHED [1022 -> 192.168.20.124:513] TCP: rcvd FIN, state was ESTABLISHED -> CLOSE_WAIT [1022 -> 192.168.20.124:513] TCP: connection closed by user, state was CLOSE_WAIT [1022 -> 192.168.20.124:513] TCP: sending FIN [1022 -> 192.168.20.124:513] TCP: connection closed by user, state was LAST_ACK [1022 -> 192.168.20.124:513] TCP: state was LAST_ACK -> CLOSED [1022 -> 192.168.20.124:513] TCP: TCB 0xE7DBC8 deleted

Field Description

TCP: Means that the TCP interaction information is displayed. rcvd connection attempt to port 23

Means that the connection request from peer port 23 (telnet port) is received.

TCB 0xE88AC8 created Means a new TCP connection control block is generated and its logo is 0xE88AC8.

state was LISTEN -> SYN_RCVD

Means that the state of the TCP state machine changes from the LISTEN state to the SYN_RCVD state.

The TCP state may be one of the following:

LISTEN---waiting for the TCP connection request from any remote host

SYN_SENT---the connection request for creating TCP connection negotiation has been sent and the reply is being waited.

SYN_RCVD---the connection request from the peer has been received and the acknowledgement information and its own connection request have also been sent out; the acknowledge information about the peer’s connection is being waited.

ESTABLISHED---the connection is successful; the data is being transmitted; the data of the upper application can be received and sent.

FIN_WAIT_1---the connection termination request has been sent to the peer; the acknowledgement information and the connection termination request from the peer are being waited.

FIN_WAIT_2---the connection termination request has been sent to the peer and the acknowledgement information from the peer has been received; the connection termination request from the peer is being waited.

CLOSE_WAIT--- the connection termination request from the peer has been received and the acknowledgement information has been sent out; the local user is being waited to close the connection. Once the user demands to close the connection, the system sends out the connection termination request.

CLOSING--- the connection termination request has been sent to the peer and the connection termination request from the peer has been received and the acknowledgement information has been sent out; the system is waiting for the local connection termination request acknowledge from the peer.

- 23 -


LAST_ACK---The system has received the connection termination request from the peer and acknowledged it; the system has already sent out connection termination request; the acknowledge is being waited for.

TIME_WAIT---the period when the system waits for the peer to receive the acknowledgement of the connection termination request

CLOSED---the connection is closed.

For details, refer to RFC 793, Transmission Control Protocol.

[23 -> 192.168.20.125:3828]

The first field (23) in the bracket means the local TCP port.

The second field (192.168.20.125) in the bracket means the remote IP address.

The third field (3828) in the bracket means the remote TCP port.

sending SYN Means a connection request message is sent out (SYN in the control bits of the TCP header is set). Other TCP control bits include SYN, ACK, FIN, PSH, RST and URG.

seq 50658312 Means that the sequence number for sending the message is 50658312.

ack 3130379657 Means that the acknowledgement number for sending the message is 3130379657.

rcvd FIN Means that the connection termination request is received (FIN in the control bits of the TCP header is set).

connection closed by user

Means that the upper application requires closing the TCP connection.

connection timed out Means that connection timeout is closed.

Related command

debug ip tcp packet “8.1content"

2.1.9 debug ip udp

It is used to display the UDP interaction information. Run the command no debug ip udp to stop displaying the information.

debug ip udp

no debug ip udp

Parameter


Command mode

Management mode

- 24 -


Example

switch#debug ip udp switch#UDP: rcvd src 192.168.20.99(520), dst 192.168.20.255(520), len = 32 UDP: sent src 192.168.20.22(20001), dst 192.168.20.43(1001), len = 1008

Field Description

UDP: Means that the information is about the UDP message. rcvd Means that the message is received. sent Means that the message is sent. src Means the source IP address of the UDP message and the UDP

port. dst Means the destination IP address of the UDP message and the

UDP port. len Means the length of the UDP message.

The first line in the previous information shows that a UDP message is received. The UDP message is sent from host 192.168.20.99. Both the source port and the destination port are port 520. The destination address is 192.168.20.255. The length of the message is 32 bytes.

The second line in the previous information shows that a UDP message is sent. The local address and the destination address are 192.168.20.22 and 192.168.20.43 respectively. The source port and the destination port are port 20001 and port 1001 respectively. The length of the message is 1008 bytes.

2.1.10 ip mask-reply

It is used to enable the switch to reply the mask request of the IP address on the designated interface. Run the command no ip mask-reply to disable the function.

ip mask-reply

no ip mask-reply

default ip mask-reply

Parameter


Default

The mask request of the IP address is not replied.

Command mode


Example

interface vlan 11 ip mask-reply

- 25 -


2.1.11 ip mtu

It is used to set the MTU of the IP message. To reuse MTUDefault, run the command no ip mtu.

ip mtu bytes

no ip mtu

Parameter


bytes Maximum transmission unit of the IP message, which is calculated by byte

Default

It varies with different physical media of the interface. It is the same as MTU. The minimum value is 68 bytes.

Command mode


Instruction

If the length of the IP message exceeds IP MTU configured on the interface, the switch fragments the message. All devices connecting on the same physical media need be configured the same MTU. The MTU affects the IP MTU. If the value of IP MTU is the same as that of the MTU, the value of IP MTU automatically changes to the new value of the MTU when the MTU value changes. The change of the IP MTU does not affectthe MTU.

The minimum value of IP MTU is 68 bytes and the maximum value of IP MTU cannot exceed the MTU value configured on the interface.

Example

The following example shows that IP MTU on interface vlan 10 is set to 200: interface vlan 10 ip mtu 200

Related command

mtu

2.1.12 ip redirects

It is used to send the IP ICMP redirect message. You can run the command no ip redirects not to send the IP ICMP redirect message.

ip redirects

no ip redirects

- 26 -


Parameter


Default

The IP redirect message is sent by default. However, if you configure the hot standby switch protocol, the function is disabled automatically. If the hot standby switch protocol is cancelled, the function cannot be automatically enabled.

Command mode


Instruction

When the switch finds that the forwarding interface of the gateway is the same as the the reception interface and the source host directly connects the logical network of the interface, the switch sends an ICMP redirect message, notifying the source host to take the switch as the gateway to the destination address.

If the hot standby switch protocol is configured on the interface, the message may be dropped when the IP redirect message is sent.

Example

The following example shows that the ICMP redirect message can be sent on interface vlan 10:

interface vlan 10 ip redirects

2.1.13 ip source-route

It is used to enable the routing switch to process the IP message with the source IP route. To enable the routing switch to drop the IP message with the source IP route, run the command no ip source-route.

ip source-route

no ip source-route

Parameter

None

Default

The IP message with the source IP route is processed.

Command mode


Example

The following command enables the routing switch to process the IP message with the source IP route.

- 27 -


ip source-route

Related command

ping

2.1.14 ip tcp synwait-time

It is used to set the timeout time, which is used in the case when the switch waits for the successful TCP connection. To resume to the default time, run the command no ip tcp synwait-time.

ip tcp synwait-time seconds

no ip tcp synwait-time

Parameter


seconds Time for waiting for the TCP connection, which ranges from 5 to 300 seconds

Its default value is 75 seconds.

Default

75 seconds

Command mode


Instruction

When the switch originates the TCP connection, if the TCP connection is unsuccessful after the waiting time, the switch considers that the connection fails and sends the result to the upper application. You can set the waiting time for the successful TCP connection. The default value is 75 seconds. The option has nothing with the TCP connection message forwarded by the switch. However, it is relevant with the local TCP connection of the switch.

To know the current value of the waiting time, run the command ip tcp synwait-time ?. The value in the square bracket is the current value.

Example

The following example shows that the waiting time of the TCP connection is set to 30 seconds: switch_config#ip tcp synwait-time 30 switch_config#ip tcp synwait-time ? <5-300>[30] seconds -- wait time

2.1.15 ip tcp window-size

It is used to set the size of the TCP window. To resume to the default value, run the command no ip tcp window-size.

- 28 -


ip tcp window-size bytes

no ip tcp window-size

Parameter


bytes Size of the window whose unit is second

The maximum size is 65535 bytes. The default size is 2000 bytes.

Default

2000 bytes

Command mode


Instruction

Do not hastly modify the default value of the window size unless you have a definite purpose. You can run the command ip tcp window-size ? to know the current value. The value in the square bracket is the current value.

Example

The following example shows that the size of the TCP window is set to 6000 bytes: switch_config#ip tcp window-size 6000 switch_config#ip tcp window-size ? <1-65535>[6000] bytes -- Window size

2.1.16 ip unreachables

It is used to enable the switch to send the ICMP unreachable message. To stop sending the message, run the command no ip unreachables.

ip unreachables

no ip unreachables

Parameter


Default

The ICMP unreachable message is sent.

Command mode


- 29 -


Instruction

When the switch forwards the IP message, the message is dropped if the relevant route is not in the routing table. In this case, the switch sends the ICMP unreachable message to the source host. According to the information in the ICMP unreachable message, the source host promptly detects the fault and removes it.

Example

The following example shows that the interface vlan 10 is set to send the ICMP unreachable message: interface vlan 10 ip unreachables

2.1.17 show ip sockets

It is used to display the socket information.

show ip sockets

Parameter


Command mode

Management mode

Example

switch#show ip sockets

Proto Local Port Remote Port In Out 17 0.0.0.0 0 0.0.0.0 0 161 0 6 0.0.0.0 0 0.0.0.0 0 513 0 17 0.0.0.0 0 0.0.0.0 0 1698 0 17 0.0.0.0 0 0.0.0.0 0 69 0 6 0.0.0.0 0 0.0.0.0 0 23 0 17 0.0.0.0 0 0.0.0.0 0 137 122590

Field Description

Proto IP number

The protocol number of UDP is 17 and the number of TCP is 6. Remote Remote address Port Remote port Local Local address Port Local port

- 30 -


In Total number of the received bytes Out Total number of the transmitted bytes

2.1.18 show ip traffic

It is used to display the statistics information about the IP traffic.

show ip traffic

Parameter


Command mode

Management mode

Example

switch#show ip traffic IP statistics: Rcvd: 0 total, 0 local destination, 0 delivered 0 format errors, 0 checksum errors, 0 bad ttl count 0 bad destination address, 0 unknown protocol, 0 discarded 0 filtered , 0 bad options, 0 with options Opts: 0 loose source route, 0 record route, 0 strict source route 0 timestamp, 0 router alert, 0 others Frags: 0 fragments, 0 reassembled, 0 dropped 0 fragmented, 0 fragments, 0 couldn't fragment Bcast: 0 received, 0 sent Mcast: 0 received, 0 sent Sent: 230 generated, 0 forwarded 0 filtered, 0 no route, 0 discarded ICMP statistics: Rcvd: 0 total, 0 format errors, 0 checksum errors 0 redirect, 0 unreachable, 0 source quench 0 echos, 0 echo replies, 0 mask requests, 0 mask replies 0 parameter problem, 0 timestamps, 0 timestamp replies 0 time exceeded, 0 router solicitations, 0 router advertisements Sent: 0 total, 0 errors 0 redirects, 0 unreachable, 0 source quench 0 echos, 0 echo replies, 0 mask requests, 0 mask replies 0 parameter problem, 0 timestamps, 0 timestamp replies 0 time exceeded, 0 router solicitations, 0 router advertisements UDP statistics: Rcvd: 28 total, 0 checksum errors, 22 no port, 0 full sock Sent: 0 total TCP statistics: Rcvd: 0 total, 0 checksum errors, 0 no port Sent: 3 total IGMP statistics:

- 31 -


Rcvd: 0 total, 0 format errors, 0 checksum errors 0 host queries, 0 host reports Sent: 0 host reports ARP statistics: Rcvd: 8 total, 7 requests, 1 replies, 0 reverse, 0 other Sent: 5 total, 5 requests, 0 replies (0 proxy), 0 reverse

Field Description

format errors Means that the format of the message is incorrect, such as the incorrect length of the IP header.

bad hop count Means that the TTL value decreases to 0 when the routing switch forwards the message. In this case, the message will be dropped.

no route Means that the routing switch does not have relevant route message.

2.1.19 show tcp

It is used to display the state of all TCP connections.

show tcp

Parameter


Command mode

Management mode

Example

switch#show tcp TCB 0xE9ADC8 Connection state is ESTABLISHED, unread input bytes: 934 Local host: 192.168.20.22, Local port: 1023 Foreign host: 192.168.20.124, Foreign port: 513 Enqueued bytes for transmit: 0, input: 934 mis-ordered: 0 (0 packets) Timer Starts Wakeups Next(ms) Retrans 33 1 0 TimeWait 0 0 0 SendWnd 0 0 0 KeepAlive 102 0 7199500 iss: 29139463 snduna: 29139525 sndnxt: 29139525 sndwnd: 17520 irs: 709124039 rcvnxt: 709205436 rcvwnd: 4380 SRTT: 15 ms, RXT: 2500 ms, RTV: 687 ms minRXT: 1000 ms, maxRXT: 64000 ms, ACK hold: 200 ms

- 32 -


Datagrams (max data segment is 1460 bytes): Rcvd: 102 (out of order: 0), with data: 92, total data bytes: 81396 Sent: 104 (retransmit: 0), with data: 31, total data bytes: 61

Field Description

TCB 0xE77FC8 Internal identifier of the TCP connection control block Connection state is ESTABLISHED

Currrent state of the TCP connection

The TCP connection may be in one of the following state:

LISTEN---waiting for the TCP connection request from any remote host

SYN_SENT---the connection request has been sent and the reply is being waited.

SYN_RCVD---the connection request from the peer has been received and the acknowledgement information and its own connection request have also been sent out; the acknowledge information about the peer’s connection is being waited.

ESTABLISHED---the connection is successful; the data is being transmitted; the data of the upper application can be received and sent.

FIN_WAIT_1---the connection termination request has been sent to the peer; the acknowledgement information and the connection termination request from the peer are being waited.

FIN_WAIT_2---the connection termination request has been sent to the peer and the acknowledgement information from the peer has been received; the connection termination request from the peer is being waited.

CLOSE_WAIT--- the connection termination request from the peer has been received and the acknowledgement information has been sent out; the local user is being waited to close the connection. Once the user demands to close the connection, the system sends out the connection termination request.

CLOSING--- the connection termination request has been sent to the peer and the connection termination request from the peer has been received and the acknowledgement information has been sent out; the system is waiting for the local connection termination request acknowledge from the peer.

LAST_ACK---The system has received the connection termination request from the peer and acknowledged it; the system has already sent out connection termination request; the acknowledgement is being waited for.

TIME_WAIT---the period when the system waits for the peer to receive the acknowledgement of the connection termination request

CLOSED---the connection is closed.

For details, refer to RFC 793, Transmission Control Protocol.

unread input bytes: Data that is processed by the lower-layer TCP and the upper application has not received

- 33 -


Local host: Local IP address Local port: Local TCP port Foreign host: Remote IP address Foreign port: Remote TCP port Enqueued bytes for transmit:

Bytes in the transmitter queue, including the data that is sent but not yet acknowledged and the data that is not sent

input: Bytes in the reception queue

After sorting, these data waits for the upper application to accept.

mis-ordered: Number of bytes and messages in the misordered queue

After other data is received, these data can enter the receiption queue in turn and then can be received by the upper application. For example, after messages 1, 2, 4, 5 and 6 are received, messages 1 and 2 can enter the receiption queue, but messages 4, 5 and 6 have to enter the misordered queue and wait for message 3.

After that, the information about the timer of the current connection is displayed, including its startup times, timeout times and the next-time timeout time. The value 0 means that the timer does not run currently. Each connection has its own unique timer. The timeout times is less than the startup times because the timer may be reset in its process. For example, when the retransmission timer works, the system will receive the acknowledgements for all data from the peer. In this case, the retransmission timer stops running. Timer Starts Wakeups Next(ms) Retrans 33 1 0 TimeWait 0 0 0 SendWnd 0 0 0 KeepAlive 102 0 7199500

Field Description

Timer Name of the timer Starts Startup times of the timer Wakeups Timeout times of the timer Next(ms) Next-time timeout time (unit: ms)

The value 0 means the timer does not run. Retrans Retransmission timer, which is used to trigger resending data

The timer is started up after the data is sent. If the data is not acknowledged by the peer within the timeout time, the data will be resent.

TimeWait Time Waiting timer, which is used to know that the peer has already received the acknowledgement of the connection termination request.

SendWnd Timer of the transmission window, which is used to asure that the transmission wind resume to the normal size after the TCP

- 34 -


acknowledgement information is dropped KeepAlive Keep-alive timer, which is used to asure that the communication

link is in normal state and the peer is still in the connection state

It triggers the testing message to be sent for testing the state of the communication link and the peer.

After the timer is displayed, the sequence number of the TCP connection is displayed. TCP uses the sequence number to gurantee reliable and orderly data transmission. The local or remote host can control the traffic and send the acknowledgement information according to the sequence number. iss: 29139463 snduna: 29139525 sndnxt: 29139525 sndwnd: 17520 irs: 709124039 rcvnxt: 709205436 rcvwnd: 4380

Field Description

iss: Sequence number of original transmission snduna: Sequence number of the first byte in the data that is already sent

but whose acknowledgement information has not been received sndnxt: Transmission sequence number of the first data in the data that

is sent later sndwnd: TCP window size of the remote host irs: Original receiption sequence number, that is, original

transmission sequence number of the remote host rcvnxt: Receiption sequence number that is acknowledged recently rcvwnd: TCP window size of the local host

The transmission time recorded by the local host is displayed afterwards. The system can adapt itself to different networks according to the transmission time.

SRTT: 15 ms, RXT: 2500 ms, RTV: 687 ms minRXT: 1000 ms, maxRXT: 64000 ms, ACK hold: 200 ms

Field Description

SRTT: Round-trip time after smooth processing RXT: Retransmission timeout time RTV: Change value of the round-trip time MinRXT: Permissible minimum retransmission timeout time MaxRXT: Permissible maximum retransmission timeout time ACK hold: Maximum delay time when the acknowledgement is delayed for

being sent together with the data Datagrams (max data segment is 1460 bytes): Rcvd: 102 (out of order: 0), with data: 92, total data bytes: 81396 Sent: 104 (retransmit: 0), with data: 31, total data bytes: 61

Field Description

max data segment is Maximum length of the data segment which is permitted by the

- 35 -


connection Rcvd: Number of messages that the local host receives during the

connection procedure, including the number of the misordered messages

with data: Number of messages that contain valid data total data bytes: Number of data bytes contained by the message Sent: Number of messages that are sent or resent by the local host

during the connection procedure with data: Number of messages that contain valid data total data bytes: Number of data bytes contained by the message

Related command

show tcp brief

show tcp tcb

2.1.20 show tcp brief

It is used to display the brief information about the TCP connection.

show tcp brief [all]

Parameter


all An optional parameter, which means that all ports are displayed

If the parameter is not entered, the system does not display the ports in the LISTEN state.

Command mode

Management mode

Example

switch#show tcp brief TCB Local Address Foreign Address State 0xE9ADC8 192.168.20.22:1023 192.168.20.124:513 ESTABLISHED 0xEA34C8 192.168.20.22:23 192.168.20.125:1472 ESTABLISHED

Field Description

TCB Internal identifier of the TCP connection Local Address Local IP address and the TCP port Foreign Address Remote IP address and the TCP port State State of the connection

For details, refer to the description of the show tcp command.

- 36 -


Related command

show tcp

show tcp tcb

2.1.21 show tcp statistics

It is used to display the TCP statistics data.

show tcp statistics

Parameter


Command mode

Management mode

Example

switch#show tcp statistics Rcvd: 148 Total, 0 no port 0 checksum error, 0 bad offset, 0 too short 131 packets (6974 bytes) in sequence 0 dup packets (0 bytes) 0 partially dup packets (0 bytes) 0 out-of-order packets (0 bytes) 0 packets (0 bytes) with data after window 0 packets after close 0 window probe packets, 0 window update packets 0 dup ack packets, 0 ack packets with unsend data 127 ack packets (247 bytes) Sent: 239 Total, 0 urgent packets 6 control packets 123 data packets (245 bytes) 0 data packets (0 bytes) retransmitted 110 ack only packets (101 delayed) 0 window probe packets, 0 window update packets 4 Connections initiated, 0 connections accepted, 2 connections established 3 Connections closed (including 0 dropped, 1 embryonic dropped) 5 Total rxmt timeout, 0 connections dropped in rxmt timeout 1 Keepalive timeout, 0 keepalive probe, 1 Connections dropped in keepalive

Field Description Rcvd: Statistics data about the messages received by the routing

switch Total Total number of the received messages no port Number of messages showing the destination port does not

exist checksum error Number of messages showing that sum check is incorrect bad offset Number of messages showing that the data offset is incorrect

- 37 -


too short Number of messages showing that the message length is less than the minimum effective length

packets in sequence Number of messages that are received in turn dup packets Number of received duplicate messages partially dup packets Number of received messages that are partly duplicated out-of-order packets Number of misordered messages packets with data after window

Number of messages whose data exceeds the receiption window

packets after close Number of messages that are received after the connection is closed

window probe packets Number of received messages about window probe window update packets Number of received messages about window update dup ack packets Number of received messages that are duplicately

acknowledged ack packets with unsent data

Number of received messages that are acknowledged but has not been sent

ack packets Number of received messages that are acknowledged Sent Statistics data about messages that are sent by the routing

switch Total Total number of the transmitted messages urgent packets Number of the transmitted urgent messages control packets Number of the transmitted control messages (SYN, FIN or RST) data packets Number of the transmitted data messages data packets retransmitted

Number of the retransmitted data messages

ack only packets Number of the purely acknowledged messages window probe packets Number of the transmitted window probe messages window update packets Number of the transmitted window update messages Connections initiated Number of the locally initiated connections connections accepted Number of the locally received connections connections established Number of the locally established connections Connections closed Number of the locally closed connections Total rxmt timeout Total number of retransmission timeouts Connections dropped in rxmit timeout

Number of the connections dropped because of retransmission timeout

Keepalive timeout Number of Keepalive timeouts keepalive probe Number of the transmitted messages for keepalive probe

- 38 -


Connections dropped in keepalive

Number of the connections dropped because of Keepalive

Related command

clear tcp statistics 8.1content

2.1.22 show tcp tcbI

It is used to display the state of a certain TCP connection.

show tcp tcb address

Parameter


address TCB address of the TCP connection

TCB is an identifier of the TCP connection in the system, which can be obtained by the command show tcp brief.

Command mode

Management mode

Example

For detailed explanation, refer to the command show tcp. switch_config#show tcp tcb 0xea38c8 TCB 0xEA38C8 Connection state is ESTABLISHED, unread input bytes: 0 Local host: 192.168.20.22, Local port: 23 Foreign host: 192.168.20.125, Foreign port: 1583 Enqueued bytes for transmit: 0, input: 0 mis-ordered: 0 (0 packets) Timer Starts Wakeups Next(ms) Retrans 4 0 0 TimeWait 0 0 0 SendWnd 0 0 0 KeepAlive +5 0 6633000 iss: 10431492 snduna: 10431573 sndnxt: 10431573 sndwnd: 17440 irs: 915717885 rcvnxt: 915717889 rcvwnd: 4380 SRTT: 2812 ms, RXT: 18500 ms, RTV: 4000 ms minRXT: 1000 ms, maxRXT: 64000 ms, ACK hold: 200 ms Datagrams (max data segment is 1460 bytes): Rcvd: 5 (out of order: 0), with data: 1, total data bytes: 3 Sent: 4 (retransmit: 0), with data: 3, total data bytes: 80

- 39 -


Related command

show tcp

show tcp brief

- 40 -

Commands for Fast Ethernet Ring Protection Mechanism

Table of Contents

Table of Contents

Table of Contents ................................................................................................................................ I

Chapter 1 Commands for Fast Ethernet Ring Protection Mechanism ............................................... 1 1.1 Global Configuration Commands.......................................................................................... 1

1.1.1 ether-ring .................................................................................................................... 1 1.1.2 control-vlan................................................................................................................. 2 1.1.3 master-node ............................................................................................................... 2 1.1.4 transit-node ................................................................................................................ 3 1.1.5 hello-time.................................................................................................................... 4 1.1.6 fail-time....................................................................................................................... 5 1.1.7 pre-forward-time......................................................................................................... 6 1.1.8 distributed-mode......................................................................................................... 7 1.1.9 centralized-mode........................................................................................................ 8

1.2 Port Configuration Commands ............................................................................................. 9 1.2.1 ether-ring primary-port ............................................................................................... 9 1.2.2 ether-ring secondary-port......................................................................................... 10 1.2.3 ether-ring transit-port................................................................................................ 10

1.3 Show-Related Commands.................................................................................................. 12 1.3.1 show ether-ring......................................................................................................... 12

- I -

Commands for Fast Ethernet-Ring Potection Mechanism

Chapter 1 Commands for Fast Ethernet Ring Protection Mechanism

1.1 Global Configuration Commands

1.1.1 ether-ring

To configure the node of the Ethernet ring, you need enter the node configuration mode first and then run the following command.

ether-ring id

To cancel the node of the Ethernet ring, run the following command:

no ether-ring id

Parameter


id ID of the node

Default value

By default, the node of the Ethernet ring is not configured.

Command mode


Usage Explanation

Before configuring the node, you need shut down the spanning tree protocol by running no spanning-tree.

Example

S1_config#no spanning-tree S1_config#ether-ring 1 S1_config_ring1#

Related command

None

- 1 -


1.1.2 control-vlan

To configure the control VLAN of the ring node, run the following command:

control-vlan vlan-id

Parameter


vlan-id ID of the control VLAN

Value range: 1-4094

Default value

By default, the control VLAN of a node is not configured.

Command mode

Node configuration mode for the Ethernet ring

Usage Explanation

1. Any VLAN can be configured as the control VLAN of the node. However, the establishment of the control VLAN does not mean that the corresponding system VLAN can be created. The user need create the system VLAN manually.

2. After the control VLAN and node types of the Ethernet ring are configured, you cannot modify the control VLAN even if the system exits from the Ethernet ring configuration mode because the Ethernet ring has already been started.

Example

S1_config#ether-ring 1 S1_config_ring1#control-vlan 2

Related command

ether-ring

master-node

transit-node

1.1.3 master-node

To configure an Ethernet ring as a master node, run the following command:

master-node

- 2 -


Parameter

None

Default value

By default, the node type is not configured.

Command mode

Node configuration mode

Usage Explanation

1. A node can be set to be a master node or a transit node.

2. After the control VLAN and node types of the Ethernet ring are configured, you cannot modify the control VLAN even if the system exits from the Ethernet ring configuration mode because the node of the Ethernet ring has already been started.

Example

S1_config#ether-ring 1 S1_config_ring1#control-vlan 2 S1_config_ring1#master-node

Related command

control-vlan

transit-node

1.1.4 transit-node

To configure the node type to a transit node, run the following command:

transit-node

Parameter

None

Default value

By default, the node type is not configured.

- 3 -


Command mode

Node configuration mode

Usage Explanation

1. A node can be set to be a master node or a transit node.

2. After the control VLAN and node types of the Ethernet ring are configured, you cannot modify the control VLAN even if the system exits from the Ethernet ring configuration mode because the node of the Ethernet ring has already been started.

Example

S1_config#ether-ring 1 S1_config_ring1#control-vlan 2 S1_config_ring1#transit-node

Related command

control-vlan

master-node

1.1.5 hello-time

To configure the cycle for the master node to transmit the HEALTH packets of the Ethernet ring, run the following command:

hello-time value

To resume the default value of the cycle, run the following command:

no hello-time

Parameter


value Stands for a time value, whose unit is second.

The default value is one second. The value ranges between 1 and 10 seconds.

Default value

By default, the hello-time is one second.

- 4 -


Command mode


Usage Explanation

1. The hello-time configuration validates only on the master node.

2. By default, the value of the hello-time is smaller than that of the fail-time, which avoids the Ethernet ring protocol from being shocked. After the hello-time is modified, the corresponding fail-time need be modified too.

Example

S1_config#ether-ring 1 S1_config_ring1#control-vlan 2 S1_config_ring1#master-node S1_config_ring1#hello-time 2

Related command

fail-time

1.1.6 fail-time

To configure the time cap of waiting for the HEALTH packets for the secondary port of the master node, run the following command:

fail-time value

To resume the default value of the fail-time, run the following command:

no fail-time

Parameter



The default value is three seconds. The value ranges between 3 and 30 seconds.

Default value

By default, the fail-time is 3 seconds.

- 5 -


Command mode


Usage Explanation

1. The fail-time configuration validates only on the master node.

2. By default, the value of the fail-time is triple of the fail-time, which avoids the Ethernet ring protocol from being shocked. After the hello-time is modified, the corresponding fail-time need be modified too.

Example

S1_config#ether-ring 1 S1_config_ring1#control-vlan 2 S1_config_ring1#master-node S1_config_ring1#hello-time 2 S1_config_ring1#fail-time 6

Related command

hello-time

1.1.7 pre-forward-time

To configure the time of maintaining the pre-forward state on the transit port, run the following command:

pre-forward-time value

To resume the default value of the pre-forward-time, run the following command:

no pre-forward-time

Parameter



The default value is three seconds. The value ranges between 3 and 30 seconds.

Default value

By default, the pre-forward-time is 3 seconds.

- 6 -


Command mode


Usage Explanation

1. The pre-forward-time configuration validates only on the transit node.

2. By default, the pre-forward-time on the transit node is three times the value of the hello-time on the master node, which avoids the network loop from being occurred after the transmission link recovers from disconnection. After the hello-time of the master node is modified, the corresponding pre-forward-time on the transit node need be adjusted.

Example

S1_config#ether-ring 1 S1_config_ring1#control-vlan 2 S1_config_ring1#transit-node S1_config_ring1#pre-forward-time 8

Related command

None

1.1.8 distributed-mode

To configure the protection of wire-card-distributed Ethernet ring, run distributed-mode.

Parameter

None

Default value

By default, the configured node of the Ethernet ring automatically works in distributed mode.

Command mode


Usage Explanation

1. The command validates only on S6800 and S8500.

- 7 -


2. In distributed mode, all events about the Ethernet ring such as the link disconnection of the Ethernet ring are handled in priority by the wire card of the switch to obtain the higher convergence performance.

Example

S1_config#ether-ring 1 S1_config_ring1#distributed-mode

Related command

centralized-mode

1.1.9 centralized-mode

To set the working mode of the Ethernet ring protection protocol to the MSU centralized control, run centralized-mode.

Parameter

None

Default value

By default, the Ethernet-ring protection protocol works in distributed mode.

Command mode


Usage Explanation

1. The command validates only on S6800 and S8500.

2. After the MSU centralized mode is configured, the wire card of the switch does not handle the Ethernet ring events.

Example

S1_config#ether-ring 1 S1_config_ring1#distributed-mode

Related command

distributed-mode

- 8 -


1.2 Port Configuration Commands

1.2.1 ether-ring primary-port

To set a port to be the primary port of a master node, run the following command:

ether-ring id primary-port

To cancel the primary port configuration of a port, run the following command:

no ether-ring id primary-port

Parameter


id ID of the node

Default value

The primary port is not configured by default.

Command mode

The physical port configuration mode and the converged port configuration mode

Note: The versions of switch software prior to version 2.0.1L and the versions of hi-end switch software prior to version 4.0.0M do not support the configuration of the converged port.

Usage Explanation

The primary port can be configured only after the control VLAN and node type of the Ethernet ring are configured, and when the node type is the master node.

Example

S1_config#interface fastEthernet 0/1 S1_config_f0/1#ether-ring 1 primary-port S1_config_f0/1#exit

Related command

master-node

ether-ring secondary-port

- 9 -


1.2.2 ether-ring secondary-port

To set a port to be the secondary port of a master node, run the following command:

ether-ring id secondary-port

To cancel the secondary port configuration, run the following command:

no ether-ring id secondary-port

Parameter


id ID of the node

Default value

The secondary port on the master node is not configured by default.

Command mode



Usage Explanation

The secondary port can be configured only after the control VLAN and node type of the Ethernet ring are configured, and when the node type must be the master node.

Example

S1_config#interface fastEthernet 0/3 S1_config_f0/3#ether-ring 1 secondary-port S1_config_f0/3#exit

Related command

master-node

ether-ring primary-port

1.2.3 ether-ring transit-port

To set a port to be the transit port of a transit node, run the following command:

- 10 -


ether-ring id transit-port

To cancel the transit port, run the following command:

no ether-ring id transit-port

Parameter


id ID of the node

Default value

The transit port on the transit node is not configured by default.

Command mode



Usage Explanation

The transit port can be configured only after the control VLAN and node type of the Ethernet ring are configured, and when the node type must be the transit node. Two transit ports can be configured on one transit node.

Example

S1_config_ring1#exit S1_config#interface fastEthernet 0/1 S1_config_f0/1#ether-ring 1 transit-port S1_config_f0/1#exit S1_config#interface fastEthernet 0/3 S1_config_f0/3#ether-ring 1 transit-port S1_config_f0/3#exit

Related command

transit-node

- 11 -


1.3 Show-Related Commands

1.3.1 show ether-ring

To display the summary information about the Ethernet-ring node, run the following command:

show ether-ring id

To display the detailed information about the Ethernet-ring node, run the following command:

show ether-ring id detail

To display the information about the Ethernet-ring port, run the following command:

show ether-ring id interface intf-name

Parameter


id ID of the node

intf-name Name of an interface

Default value

None

Command mode

Monitoring mode, global configuration mode, node configuration mode or port configuration mode

Usage Explanation

None

Example

None

Related command

None

- 12 -

QoS Function Configuration Commands

Table of Contents

Table of Contents

Chapter 1 QoS Service Configuration Commands ............................................................................ 1 1.1 QoS Configuration Commands............................................................................................. 1

1.1.1 cos default .................................................................................................................. 1 1.1.2 cos map...................................................................................................................... 2 1.1.3 scheduler wrr bandwidth ............................................................................................ 3 1.1.4 scheduler policy.......................................................................................................... 3 1.1.5 policy-map.................................................................................................................. 4 1.1.6 classify........................................................................................................................ 5 1.1.7 action.......................................................................................................................... 5 1.1.8 qos policy ................................................................................................................... 6

- I -


Chapter 1 QoS Service Configuration Commands

1.1 QoS Configuration Commands QoS Configuration Commands include:

cos default

cos map

scheduler wrr bandwidth

scheduler policy

policy-map

classify

action

qos policy

1.1.1 cos default

description

cos default cos

no cos default

To configure the default value of CoS, use the cos default command. To disable the configuration, use the no form of this command.

parameter


cos Default cos value. The range is 0-7

default

The default CoS value is 0

instruction

Layer 2 interface configuration mode

example

Set the CoS value of no-label frame received on ge0/1 interface as 4 Switch(config)# interface gigabitethernet0/1 Switch(config-if)# cos default 4

- 1 -


1.1.2 cos map

description

cos map quid cos1..cosn

no cos map

To set the CoS priority queues, use the cos map command.

parameter


quid ID of CoS priority queues. The range is 1 to 8 cos1..cosn CoS value defined by IEEE802.1p. The range is 0 to 7

default

CoS value Priority queues

0 1

1 2

2 3

3 4

4 5

5 6

6 7

7 8

instruction

Layer 2 interface configuration mode and the global configuration mode

Using this command in the global configuration mode will affect all CoS priority queue; while configuring this command in layer 2 interface command will only affect CoS priority queue of the interface.

example

The following example maps CoS 0-2 to CoS priority queue 1and maps CoS 3 to priority queue 2: Switch(config-if)# cos map 1 0 1 2 Switch(config-if)# cos map 2 3

- 2 -


1.1.3 scheduler wrr bandwidth

description

scheduler wrr bandwidth weight1...weightn

no scheduler wrr bandwidth

To configure cos priotiry queue bandwidth, use the scheduler wrr bandwidth command

parameter


weight1…weight8 WRR 8 CoS priority queue metrics the range is 1to 5。

default

All CoS priority queue metrics must be the same, the eight CoS priority queue metrics are all 12.

instruction

It works in the global configuration mode

Using this command will affect the priority queue broadband of all interfaces. It enables only when queue debug mode is configured wrr. It defines the CoS priority queue broadband metrics when wrr debug policy is applied.

example

Configure the eight CoS priority queue metrics as 1，2，3，4，5，6，7，8

Switch(config)# scheduler wrr bandwidth 1，2，3，4，5，6，7，8

1.1.4 scheduler policy

description

scheduler policy { sp | wrr }

no scheduler policy

To set CoS priority queue debug policy, use the scheduler policy command.

parameter


sp Use the sp debug stratefgy. wrr Use the wrr debug strategy

- 3 -


default

use SP

instruction

the global configuration mode

After configure the command, the interface send debug mode is configured to specified value.

example

Configure interface send debug mode as wrr.

Switch(config)#scheduler policy wrr

1.1.5 policy-map

description

policy-map name

no policy-map name

To set QOS policy-map, use the policy-map command

parameter

Parameter description

name Name of the policy map , the value range is 1 to 16 characters

default

none

instruction

the global configuration mode

After inputting this command, the system will enter QoS policy mapping configuration mode. There are following commands in this mode:

classify: it is used to configure QoS flow.

description：it is used to describe QoS policy mapping.

exit：it is used to quit from QoS policy mapping configuration mode.

no：it is used to cancel the command that formerly inputs.

action：it is used to define QoS action.

example

The following example shows how to configure QoS policy map: Switch(config)# policy-map myqos

- 4 -


1.1.6 classify

description

classify {ip access-group access-list-name | dscp dscp-value | mac access-group mac-access-name | vlan vlan-id | cos cos | any }

no classify {ip access-group access-list-name | dscp dscp-value | mac access-group mac-access-name | vlan vlan-id | cos cos | any }

To configure the matching data traffic of QoS policy, use the classify command


ip access-group access-list-name

Configure the matching IP access list name, the range is 1 to 16 characters

dscp dscp-value diffserv field in IP packet. The valid range is 0 to 63 mac access-group mac-access-name

Configure the matching MAC access list name. the valid range is 1 to 16 characters

vlan vlan-id Configure the matching VLAN, the valid range is 1 to 4094 cos cos Configure the matching COS value, the valid range is 0 to 7 any match any data packets

default

match any data packets

instruction

QoS policy map configuration mode

All data traffic in one QoS policy map must have the identical mask value, interface number in the ip access-list must be definite rather than a scope.

Only one item of rule can be included in the ip access list that used to match data flow, or the configuration fails. When the action (permit or deny) of the rule is permit, this rule is used to separate data flow; when the action of the rule is deny, this rule has no effect, that is, it will not be used to match data flow.

example

Switch(config-qos)# classify ip access-group ipacl1 cos 3

1.1.7 action

description

action [no-match] {bandwidth max-band | cos cos-value | dscp dscp-value | redirect interface-id | drop | stat | monitor }

To configure the matching data traffic policy of QoS policy map, use the action command

- 5 -


parameter

paramter description

no-match Influence all the traffic that do not meet the demand bandwidth max-band maximum bandwidth to a class ，the range is 1 to 1000kbps。

dscp dscp-value Define the dscp field of the matching traffic as dscp-value, the range is 0 to 63

cos cos-value Define cos field of the matching traffic as cos-value, the range is 0 to 7

redirect interface-id redirect the exit of the matching traffic

drop drops the configured packets

stat Switch stat information of the related matching traffic monitor 将该数据包发送到镜像端口。Send the packets to monitor

interface

default

none

instruction

QoS policy map configuration mode.

One QoS policy mapping can only configures one kind of policy. Bandwidth and stat can only influence the match packets, and the above actions can be enabled at the same time, if the action is empty, then it means to forward, which means allowing the data traffic to pass.

example

Switch(config-qos)# action redirect interface g0/1

1.1.8 qos policy

description

[no] qos policy name { ingress|egress}

To configure the QoS policy on interface, use the qos policy command.

paramter


name Name of QoS policy maps ingress Affect the entrance egress Affect the exit

- 6 -


deault

none

instruction

layer 2 interface configuration mode

example

Apply the QoS policy named pmap on the f0/1 interface Switch(config)# interface Gigaethernet0/1 Switch(config-if)# qos policy pmap ingress

- 7 -

Anti-Attack Configuration Commands

Table of Contents

Table of Contents

Chapter 1 Anti-Attack Configuration Commands.................................................................................................................. 1 1.1 Anti-Attack Configuration Commands.................................................................................................................... 1

1.1.1 filter period time......................................................................................................................................... 1 1.1.2 filter threshold value .................................................................................................................................. 1 1.1.3 filter block-time value................................................................................................................................. 2 1.1.4 filter igmp................................................................................................................................................... 3 1.1.5 filter arp ..................................................................................................................................................... 3 1.1.6 filter enable................................................................................................................................................ 3 1.1.7 show filter .................................................................................................................................................. 4

- I -


Chapter 1 Anti-Attack Configuration Commands

1.1 Anti-Attack Configuration Commands

1.1.1 filter period time

To configure filter period for attack, use the filter period command.

parameter


time The filter period for attack in seconds. It is considered as attack when the attack source sends packets above the specified number in any filter period time.

default

10 seconds

Command mode


example

Switch_config#filter period 15

Related commands

filter threshold value

1.1.2 filter threshold value

To configure the filter threshold value, use the filter thresholf value command.

parameter


value It is considered as attack when the receiving packets excddes the filter threshold value.

- 1 -


default

1000

command mode


example

Switch_config#filter threshold 1500

Related commands

filter period time

1.1.3 filter block-time value

To configure the time to block attack resource, use the filter block-time value command.

parameter


Value Time to block attack source in seconds.

default

300 seconds

command mode


example

Switch_config#filter block-time 600

Related commands

filter period time

filter threshold value

- 2 -


1.1.4 filter igmp

To filter IGMP attack, use the filter igmp command.

parameter

none

Command mode


example

Switch_config#filter igmp

Related commands

filter enable

1.1.5 filter arp

To fliter ARP attack, use the filter arp command.

parameter

none

Command mode

physical interface configuration mode

example

Switch_config_f0/1#filter arp

Related commands

filter enable

1.1.6 filter enable

To enable filter feature, use the filter enable command.

- 3 -


parameter

none

Command mode


example

Switch_config#filter enable

Related commands

filter igmp

filter arp

1.1.7 show filter

To display working state of the anti-attack feature of the current switch, use the show filter command.

parameter

none

command mode

non-user mode

Switch#show fil Filter threshold: 1000 packet in any 10 seconds Filters blocked: Address seconds source interface 00a0.0c13.647d 27.0 FastEthernet1/2 Filters counting: Address seconds count source interface 00a0.0c43.647d 1.84 371 FastEthernet1/2

Filters blocked: indicates MAC address of the blocked attack source, blocked time and source interface.

Filters counting: indicates MAC address of the attack source, counting time, the number of the receiving packets and the source interface.

- 4 -

Security Configuration Command

Table of Contents

Table of Contents Chapter 1 AAA Authentication Configuration Commands .................................................................................................... 1

1.1 AAA Authentication Configuration Commands ...................................................................................................... 1 1.1.1 aaa authentication enable default ............................................................................................................. 1 1.1.2 aaa authentication login ............................................................................................................................ 2 1.1.3 aaa authentication password-prompt ........................................................................................................ 4 1.1.4 aaa authentication username-prompt........................................................................................................ 5 1.1.5 aaa group server ....................................................................................................................................... 6 1.1.6 debug aaa authentication.......................................................................................................................... 7 1.1.7 enable password ....................................................................................................................................... 8 1.1.8 server ........................................................................................................................................................ 9 1.1.9 service password-encryption................................................................................................................... 10 1.1.10 username .............................................................................................................................................. 11

Chapter 2 RADIUS Configuration Commands.................................................................................................................... 13 1.2 RADIUS Configuration Commands ..................................................................................................................... 13

1.2.1 debug radius............................................................................................................................................ 13 1.2.2 ip radius source-interface........................................................................................................................ 14 1.2.3 radius-server challenge-noecho.............................................................................................................. 15 1.2.4 radius-server deadtime............................................................................................................................ 16 1.2.5 radius-server host.................................................................................................................................... 17 1.2.6 radius-server optional-passwords ........................................................................................................... 18 1.2.7 radius-server key..................................................................................................................................... 18 1.2.8 radius-server retransmit .......................................................................................................................... 19 1.2.9 radius-server timeout............................................................................................................................... 20 1.2.10 radius-server vsa send.......................................................................................................................... 21

- I -

Security Configuration Commands

Chapter 1 AAA Authentication Configuration Commands

1.1 AAA Authentication Configuration Commands This chapter describes the commands used to configure AAA authentication methods. Authentication identifies users before they are allowed access to the network and network services.

For information on how to configure authentication using AAA methods, refer to the "Configuring Authentication" chapter. For configuration examples using the commands in this chapter, refer to the "Authentication Examples" section located at the end of the "Configuring Authentication" chapter.

AAA Authentication Configuration Commands include：

aaa authentication enable default

aaa authentication login

aaa authentication password-prompt

aaa authentication username-prompt

aaa group server

debug aaa authentication

enable password

server

service_password-encryption

username

1.1.1 aaa authentication enable default

To enable AAA authentication to determine if a user can access the privileged command level, use the aaa authentication enable default global configuration command. Use the no form of this command to disable this authentication method.

aaa authentication enable default method1 [method2...]

no aaa authentication enable default method1 [method2...]

parameter


method At least one of the keywords described in Table 1.

default

If the default list is not set, only the enable password is checked. This has the same effect as the following command:

- 1 -


aaa authentication enable default enable

On the console, the enable password is used if it exists. If no password is set, the process will succeed anyway.

command mode


instruction

Use the aaa authentication enable default command to create a series of authentication methods that are used to determine whether a user can access the privileged command level. Method keywords are described in Table 1. The additional methods of authentication are used only if the previous method returns an error, not if it fails. To specify that the authentication should succeed even if all methods return an error, specify none as the final method in the command line.

Table 0-1 aaa authentication enable default Methods

Keyword Description

group name Uses the server group for authentication.

enable Uses the enable password for authentication.

line Uses the line password for authentication.

none Uses no authentication.

group radius Uses RADIUS authentication.

example

The following example creates an authentication list that first tries to contact a TACACS+ server. If no server can be found, AAA tries to use the enable password. If this attempt also returns an error (because no enable password is configured on the server), the user is allowed access with no authentication. aaa authentication enable default line enable none

related commands

enable password

1.1.2 aaa authentication login

To set authentication, authorization, and accounting (AAA)authentication at login, use the aaa authentication login command in global configuration mode. To disable AAA authentication, use the no form of this command.

aaa authentication login {default | list-name} method1 [method2...]

no aaa authentication login {default | list-name} method1 [method2...]

- 2 -


parameter


Default Uses the listed authentication methods that follow this argument as the default list of methods when a user logs in.

list-name Character string used to name the list of authentication methods activated when a user logs in.

method At least one of the keywords described in Table 2.

default

If the default list is not set, only the local user database is checked. This has the same effect as the following command:

aaa authentication login default none

command mode


instruction

The default and optional list names that you create with the aaa authentication login command are used with the login authentication command.

The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify none as the final method in the command line.

If authentication is not specifically set for a line, the default is to deny access and no authentication is performed.

Table 0-2 AAA authentication login Methods

Keyword Description

enable Uses the enable password for authentication.

group Uses the server group for authentication.

line Uses the line password for authentication.

local Uses the local username database for authentication.

local-case Uses case-sensitive local username authentication.

none Uses no authentication.

group radius Used RADIUS for authentication.

example

The following example creates an AAA authentication list called TEST. This authentication first tries to contact a TACACS+ server. If no server is found, TACACS+

- 3 -


returns an error and AAA tries to use the enable password. If this attempt also returns an error (because no enable password is configured on the server), the user is allowed access with no authentication.

aaa authentication login TEST tacacs+ enable none

The following example creates the same list, but it sets it as the default list that is used for all login authentications if no other list is specified:

aaa authentication login default tacacs+ enable none

related commands

none

1.1.3 aaa authentication password-prompt

To change the text displayed when users are prompted for a password, use the aaa authentication password-prompt global configuration command. Use the no form of this command to return to the default password prompt text.

aaa authentication password-prompt text-string

no aaa authentication password-prompt text-string

parameter


test-string String of text that will be displayed when the user is prompted to enter a password.

default

There is no user-defined text-string, and the password prompt appears as "Password."

command mode


instruction

Use the aaa authentication password-prompt command to change the default text that the software displays when prompting a user to enter a password. This command changes the password prompt for the enable password as well as for login passwords that are not supplied by remote security servers. The no form of this command returns the password prompt to the default value:

Password:

The aaa authentication password-prompt command does not change any dialog that is supplied by a remote TACACS+ server.

- 4 -


example

The following example changes the text for the username prompt: aaa authentication password-prompt YourPassword:

related commands

aaa authentication username-prompt

enable password

1.1.4 aaa authentication username-prompt

To change the text displayed when users are prompted to enter a username, use the aaa authentication username-prompt global configuration command. Use the no form of this command to return to the default username prompt text.

aaa authentication username-prompt text-string

no aaa authentication username-prompt text-string

parameter


text-string String of text that will be displayed when the user is prompted to enter a username.

default

There is no user-defined text-string, and the username prompt appears as "Username."

command mode


instruction

Use the aaa authentication username-prompt command to change the default text that the software displays when prompting a user to enter a username. The no form of this command returns the username prompt to the default value:

Username:

Some protocols (for example, TACACS+) have the ability to override the use of local username prompt information. Using the aaa authentication username-prompt command will not change the username prompt text in these instances.

Note：

- 5 -


The aaa authentication username-prompt command does not change any dialog that is supplied by a remote TACACS+ server.

example

The following example changes the text for the username prompt: aaa authentication username-prompt YourUsernam:

related commands

aaa authentication password-prompt

1.1.5 aaa group server

To group different RADIUS server hosts into distinct lists and distinct methods, enter the aaa group server radius command in global configuration mode. To remove a group server from the configuration list, enter the no form of this command.

aaa group server radius group-name

no aaa group server radius group-name

parameter


group-name Character string used to name the group of servers.

default

No default behavior or values.

command mode


instruction

The authentication, authorization, and accounting (AAA) server-group feature introduces a way to group existing server hosts. The feature enables you to select a subset of the configured server hosts and use them for a particular service.

Example

The following example adds a radius server group named radius-group: aaa group server radius radius-group

related commands

server

- 6 -


1.1.6 debug aaa authentication

To display information on authentication, authorization, and accounting (AAA) TACACS+ authentication, use the debug aaa authentication command in privileged EXEC mode. To disable debugging output, use the no form of this command.

debug aaa authentication

no debug aaa authentication

parameter

none

default

disabled

command mode

EXEC

instruction

Use this command to learn the methods of authentication being used and the results of these methods.

example

The following is sample output from the debug aaa authentication command. switch#debug aaa authentication AAA: Authen start (0x1f74208), user=, authen_type=ASCII, priv=0, method-list=default AAA: Use authen method LOCAL (0x1f74208). AAA: Authen CONT, need username. AAA: Authen CONT, need password. AAA: Authen ERROR (0x1f74208)! Use next method. AAA: Authen FAIL(0x1f74208)! Method-list polling finish.

Output information description

Authen start (0x1f74208), user=, authen_type=ASCII, priv=0, method-list=default

The authentication starts and the username is unknown. Uses ASCII-type authentication. The privileged level required for the user to enter is 0. Uses the default authentication method list.

UserID ＝ 0x1f74208

Use authen method LOCAL (0x1f74208) Uses local authentication method. UserID ＝ 0x1f74208

Authen CONT, need username Prompts for username

Authen CONT, need password Prompts for password

Authen ERROR (0x1f74208)! Use next Indicates that the local authentication fails,

- 7 -


method Uses the next method in the list.

Authen FAIL(0x1f74208)! Method-list polling finish

Method-list polling is finished. The authentication fails.

related commands

none

1.1.7 enable password

To set a local password to control access to various privilege levels, use the enable password command in global configuration mode. To remove the password requirement, use the no form of this command.

enable password { password | [encryption-type] encrypted-password } [level number]

no enable password [level number]

parameter


password Password users type to enter enable mode.

encryption-type Algorithm used to encrypt the password.

encrypted-password Encrypted password you enter, copied from another router configuration.

level Level for which the password applies.

number Number between 1 and 15 that specifies the privilege level for the user.

default

No password is defined.

command mode


instruction

Can not have spaces in the password that the switch configures. When using the enable password command, you cannot input space if you enter a clear text password. The length of the clear text password cannot exceed 126 characters.

The default level parameter is 15 without inputting the level parameter. If a privilege level is not configured password, then no authentication is performed when a user entering this priviledge level.

Our switch system only supports two types of encryption. The encryption type is 0 and 7 respectively. Parameter O indicates no password is defined and you enter a clear text password in the following encrypted-password blank. Parameter 7 indicates a

- 8 -


self-defined algorithm is used for encryption and you enter encrypted text password in the following encrypted-password blank. This encryted text password can be copied from the configuration file of other switch.

example

The following example adds password clever for the privige level 10, uses encryption-type 0, that is, the clear text password: enable password 0 clever level 10

The following example adds password Oscar for the default privilege (15), uses encryption-type 7, that is, the encrypted text password: enable password 7 074A05190326

Assuming the encrypted text password of Oscar is 074A05190326, which is obtained from the configuration file of other switch.

related commands

aaa authentication enable default

service password-encryption

1.1.8 server

To add a server in the AAA server group, use the server command in server-group configuration mode. To remove the associated server from the authentication, authorization, and accounting (AAA) group server, use the no form of this command.

server A.B.C.D

no server A.B.C.D

parameter


A.B.C.D IP address of the server.

default

No server

command mode

Server-group configuration

instruction

You can add 20 different servers in a server group at most.

- 9 -


example

The following example adds a server at 12.1.1.1 to the server group: server 12.1.1.1

related commands

aaa group server

1.1.9 service password-encryption

To encrypt passwords, use the service password-encryption command in global configuration mode. To restore the default, use the no form of this command.

service password-encryption

no service password-encryption

parameter

none

default

No encryption

command mode


instruction

Currently in the realization of our switch system, this command is related to username password, enable password and password. If this command is not configured on the switch (namely default state), and the system uses the clear text storage method in the above three commands, then the configured clear text of the password can be displayed in the show running-config command. If this command is configured on the switch, then the configured password of the above three commands will be encrypted, then the configured clear text of the password cannot be displayed in the show running-config command, even using the no service password-encryption cannot restore the clear text of the password. Please make sure of the configured password before using this command for encryption. The no service password-encryption command only has effect on the password configured by the service password-encryption command.

example

Use the following command to encrypt for the configured clear text password and also to encrypt for the clear text password that configured after using this command. switch_config#service password-encryption

related commands

username username password enable password

- 10 -


password

1.1.10 username

To establish a username-based authentication system, use the username command in global configuration mode. Use the no form of this command to remove an established username-based authentication.

username username [password { password | [encryption-type] encrypted-password }] [user-maxlinks number] [autocommand command]

no username username

parameter


Username Username character string password Password a user enters.

password Clear text of the password character string encryption-type Encryption type

encrypted-password Encrypted password a user enters.

user-maxlinks Limits the user's number of inbound links.

number Link number that established simultaneously.

autocommand Causes the specified command to be issued automatically after the user logs in. The autocommand must be used in the end of the command line.

command Executes automatically command character string

default

No username-based authentication system is established.

command mode


instruction

The password is considered as empty character string when there is no password parameter. The trust-host will bind the user to the specified host. This user and other hosts cannot pass authentication when logging in switch. The user-maxlinks command limit the user's number of inbound links. User can use the show users command to check which kind of authentication that each online user passes.

White spaces are not allowed in the configured password of our switch. This also applies to the enable password command.

Our switch system only supports two types of encryption. The encryption type is 0 and 7 respectively. Parameter O indicates no password is defined and you enter a clear text password in the following encrypted-password blank. Parameter 7 indicates a

- 11 -


self-defined algorithm is used for encryption and you enter encrypted text password in the following encrypted-password blank. This encryted text password can be copied from the configuration file of other switch.

example

The following example adds a local user, its username is someone, its password is someother: username someone password someother

The following example adds a local user, its user name is Oscar, its password is Joan, uses encryption-type 7, that is, the encrypted text password: enable password 7 1105718265

Assuming the encrypted text password is 1105718265, which is obtained from the configuration file of other switch.

related commands

aaa authentication login

- 12 -


Chapter 2 RADIUS Configuration Commands This chapter describes the commands used to configure RADIUS. RADIUS is a distributed client/server system that secures networks against unauthorized access. In the implementation, RADIUS clients run on switches and send authentication requests to a central RADIUS server that contains all user authentication and network service access information.

For information on how to configure RADIUS, refer to the chapter "Configuring RADIUS".

1.2 RADIUS Configuration Commands

RADIUS Configuration Commands include：

debug radius

ip radius source-interface

radius-server challenge-noecho

radius-server deadtime

radius-server host

radius-server optional-passwords

radius-server key

radius-server retransmit

radius-server timeout

radius-server vsa send

1.2.1 debug radius

To display information associated with RADIUS, use the debug radius command in EXEC mode. To disable debugging output, use the no form of this command.

debug radius｛event | packet｝

no debug radius｛event | packet｝

parameter


event Displays radius event

packet Displays radius packet.

default

none

- 13 -


command mode

EXEC

instruction

Use this command to debug network system to locate the authentication failure reason.

Switch#debug radius event

RADIUS:return message to aaa, Give me your username

RADIUS:return message to aaa, Give me your password

RADIUS:inital transmit access-request [4] to 192.168.20.126 1812 <length=70>

RADIUS:retransmit access-request [4] to 192.168.20.126 1812 <length=70>

RADIUS:retransmit access-request [4] to 192.168.20.126 1812 <length=70>

RADIUS:192.168.20.126 is dead to response [4]

RADIUS:Have tried all servers，return error to aaa

output information description

return message to aaa, Give me your username

It needs username

return message to aaa, Give me your password

It needs the password that corresponds to the username

inital transmit access-request [4] to 192.168.20.126 1812 <length=70>

Sends authentication request to RADIUS server for the first time. The server address is 192.168.20.126, port number 1812, packet length 70

retransmit access-request [4] to 192.168.20.126 1812 <length=70>

The server doesn’t respond to the request in time. The authentication request will be retransmitted.

192.168.20.126 is dead to response [4] The server doesn’t respond after many times of retransmittion. This serve is marked as dead.

Have tried all servers，return error to aaa RADIUS cannot complete this authentication and returns to error.

example

The following example debugs RADIUS event: debug radius event

1.2.2 ip radius source-interface

To force RADIUS to use the IP address of a specified interface for all outgoing RADIUS packets, use the ip radius source-interface command in global configuration mode. To prevent RADIUS from using the IP address of a specified interface for all outgoing RADIUS packets, use the no form of this command.

ip radius source-interface interface-name

- 14 -


no ip radius source-interface

parameter


interface-name Name of the interface that RADIUS uses for all of its outgoing packets.

default

No default behavior or values

command mode


instruction

Use this command to set the IP address of a subinterface to be used as the source address for all outgoing RADIUS packets. The IP address is used as long as the subinterface is in the up state. In this way, the RADIUS server can use one IP address entry for every network access client instead of maintaining a list of IP addresses.

This command is especially useful in cases where the router has many subinterfaces and you want to ensure that all RADIUS packets from a particular router have the same IP address.

The specified subinterface must have an IP address associated with it. If the specified subinterface does not have an IP address or is in the down state, then RADIUS reverts to the default. To avoid this, add an IP address to the subinterface or bring the subinterface to the up state.

example

The following example shows how to configure RADIUS to use the IP address of vlan 1 for all outgoing RADIUS packets: ip radius source-interface vlan 1

related commands

ip tacacs source-interface

1.2.3 radius-server challenge-noecho

To prevent user responses to Access-Challenge packets from being displayed on the screen, use the radius-server challenge-noecho command in global configuration mode. To return to the default condition, use the no form of this command.


no radius-server challenge-noecho

parameter

none

- 15 -


default

All user responses to Access-Challenge packets are echoed to the screen.

command mode


instruction

none

example


1.2.4 radius-server deadtime

To improve RADIUS response times when some servers might be unavailable and cause the unavailable servers to be skipped immediately, use the radius-server deadtime command in global configuration mode. To set dead-time to 0, use the no form of this command.

radius-server deadtime minutes

no radius-server deadtime

parameter


minutes Length of time, in minutes, for which a RADIUS server is skipped over by transaction requests, up to a maximum of 1440 minutes (24 hours).

default

Dead time is set to 0.

command mode


instruction

Use this command to cause the software to mark as "dead" any RADIUS servers that fail to respond to authentication requests, thus avoiding the wait for the request to time out before trying the next configured server. A RADIUS server marked as "dead" is skipped by additional requests for the duration of minutes or unless there are no servers not marked "dead."

example

The following example specifies five minutes deadtime for RADIUS servers that fail to respond to authentication requests: radius-server deadtime 5

- 16 -


related commands

radius-server host

radius-server retransmit


1.2.5 radius-server host

To specify a RADIUS server host, use the radius-server host command in global configuration mode. To delete the specified RADIUS host, use the no form of this command.

radius-server host ip-address [auth-port port-number1] [acct-port port-number2]

no radius-server host ip-address

parameter


ip-address IP address of the RADIUS server host.

auth-port (Optional) Specifies the UDP destination port for authentication requests.

port-number1 (Optional) Port number for authentication requests; the host is not used for authentication if set to 0.

acct-port (Optional) Specifies the UDP destination port for accounting requests.

port-number2 (Optional) Specifies the UDP destination port for accounting requests; the host is not used for accounting if set to 0.

default

No RADIUS host is specified;

command mode


instruction

You can use multiple radius-server host commands to specify multiple hosts. The software searches for hosts in the order in which you specify them.

example

The following example specifies host 1.1.1.1 as the RADIUS server and uses default ports for both accounting and authentication radius-server host 1.1.1.1

The following example specifies port 12 as the destination port for authentication requests and port 16 as the destination port for accounting requests on the RADIUS host named host1:

- 17 -


radius-server host 1.2.1.2 auth-port 12 acct-port 16

related commands

aaa authentication

radius-server key

tacacs server

username

1.2.6 radius-server optional-passwords

To specify that the first RADIUS request to a RADIUS server be made without password verification, use the radius-server optional-passwords command in global configuration mode. To restore the default, use the no form of this command.

radius-server optional-passwords

no radius-server optional-passwords

parameter

This command has no parameters or keywords.

default

disabled

command mode


instruction

When the user enters the login name, the login request is transmitted with the name and a zero-length password. If accepted, the login procedure completes. If the RADIUS server refuses this request, the server software prompts for a password and tries again when the user supplies a password. The RADIUS server must support authentication for users without passwords to make use of this feature.

example

The following example configures the first login to not require RADIUS verification: radius-server optional-passwords

related commands

radius-server host

1.2.7 radius-server key

To set the authentication and encryption key for all RADIUS communications between the router and the RADIUS daemon, use the radius-server key command in global configuration mode. To disable the key, use the no form of this command.

radius-server key string

- 18 -


no radius-server key

parameter


string Spedifies the encrypted key.

This encrypted key must match the encrypted key that RADIUS server uses.

default

The encrypted key is the empty character string.

command mode


instruction

The key entered must match the key used on the RADIUS daemon. All leading spaces are ignored, and all white spaces cannot be included in the encrypted key.

example

The following example sets the encryption key to " firstime ": radius-server key firstime

related commands

radius-server host

tacacs server

username

1.2.8 radius-server retransmit

To specify the number of times the software searches the list of RADIUS server hosts before giving up, use the radius-server retransmit command in global configuration mode. To disable retransmission, use the no form of this command.

radius-server retransmit retries

no radius-server retransmit

parameter


retries Maximum number of retransmission attempts. The default is 3 attempts.

- 19 -


default

3 attemps

command mode


instruction

This command is generally used with the radius-server timeout command, indicating the interval for which a router waits for a server host to reply before timing out and the times of retry after timing out.

example

The following example specifies a retransmit counter value of five times: radius-server retransmit 5

related commands


1.2.9 radius-server timeout

To set the interval for which a router waits for a server host to reply, use the radius-server timeout command in global configuration mode. To restore the default, use the no form of this command.

radius-server timeout seconds

no radius-server timeout

parameter


seconds Number that specifies the timeout interval, in seconds. The default is 5 seconds.

default

5 seconds

command mode


instruction

This command is generally used with the radius-server retransmit command.

- 20 -


example

Use this command to set the number of seconds a router waits for a server host to reply before timing out. radius-server timeout 10

related commands

none

1.2.10 radius-server vsa send

To configure the network access server to recognize and use vendor-specific attributes, use the radius-server vsa send command. To restore the default, use the no form of this command.

radius-server vsa send [authentication]

no radius-server vsa send [authentication]

parameter


authentication (Optional) Limits the set of recognized vendor-specific attributes to only authentication attributes.

default

disabled

command mode


instruction

The Internet Engineering Task Force (IETF) draft standard specifies a method for communicating vendor-specific information between the network access server and the RADIUS server by using the vendor-specific attribute (attribute 26). Vendor-specific attributes (VSAs) allow vendors to support their own extended attributes not suitable for general use. The radius-server vsa send command enables the network access server to recognize and use both accounting and authentication vendor-specific attributes. Use the accounting keyword with the radius-server vsa send command to limit the set of recognized vendor-specific attributes to just accounting attributes. Use the authentication keyword with the radius-server vsa send command to limit the set of recognized vendor-specific attributes to just authentication attributes.

example

The following example configures the network access server to recognize and use vendor-specific accounting attributes: radius-server vsa send accounting

- 21 -


related commands

radius-server host

- 22 -

EPON OAM Configuration Commands

Table of Contents

Table of Contents

Chapter 1 OAM Configuration Commands......................................................................................... 1 1.1 OAM Configuration Commands............................................................................................ 1

1.1.1 ethernet oam timeout ................................................................................................. 1 1.1.2 ethernet oam log ........................................................................................................ 2 1.1.3 ethernet oam log discovery ........................................................................................ 2 1.1.4 ethernet oam log link-monitor..................................................................................... 3 1.1.5 ethernet oam remote-loopback {start | stop | test} ..................................................... 4 1.1.6 show ethernet oam statistics...................................................................................... 5 1.1.7 show ethernet oam configuration............................................................................... 6 1.1.8 show ethernet oam ctc version-negotiation-result ..................................................... 6 1.1.9 show ethernet oam loopback-test-result .................................................................... 7 1.1.10 show ethernet oam status ........................................................................................ 8

- I -

EPON OAM Configuration Command

Chapter 1 OAM Configuration Commands

1.1 OAM Configuration Commands

1.1.1 ethernet oam timeout

Syntax

[no] ethernet oam timeout value

ethernet oam timeout value

It is used to set the timeout time of the OAM connection.

Parameter

Parameter Parameter description

value Timeout time of the OAM connection, which ranges between 2 and 30 and whose unit is second

Default value

The value of timeout is 10.

Command mode


Instruction

This command can be used to configure some optional parameters for establishing the OAM connection.

Example

The following example shows how to set the timeout time of connection to five seconds.

switch_config#ethernet oam timeout 5

- 1 -


1.1.2 ethernet oam log

Syntax

ethernet oam log {disable | enable}

It is used to enable or disable the EPON OAM log.

Parameter

None

Default value

enable

Command mode


Instruction

This command can be used to display or limit the EPON OAM log (including the OAM discovery state machine and the link monitor). It is recommended to enable this log.

Example

The following example shows how to set and limit the EPON OAM log.

switch_config# ethernet oam log disable

1.1.3 ethernet oam log discovery

Syntax

ethernet oam log discovery {disable | enable}

To display or restrain the discovery log of EPON OAM, run the previous command.

Parameter

None

- 2 -


Default value

enable

Command mode


Instruction

This command is used to restrain the discovery log of EPON OAM, however, it is recommended to enable this log.

Example

The following example shows how to display or restrain the discovery log of EPON OAM:

switch_config# ethernet oam log discovery disable

1.1.4 ethernet oam log link-monitor

Syntax

ethernet oam log link-monitor {disable | enable}

It is used to enable or disable the link monitor log of EPON OAM.

Parameter

None

Default value

enable

Command mode


Instruction

This command is used to restrain the link monitor log of EPON OAM, however, it is recommended to enable this log.

- 3 -


Example

The following example shows how to display or restrain the link monitor log of EPON OAM:

switch_config# ethernet oam log link-monitor disable

1.1.5 ethernet oam remote-loopback {start | stop | test}

Syntax

ethernet oam remote-loopback {start | stop | {test frame-size pkt-num}} interface intf-type intf-id

To start or stop the remote OAM loopback, run the previous command.

Parameter


frame-size Stands for the size of a frame.

pkt-num Stands for the number of the frames.

intf-id Stands for an designated interface.

Default value

None

Command mode

Privileged mode

Remarks

The remote OAM loopback cannot be enabled on the physical interface that belongs to the aggregation interface.

Example

The following example shows how to positively start the remote OAM loopback on interface EPON 0/1:1.

switch#ethernet oam remote-loopback start interface EPON0/1:1

- 4 -


1.1.6 show ethernet oam statistics

Syntax

show ethernet oam statistics interface [intf-type intf-id]

To display the OAM statistics information on a designated interface or all interfaces, run the previous command.

Parameter


intf-id Displays the statistics information on the designated interface or on all protocol-up ports and enables the statistics information on the OAM interface.

Default value

None

Remarks

None

Example

The following example shows how to display the number of the OAM packets which are classified by packet types on interface EPON0/1:1.

switch#show ethernet oam statistics interface EPON0/1:1 Interface: E0/1:1 Counters: --------- Information OAMPDU Tx : 494 Information OAMPDU Rx : 494 Unique Event Notification OAMPDU Tx : 0 Unique Event Notification OAMPDU Rx : 0 Duplicate Event Notification OAMPDU TX: 0 Duplicate Event Notification OAMPDU RX: 0 Loopback Control OAMPDU Tx : 0 Loopback Control OAMPDU Rx : 0 Variable Request OAMPDU Tx : 0 Variable Request OAMPDU Rx : 0 Variable Response OAMPDU Tx : 0 Variable Response OAMPDU Rx : 0 Organization Specific OAMPDU Tx : 1

- 5 -


Organization Specific OAMPDU Rx : 1 Unsupported OAMPDU Tx : 0 Unsupported OAMPDU Rx : 0 Frames Lost due to OAM : 0

1.1.7 show ethernet oam configuration

Syntax

show ethernet oam configuration

The following example shows how to display global OAM configuration:

Parameter

None

Default value

None

Remarks

None

Example

The following example shows how to display global OAM configuration:

switch#show ethernet oam configuration General ------- Link timeout : 10 seconds

1.1.8 show ethernet oam ctc version-negotiation-result

Syntax

show ethernet oam ctc version-negotiation-result interface [intf-type intf-id]

To display the negotiation result of Telecom OAM on all interfaces or a specific interface, run the previous command.

Parameter


intf-id Displays the negotiation result of Telecom OAM on a specific interface, otherwise displays all protocols are up and the

- 6 -


negotiation result of Telecom OAM on the OAM interface.

Default value

None

Remarks

None

Example

The following example shows how to display the OAM Runtime information on interface E0/1:1.

switch# show ethernet oam ctc version-negotiation-result interface E0/1:1 Interface : E0/1:1 ctc_OAM_Ext_Status : 0x3 OUI : 11:11:11 ctc_OAM_Ext_version: 0x20

1.1.9 show ethernet oam loopback-test-result

Syntax

show ethernet oam loopback-test-result interface [intf-type intf-id]

It is used to display the result of OAM loopback testing of a designated port.

Parameter


intf-id Displays the loopback result of OAM on a specific interface, otherwise displays all protocols are up and the loopback result of OAM on the OAM interface.

Default value

None

Remarks

None

- 7 -


Example

The following example shows how to display the OAM loopback result on interface E0/1:1.

switch#ethernet oam remote-loopback start interface E0/1:1

switch #ethernet oam remote-loopback test 64 10 interface E0/1:1

switch # show ethernet oam loopback-test-result interface E0/1:1 Loopback test result: Out of Seqance frames: 5 10 packets transmitted, 9 received, 10% packet loss rtt min/avg/max = 0/0/0 ms value = 0 = 0x0

1.1.10 show ethernet oam status

Syntax

show ethernet oam status [interface [intf-type intf-id]]

It is used to display the OAM status on all interfaces or a designated interface.

Parameter


intf-id Displays the OAM status on a designated interface, or displays all protocol-up ports and enables the OAM status on the OAM interface.

Default value

None

Remarks

None

Example

The following example shows how to display the OAM status on interface E0/1:1.

switch#show ethernet oam status Interface: E0/1:1 oam_table: ---------- Admin state: Enabled Operational status: 108270576

- 8 -


Mode: 4662140 Maximum oam pdu: 1518 Configuration revision: 0 Function supported: 7 peer_table: ----------- Status: 4662140 MAC address: 00:13:25:ff:ff:81 Vendor OUI: 00:13:25 Vendor info: 0 mode: Passive Maximum oam pdu: 1518 Configuration revision: 1 Function supported: 7 loopback_table: -------------- Status:

- 9 -

Flow Encryption Configuration Commands

Table of Contents

Table of Contents

Chapter 1 Encryption Configuration Commands................................................................................ 1 1.1 Encryption Configuration Commands................................................................................... 1

1.1.1 epon encryption triple-churning rekeying-timer-value ........................................... 1 1.1.2 epon encryption {enable | disable} ........................................................................ 2

- I -


Chapter 1 Encryption Configuration Commands

1.1 Encryption Configuration Commands

The following are encryption configuration commands:

epon encryption triple-churning rekeying-timer-value

epon encryption {enable | disable}

1.1.1 epon encryption triple-churning rekeying-timer-value

Syntax

epon encryption triple-churning rekeying-timer-value

no epon encryption

To enable or disable the global encryption of OLT, run the previous two commands respectively.

Parameter


rekeying-timer-value Stands for the time for key update, which falls between 600 and 10000ms.

Default value

The default value of the encryption mode is triple-chuming and the time for key update is 10000ms.

Command mode


Remarks

Only when the encryption function of the LLID port is enabled at the same time, the underline encryption function can take effect.

- 1 -


Example

The following example shows how to set the encryption mode of OLT to triple-chuming.

switch_config# epon encryption triple-churning

1.1.2 epon encryption {enable | disable}

Syntax

epon encryption enable

epon encryption disable

To enable or disable the underline encryption function of the LLID port, run the previous two commands respectively.

Parameter

None

Default value

The encryption function of the LLID port is enabled by default.

Command mode

LLID port configuration mode

Remarks

This command takes effect only when it is used together with the command epon encryption triple-churning rekeying-timer-value.

Example

The following example shows how to disable the encryption function of interface EPON0/1:1.

switch_config# interface EPON0/1:1 switch_config_epon0/1:1# epon encryption disable

- 2 -

EPON Multicast Configuration Commands

Table of Contents

Table of Contents

Chapter 1 OLT IGMP Multicast Configuration Commands ................................................................ 1 1.1.1 ip mcst {enable | disable} ........................................................................................... 2 1.1.2 ip mcst mc-vlan vlan_id range A.B.C.D&<1-n> ....................................................... 2 1.1.3 ip mcst vlan vlan_id static A.B.C.D interface intf ..................................................... 3 1.1.4 ip mcst timer router-age timer_value.................................................................. 4 1.1.5 ip mcst timer response-time timer_value ................................................................... 4 1.1.6 ip mcst mrouter interface inft_name........................................................................... 5 1.1.7 ip igmp-proxy enable.................................................................................................. 6 1.1.8 ip mcst querier{enable | disable} ................................................................................ 6 1.1.9 ip mcst querier address [ip_addr]............................................................................... 7 1.1.10 ip igmp-proxy last-member-query {count value1| interval value2} ........................... 8 1.1.11 ip mcst compatible {enable | disable} ....................................................................... 9 1.1.12 ip mcst mode............................................................................................................ 9 1.1.13 ip mcst preview time............................................................................................... 10 1.1.14 show ip mcst............................................................................................................11 1.1.15 show ip mcst timer ................................................................................................. 12 1.1.16 show ip mcst groups............................................................................................... 12 1.1.17 show ip mcst statistics............................................................................................ 13 1.1.18 show ip igmp-proxy ................................................................................................ 14 1.1.19 debug ip mcst packet ............................................................................................. 14 1.1.20 debug ip mcst timer................................................................................................ 15 1.1.21 debug ip mcst timer................................................................................................ 16 1.1.22 debug ip mcst event ............................................................................................... 16 1.1.23 debug ip mcst error ................................................................................................ 17 1.1.24 debug ip igmp-proxy............................................................................................... 17

Chapter 2 Commands for OLT MLD Multicast Settings ................................................................... 19 2.1.1 ip mld-snooping {enable | disable} ........................................................................... 19 2.1.2 ip mld-snooping solicitation ...................................................................................... 20 2.1.3 ip mld-snooping mc-vlan vlan_id range A.B.C.D&<1-n>....................................... 21 2.1.4 ip mld-snooping vlan vlan_id static X:X:X:X::X interface intf ................................. 21 2.1.5 ip mld-snooping timer router-age timer_value .................................................... 22 2.1.6 ip mld-snooping timer response-time timer_value ................................................... 23 2.1.7 ip mld-snooping mrouter interface inft_name........................................................... 23 2.1.8 ip mld-proxying enable ............................................................................................. 24 2.1.9 ip mld-proxying querier address [ip_addr]................................................................ 25 2.1.10 ip mld-proxying last-member-query {count value1| interval value2} ...................... 25 2.1.11 show ip mld-snooping............................................................................................. 26 2.1.12 show ip mld-snooping timer ................................................................................... 27 2.1.13 show ip mld-snooping groups ................................................................................ 28 2.1.14 show ip mld-snooping statistics.............................................................................. 28 2.1.15 show ip mld-proxying ............................................................................................. 29

- I -

Table of Contents

Chapter 3 Remote Configuration Commands for ONU Multicast .................................................... 31 3.1.1 epon onu mcst enable.............................................................................................. 31 3.1.2 epon onu ctc mcst switch ......................................................................................... 32 3.1.3 epon onu ctc mcst fast-leave enable ....................................................................... 32 3.1.4 epon onu ctc mcst premission.................................................................................. 33 3.1.5 epon onu port port_id ctc mcst tag-stripe enable..................................................... 34 3.1.6 epon onu port port_id ctc mcst max-group-number value ....................................... 35 3.1.7 epon onu port port_id ctc mcst mc-vlan {add vlanmap| delete vlanmap|clear}........ 35

- II -


Chapter 1 OLT IGMP Multicast Configuration Commands

The OLT IGMP multicast configuration commands include:

ip mcst {enable | disable}

ip mcst mc-vlan vlan_id range A.B.C.D&<1-n>

ip mcst vlan vlan_id static A.B.C.D interface intf

ip mcst timer router-age timer_value

ip mcst timer response-time timer_value

ip mcst mrouter interface inft_name

ip igmp-proxy enable

ip mcst querier address ip_addr

ip igmp-proxy last-member-query {count value1| interval value2}

ip mcst mode

ip mcst permission

show ip mcst

show ip mcst timer

show ip mcst groups

show ip mcst statistics

show ip igmp-proxy

debug ip mcst packet

debug ip mcst timer

debug ip mcst event

debug ip mcst error

debug ip igmp-proxy

- 1 -


1.1.1 ip mcst {enable | disable}

Syntax

ip mcst enable

{no ip mcst | ip mcst disable}

To enable and disable the IGMP snooping function, run epon onu mcst enable; to resume the default value, run {no epon onu mcst | epon onu mcst disable}.

Parameter

None

Default value

The IGMP snooping is disabled.

Remarks

After IGMP snooping is enabled, when DLF occurs on multicast packets (that is, the destination address is not registered in the swap chip through the igmp-snooping), all multicast packets whose destination addresses are not registered on any port will be dropped.

Example

The following example shows how to enable the IGMP snooping function:

switch_config# ip mcst enable

1.1.2 ip mcst mc-vlan vlan_id range A.B.C.D&<1-n>

Syntax

ip mcst mc-vlan vlan_id range A.B.C.D&<1-n>

no ip mcst mc-vlan vlan_id [range A.B.C.D&<1-n>]

Parameter


vlan_id VLAN ID

A.B.C.D IP address of the multicast

- 2 -


Default value

None

Remarks

This command has two functions: one is that only the Report and Leave packets whose destination IP addresses have been added to a multicast VLAN can be received by IGMP snooping; the other one is that the VLAN tag which transforms the next multicast flow is the multicast VLAN tag. One multicast VLAN can include multiple continuous or discontinuous multicast IP addresses, while one multicast IP address can only belong to one multicast VLAN.

Example

The following command is used to add multicast group 225.1.1.1 to multicast VLAN2:

switch_config#ip mcst mc-vlan 2 range 225.1.1.1

Note:

224.0.0.0-224.0.0.255, as unroutable multicast addresses, cannot be registered on each port.

1.1.3 ip mcst vlan vlan_id static A.B.C.D interface intf

Syntax

ip mcst vlan vlan_id static A.B.C.D interface intf

no ip mcst vlan vlan_id static A.B.C.D interface intf

Parameter


vlan id Stands for the ID of a VLAN. Value range: 1-4094 A.B.C.D IP address of the multicast inft An interface

Default value

None

Remarks

This command is used to configure the static multicast address of VLAN. Its negative form is used to cancel the static multicast address.

- 3 -


Example

The following example shows how to add the static multicast address 234.5.6.7 to port EPON0/1:1.

switch_config# ip mcst vlan 1 static 234.5.6.7 interface EPON0/1:1 switch_config#

Note:

224.0.0.0-224.0.0.255 stands for irroutable multicast addresses which cannot be registered on each port.

1.1.4 ip mcst timer router-age timer_value

Syntax

ip mcst timer router-age timer_value

no ip mcst timer router-age

Parameter


time value Queries the time of the timer. Value range: 10-2147483647

Default value

260 seconds

Remarks

This command is used to query the time of the timer of IGMP-Snooping. The negative form of this command is used to resume the default value.

Example

The following example shows how to set the query time of the router to 300 seconds.

switch_config# ip mcst timer router-age 300 switch_config#

1.1.5 ip mcst timer response-time timer_value

Syntax

ip mcst timer response-time timer_value

- 4 -


no ip mcst timer response-time

To configure the maximum response time of IGMP snooping, run ip igmp-snooping timer response-time timer_value. To resume the default value of IGMP snooping, run no ip igmp-snooping timer response-time timer_value.

Parameter



Default value

15 seconds

Remarks

None

Example

The following example shows how to set the query response time of IGMP snooping to 20 seconds.

switch_config# ip mcst timer response-time 20

1.1.6 ip mcst mrouter interface inft_name

Syntax

ip mcst mrouter interface inft_name

no ip mcst mrouter interface inft_name

To configure the port of the static multicast router of IGMP snooping, run ip mcst mrouter interface inft_name.

Parameter


inft_name Shows the port type, the slot and the port ID.

Default value

15 seconds

- 5 -


Remarks

None

Example

The following example shows how to set port G0/4 to the port of the static multicast router of IGMP snooping.

switch_config# ip mcst timer mrouter interface G0/4

1.1.7 ip igmp-proxy enable

Syntax


{no ip igmp-proxy enable}

To enable IGMP proxy, run ip mcst enable. To resume the default value, run {no ip mcst | ip mcst disable}.

Parameter

None

Default value

The IGMP proxy is disabled by default.

Remarks

None

Example

The following example shows how to enable the IGMP proxy:

switch_config# ip igmp-proxy enable

1.1.8 ip mcst querier{enable | disable}

Syntax

ip mcst querier enable

{no ip mcst querier | ip mcst querier disable}

- 6 -


To enable or disable the querier port in OLT, run ip mcst querier enable; to resume the default settings, run no ip mcst querier | ip mcst querier disable.

Parameter

None

Default value

The querier port of OLT is disabled.

Remarks

After the querier port of OLT is added, this port can transmit the query packets automatically in a regular time.

Example

The following example shows how to enable the querier port of OLT.

switch_config# ip mcst querier enable

1.1.9 ip mcst querier address [ip_addr]

Syntax

ip mcst querier address ip_addr

no ip mcst querier address

To set the source IP address of the automatic query packet, run ip mcst querier address ip_addr. The negative form of this command is used to resume the default value.

Parameter


ip_addr IP address of a normal broadcast

Default value

The default source IP address is 10.0.0.200.

- 7 -


Remarks

None

Example

The following example shows how to set the source IP address of the query packet to 11.1.1.200:

switch_config# ip mcst querier address 11.1.1.200

1.1.10 ip igmp-proxy last-member-query {count value1| interval value2}

Syntax

ip igmp-proxy last-member-query {count value1| interval value2}

no ip igmp-proxy last-member-query {count | interval}

To set the source IP address of the automatic query packet, run ip igmp-proxy last-member-query {count value1| interval value2}. The negative form of this command is used to resume the default value.

Parameter


value1 1-5 value2 1-60 seconds

Default value

Both Value1 and Value2 are 2 by default.

Remarks

None

Example

The following example shows how to set last-member-query count to 3.

switch_config# ip igmp-proxy last-member-query count 3

- 8 -


1.1.11 ip mcst compatible {enable | disable}

Syntax

ip mcst compatible enable

{no ip mcst compatible | ip mcst compatible disable}

It is used to enable or disable the multicast-compatible function. The negative form of command is used to resume the default value.

Parameter

None

Default value

The multicast compatible function is disabled by default.

Remarks

After the multicast compatible mode is enabled, OLT can support the IGMP snooping multicast mode and the dynamic multicast mode by taking the LLID port as a unit. Only in the default mode can the multicast mode of OLT be set and OLT only supports one kind of multicast process at this case.

Example

The following example shows how to disable the multicast compatible function of OLT:

switch_config# ip mcst compatible disable

1.1.12 ip mcst mode

Syntax

ip mcst mode {igmp-snooping | dynamic-controllable}

{no ip mcst mode | ip mcst igmp-snooping}

It is used to switch over the multicast mode.

Parameter

None

- 9 -


Default value

Igmp-snooping mode

Remarks

After the OLT multicast mode is switched over, the multicast modes of all ONUs will be automatically switched over to the same mode. The users therefore are free of the trouble of setting ONUs one by one.

Example

The following example shows how to set the multicast mode to the controllable multicast:

switch_config# ip mcst mode dynamic-controllable

1.1.13 ip mcst preview time

Syntax

ip mcst preview time (1 – 60 )

no ip mcst preview time

Parameter


time Stands for the preview time (minute).

Default value

None

Remarks

None

Example

The following example shows how to set the preview time to 1.

switch_config#ip mcst previre time 1

- 10 -


1.1.14 show ip mcst

Syntax

show ip mcst

Parameter

None

Default value

None

Remarks

This command is used to display the information about IGMP-snooping configuration.

Example

The following example shows how to display the information about the IGMP-snooping settings.

switch# show ip mcst

Global multicast configuration: ----------------------------------- Globally enable : Enabled Multicast mode : IGMP Snooping Dlf-frames filtering : Enabled Querier : Disabled Querier address : 10.0.0.200 Router age : 260 s Response time : 15 s

Router Port List: ----------------- G0/4 (querier); switch#

- 11 -


1.1.15 show ip mcst timer

Syntax

show ip mcst timer

Parameter

None

Default value

None

Remarks

This command is used to display the information about the IGMP-snooping clock.

Example

The following example shows how to display the information about the IGMP-snooping clock.

switch#show ip mcst timers

Querier on port G0/4: 258

vlan 2 multicast address 0100.5e01.0101 response time : 13

switch# Querier on port G0/4: 251 means the timeout time of the ageing timer of the router. vlan 2 multicast address 0100.5e01.0101 response time : This shows the time period from receiving a multicast query packet to the present; if there is no host to respond when the timer times out, the port will be canceled.

1.1.16 show ip mcst groups

Syntax

show ip mcst groups

Parameter

None

- 12 -


Default value

None

Remarks

This command is used to display the information about the multicast group of IGMP-snooping.

Example

The following example shows how to display the information about the multicast group of IGMP-snooping.

switch# show ip mcst timer

Vlan Group Type Port(s) ---- --------------- -------- -------------------------------------

2 225.1.1.1 LEARNING E0/1:1 switch#

1.1.17 show ip mcst statistics

Syntax

show ip mcst statistics

Parameter

None

Default value

None

Remarks

This command is used to display the information about IGMP-snooping statistics.

Example

The following example shows how to display the information about IGMP-snooping statistics.

switch#show ip mcst statistics v1_packets:0 Number of the IGMPv1 packets v2_packets:6 Number of the IGMPv2 packets

- 13 -


v3_packets:0 Number of the IGMPv3 packets general_query_packets:5 Number of the general query packets special_query_packets:0 Number of the special query packets join_packets:6 Number of the report packets leave_packets:0 Number of the Leave packets

err_packets:0 Number of the error packets

1.1.18 show ip igmp-proxy

Syntax

show ip igmp-proxy

Parameter

None

Default value

None

Remarks

This command is used to display the information about IGMP proxy.

Example

The following example shows how to display the information about IGMP proxy.

switch#show ip igmp-proxy Global IGMP proxy configuration ------------------------------- Status : Disable Last member query interval: 2 Last member query count : 2 switch#

1.1.19 debug ip mcst packet

Syntax

debug ip mcst packet

no debug ip mcst packet

- 14 -


Parameter

None

Default value

None

Remarks

This command is used to enable or disable the MCST packet.

Example

The following example shows how to enable the debugging switch of MCST packets.

switch# debug ip mcst packet switch#

1.1.20 debug ip mcst timer

Syntax

debug ip mcst timer

no debug ip mcst timer

Parameter

None

Default value

None

Remarks

This command is used to enable or disable the MCST timer.

Example

The following example shows how to enable the MCST timer.

switch# debug ip mcst timer switch#

- 15 -


1.1.21 debug ip mcst timer

Syntax

debug ip mcst timer

no debug ip mcst timer

Parameter

None

Default value

None

Remarks

This command is used to enable or disable the MCST timer.

Example

The following example shows how to enable the MCST timer.

switch# debug ip mcst timer switch#

1.1.22 debug ip mcst event

Syntax

debug ip mcst event

no debug ip mcst event

Parameter

None

Default value

None

- 16 -


Remarks

This command is used to enable or disable the MCST event.

Example

The following example shows how to enable the MCST event.

switch# debug ip mcst event

1.1.23 debug ip mcst error

Syntax

debug ip mcst error

no debug ip mcst error

Parameter

None

Default value

None

Remarks

This command is used to enable or disable the MCST error.

Example

The following example shows how to enable the error debugging switch of IGMP snooping.

switch# debug ip mcst error

1.1.24 debug ip igmp-proxy

Syntax

debug debug ip igmp-proxy

no debug ip igmp-proxy

- 17 -


Parameter

None

Default value

None

Remarks

It is used to enable or disable the debugging switch of IGMP proxy.

Example

The following example shows how to enable the debugging switch of IGMP proxy.

switch# debug ip igmp-proxy switch#

- 18 -


Chapter 2 Commands for OLT MLD Multicast Settings

The OLT MLD multicast configuration commands include:

ip mld-snooping {enable | disable}

ip mld-snooping mc-vlan vlan_id range X:X:X:X::X&<1-n>

ip mld-snooping vlan vlan_id static X:X:X:X::X interface intf

ip mld-snooping timer router-age timer_value

ip mld-snooping timer response-time timer_value

ip mld-snooping mrouter interface inft_name

ip mld-proxying enable

ip mld-proxying querier address ip_addr

ip mld-proxying last-member-query {count value1| interval value2}

show ip mld-snooping

show ip mld-snooping timer

show ip mld-snooping groups

show ip mld-snooping statistics

show ip mld-proxying

2.1.1 ip mld-snooping {enable | disable}

Syntax

ip mld-snooping enable

{no ip mld-snooping | ip mld-snooping disable}

To set the MLD snooping function, run ip mld-snooping enable; to resume the default value, run {no ip mld-snooping | ip mld-snooping disable}.

Parameter

None

- 19 -


Default value

The MLD snooping is disabled.

Remarks

After MLD snooping is enabled, when DLF occurs on multicast packets (that is, the destination address is not registered in the swap chip through the MLD-snooping), all multicast packets whose destination addresses are not registered on any port will be dropped.

Example

The following example shows how to enable the MLD snooping function:

switch_config# ip mld-snooping enable

2.1.2 ip mld-snooping solicitation

Syntax

ip mld-snooping solicitation

no ip mld-snooping solicitation

To enable or disable the hardware forwarding of the multicast group, run ip mld-snooping solicitation.To resume the default value, run no ip mld-snooping solicitation.

Parameter

None

Default value

This function is shut down.

Remarks

None

Example

The following example shows how to enable the hardware forward of the multicast group.

switch_config#ip mld-snooping solicitation

- 20 -


2.1.3 ip mld-snooping mc-vlan vlan_id range A.B.C.D&<1-n>

Syntax

ip mld-snooping mc-vlan vlan_id range X:X:X:X::X&<1-n>

no ip mld-snooping mc-vlan vlan_id [range X:X:X:X::X&<1-n>]

Parameter


vlan_id VLAN ID

X:X:X:X::X IP address of the multicast

Default value

None

Remarks

This command has two functions: one is that only the Report and Leave packets whose destination IP addresses have been added to a multicast VLAN can be received by MLD snooping; the other one is that the VLAN tag which transforms the next multicast flow is the multicast VLAN tag. One multicast VLAN can include multiple continuous or discontinuous multicast IP addresses, while one multicast IP address can only belong to one multicast VLAN.

Example

The following command shows how to add multicast group ff12::5 to multicast VLAN2:

switch_config#ip mld-snooping mc-vlan 2 range ff12::5

2.1.4 ip mld-snooping vlan vlan_id static X:X:X:X::X interface intf

Syntax

ip mld-snooping vlan vlan_id static X:X:X:X::X interface intf

no ip mld-snooping vlan vlan_id static X:X:X:X::X interface intf

Parameter


vlan id Stands for the ID of a VLAN. Value range: 1-4094

- 21 -


X:X:X:X::X IP address of the multicast inft An interface

Default value

None

Remarks

This command is used to configure the static multicast address of VLAN. Its negative form is used to cancel the static multicast address.

Example

The following example shows how to add the static multicast address ff12::5 to port EPON0/1:1.

switch_config# ip mld-snooping vlan 1 static ff12::5 interface EPON0/1:1 switch_config#

2.1.5 ip mld-snooping timer router-age timer_value

Syntax

ip mld-snooping timer router-age timer_value

no ip mld-snooping timer router-age

Parameter



Default value

260 seconds

Remarks

This command is used to query the time of the timer of MLD-Snooping. The negative form of this command is used to resume the default value.

Example

The following example shows how to set the query time of the router to 300 seconds.

switch_config# ip mld-snooping timer router-age 300

- 22 -


switch_config#

2.1.6 ip mld-snooping timer response-time timer_value

Syntax

ip mld-snooping timer response-time timer_value

no ip mld-snooping timer response-time

To configure the maximum response time of IGMP snooping, run ip mld-snooping timer response-time timer_value. To resume the default value of IGMP snooping, run no ip mld-snooping timer response-time timer_value.

Parameter



Default value

15 seconds

Remarks

None

Example

The following example shows how to set the query response time of IGMP snooping to 20 seconds.

switch_config# ip mld-snooping timer response-time 20

2.1.7 ip mld-snooping mrouter interface inft_name

Syntax

ip mld-snooping mrouter interface inft_name

no ip mld-snooping mrouter interface inft_name

To configure the port of the static multicast router of IGMP snooping, run ip mcst mrouter interface inft_name.

Parameter


- 23 -


inft_name Shows the port type, the slot and the port ID.

Default value

15 seconds

Remarks

None

Example

The following example shows how to set port G0/4 to the port of the static multicast router of MLD snooping.

switch_config# ip mld-snooping timer mrouter interface G0/4

2.1.8 ip mld-proxying enable

Syntax


{no ip igmp-proxy enable}

To enable IGMP proxy, run ip igmp-proxy enable. To resume the default value, run {no ip igmp-proxy enable}.

Parameter

None

Default value

The MLD proxy is disabled by default.

Remarks

None

Example

The following example shows how to enable the MLD proxy:

switch_config# ip igmp-proxy enable

- 24 -


2.1.9 ip mld-proxying querier address [ip_addr]

Syntax

ip mld-proxying querier address ip_addr

no ip mld-proxying querier address

To set the source IP address of the automatic query packet, run ip mcst querier address ip_addr. The negative form of this command is used to resume the default value.

Parameter


ip_addr IP address of a normal broadcast

Default value

源 IP 地址默认为 FE80::3FF:FEFE:FD00:1。

Remarks

None

Example

The following example shows how to set the source IP address of the query packet to FE80::3FF:FEFE:FD00:2:

switch_config# ip mld-proxying querier address FE80::3FF:FEFE:FD00:2

2.1.10 ip mld-proxying last-member-query {count value1| interval value2}

Syntax

ip mld-proxying last-member-query {count value1| interval value2}

no ip mld-proxying last-member-query {count | interval}

To set the source IP address of the automatic query packet, run ip mld-proxying last-member-query {count value1| interval value2}. The negative form of this command is used to resume the default value.

Parameter


- 25 -


value1 1-5 value2 1-60 seconds

Default value

Both Value1 and Value2 are 2 by default.

Remarks

None

Example

The following example shows how to set last-member-query count to 3.

switch_config# ip mld-proxying last-member-query count 3

2.1.11 show ip mld-snooping

Syntax

show ip mld-snooping

Parameter

None

Default value

None

Remarks

This command is used to display the information about MLD-snooping configuration.

Example

The following example shows how to display the information about MLD snooping.

switch#show ip mld-snooping

Global multicast configuration: ----------------------------------- Globally enable : Disabled Multicast mode : MLD Snooping Dlf-frames filtering : Disabled

- 26 -


Router age : 260 s Response time : 10 s Handle Solicitation : Disabled

Router Port PVID VLANMAP=

Router Port List: -----------------

None

switch#

2.1.12 show ip mld-snooping timer

Syntax

show ip mld-snooping timer

Parameter

None

Default value

None

Remarks

This command is used to display the information about the MLD-snooping clock.

Example

The following example shows how to display the information about the MLD-snooping clock.

switch#show ip mld-snooping timers

Querier on port G0/4: 258

vlan 2 multicast address 3333.0000.0005 response time : 13

switch# Querier on port G0/4: 251 means the timeout time of the ageing timer of the router. vlan 2 multicast address 3333.0000.0005 response time : This shows the time period from receiving a multicast query packet to the present; if there is no host to respond when the timer times out, the port will be canceled.

- 27 -


2.1.13 show ip mld-snooping groups

Syntax

show ip mld-snooping groups

Parameter

None

Default value

None

Remarks

This command is used to display the information about the multicast group of MLD-snooping.

Example

The following example shows how to display the information about the multicast group of MLD-snooping.

switch# show ip mld-snooping timer

Vlan Group Type Port(s) ---- --------------- -------- -------------------------------------

2 ff12::5 LEARNING E0/1:1 switch#

2.1.14 show ip mld-snooping statistics

Syntax

show ip mld-snooping statistics

Parameter

None

Default value

None

- 28 -


Remarks

This command is used to display the information about MLD-snooping statistics.

Example

The following example shows how to display the information about MLD-snooping statistics.

switch#show ip mld-snooping statistics v1_packets:0 Number of the IGMPv1 packets v2_packets:6 Number of the IGMPv2 packets v3_packets:0 Number of the IGMPv3 packets general_query_packets:5 Number of the general query packets special_query_packets:0 Number of the special query packets listener_packets:6 Number of the Report packets leave_packets:0 Number of the Leave packets

err_packets:0 Number of the error packets

2.1.15 show ip mld-proxying

Syntax

show ip mld-proxying

Parameter

None

Default value

None

Remarks

This command is used to display the information about MLD proxy.

Example

The following example shows how to display the information about MLD proxy.

switch#show ip mld-proxying Global MLD Proxying configuration ------------------------------- Status : Disable Last member query interval: 1 Last member query count : 2

- 29 -


Querier address : FE80::3FF:FEFE:FD00:1

switch#

- 30 -


Chapter 3 Remote Configuration Commands for ONU Multicast

The IGMP-Snooping configuration commands include:

epon onu mcst enable

epon onu mcst switch

epon onu ctc mcst fast-leave enable

epon onu port port_id ctc mcst tag-stripe enable

epon onu port port_id ctc mcst max-group-number value

epon onu port port_id ctc mcst mc-vlan {add vlanmap| delete vlanmap|clear}

3.1.1 epon onu mcst enable

Syntax

epon onu mcst enable

{no epon onu mcst | epon onu mcst disable}

To enable and disable the IGMP snooping function, run epon onu mcst enable; to resume the default value, run {no epon onu mcst | epon onu mcst disable}.

Parameter

None

Default value

The IGMP snooping is disabled.

Remarks

After IGMP snooping is enabled, when DLF occurs on multicast packets (that is, the destination address is not registered in the swap chip through the igmp-snooping), all multicast packets whose destination addresses are not registered on any port will be dropped. ONU only supports IGMP snooping V1 and IGMP snooping V2.

- 31 -


Example

The following example shows how to enable the IGMP snooping function:

switch_config#interface e0/1:1 switch_config_e0/1:1#epon onu mcst enable

3.1.2 epon onu ctc mcst switch

Syntax

epon onu ctc mcst switch { dynamic-controllable | igmp-snooping }

no epon onu ctc mcst switch

To enable the ONU multicast mode, run epon onu ctc mcst switch { dynamic-controllable | igmp-snooping }; to resume the default value, run no epon onu ctc mcst switch.

Parameter

None

Default value

The ONU multicast mode is IGMP snooping by default.

Remarks

None

Example

The following example shows how to switch the ONU multicast mode over to the controllable multicast:

switch_config#interface e0/1:1 switch_config_epon0/1:1#epon onu ctc mcst switch dynamic-controllable

3.1.3 epon onu ctc mcst fast-leave enable

Syntax

epon onu ctc mcst fast-leave enable

{no epon onu ctc mcst fast-leave | epon onu ctc mcst fast-leave disable}

- 32 -


To configure the fast-leave attribute, run epon onu ctc mcst fast-leave enable; to resume the default value, run {no epon onu ctc mcst fast-leave | epon onu ctc mcst fast-leave disable}.

Parameter

None

Default value

The fast-leave attribute is enabled by default.

Remarks

The configuration of the fast-leave attribute makes the ONU delete the corresponding port in the port list of the corresponding multicast group shortly after ONU receives the leave packet, while the timer is not enabled any more for waiting to see whether other hosts will be added to the multicast group; if other hosts of a same port also belong to this multicast group and are reluctant to leave, the multicast communication of these hosts may be affected and in this case the fast-leave function should not be enabled.

Example

The following example shows how to disable the fast-leave attribute.

switch_config_epon0/1:1#epon onu ctc mcst fast-leave disable

3.1.4 epon onu ctc mcst premission

Syntax

ip mcst permission uni uni-index range A.B.C.D&<1-n> {permit | preview| forbidden}

no ip mcst permission uni uni-index range A.B.C.D&<1-n>

Parameter


uni-index UNI 端口索引

A.B.C.D IP address of the multicast

Default value

None

- 33 -


Remarks

None

Example

The following example shows how to configure UNI 1 of ONU to forward the multicast flow of the multicast 225.1.1.1.

switch_config#ip mcst permission interface E3/1:2 uni 1 range 225.1.1.1 permit

3.1.5 epon onu port port_id ctc mcst tag-stripe enable

Syntax

epon onu port port_id ctc mcst tag-stripe enable

{no epon onu port port_id ctc mcsttag-stripe | epon onu port port_id ctc mcst tag-stripe disable}

To configure the tag-stripe attribute, which is used to remove the VLAN tag of the next multicast packet that ONU receives, run epon onu port port_id ctc mcst tag-stripe enable.

Parameter


port_id UNI ID of ONU

Default value

Disable

Remarks

None

Example

The following example shows how to enable the Tag-Stripe function on UNI1 of ONU.

switch_config_epon0/1:1#epon onu port 1 ctc mcst tag-stripe enable

- 34 -


3.1.6 epon onu port port_id ctc mcst max-group-number value

Syntax

epon onu port port_id ctc mcst max-group-number value

no epon onu port port_id ctc mcst max-group-number

To configure the max-group-number attribute, which enables the UNI port of ONU to limit the number of the concurrently forwarded multicast groups, run epon onu port port_id ctc mcst max-group-number value.

Parameter


port_id UNI ID of ONU

value Maximum number of multicast groups

Default value

The default value is 128.

Remarks

None

Example

The following example shows how to configure UNI1 of ONU to allow 64 concurrent multicast flows simultaneously: 1 最多同时允许 64 条组播流。

switch_config_epon0/1:1#epon onu port 1 ctc mcst max-group-number 64

3.1.7 epon onu port port_id ctc mcst mc-vlan {add vlanmap| delete vlanmap|clear}

Syntax

epon onu port port_id ctc mcst mc-vlan {add vlanmap| delete vlanmap|clear}

To configure the correlation of the UNI port and the multicast VLAN so that ONU can remove the VLAN tag of the downlink multicast packets, run the command above.

Parameter


- 35 -


vlanmap VLAN bitmap

Default value

None

Remarks

None

Example

The following example shows how to configure UNI 1 of ONU to forward the multicast flow of the multicast VLAN2.

switch_config_e0/1:1#epon onu port 1 ctc mcst mc-vlan add 2

- 36 -

Optical Fiber Protection Shift Commands

Table of Contents

Table of Contents

Chapter 1 Optical Fiber Protection Shift Commands ......................................................................... 1 1.1 epon b-psg ............................................................................................................................ 1 1.2 epon c-psg ............................................................................................................................ 2 1.3 epon psg member ................................................................................................................. 2 1.4 epon psg switch .................................................................................................................... 3

- I -


Chapter 1 Optical Fiber Protection Shift Commands

1.1 epon b-psg

Syntax

epon b-psg [ sequence sequence-number ]

no epon b-psg sequence sequence-number

The commands above are used to create and delete a B-type PSG port respectively.

Parameter


sequence-number Stands for the sequence number of the logic port, which ranges from 1 to 8.

Default value

If the sequence number of the logic port is not designated, you should take the unused minimum value between 1 and 8.

Command mode


Remarks

This command is used to create a virtual port ; after the virtual port is successfully created, you have to run epon psg member active epon-port standby epon-port immediately to bind the to-be-protected PON port.

Example

The following example shows how to create a B-type PSG port.

switch_config#epon b-psg sequence 1 switch_config#

- 1 -


1.2 epon c-psg

Syntax

epon c-psg [ sequence sequence-number ]

no epon c-psg sequence sequence-number

The commands above are used to create and delete a C-type PSG port respectively.

Parameter


sequence-number Stands for the sequence number of the logic port, which ranges from 1 to 8.

Default value

If the sequence number of the logic port is not designated, you should take the unused minimum value between 1 and 8.

Command mode


Remarks

This command is used to create a virtual port ; after the virtual port is successfully created, you have to run epon psg member active epon-port standby epon-port immediately to bind the to-be-protected PON port.

Example

The following example shows how to create a C-type PSG port.

switch_config#epon c-psg sequence 1 switch_config#

1.3 epon psg member

Syntax

epon psg member active epon-port standby epon-port

no epon psg member active epon-port standby epon-port

The first command is used to add a protected PON port to the PSG port.

- 2 -


Parameter


epon-port Stands for the EPON port.

Default value

None

Command mode

PSG port configuration mode

Remarks

This command is to add the actually to-be-protected PON port to the PSG port. Currently only when two PON ports are on the same OLT chip can they be supported.

Example

The following example shows how to bind EPON0/1 and EPON0/4 to PSG0/1:

switch_config#epon b-psg sequence 1 switch_config#interface psg 0/1 switch_config_psg0/1#epon psg member active e0/1 standby e0/4

1.4 epon psg switch

Syntax

epon psg member switch interface psg-port

It is used to force the switchover of the key PON port of B-type PSG.

Parameter


psg-port PSG port

Default value

None

Command mode

Privileged mode

- 3 -


Remarks

This command is used to force the switchover of the PSG port only on the CTC B-type protection mechanism.

Example

The following example shows how to switch over the PSG port mandatorily.

switch_config# epon psg switch interface psg 0/1

- 4 -

ONU Management Configuration Commands

Table of Contents

Table of Contents

Chapter 1 Local ONU Management Commands ............................................................................... 1 1.1 Local ONU Management Commands................................................................................... 1 1.2 epon onu-registration-method mac....................................................................................... 2 1.3 epon bind-onu....................................................................................................................... 2 1.4 epon onu-authen-method manual......................................................................................... 3 1.5 epon mpcp-registration-mode............................................................................................... 4 1.6 epon onu description ............................................................................................................ 5 1.7 epon conform-onu................................................................................................................. 6 1.8 epon deregister-onu.............................................................................................................. 6 1.9 clear epon dynamic-binding.................................................................................................. 7 1.10 epon dynamic-binding-timeout {disable | enable}............................................................... 8 1.11 epon dynamic-binding-timeout value .................................................................................. 9 1.12 epon ctc-oam-discovery-timeout {disable | enable}............................................................ 9 1.13 epon ctc-oam-discovery-timeout value ............................................................................. 10 1.14 epon ace-reset-delay value count......................................................................................11 1.15 epon dying-gasp-log {disable | enable}............................................................................. 12 1.16 epon snmp-ipaddress ....................................................................................................... 12 1.17 serial-bridge remote.......................................................................................................... 13 1.18 show epon basic-info ........................................................................................................ 14 1.19 show epon encryption....................................................................................................... 15 1.20 show epon mpcp-registration-mode ................................................................................. 15 1.21 show epon onu-authen-method........................................................................................ 16 1.22 show epon onu-registration-method ................................................................................. 17 1.23 show epon onu-information .............................................................................................. 18

Chapter 2 Global Remote Control Commands of ONU ................................................................... 19 2.1 Global Remote Control Commands of ONU....................................................................... 19 2.2 epon reboot onu.................................................................................................................. 20 2.3 epon update onu image ...................................................................................................... 21 2.4 epon commit-onu-image-update......................................................................................... 22 2.5 epon update onu eeprom-image......................................................................................... 22 2.6 epon ace-recover................................................................................................................ 23 2.7 epon switch-onu-pon .......................................................................................................... 24 2.8 epon switch-onu-pon-and-back .......................................................................................... 25 2.9 epon onu encryption ........................................................................................................... 25 2.10 epon onu mac address-table static................................................................................... 26 2.11 epon onu clear mac address-table dynamic ..................................................................... 27 2.12 epon onu mac address-table learning .............................................................................. 28 2.13 epon onu mac address-table aging-time .......................................................................... 28 2.14 epon onu scheduler policy ................................................................................................ 29 2.15 epon onu scheduler wrr bandwidth................................................................................... 30 2.16 epon onu cos map ............................................................................................................ 31

- I -

Table of Contents

2.17 epon onu scheduler-pon policy......................................................................................... 32 2.18 epon onu scheduler-pon wrr bandwidth............................................................................ 32 2.19 epon onu cos-pon map ..................................................................................................... 33 2.20 epon onu port-protect ....................................................................................................... 34 2.21 epon onu ip address ......................................................................................................... 35 2.22 epon onu spanning-tree.................................................................................................... 36 2.23 epon onu mirror................................................................................................................. 37 2.24 epon onu filter ................................................................................................................... 37 2.25 epon onu serial-mode ....................................................................................................... 38 2.26 epon onu serial-remote..................................................................................................... 39 2.27 epon onu vlan ................................................................................................................... 40 2.28 show epon interface onu basic-info .................................................................................. 41 2.29 show epon interface onu ctc basic-info ............................................................................ 43 2.30 show epon onu mac address-table................................................................................... 44

Chapter 3 Remote UNI Control Commands of ONU........................................................................ 45 3.1 Remote UNI Control Commands of ONU........................................................................... 45 3.2 epon onu port ctc vlan mode .............................................................................................. 46 3.3 epon onu port ctc vlan translation-entry ............................................................................. 46 3.4 epon onu port ctc vlan aggregation-entry ........................................................................... 47 3.5 epon onu port ctc flow-control............................................................................................. 48 3.6 epon onu port mac address-table dynamic maximum........................................................ 49 3.7 epon onu port storm-control................................................................................................ 50 3.8 epon onu port ctc rate-limit ................................................................................................. 51 3.9 epon onu port loopback detect ........................................................................................... 51 3.10 epon onu port duplex ........................................................................................................ 52 3.11 epon onu port speed ......................................................................................................... 53 3.12 epon onu port ctc auto-negotiation ................................................................................... 54 3.13 epon onu port block mac .................................................................................................. 55 3.14 epon onu port default-cos ................................................................................................. 55 3.15 epon onu port ctc shutdown.............................................................................................. 56 3.16 epon onu port qos policy................................................................................................... 57 3.17 epon onu port ctc qos policy ............................................................................................. 58 3.18 epon onu port mac access-group ..................................................................................... 58 3.19 epon onu port ip access-group ......................................................................................... 59 3.20 epon onu serial serial-attribute ......................................................................................... 60 3.21 epon onu serial serial-buffer ............................................................................................. 62 3.22 epon onu serial serial-keepalive ....................................................................................... 63 3.23 epon onu serial loopback detect ....................................................................................... 63 3.24 show epon onu {port | serial} statistics ............................................................................. 64 3.25 show epon onu {port | serial} state ................................................................................... 65 3.26 show epon onu port ctc vlan ............................................................................................. 66

- II -


Chapter 1 Local ONU Management Commands

1.1 Local ONU Management Commands

The following are local ONU management commands:

epon onu-registration-method mac

epon bind-onu

epon onu-authen-method manual

epon mpcp-registration-mode

epon onu description

epon conform-onu

epon deregister-onu

clear epon dynamic-binding

epon dynamic-binding-timeout {disable | enable}

epon dynamic-binding-timeout value

epon ctc-oam-discovery-timeout {disable | enable}

epon ctc-oam-discovery-timeout value

epon ace-reset-delay

epon dying-gasp-log

epon snmp-ipaddress

serial-bridge remote

show epon basic-info

show epon encryption

show epon mpcp-registration-mode

show epon onu-authen-method

show epon onu-registration-method

show epon onu-information

- 1 -


1.2 epon onu-registration-method mac

Syntax

epon onu-registration-method mac

no epon onu-registration-method

To open the checkup mechanism of the ONU MAC address during MPCP registration, run epon onu-registration-method mac.

Parameter

None

Default value

The MAC address of ONU is not checked by default.

Command mode

EPON port configuration mode

Remarks

After the checkup of the ONU MAC address is enabled during MPCP registration, successful registration can only be conducted to those ONUs that has been bound to static entries through the running of the epon bind-onu mac-address llid-sequence command.

Example

The following example shows how to open the checkup of MAC address' registration on ONU of interface EPON0/1.

switch_config# interface EPON0/1 switch_config_epon0/1# epon onu-registration-method mac

1.3 epon bind-onu

Syntax

epon bind-onu mac-address llid-sequence

no epon bind-onu mac-address

- 2 -


To bind the MAC address of ONU to the EPON port and the LLID sequence number, run this command.

Parameter


mac-address The format of the MAC address is <xxxx.xxxx.xxxx>.

llid-sequence Value range: 1-64

Default value

The MAC address has no default value, while the default value of llid-sequence is the unoccupied minimum LLID sequence.

Command mode


Remarks

Only when this command is used together with the epon onu-registration-method mac command can it take effect.

Example

The following example shows how to bind LLID sequence 1 of port EPON0/1 to ONU 00e0.0f00.00001:

switch_config# interface EPON0/1 switch_config_epon0/1# epon bind-onu 00e0.0f00.00001 1

1.4 epon onu-authen-method manual

Syntax

epon onu-authen-method manual

no epon onu-authen-method manual

To set the ONU authentication mode, run epon onu-authen-method manual. At present, you have options to abandon the authentication or to conduct manual authentication.

Parameter

None

- 3 -


Default value

If the ONU authentication is not conducted, the registration then automatically passes the authentication.

Command mode


Remarks

If the epon onu-authen-method manual command is configured for manual authentication, the administrator needs to confirm it manually after ONU registration is complete and then can a corresponding bandwidth be obtained and the remote configuration can be done.

Example

The following example shows how to set the ONU authentication mode on port EPON0/1 to the manual authentication:

switch_config# interface EPON0/1 switch_config_epon0/1#epon onu-authen-method manual

1.5 epon mpcp-registration-mode

Syntax

epon mpcp-registration-mode {normal | ctc value}

To configure the delay of MPCP, run the previous command.

Parameter


value 1-50ms

Default value

The delay is 20ms by default.

Command mode


- 4 -


Remarks

None

Example

The following example shows how to set the delay of MPCP of port EPON0/1 to 30ms.

OLT_config_epon0/1# epon mpcp-registration-mode ctc 20

1.6 epon onu description

Syntax

epon onu description string

To add the description string for ONU, run the previous command.

Parameter


string A character sting to describe ONU, which consists only of ASCII characters

Default value

None

Command mode


Remarks

None

Example

The following example shows how to set the description string of ONU on port EPON0/1:1 to p1004.

OLT_config_epon0/1:1# epon onu description p1004

- 5 -


1.7 epon conform-onu

Syntax

epon conform-onu {mac-address value | interface epon slot/port:sequence}

To enable the registered ONU to pass authentication, run the previous command.

Parameter


value The format of the MAC address is <xxxx.xxxx.xxxx>. slot/port[:sequence] The slot parameter stands for the slot number, the port

parameter stands for the EPON port number and the sequence parameter stands for the LLID sequence.

Default value

None

Command mode

Privileged mode

Remarks

None

Example

The following example shows how to get ONU authenticated on port EPON0/1:1.

Switch# epon conform-onu interface epon 0/1:1

1.8 epon deregister-onu

Syntax

epon deregister-onu { interface epon slot/port:sequence}

To deregister ONU, run the previous command.

Parameter


- 6 -


slot/port[:sequence] The slot parameter stands for the slot number, the port parameter stands for the EPON port number and the sequence parameter stands for the LLID sequence.

Default value

None

Command mode

Privileged mode

Remarks

None

Example

The following example shows how to deregister the registered ONU on port EPON0/1:1.

Switch# epon deregister-onu interface epon0/1:1

1.9 clear epon dynamic-binding

Syntax

clear epon dynamic-binding [interface epon slot/port]

To remove the information about dynamic ONU binding, run the previous command.

Parameter


slot/port The slot parameter stands for the slot ID and the port parameter stands for the EPON port ID.

Default value

None

Command mode

Privileged mode

- 7 -


Remarks

Only when ONU does not pass authentication and after ONU is deregistered can the information about dynamic ONU binding be removed.

Example

The following example shows how to remove the information about dynamic ONU binding on port EPON0/1:1 manually.

switch# clear epon dynamic-binding interface epon0/1:1

1.10 epon dynamic-binding-timeout {disable | enable}

Syntax

epon dynamic-binding-timeout {disable | enable}

To remove the information about dynamic ONU binding automatically, run the previous command.

Parameter

None

Default value

disable

Command mode


Remarks

None

Example

The following example shows how to remove the information about dynamic ONU binding automatically.

OLT_config#epon dynamic-binding-timeout enable

- 8 -


1.11 epon dynamic-binding-timeout value

Syntax

epon dynamic-binding-timeout value

To set the timeout time of the automatic removal of the information about dynamic ONU binding , run the previous command.

Parameter


value 30-300s

Default value

300s

Command mode


Remarks

None

Example

The following example shows how to set the timeout time of the automatic removal of the information about dynamic ONU binding to 200s.

OLT_config# epon dynamic-binding-timeout 200

1.12 epon ctc-oam-discovery-timeout {disable | enable}

Syntax

epon ctc-oam-discovery-timeout {disable | enable}

To enable or disable ONU registration when the successful discovery of CTC OAM of ONU times out, run this command.

Parameter

None

- 9 -


Default value

disable

Command mode


Remarks

None

Example

The following example shows that ONU registration is disabled when the successful discovery of CTC OAM of ONU times out.

OLT_config#epon ctc-oam-discovery-timeout enable

1.13 epon ctc-oam-discovery-timeout value

Syntax

epon ctc-oam-discovery-timeout value

To set the timeout time for waiting for successful CTC OAM discovery of ONU, run this command.

Parameter


value 30-300s

Default value

60s

Command mode


Remarks

None

- 10 -


Example

The following example shows how to set the timeout time for waiting for successful CTC OAM discovery of ONU.

OLT_config# epon ctc-oam-discovery-timeout 200

1.14 epon ace-reset-delay value count

Syntax

epon ace-reset-delay value count

To set the waiting time and transmission times of OAM transmission after the initial registration of ACE ONU is resumed, run the above-mentioned command.

Parameter


value 500-10000ms count 1-10

Default value

3000ms, 3 times

Command mode


Remarks

None

Example

The following example shows that the waiting time and transmission times of OAM transmission after the initial registration of ACE ONU are set to 4000ms and 5 times respectively.

OLT_config# epon ace-reset-delay 4000 5

- 11 -


1.15 epon dying-gasp-log {disable | enable}

Syntax

epon dying-gasp-log {disable | enable}

To enable and disable the print of ONU power-off alarm log, run the above-mentioned command.

Parameter

None

Default value

enable

Command mode


Remarks

None

Example

The following example shows how to shut down the print of the ONU power-off alarm log.

OLT_config#epon dying-gasp-log disable

1.16 epon snmp-ipaddress

Syntax

epon snmp-ipaddress ip-address

To set the IP address of OLT manager, run the above-mentioned command.

Parameter


ip-address Stands for the IP address of the network manager.

- 12 -


Default value

None

Command mode


Remarks

This IP address is used for network topology discovery in the hand-in-hand environment.

Example

The following example shows how to set the IP address of OLT manager to 192.168.1.10.

OLT_config# epon snmp-ipaddress 192.168.1.10

1.17 serial-bridge remote

Syntax

serial-bridge remote index address A.B.C.D

no serial-bridge remote index address

To set the IP address of the bridge of the serial interface of ONU, run serial-bridge remote index address A.B.C.D.

Parameter


index Index of the bridge

A.B.C.D IP address of the bridge

Default value

None

Command mode


- 13 -


Remarks

This command is used to set the index and IP address of the front bridge.

Example

The following example shows how to set the bridge 10.0.0.1 to 1.。

OLT_config# serial-bridge remote 1 address 10.0.0.1

1.18 show epon basic-info

Syntax

show epon basic-info

To display the basic OLT information, run the previous command.

Parameter

None

Default value

None

Command mode

Any mode will do.

Remarks

Relevant information will not be displayed unless the OLT chip is hot plugged.

Example

The following are basic information about OLT.

Switch# show epon basic-info ONU registration flapping suppression: disabled Hello interval : 3 seconds Dead interval : 5 counts IROS : enabled SC software version : 1025.0.0.1798569984 Number of registered OLTs : 1 -------------------------------------

- 14 -


OLT chip index : 0 OLT chip module id : 0 OLT chip device id : 0x0 OLT chip MAC address: 00:e0:0f:de:d0:10 OLT status : operational

1.19 show epon encryption

Syntax

show epon encryption

To display the information about EPON encryption configuration, run the above-mentioned command.

Parameter

None

Default value

None

Command mode

Any mode will do.

Remarks

None

Example

The following example shows how to display the information about EPON encryption configuration:

Switch#show epon encryption Encryption mode rekey time(ms) --------------- -------------- ctc churning 10000

1.20 show epon mpcp-registration-mode

Syntax

show epon mpcp-registration-mode [interface epon slot/port]

- 15 -


To display the MPCP registration mode of the EPON port, run the previous command.

Parameter



Default value

None

Command mode

Any mode will do.

Remarks

None

Example

The following example shows how to display the ONU MPCP registration mode of the EPON port.

Switch# show epon mpcp-registration-mode interface epon 0/1 MPCP registeration is delay time enabled on E0/1, and delay time is 20 ms

1.21 show epon onu-authen-method

Syntax

show epon onu-authen-method [interface epon slot/port]

To display the ONU authentication mode, run the previous command.

Parameter



Default value

None

- 16 -


Command mode

Any mode will do.

Remarks

None

Example

The following example shows how to display the ONU registration mode of the EPON0/1 port.

Switch# show epon onu-authen-method interface epon 0/1 ONU authentication mode is manual on E0/1.

1.22 show epon onu-registration-method

Syntax

show epon onu-registration-method [interface epon slot/port]

To display the ONU MAC address checkup mode, run the previous command.

Parameter



Default value

None

Command mode

Any mode will do.

Remarks

None

Example

The following example shows how to display the ONU MAC address checkup mode of the EPON0/1 port.

- 17 -


Switch# show epon onu-registration-method interface epon 0/1 ONU MAC address check when registeration is enabled on E0/1.

1.23 show epon onu-information

Syntax

show epon onu-information [interface epon slot/port]

To display the ONU information, run the previous command.

Parameter



Default value

None

Command mode

Any mode will do.

Remarks

None

Example

The following example shows how to display all ONU binding information on port epon0/1.

Switch# show epon onu-information interface epon0/1 OLT#show epon onu-information interface e0/1 Interface EPON0/1 has registered 2 ONUs: Intf Name MAC Address Description Bind Type Status Distance(m) RTT(TQ) ---------- -------------- --------------- --------- --------------- ----------- ------- EPON0/1:1 00e0.0fa7.0150 N/A static deregistered N/A N/A EPON0/1:2 0025.5e1a.dbe6 N/A static auto_configured 52 2407

- 18 -


Chapter 2 Global Remote Control Commands of ONU

2.1 Global Remote Control Commands of ONU

Global remote control commands of ONU are shown below:

epon reboot onu

epon update onu image

epon update onu eeprom-image

epon ace-recover

epon commit-onu-image-update

epon switch-onu-pon

epon switch-onu-pon-and-back

epon onu encryption

epon onu mac address-table static

epon onu clear mac address-table dynamic

epon onu mac address-table learning

epon onu mac address-table aging-time

epon onu scheduler policy

epon onu scheduler wrr bandwidth

epon onu cos map

epon onu scheduler-pon policy

epon onu scheduler-pon wrr bandwidth

epon onu cos-pon map

epon onu port-protect

epon onu ip address

epon onu spanning-tree

epon onu mirror

- 19 -


epon onu filter

epon onu serial-mode

epon onu serial-remote

epon onu vlan

show epon interface onu basic-info

show epon interface onu ctc basic-info

show epon onu mac address-table

2.2 epon reboot onu

Syntax

epon reboot onu {mac-address value | interface epon slot/port:sequence}

To restart ONU, run the previous command.

Parameter




Default value

None

Command mode

Privileged mode

Remarks

None

Example

The following example shows how to restart the registered ONU on port EPON0/1:1.

switch# epon reboot onu interface epon0/1:1

- 20 -


2.3 epon update onu image

Syntax

epon update onu image image_name interface epon slot/port[:sequence]

To update the ONU version remotely through OLT, run the previous command.

Parameter


image_name Contains up to 32 characters.


Default value

None

Command mode

Privileged mode

Remarks

1. Unless the to-be-updated software matches the corresponding ONU type can this software not be updated.

2. During the update process of ONU software, do not cut off the power of ONU. After the completion of ONU update, OLT will notify users of the successful ONU update by the way of log, and ONU will use the updated version for rebooting.

3. After the ONU version is updated and restarted, you need to run epon commit-onu-image-update on OLT to confirm the ONU version.

Example

The following example shows how to update the ONU version on port EPON0/1:1.

OLT# epon update onu image onu_bin interface epon epon0/1:1

- 21 -


2.4 epon commit-onu-image-update

Syntax

epon commit-onu-image-update {mac-address value | interface epon slot/port:sequence}

To confirm the update of the ONU version, run the above-mentioned command.

Parameter




Default value

None

Command mode

Privileged mode

Remarks

This command is used after the ONU version is upgraded, restarted and re-registered.

Example

The following example shows how to confirm the upgrade of the ONU version on port EPON0/1:1.

switch# epon commit-onu-image-update interface epon0/1:1

2.5 epon update onu eeprom-image

Syntax

epon update onu eeprom-image image_name interface epon slot/port:sequence

The ONU EEPROM file has saved the MAC address and the sequence ID of ONU. If the information need be altered, the ONU EEPROM file need be updated. This command is used to update the ONU EEPROM file remotely from OLT.

- 22 -


Parameter


image_name Contains up to 32 characters.

slot/port:sequence The slot parameter stands for the slot number, the port parameter stands for the EPON port number and the sequence parameter stands for the LLID sequence.

Default value

None

Command mode

Privileged mode

Remarks

1. After the ONU EEPROM file is updated, ONU need be restarted and then the newly configured information takes effect.

2. During the update process of ONU software, do not cut off the power of ONU.

Example

The following example shows how to use the onu_eeprom.dat file to update the ONU EEPROM on port EPON0/1:1.

OLT# epon update onu eeprom-image onu_eeprom.dat interface epon epon0/1:1

2.6 epon ace-recover

Syntax

epon ace-recover {mac-address value | interface epon slot/port:sequence}

To resume the default settings of ACE ONU, run the above-mentioned command.

Parameter




- 23 -


Default value

None

Command mode

Privileged mode

Remarks

This command is valid only for the ONU of ACE.

Example

The following example shows how to resume the default settings of ACE ONU on port EPON0/1:1.

Switch# epon ace-recover interface epon0/1:1

2.7 epon switch-onu-pon

Syntax

epon switch-onu-pon interface epon slot/port:sequence

To switch the current PON port on ONU, run the above-mentioned command.

Parameter



Default value

None

Command mode

Privileged mode

Remarks

This command is only valid for ONU with dual PON ports.

- 24 -


Example

The following example shows how to switch the current PON port of ONU on port epon0/1:1.

switch# epon switch-onu-pon interface epon0/1:1

2.8 epon switch-onu-pon-and-back

Syntax

epon switch-onu-pon-and-back interface epon slot/port:sequence

To switch the current PON port of ONU and then switch back to the original PON port, run the above-mentioned command.

Parameter



Default value

None

Command mode

Privileged mode

Remarks

This command is only valid for ONU with dual PON ports.

Example

The following example shows how to switch the current PON port of ONU and then switch back to the original PON port on port epon0/1:1.

switch# epon switch-onu-pon-and-back interface epon0/1:1

2.9 epon onu encryption

Syntax

epon onu encryption triple-churning

- 25 -


no epon onu encryption

To set the ONU encryption mode, run epon onu encryption triple-churning.

Parameter

None

Default value

The default encryption mode of ONU is triple-churning.

Command mode


Remarks

The encryption function must be set for OLT and ONU simultaneously and the encryption modes are same, and then the encryption function can take effect.

Example

The following example shows how to set the ONU encryption mode on port EPON0/1:1 to triple churning.

switch_config# interface EPON0/1:1 switch_config_epon0/1:1# epon onu encryption triple-churning

2.10 epon onu mac address-table static

Syntax

[no]epon onu mac address-table static mac-addr port port-num

To add a static MAC address, run mac address-table static mac-addr vlan vlan-id interface interface-id. To cancel the static MAC address, run no mac address-table static

mac-addr vlan vlan-id interface interface-id.

Parameter


mac-addr Means an MAC address. Value range: H.H.H

port-num Physical port that the MAC address belongs to

- 26 -


Default value

None

Remarks

This command is configured in LLID port mode.

Example

The following example shows how to bind the MAC address, 0004.5600.67ab, to the UNI2 port.

switch_config#interface e0/1:1

switch_config_epon0/1:1#epon onu mac address-table static 0004.5600.67ab port 2

2.11 epon onu clear mac address-table dynamic

Syntax

epon onu clear mac address-table dynamic [ address H.H.H | port num]

To clear the dynamic MAC address of ONU, run the previous command.

Parameter


H.H.H Stands for the MAC address that is designated to be deleted.

Num Stands for the UNI port number.

Default value

None

Remarks


Example

The following example shows how to remove the MAC address of the UNI1 port, which is corresponded by the LLID port, epon0/1:1.

switch_config#interface epon 0/1:1

- 27 -


switch_config_epon0/1:1#epon onu clear mac address-table dynamic port 1

2.12 epon onu mac address-table learning

Syntax

epon onu mac address-table learning { disable | svl }

no epon onu mac address-table learning

To configure the learning of ONU MAC address table, run epon onu mac address-table learning { disable | svl }.

Parameter


disable Shuts down MAC address learning.

svl VLAN learning is shared by default.

Default value

VLAN learning is shared by default.

Remarks


Example

The following example shows how to shut down ONU MAC address learning which corresponds to the LLID port, epon0/1:1.


switch_config_epon0/1:1#epon onu mac address-table learning disable

2.13 epon onu mac address-table aging-time

Syntax

epon onu mac address-table aging-time { 0 | time }

no epon onu mac address-table aging-time

- 28 -


To set the aging time of the MAC address table of ONU, run epon onu mac address-table aging-time { 0 | time }.

Parameter


0 Means that the MAC address does not age.

time Stands for the aging time of the MAC address, which ranges from 15 to 3825 seconds.

Default value

300S

Remarks


Example

The following example shows how to set the aging time of the MAC address of ONU which corresponds to the LLID port, epon0/1:1.


switch_config_epon0/1:1#epon onu mac address-table aging-time 200

2.14 epon onu scheduler policy

Syntax

epon onu scheduler policy { sp | wrr }

no epon onu scheduler policy

To set the schedule policy of the ONU CoS priority queue, run epon onu scheduler policy { sp | wrr }.

Parameter


sp Uses the SP schedule policy.

wrr Uses the WRR schedule policy.

- 29 -


Default value

The SP schedule policy is used by default.

Remarks


Example

The following example shows how to set the ONU CoS priority queue of the LLID port, epon0/1:1, to wrr.


switch_config_epon0/1:1#epon onu scheduler policy wrr

2.15 epon onu scheduler wrr bandwidth

Syntax

epon onu scheduler wrr bandwidth weight1 ... weightn

no epon onu scheduler wrr bandwidth

To set the bandwidth of the ONU CoS priority queue, run epon onu scheduler wrr bandwidth weight1...weightn.

Note:

At present, the ONU chip does not support the bandwidth settings of the priority queue. The bandwidth settings is a fixed value, 1:2:4:8. 2 : 4 : 8。

Parameter


weight1 ... weightn Values of four CoS priority queues, ranging between 0 and 255

Default value

The weights of four CoS priority queues are 1, 2, 4 and 8 respectively.

Remarks


- 30 -


Example

The following example shows how to set the bandwidth of the ONU CoS priority queue of the LLID port, epon0/1:1, to 10, 50, 100, or 200.


switch_config_epon0/1:1#epon onu scheduler wrr bandwidth 10 50 100 200

2.16 epon onu cos map

Syntax

epon onu cos map quid cos1 ... cosn

no epon onu cos map

To set the ONU CoS priority queue, run epon onu cos map quid cos1..cosn.

Parameter


quid ID of the COS priority queue, ranging between 1 and 4

cos1 ... cosn CoS value defined by IEEE802.1p, ranging between 0 and 7

Default value

CiS Priority Queue

0, 1 1

2, 3 2

4, 5 3

6，7 4

Remarks


Example

The following example shows how to map ONU priority values (3, 4, 5) of the LLID epon0/1:1 port to queue 3.


- 31 -


switch_config_epon0/1:1#epon onu cos map 3 3-5

2.17 epon onu scheduler-pon policy

Syntax

epon onu scheduler-pon policy { sp | wrr }

no epon onu scheduler-pon policy

To set the schedule policy of the uplink ONU CoS priority queue, run epon onu scheduler-pon policy { sp | wrr }.

Parameter


sp Uses the SP schedule policy.

wrr Uses the WRR schedule policy.

Default value

The SP schedule policy is used by default.

Remarks


Example

The following example shows how to set the uplink priority queue of ONU, which corresponds to the LLID port (epon0/1:1), to wrr.


switch_config_epon0/1:1#epon onu scheduler-pon policy wrr

2.18 epon onu scheduler-pon wrr bandwidth

Syntax

epon onu scheduler-pon wrr bandwidth weight1 ... weightn

no epon onu scheduler-pon wrr bandwidth

- 32 -


To set the bandwidth of the ONU CoS priority queue, run epon onu scheduler wrr bandwidth weight1...weightn.

Parameter


weight1 ... weightn Values of eight CoS priority queues, ranging between 0 and 255

Default value

The following example shows how to set the weight values of eight CoS priority queues to 1, 1, 1, 1, 1, 1, 1 and 1 respectively.

Remarks


Example

The following example shows how to set the bandwidth of the ONU CoS priority queue of the LLID port, epon0/1:1, to 1, 2, 4, or 8.


switch_config_epon0/1:1#epon onu scheduler-pon wrr bandwidth 1 2 4 8 16 32 64 128

2.19 epon onu cos-pon map

Syntax

epon onu cos-pon map quid cos1 ... cosn

no epon onu cos-pon map

To set the ONU CoS priority queue, run epon onu cos map quid cos1..cosn.

Parameter


quid ID of the COS priority queue, ranging between 1 and 8

cos1 ... cosn CoS value defined by IEEE802.1p, ranging between 0 and 7

Default value

CiS Priority Queue

- 33 -


0 1

1 2

2 3

3 4

4 5

5 6

6 7

7 8

Remarks


Example

The following example shows how to map ONU priority values (3, 4, 5) of the LLID epon0/1:1 port to queue 3.


switch_config_epon0/1:1#epon onu cos-pon map 3 3-5

2.20 epon onu port-protect

Syntax

epon onu port-protect

no epon onu port-protect

To configure ONU port isolation, run epon onu port-protect.

Parameter

Default value

ONU port isolation is enabled by default.

- 34 -


Remarks

This command is configured in port configuration mode.

Example

The following example shows how to enable the isolation of the ONU port which corresponds to the LLID port, epon0/1:1.


switch_config_epon0/1:1# epon onu port-protect

2.21 epon onu ip address

Syntax

ONU，命令如下：

epon onu ip address { dhcp | static ip-address netmask}

bstar ONU，命令如下：

epon onu ip address A.B.C.D netmask A.B.C.D gateway A.B.C.D vlan value

no epon onu ip address

To set the ONU IP address, run epon onu ip address { dhcp | static ip-address netmask}.

Parameter


Dhcp Sets dynamic IP address obtainment for ONU.

Static Sets static IP address obtainment for ONU.

ip-address Stands for the static IP address.

Netmask Subnet mask

A.B.C.D Address

Value Vlan id

Default value

ONU 默认 DHCP 模式，如果 onu 获取不到，使用默认的 192.168.0.1

- 35 -


Remarks


Example

The following example shows how to set the ONU IP address mode to static and set the IP address to 172.0.0.10.


switch_config_epon0/1:1# epon onu ip address static 172.0.0.10 255.255.0.0

2.22 epon onu spanning-tree

Syntax

epon onu spanning-tree

no epon onu spanning-tree

开启或关闭 ONU Spanning Tree。

Parameter

Default value

关闭 Spanning Tree 功能。

Remarks


Example

在 LLID 端口 epon0/1:1 开启 spanning tree。


switch_config_epon0/1:1# epon onu spanning-tree

- 36 -


2.23 epon onu mirror

Syntax

epon onu mirror session num destination dest-port source src-port [both | rx | tx]

no epon onu mirror session num

配置 ONU 镜像功能。

Parameter


num 镜像会话编号

dest-port 镜像目的端口号

src-port 镜像源端口号

both 镜像入口和出口

rx 镜像入口

tx 镜像出口

Default value

无镜像配置

Remarks


Example

配置 LLID 端口 epon0/1:1 镜像功能，将端口 1 的入口报文镜像到端口 2。


switch_config_epon0/1:1# epon onu mirror session 1 destination 2 source 1 rx

2.24 epon onu filter

Syntax

epon onu filter {icmp | arp | bpdu | igmp} threshold value

- 37 -


no epon onu filter {icmp | arp | bpdu | igmp}

配置 ONU 防攻击功能。

Parameter


value 每秒允许收到的报文字节数。 Value range: 52000

Default value

无防攻击功能

Remarks


Example

配置 LLID 端口 epon0/1:1 防 BPDU 攻击，阈值每秒 20 个。


switch_config_epon0/1:1# epon onu filter bpdu threshold 20

2.25 epon onu serial-mode

Syntax

epon onu serial-mode {tcp-server | tcp-client | udp} port port-value [timeout timeout-value]

no epon onu serial-mode

Sets the CTC mode of ONU.

Parameter


tcp-server tcp server模式

tcp-client tcp client模式

udp udp模式

port-value tcp或udp端口号，1-65535

- 38 -


timeout-value 超时时间，只有在tcp-server模式下才可以配置，1-65535，单位S

Default value

关闭串口

Remarks


Example

配置 LLID 端口 epon0/1:1 串口工作模式为 tcp-server，tcp 端口号为 12000，超时时间为

100S。


switch_config_epon0/1:1# epon onu serial-mode tcp-server port 12000 timeout 100

2.26 epon onu serial-remote

Syntax

epon onu serial-remote index

no epon onu serial-remote index

配置 ONU 的串口前置机 IP 地址。

Parameter


index 前置机索引

Default value

无前置机 IP 地址。

Remarks


- 39 -


Example

配置 LLID 端口 epon0/1:1 串口前置机 IP 地址为索引 1 对应的 IP 地址。

switch_config# serial-bridge remote 1 address 10.0.0.1


switch_config_epon0/1:1# epon onu serial-remote 1

2.27 epon onu vlan

Syntax

epon onu vlan word

no epon onu vlan word

在 ONU 上创建或删除 vlan。

Parameter


word Vlan id范围。 Value range: 1-4094

Default value

None

Remarks


Example

配置 LLID 端口 epon0/1:1 下的 ONU 上创建 vlan 1-20。


switch_config_epon0/1:1# epon onu vlan 1-20

- 40 -


2.28 show epon interface onu basic-info

Syntax

show epon interface slot/port:sequence onu basic-info

To display the basic ONU information, run the previous command.

Parameter


slot/por[:sequence The slot parameter stands for the slot number, the port parameter stands for the EPON port number and the sequence parameter stands for the LLID sequence.

Default value

None

Command mode

Any mode will do.

Remarks

The basic ONU information cannot be displayed until ONU is registered.

Example

The following is the basic ONU information of port e0/1:1.

OLT_config#show epon interface epon 0/1:1 onu basic-info ONU Building version: 10.0.1A ONU Compiled time: 15:49:06, Aug 28 2009 ONU SDK software version: 3.4.2.2 ONU chip type: CS8016.B0 ONU chip version: 0 ONU loader version: 02.00.01-1241677674 EEPROM Control Flag : 0xaa MAC address : 00e0.0f46.5f41 EEPROM version : 1 HEC mode : 0 IGMP snooping mode : 1 OAM version : 0

- 41 -


I2C interface mode : 1 MPCP timeout : 1000 Vendor code : 0 Model number : 0 Hardware version : 0 Year : 0 Week : 256 Serial number : 12200110 CRC Mode : 0 Query Key : 0 Disable auto reset : 0 Enable tk default mode : 0 Normal bringup mode : 1 PON Laser always on : 0 PON Laser ctrl polarity : 0 PON admin status : 1 UNI port MAC type : 0 UNI Auto negotiation : 1 UNI MII type : 3 UNI PinStrapOverWrite : 0 UNI admin status : 1 Security flag 802.1x mode : 1 Security flag UNI port control : 0 Security flag mcst/bcst control: 1 Security flag dot1x tunnel : 0 IOPVendorCode : 255 ONUConfigCode : 254 ONUCtrlVlan : 0 ctc_onu : 0x11-0x11-0x11 Laser on time : 64 Laser off time : 64 CTC OAM Bypass Mode : 0 CRC Mode Config : 0 FEC Enabled : 0 Unknown Multicast Drop : 0 Tx error detection : 0 IGMP vlan learning mode : 0 Laser Delay : 0 User vendor info : UTST/A002 Deregister backofftime : 60 Mdio address : 1 Dying Gasp Trigger Mode : 0 MII enable : 0 Switch Port Num : 4 KT ONU : 0x00-0x00-0x00 Classification Rule Num : 0

- 42 -


2.29 show epon interface onu ctc basic-info

Syntax

show epon interface slot/port:sequence onu ctc basic-info

To display the CTC-defined basic ONU information, run the previous command.

Parameter


slot/por[:sequence The slot parameter stands for the slot number, the port parameter stands for the EPON port number and the sequence parameter stands for the LLID sequence.

Default value

None

Command mode

Any mode will do.

Remarks

The basic CTC-defined ONU information cannot be displayed until ONU is registered.

Example

The following is the basic CTC-defined ONU information of port e0/1:1.

OLT_config#show epon interface epon 0/1:1 onu ctc basic-info ONU Vender ID : BDCM ONU MODEL ID : 0x20000000 ONU ID : 00e0.0fa7.0150 Hardware Version : 0x20 30 30 30 00 00 00 00 Software Version : 0x33 34 32 00 00 00 00 00 00 00 00 00 00 00 00 00 Firmware Version : 0x00 00 00 02 00 03 00 04 00 02 Chipset Vendor ID : BD Chipset MODEL ID : 0x2000 Chipset Revision : 1 Chipset Date : 08/01/29 Service Supported : Support GE : NO Support FE : YES Support VOIP : NO

- 43 -


Support TDM CES : NO Number of GE Ports : 0 Bitmap of GE Ports : Number of FE Ports : 4 Bitmap of FE Ports : 1-4 Number of POTS ports: 0 Number of E1 port : 0 Number of US Queues : 8 QueueMax per US Port: 8 Number of DS Queues : 8 QueueMax per DS Port: 8 Battery Backup : 0 OLT_config#

2.30 show epon onu mac address-table

Syntax

show epon interface interface-id onu mac address-table

To display the ONU MAC address table, run the previous command.

Parameter


interface-id Stands for the LLID port ID.

Default value

None

Remarks

This command is used to display the ONU MAC address table.

Example

The following information shows the ONU MAC address table of the LLID port, epon0/1:1.

switch#show epon interface epon 0/1:1 onu mac address-table

- 44 -


Chapter 3 Remote UNI Control Commands of ONU

3.1 Remote UNI Control Commands of ONU

Global remote control commands of ONU are shown below:

epon onu port ctc vlan mode

epon onu port ctc vlan translation-entry

epon onu port ctc vlan aggregation-entry

epon onu port ctc flow-control

epon onu port mac address-table dynamic maximum

epon onu port storm-control

epon onu port ctc rate-limit

epon onu port loopback detect

epon onu port duplex

epon onu port speed

epon onu port ctc auto-negotiation

epon onu port block mac

epon onu port default-cos

epon onu port ctc shutdown

epon onu port qos policy

epon onu port ctc qos policy

epon onu port mac access-group

epon onu port ip access-group

epon onu serial serial-attribute

epon onu serial serial-buffer

epon onu serial serial-keepalive

epon onu serial loopback detect

show epon onu {port | serial} statistics

- 45 -


show epon onu {port | serial} state

show epon onu port ctc vlan

3.2 epon onu port ctc vlan mode

Syntax

epon onu port port-num ctc vlan mode {transparent | tag value | translation value | vlan-stacking value | aggregation value }

no epon onu port port-num ctc vlan mode

To set the processing mode of UNI VLAN Tag of ONU, run the previous command.

Parameter


num Stands for the UNI port.

value Stands for the PVID value of the UNI interface and this value ranges from 1 to 4094.

Default value

The default processing mode of VLAN tag is transparent.

Command mode


Remarks

None

Example

The following example shows how to set the processing mode of UNI VLAN tag of ONU to tag.

switch_config_e0/1:1# epon onu port 1 ctc vlan mode tag pvid 3

3.3 epon onu port ctc vlan translation-entry

Syntax

epon onu port num ctc vlan translation-entry old-vid new-vid

- 46 -


no epon onu port num ctc vlan translation-entry old-vid new-vid

This command is used to set the translation entries of the ONU UNI port.

Parameter


num Stands for the UNI port number.

old-vid Stands for the value of the SPVLAN translation entries of the UUI port, which ranges between 1 and 4094.

new-vid Stands for the value of the CVLAN translation entries of the UUI port, which ranges between 1 and 4094.

Default value

None

Command mode


Remarks

The translation entry takes effect only when the VLAN of the ONU UNI port is in translation or vlan-stacking mode.

Example

The following example shows how to set the number of the translation entries of UNI1 of ONU on the EPON0/1:1 to 1000 to 2000.

OLT_config_e0/1:1# epon onu port 1 ctc vlan translation-entry 1000 2000

3.4 epon onu port ctc vlan aggregation-entry

Syntax

epon onu port num ctc vlan aggregation-entry old-vid-range new-vid

no epon onu port num ctc vlan aggregation-entry old-vid-range new-vid

This command is used to set the translation entries of the ONU UNI port.

Parameter


- 47 -


num Stands for the UNI port number.

old-vid-range Stands for the value of the SPVLAN translation entries of the UUI port, which ranges between 1 and 4094.

new-vid Stands for the value of the CVLAN translation entries of the UUI port, which ranges between 1 and 4094.

Default value

None

Command mode


Remarks

The translation entry takes effect only when the VLAN of the ONU UNI port is in aggregation mode.

Example

The following example shows how to set the number of the VLAN aggregation entries of UNI1 of ONU on the EPON0/1:1 to 101-108 to 2000.

OLT_config_e0/1:1# epon onu port 1 ctc vlan aggregation-entry 101-108 2000

3.5 epon onu port ctc flow-control

Syntax

epon onu port num ctc flow-control

no epon onu port num ctc flow-control

To configure flow control for an ONU interface, run epon onu port num flow-control.

Parameter


num Stands for the ONU UNI port ID.

Default value

The flow control function of the port is disabled by default.

- 48 -


Remarks


Example

The following example shows how to enable the flow control of ONU UNI port 1 which corresponds to the LLID port, epon0/1:1.


switch_config_epon0/1:1# epon onu port 1 ctc flow-control

3.6 epon onu port mac address-table dynamic maximum

Syntax

epon onu port port-num mac address-table dynamic maximum addr-num

no epon onu port port-num mac address-table dynamic maximum

To configure the maximum number of MAC addresses for a port, run the first one of the previous two commands.

Parameter


port-num Stands for the ONU UNI port ID.

addr-num Stands for the maximum number of MAC addresses, which ranges between 1 and 255.

Default value

The number of addresses is not limited.

Remarks


Example

The following example shows how to set the maximum number of MAC addresses of ONU UNI port 2 which corresponds to the LLID port, epon0/1:1.


switch_config_epon0/1:1# epon onu port 2 mac address-table dynamic maximum 3

- 49 -


3.7 epon onu port storm-control

Syntax

epon onu port port-num storm-control mode mode-num threshold count

no epon onu port port-num storm-control

To configure storm control for an ONU UNI port, run epon onu port port-num storm-control mode mode-num threshold count.

Parameter



mode-num

Storm control mode:

1、 Only the broadcast packets are limited.

2、 Both broadcast and multicast packets are limited.

3、 Broadcast/multicast/unknown unicast packets are limited.

4、 All packets are limited.

count Defines the threshold flux of the storm. Value range: 256~100000

Default value

The storm control function is disabled by default.

Remarks


Example

The following example shows how to set the storm control rate of the ONU UNI1 port, which corresponds to the Epon0/1:1 port, to 1000.


switch_config_epon0/1:1# epon onu storm-control mode 1 threshold 1000

- 50 -


3.8 epon onu port ctc rate-limit

Syntax

epon onu port port-num ctc rate-limit band { ingress | egress}

no epon onu port port-num ctc rate-limit { ingress | egress}

To configure the rate limitation for an ONU port, run epon onu port port-num rate-limit band { ingress | egress}.

Parameter



band Means the rate of the flow. The flow rate for the 100M port is from 64Kbps to 100Mbps and the step is 1Kbps.

ingress Functions on the ingress port.

egress Functions on the egress port.

Default value

The rate limitation is shut down on the port by default.

Remarks


Example

The following example shows how to set rate limitation of ONU UNI port 1, which corresponds to the LLID port, epon0/1:1, to 128Kbps.


switch_config_epon0/1:1# epon onu port 1 ctc rate-limit 128 egress

3.9 epon onu port loopback detect

Syntax

epon onu port port-num loopback detect

no epon onu port port-num loopback detect

- 51 -


To configure loopback detection for an ONU UNI port, run epon onu port port-num loopback detect.

Parameter



Default value

The loopback detection of the port is shut down.

Remarks


Example

The following example shows how to enable loopback detection on ONU UNI port 1.


switch_config_epon0/1:1# epon onu port 1 loopback detect

3.10 epon onu port duplex

Syntax

epon onu port port-num duplex { half | full | auto }

no epon onu port port-num duplex

To configure the duplex mode on the ONU UNI port, run epon onu port port-num duplex { half | full | auto }.

Parameter



half Sets the duplex mode of the port to half duplex.

full Sets the duplex mode of the port to full duplex.

auto Sets the duplex mode of the port to auto-negotiable.

- 52 -


Default value

The default duplex mode of the port is auto-negotiable.

Remarks


Example

The following example shows how to set ONU UNI port 1, which corresponds to the LLID port, epon0/1:1, to full deplex.


switch_config_epon0/1:1# epon onu port 1 duplex full

3.11 epon onu port speed

Syntax

epon onu port port-num speed { 10 | 100 | auto }

no epon onu port port-num speed

To configure the speed of ONU UNI port, run epon onu port port-num speed { 10 | 100 | auto }.

Parameter



10 Sets the speed of a port to 10M.

100 Sets the speed of a port to 100M.

auto Sets the speed of the interface to auto.

Default value

Automatic negotiation

Remarks


- 53 -


Example

The following example shows how to set the speed of ONU UNI port 1, which corresponds to the LLID port, epon0/1:1, to 100M.


switch_config_epon0/1:1# epon onu port 1 speed 100

3.12 epon onu port ctc auto-negotiation

Syntax

epon onu port port-num ctc auto-negotiation

no epon onu port port-num ctc auto-negotiation

The above-mentioned commands are used to enable or disable the auto negotiation of the ONU UNI port.

Parameter



Default value

The auto negotiation is enabled by default.

Remarks


Example

The following example shows how to enable the auto-negotiation of ONU which corresponds to the LLID port, epon0/1:1.


switch_config_epon0/1:1# epon onu port 1 ctc auto-negotiation

- 54 -


3.13 epon onu port block mac

Syntax

epon onu port port-num epon onu port port-num block mac {src H.H.H | dest H.H.H}

no epon onu port port-num epon onu port port-num block mac {src H.H.H | dest H.H.H}

To set the frame filtration of ONU UNI port, run epon onu port port-num epon onu port port-num block mac {src H.H.H | dest H.H.H}.

Parameter



H.H.H Stands for the MAC address.

Default value

None

Remarks


Example

The following example shows how to set the speed of ONU UNI port 1, which corresponds to the LLID port, epon0/1:1, to 100M.


switch_config_epon0/1:1# epon onu port 1 block mac src 0.0.1 dest 0.0.2

3.14 epon onu port default-cos

Syntax

epon onu port port-num default-cos value

no epon onu port port-num default-cos

- 55 -


To set the default CoS Value of the ONU UNI port, run epon onu port port-num default-cos value.

Parameter



value Stands for the default CoS value.

Default value

0

Remarks


Example

The following example shows how to set the default CoS value of ONU UNI port 1, which corresponds to the LLID port, epon0/1:1, to 2.


switch_config_epon0/1:1# epon onu port 1 default-cos 2

3.15 epon onu port ctc shutdown

Syntax

epon onu port num ctc shutdown

no epon onu port num ctc shutdown

To enable the ONU UNI port, run epon onu port num ctc shutdown. To disable the ONU UNI port, run no epon onu port num ctc shutdown.

Parameter


num Stands for the ONU UNI port ID.

Default value

The UNI port is enabled by default.

- 56 -


Remarks


Example

The following example shows how to set ONU UNI port 1, which corresponds to the LLID port, epon0/1:1.


switch_config_epon0/1:1# epon onu port 1 ctc shutdown

3.16 epon onu port qos policy

Syntax

epon onu port num qos policy name

no epon onu qos policy name

To configure the QoS policy of the ONU UNI port, run epon onu port num qos policy name.

Parameter


num Stands for the ONU UNI port number.

name Stands for the name of QoS policy mapping.

Default value

None

Remarks


At present, the policy map only supports the following actions: drop, forward, bandwidth and edit the vlan tag of the outer layer.

Example

The following example shows how to apply the QoS policy map, pmap, on ONU port 1, which corresponds to the LLID port, epon0/1:1.


- 57 -


switch_config_epon0/1:1# epon onu port 1 ctc qos policy pmap

3.17 epon onu port ctc qos policy

Syntax

epon onu port num ctc qos policy name

no epon onu qos policy name

To set the QoS policy of the ONU UNI port, run epon onu port num ctc qos policy name.

Parameter



name Stands for the name of QoS policy mapping.

Default value

None

Remarks


At present, the action of the policy map only supports cos and queue, which of course depends on different ONUs.

Example

The following example shows how to apply the QoS policy map, pmap, on ONU, which corresponds to the LLID port, epon0/1:1.


switch_config_epon0/1:1# epon onu port 1 ctc qos policy pmap

3.18 epon onu port mac access-group

Syntax

epon onu port num mac access-group name

- 58 -


no epon onu port num mac access-group name

To set the MAC access list of the ONU UNI port, run epon onu port num mac access-group name.

Parameter



name Stands for the name of the MAC access list.

Default value

None

Remarks


Example

The following example shows how to apply the MAC access list, mac1, on port 1 of ONU, which corresponds to the LLID port, epon0/1:1.


switch_config_epon0/1:1# epon onu port 1 mac access-group mac1

3.19 epon onu port ip access-group

Syntax

epon onu port num ip access-group name

no epon onu port num ip access-group name

To set the IP access list of the ONU UNI port, run epon onu port num ip access-group name.

Parameter



name Stands for the name of the MAC access list.

- 59 -


Default value

None

Remarks


Example

The following example shows how to apply the IP access list, p1, on port 1 of ONU, which corresponds to the LLID port, epon0/1:1.


switch_config_epon0/1:1# epon onu port 1 ip access-group p1

3.20 epon onu serial serial-attribute

Syntax

epon onu serial num serial-attribute {speed speed-value | databits databits-value | stopbits stopbits-value | parity {none | odd | even | space | mark} | flow-control {none | software | hardware} | bus-type { RS232 | RS485} | duplex {half | full}}

no epon onu serial num serial-attribute [speed | databits | stopbits | parity | flow-control | bus-type | duplex]

To set the attributes of a serial interface of ONU, run the first one of the previous two commands.

Parameter


num Stands for the number of the serial interface of ONU.

speed-value Stands for the rate of the serial interface.

databits-value Stands for the data bit.

stopbits-value Stands for the stop bit.

none | odd | even | space | mark

Stands for the check mode.

none: means there is no check.

odd: means it is the odd check.

even: means it is the even check.

space: means it is the space check (0 check).

- 60 -


mark: means it is the mark check (1 check).

software | hardware Stands for the flow control mode.

software: means it is the software-based flow control mode.

hardware: means it is the hardware-based flow control mode.

RS232 | RS485 Stands for the mode of the serial interface.

RS232: Stands for the 232 mode of the serial interface.

RS485: Stands for the 485 mode of the serial interface.

half | full Duplex mode

half: half duplex

full: full duplex

Default value

Speed: 9600

databits: 8

stopbits: 1

parity: none (no check)

flow-control: none (no flow control)

bus-type: RS485

duplex: half

Remarks


Example

The following example shows how to set the speed to 115200, databits to 7, stopbits to 1, parity to odd, flow control to hardware, bus type to RS232 and duplex to half for serial interface 1 of ONU, which corresponds to the LLID port, epon0/1:1.


switch_config_epon0/1:1# epon onu serial 1 serial-attribute speed 115200 databits 7 stopbits 1 parity odd flow-control hardware bus-type RS232 duplex half

- 61 -


3.21 epon onu serial serial-buffer

Syntax

epon onu serial num serial-buffer {read-interval time | read-bytes bytes}

no epon onu serial num serial-buffer [read-interval | read-bytes]

To set the buffer of the serial interface of ONU, run the first one of the previous two commands.

Parameter



time Stands for the maximum read time of the buffer.

bytes Stands for the maximum bytes of the buffer.

Default value

read-interval：

read-bytes：

Remarks


Example

The following example shows how to set the maximum read time of the buffer of serial interface 1, which corresponds to the LLID port, epon0/1:1, to 50ms.


switch_config_epon0/1:1# epon onu serial 1 serial-buffer read-interval 50 read-bytes 1000

- 62 -


3.22 epon onu serial serial-keepalive

Syntax

epon onu serial num serial-keepalive idle idle-value timeout timeout-value count count-value

no epon onu serial num serial-keepalive

To set the keepalive function of the serial interface of ONU, run the first one of the previous two commands.

Parameter



idle-value Stands for the idle time.

timeout-value Stands for the timeout time of the keepalive packets.

count-value Stands for the transmission times of the keepalive packets.

Default value

There is no the keepalive function.

Remarks


Example

The following example shows how to enable keepalive function of serial interface 1, that is, the idle time is set to 5000ms, the timeout time to 2000ms and the transmission times to 3.


switch_config_epon0/1:1# epon onu serial 1 serial-keepalive idle 5000 timeout 2000 count 3

3.23 epon onu serial loopback detect

Syntax

epon onu serial serial-num loopback detect

- 63 -


no epon onu serial serial-num loopback detect

To configure loopback detection for an ONU serial interface, run epon onu serial serial-num loopback detect.

Parameter


serial-num ID of ONU serial interface

Default value

There is no loopback detection.

Remarks

This command is configured in LLID port configuration mode.

Example

The following example shows how to enable loopback detection of serial interface 1.


switch_config_epon0/1:1# epon onu serial 1 loopback detect

3.24 show epon onu {port | serial} statistics

Syntax

show epon interface interface-id onu {port | serial} num statistics

To display packet statistics on the ONU port, run the previous command.

Parameter



num ID of the ONU interface or the serial interface

Default value

None

- 64 -


Remarks

This command is used to show the transmission and reception of packets on the ONU port.

Example

The following example shows how to show the transmission and reception of packets on ONU UNI port 1 which corresponds to the LLID port, epon0/1:1.

switch#show epon interface epon 0/1:1 onu port 1 statistics

In Good Octets : 0 In Bad Octets : 0 In Broadcasts Frames : 0 In Multicasts Frames : 0 In Unicasts Frames : 0 In Pause Frame : 0 In MAC Received Error Frames : 0 In FCS Error Frames : 0 Undersize Frames : 0 Fragments Frames : 0 Oversize Frames : 0 Jabber Frames : 0 Out Octets : 0 Out Broadcasts Frames : 0 Out Multicasts Frames : 0 Out Unicasts Frames : 0 Out Pause Frames : 0 Out FCS Error Frames : 0 Deferred Frames : 0 Excessive Frames : 0 Single Collision Frames : 0 Multiple Collision Frames : 0 Late Frames : 0 Collisions Frames : 0 Rx/Tx 64 Octets : 0 Rx/Tx 65-127 Octets : 0 Rx/Tx 128-255 Octets : 0 Rx/Tx 256-511 Octets : 0 Rx/Tx 512-1023 Octets : 0 Rx/Tx 1024-Max Octets : 0

3.25 show epon onu {port | serial} state

Syntax

show epon interface interface-id onu {port | serial} port-num state

To display port configuration and state, run the previous command.

- 65 -


Parameter



port-num ID of the ONU interface or the serial interface

Default value

None

Remarks

This command is used to display the link state of the ONU UNI port.

Example

The following example shows how to display the state of ONU UNI port 1, which corresponds to the LLID port, epon0/1:1.

switch#show epon interface epon 0/1:1 onu port 1 state

Hardware state is Link-Down Admin state is Up Flow-Control is Disable Duplex is Auto-Duplex Speed is Auto-Speed Storm-Control is Disable

3.26 show epon onu port ctc vlan

Syntax

show epon interface interface-id onu port port-num ctc vlan

To display VLAN configuration and state of the UNI port, run the previous command.

Parameter



port-num ID of the ONU interface or the serial interface

Default value

None

- 66 -


Remarks

This command is used to display VLAN settings and its state on the ONU UNI port.

Example

The following example shows how to display the VLAN state of ONU UNI port 1, which corresponds to the LLID port, epon0/1:1.

Switch#show epon interface e0/1:1 onu port 1 ctc vlan Interface : E0/1:1 UNI : 1 VLAN mode : translate Default VLAN ID : 3 TPID : 0x0 Translation table Old VLAN ID Old TPID New VLAN ID New TPID ----------- -------- ----------- --------

- 67 -

Basic Configuration Commands - Romsat · 2016-02-03 · Baisc Configuration Commands format...

Documents

Transcript of Basic Configuration Commands - Romsat · 2016-02-03 · Baisc Configuration Commands format...