Basic Configuration Commands - Romsat · 2016-02-03 · Baisc Configuration Commands format...
Transcript of Basic Configuration Commands - Romsat · 2016-02-03 · Baisc Configuration Commands format...
Basic Configuration Commands
Table of Contents
Table of Contents
Chapter 1 System Management Commands........................................................................................................................ 1 1.1 Configuring File Management Commands............................................................................................................ 1
1.1.1 Copy.......................................................................................................................................................... 1 1.1.2 Delete........................................................................................................................................................ 2 1.1.3 dir .............................................................................................................................................................. 2 1.1.4 ip address.................................................................................................................................................. 3 1.1.5 ip route ...................................................................................................................................................... 3 1.1.6 show configuration .................................................................................................................................... 4 1.1.7 format ........................................................................................................................................................ 4 1.1.8 more .......................................................................................................................................................... 5
1.2 BasicSystemManagementCommands .................................................................................................................. 5 1.2.1 boot flash................................................................................................................................................... 6 1.2.2 cd............................................................................................................................................................... 7 1.2.3 chinese...................................................................................................................................................... 7 1.2.4 chram ........................................................................................................................................................ 8 1.2.5 date ........................................................................................................................................................... 8 1.2.6 english ....................................................................................................................................................... 9 1.2.7 md ........................................................................................................................................................... 10 1.2.8 pwd.......................................................................................................................................................... 10 1.2.9 rd ............................................................................................................................................................. 11 1.2.10 rename .................................................................................................................................................. 11 1.2.11 reboot .................................................................................................................................................... 12 1.2.12 alias ....................................................................................................................................................... 12 1.2.13 boot system flash .................................................................................................................................. 13 1.2.14 help........................................................................................................................................................ 14 1.2.15 history.................................................................................................................................................... 14 1.2.16 show alias.............................................................................................................................................. 15 1.2.17 show job ................................................................................................................................................ 16 1.2.18 show break............................................................................................................................................ 17 1.2.19 show memory........................................................................................................................................ 17
1.3 HTTP Configuration Command ........................................................................................................................... 18 1.3.1 ip http access-class ................................................................................................................................. 18 1.3.2 ip http port ............................................................................................................................................... 19 1.3.3 ip http server............................................................................................................................................ 19 1.3.4 debug ip http............................................................................................................................................ 20
Chapter 2 Terminal Service Configuration Command........................................................................................................ 21 2.1 Telnet Configuration Command ........................................................................................................................... 21
2.1.1 telnet........................................................................................................................................................ 21 2.1.2 ip telnet.................................................................................................................................................... 23 2.1.3 ctrl-shift-6+x (the current connection is mounted) ................................................................................... 24 2.1.4 where....................................................................................................................................................... 25 2.1.5 resume .................................................................................................................................................... 26 2.1.6 disconnect ............................................................................................................................................... 27
- I -
Table of Contents
2.1.7 switchkey................................................................................................................................................. 28 2.1.8 switchmsg................................................................................................................................................ 29 2.1.9 sequence-char......................................................................................................................................... 29 2.1.10 clear telnet............................................................................................................................................. 31 2.1.11 show telnet ............................................................................................................................................ 32 2.1.12 debug telnet........................................................................................................................................... 32
2.2 Terminal Configuration Command....................................................................................................................... 33 2.2.1 attach-port ............................................................................................................................................... 34 2.2.2 autocommand.......................................................................................................................................... 34 2.2.3 clear line .................................................................................................................................................. 35 2.2.4 connect.................................................................................................................................................... 35 2.2.5 disconnect ............................................................................................................................................... 35 2.2.6 exec-timeout............................................................................................................................................ 36 2.2.7 length....................................................................................................................................................... 36 2.2.8 line........................................................................................................................................................... 37 2.2.9 location .................................................................................................................................................... 37 2.2.10 login authentication ............................................................................................................................... 38 2.2.11 monitor................................................................................................................................................... 38 2.2.12 no debug all........................................................................................................................................... 38 2.2.13 password............................................................................................................................................... 39 2.2.14 resume .................................................................................................................................................. 39 2.2.15 switchkey............................................................................................................................................... 40 2.2.16 sequence-char....................................................................................................................................... 40 2.2.17 show debug........................................................................................................................................... 41 2.2.18 show line ............................................................................................................................................... 41 2.2.19 switchmsg.............................................................................................................................................. 41 2.2.20 terminal length....................................................................................................................................... 42 2.2.21 terminal monitor..................................................................................................................................... 43 2.2.22 terminal width ........................................................................................................................................ 43 2.2.23 terminal-type.......................................................................................................................................... 44 2.2.24 where..................................................................................................................................................... 44 2.2.25 width...................................................................................................................................................... 45
Chapter 3 Network Management Configuration Commands.............................................................................................. 46 3.1 SNMP Commands............................................................................................................................................... 46
3.1.1 snmp-server community .......................................................................................................................... 46 3.1.2 snmp-server contact................................................................................................................................ 47 3.1.3 snmp-server host..................................................................................................................................... 48 3.1.4 snmp-server location............................................................................................................................... 49 3.1.5 snmp-server packetsize .......................................................................................................................... 50 3.1.6 snmp-server queue-length ...................................................................................................................... 50 3.1.7 snmp-server trap-source ......................................................................................................................... 51 3.1.8 snmp-server trap-timeout ........................................................................................................................ 52 3.1.9 snmp-server view .................................................................................................................................... 52 3.1.10 snmp-server udp-port ............................................................................................................................ 54 3.1.11 snmp-server source-addr ...................................................................................................................... 54 3.1.12 snmp-server encryption......................................................................................................................... 55
- II -
Table of Contents
3.1.13 show snmp ............................................................................................................................................ 56 3.1.14 debug snmp........................................................................................................................................... 58
3.2 Configuring RMON Commands........................................................................................................................... 60 3.2.1 rmon alarm .............................................................................................................................................. 60 3.2.2 rmon event .............................................................................................................................................. 61 3.2.3 rmon collection stat ................................................................................................................................. 62 3.2.4 rmon collection history............................................................................................................................. 62 3.2.5 show rmon............................................................................................................................................... 63
3.3 Configuring PDP Commands .............................................................................................................................. 63 3.3.1 pdp timer ................................................................................................................................................. 64 3.3.2 pdp holdtime............................................................................................................................................ 64 3.3.3 pdp version.............................................................................................................................................. 65 3.3.4 pdp run .................................................................................................................................................... 65 3.3.5 pdp enable............................................................................................................................................... 66 3.3.6 show pdp traffic ....................................................................................................................................... 66 3.3.7 show pdp neighbour ................................................................................................................................ 67
Chapter 4 Maintenance and Debugging Tool Commands.................................................................................................. 68 4.1 Network Testing Tool Commands ........................................................................................................................ 68
4.1.1 ping.......................................................................................................................................................... 68 4.2 System Debugging Commands........................................................................................................................... 70 4.3 Fault Diagnosis Commands ................................................................................................................................ 70
4.3.1 logging..................................................................................................................................................... 70 4.3.2 logging buffered....................................................................................................................................... 71 4.3.3 logging console ....................................................................................................................................... 72 4.3.4 logging facility.......................................................................................................................................... 73 4.3.5 logging monitor........................................................................................................................................ 74 4.3.6 logging on................................................................................................................................................ 75 4.3.7 logging trap.............................................................................................................................................. 77 4.3.8 service timestamps.................................................................................................................................. 78 4.3.9 clear logging............................................................................................................................................ 78 4.3.10 show break............................................................................................................................................ 79 4.3.11 show controller ...................................................................................................................................... 80 4.3.12 show debug........................................................................................................................................... 82 4.3.13 show logging ......................................................................................................................................... 83
Chapter 5 SSH Configuration Commands.......................................................................................................................... 84 5.1.1 ip sshd enable ......................................................................................................................................... 84 5.1.2 ip sshd timeout ........................................................................................................................................ 84 5.1.3 ip sshd auth-method................................................................................................................................ 85 5.1.4 ip sshd access-class ............................................................................................................................... 85 5.1.5 ip sshd auth-retries.................................................................................................................................. 86 5.1.6 ip sshd clear ............................................................................................................................................ 87 5.1.7 ssh........................................................................................................................................................... 87 5.1.8 show ssh ................................................................................................................................................. 88 5.1.9 show ip sshd............................................................................................................................................ 89
Chapter 6 Other system Command.................................................................................................................................... 90
- III -
Table of Contents
6.1 The link scan command....................................................................................................................................... 90
- IV -
Baisc Configuration Commands
Chapter 1 System Management Commands
1.1 Configuring File Management Commands copy
delete
dir
ip address
ip route
show configuration
format
more
1.1.1 Copy
To read a file from the tftp server to a switch, use the copy command.
copy tftp<:filename> {flash<:filename>|rom} [ip_addr]
Parameter
Parameter Description
tftp<:filename> Read a file from the tftp server. Filename indicates the relevant filename. If not specified the filename, the system will prompt user to input the filename after executing the copy command.
flash <:filename> Write a file to the flash memory of the switch. Filename indicates the relevant filename. If not specified the filename, the system will prompt user to input the filename after executing the copy command.
rom Updates bootrom for the switch. ip_addr Specifies the IP address of tftp srever. If not specified, the
system will prompt user to input the IP address after executing the copy command.
Default
none
Command mode
monitor mode
Instrution
none
- 1 -
Baisc Configuration Commands
Example
monitor#copy tftp:switch.bin flash:switch.bin 192.2.2.1 The example shows how to read the switch.bin file from the tftp server to the
flash memory of the switch.
Related commands
none
1.1.2 Delete
To delete a file, use the delete command.
delete file-name
Parameter
Parameter Description
file-name Specifies the filename (maximum 20 characters)
Default
If the file name is not specified, the system will delete the startup-config file by default.
Command mode
monitor mode
Instruction
none
Related commands
none
1.1.3 dir
To display filename, use the dir command.
dir file-name
Parameter
Parameter Description
file-name Specifies the filename (maximum 20 characters)
- 2 -
Baisc Configuration Commands
Default
none
Command mode
monitor mode
Instruction
none
Related commands
none
1.1.4 ip address
To set an IP address for an Ethernet interface, use the ip address command.
ip address ip-address mask
Parameter
Parameter Description
ip-address IP address mask IP network mask
Default
none
Command mode
monitor mode
Instruction
none
Example
monitor#ip address 192.168.1.1 255.255.255.0
Related commands
ip route
ping
1.1.5 ip route
To specify a default gateway, use the ip route default command.
ip route default gw_ip_addr
- 3 -
Baisc Configuration Commands
Parameter
Parameter Description
gw_ip_addr Default gateway address
Default
none
Command mode
monitor mode
Instrution
none
Example
monitor#ip route default 192.168.1.3
Related commands
ip address
1.1.6 show configuration
To display the running configuration file, use the show configuration command.
show configuration
Parameter
none
Default
none
Command mode
monitor mode
Instrution
none
Related commands
none
1.1.7 format
To format file system, use the format command.
- 4 -
Baisc Configuration Commands
format
Parameter
none
Default
none
Command mode
EXEC
Instrution
All files in the file system will de deleted after executing the format command.
Related commands
none
1.1.8 more
To display the contents of a file, use the more command.
more file-name
Parameter
Parameter Description
file-name Specifies the name of a file (maximum 20 characters)
Default
none
Command mode
EXEC
Instrution
If all files are displayable characters, they will be displayed in ASCII format, or they will be displayed binary format.
Related commands
none
1.2 BasicSystemManagementCommands bootflash
- 5 -
Baisc Configuration Commands
cd
chinese
english
chram
date
debub job
md
pwd
rd
rename
reboot
show break
show memory
alias
boot system flash
help
history
job
jobd
show alias
show job
1.2.1 boot flash
To enable the system from the specified file in monitor mode, use the boot flash command.
boot flash filename
parameter
parameter Description
filename The specified file name.
default
none
command mode
monitor mode
command mode
Use the boot flash command to enable the device after user entering the monitor mode.
- 6 -
Baisc Configuration Commands
example
monitor#boot flash switch.bin
related commands
none
1.2.2 cd
To change the current directory, use the cd command.
cd directory|..
parameter:
parameter description
directory Name of the directory. (maximum 20 characters)
.. Upper directory.
default
none
command mode
monitor mode
command mode
none
example
monitor#cd my_dir
related commands
pwd
1.2.3 chinese
To switch command prompt to chinese mode, use the chinese command.
parameter
(1) none
default
none
- 7 -
Baisc Configuration Commands
command mode
monitor mode
command mode
none
example
none
related commands
none
1.2.4 chram
To modify memory data, use the chram command.
chram mem_addr value
parameter
parameter description
mem_addr Memory address in Hex format. Range is from 0 to 0x01FFFF00 (it depends on the memory volume of the switch)
value Memory data in Hex format
default
none
command mode
Monitor mode
command mode
This is a debugging command which is not recommended for user to use.
example
none
related commands
none
1.2.5 date
To set the absolute time, use the date command.
- 8 -
Baisc Configuration Commands
parameter
none
default
none
command mode
monitor mode
command mode
This command is used to set the abslute time for the system. For the switch with a battery-powered clock, the clock will be powered by the battery. If the clock doesn’t keep good time, you need to change the battery.
For the swich without a battery-powered clock, the system date is configured to July 1st, 1970 after the reboot of the switch, and user needs to set the current time each time when starting the switch.
example
monitor#date The current date is 2000-7-27 21:17:24 Enter the new date(yyyy-mm-dd):2000-7-27 Enter the new time(hh:mm:ss):21:17:00
related commands
1.2.6 english
To switch the command prompt to english mode, use the english command.
parameter
none
default
none
command mode
monitor
instruction
none
- 9 -
Baisc Configuration Commands
example
none
related commands
none
1.2.7 md
md directory
parameter
parameter description
directory Name of directory (maximum 20 characters)
default
none
command mode
monitor
instruction
To set a directory, use the md command
related commands
none
1.2.8 pwd
parameter
none
default
none
command mode
monitor mode
instruction
to display the current directory, use the pwd command
- 10 -
Baisc Configuration Commands
related commands
none
1.2.9 rd
rd directory
parameter
parameter Description
directory Name of the directory( maximum 20 characters)
default
none
command mode
monitor mode
instruction
The system prompts if the directory is not empty. The system prompts if the directory doesn’t exist. To delete a command, use the rd command.
related commands
none
1.2.10 rename
To rename a file in a file system, use the rename command.
rename old_file_name new_file_name
parameter
parameter description
old_file_name The original filename. new_file_name The new filename.
default
none
command mode
monitor mode
- 11 -
Baisc Configuration Commands
instruction
none
related commands
none
1.2.11 reboot
To reboot a switch, use the reboot command.
parameter
none
default
none
command mode
monitor mode
instruction
none
related commands
none
1.2.12 alias
[no] history [ + <count> | - <count> | clear]
parameter
parameter description
+ <count> To display the count<1-20> historial command from the beginning to the end
- <count> To display the count<1-20> historial command from the end to the beginning
default
If there are no more than 20 commands executed, all historical command lines will be displayed from the beginning to the end. If there are more than 20 commands executed, all historical command lines will be displayed from the beginning to the end.
comand mode
Random command mode
- 12 -
Baisc Configuration Commands
explanation
The modularized switch can save up to 20 historical commands. You can invoke these commands with the "up" or “down” key or directly use it after edition. The command is used to browse the history command. You can run the [no] history command to delete the history command.
example
The following example shows the latest five historical commands from the end to the beginning: switch#history - 5 config int e0/1 no ip addr ip addr 192.2.2.49 255.255.255.0 exit
relative command
None
1.2.13 boot system flash
Run the boot system flash command to specify the systematic mirroring files when the system is started up. Run the no boot system flash command to delete the previous configuration.
boot system flash filename
no boot system flash filename
Parameter
Parameter Description
filename It is the specified filename, which contains no more than 20 characters.
Default
None
Command mode
Global configuration mode
Instruction
If you have not configured the command, the system will execute the first systematic mirroring file in the flash file system. If you have configured multiple commands, the system will execute the mirroring files one by one. If the file does not exist or the check sum is wrong, the system will execute the next file. If both fail, the system will run at the monitoring state.
- 13 -
Baisc Configuration Commands
Example
config#boot system flash switch.bin
Relative command
None
1.2.14 help
help
Parameter
None
Default
None
Command mode
Management mode
Instruction
The command is used to display the help system of the switch.
Example
After you enter the command, the help system of the switch is displayed. switch# help Help may be requested at any point in a command by entering a question mark '?',If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options. Two styles of help are provided: 1. Full help is available when you are ready to enter a command argument (e.g.'show ?') and describes each possible argument. 2. Partial help is provided when an abbreviated argument is entered and you want to know what arguments match the input (e.g. 'interface e?'.)
Relative command
None
1.2.15 history
The command is used to check the historical commands. Run the [no] history command to delete the historical commands.
[no] history [ + <count> | - <count> | clear]
Parameter
Parameter Description
- 14 -
Baisc Configuration Commands
+ <count> Displays the count<1-20> historial command from the beginning to the end.
- <count> Displays the count<1-20> historial command from the end to the beginning.
Default
If there are no more than 20 commands executed, all historical command lines will be displayed from the beginning to the end. If there are more than 20 commands executed, all historical command lines will be displayed from the beginning to the end.
Command mode
Abandom command mode
Instruction
The modularized switch can save up to 20 historical commands. You can invoke these commands with the "up" or “down” key or directly use it after edition.
Example
The following example shows the latest five commands from the end to the beginning: switch#history - 5 config int e1/1 no ip addr ip addr 192.2.2.49 255.255.255.0 exit
Relative command
None
1.2.16 show alias
It is used to display all aliases or the designated alias.
show alias [<alias name>]
Parameter
Parameter Description
alias name The alias of the command
Default
Display all aliases according the format “alias name=command line”.
Command mode
Management mode or configuration mode
- 15 -
Baisc Configuration Commands
Instruction
None
Example
The following example shows how to display all aliases of the current system: switch_config#show alias hualab=date router=snmp
Relative command
alias
1.2.17 show job
It is used to display the parameters of the job and the information about job execution:
show job {paramter | status}
Parameter
Parameter Description
paramter Displays the parameters of the job.
status Displays the execution state of the job.
Default
None
Command mode
Management mode or configuration mode
Instruction
Run the show job command to browse the defined parameters and the dynamic execution state of the job.
Example
The following example shows how to display the parameters of the job: switch_config#show job parameter <showver> fires interval, first at 5, re-fires per 5 secs, on error stop will do "show ver"
The following example shows how to display the dynamic execution state of the job: Jobd disabled at 245218 seconds Name: job's name Type: none - Not scheduled, interval - Fire interval, one-shot - Fire once Status: null - Not scheduled, idle - To fire first started - Fired ever, to fire again, stopped - Can't fire
- 16 -
Baisc Configuration Commands
First: first time to fire Last: last time of firing or restarting Next-due: next time to fire(after now) Times: times fired ever Cause: auto - Automatic, error - Error meeting, command - By command
Job's status and statistics ===========================
Name Type State First Last Next-due Times Cause ------------------------------------------------------------------------------
showver interval idle 5 * * 2 auto ------------------------------------------------------------------------------
Total 1 jobs, 0 null, 1 idle, 0 started, 0 stopped
Relative command
debug job
job
jobd
1.2.18 show break
It is used to display the abnormal information of the system. The system stores all abnormal information in the latest running. The abnormal information contains the times of abnormity, the stack content and the invoked functions when abnormity occurs.
Parameter
None
Default
None
Command mode
Monitoring state
Instruction
The command is only used for debugging.
Relative command
None
1.2.19 show memory
It is used to display the content of the system memory.
show memory mem_addr
Parameter
Parameter Description
- 17 -
Baisc Configuration Commands
mem_addr Memory address in hex, which ranges from 0 to 0x01FFFF00 (decided by the memory capacity of the switch).
Default
None
Command mode
Monitoring state
Instruction
None
Relative command
None
1.3 HTTP Configuration Command The following are HTTP configuration commands:
ip http access-class
ip http port
ip http server
debug ip http
1.3.1 ip http access-class
Command description
ip http access-class string
no ip http access-class
Run the command ip http access-class to ensure the designated HTTP query is accepted.
Parameter
Parameter Description
string The designated standard access list whose range is N/A.
Default
no ip http access-class
Instruction
Set the designated standard access list before running the command.
Run the command no ip http access-class to cancel the HTTP service limitation of the access list.
- 18 -
Baisc Configuration Commands
Command mode
Global configuration mode
Example
switch_config# ip access-list standard http-acl switch_config_std_nacl# permit 192.2.2.37 255.255.255.0 switch _config_std_nacl# exit switch _config# ip http access-class http-acl
1.3.2 ip http port
Command description
ip http port number
Run the command ip http port to designate the listening port of the http service.
Parameter
Parameter Description
number The service port number, ranging from 1 to 65535
Default
The default HTTP service port number of the browser is 80.
Explanation
After running the http port command, shut down the previous listening port and then use the designated port to accept the http service request if the http service is started up. If the http service is not started, the ip http port command is temporarily useless.
Command mode
Global configuration mode
Example
The following example shows how to modify the http port from 80 to 90: switch _config# ip http server switch _config# ip http port 90
1.3.3 ip http server
Command description
ip http server
no ip http server
To start up the http service, run the command ip http server.
- 19 -
Baisc Configuration Commands
Parameter
None
Default
no ip http server
Instruction
Run the command ip http server to enable the switch to accept the HTTP service request through the designated port, handle the request and return the result to the browser.
Command mode
Global configuration mode
Example
The following example shows how to start up the http service: switch _config# ip http server
1.3.4 debug ip http
Command description
debug ip http
The previous command is used to export the debugging information during http service running. You can use the no command to resume the default value.
Parameter
None
Default
no debug ip http
Instruction
None
Command mode
Global configuration mode
Example
The following example shows how to enable HTTP debugging output: switch# debug ip http switch#
- 20 -
Baisc Configuration Commands
Chapter 2 Terminal Service Configuration Command
2.1 Telnet Configuration Command The chapter describes telnet and relative commands. The telnet command is used to establish a session with the remote server. The telnet command is always working at the UNIX operating systems. Option negotiation is required. Telnet does not provide itself the login authentication. Telnet is different from Rlogin because telnet does not provide itself password check.
The following are telnet configuration commands:
telnet
ip telnet
where
disconnect
resume
switchkey
switchmsg
sequence-char
clear Telnet
show Telnet
debug Telnet
2.1.1 telnet
The following is a command sentence for establishing a telnet session:
telnet server-ip-addr/server-host-name [/port port][/source-interface interface] [/local local-ip-addr] [/debug][echo/noecho] [/script scriptname]
Parameter
Parameter Description
server-ip-addr Dotted-decimal IP address of the remote server
server-host-name Name of the remote server, which is configured by the ip host command
port Telnet port of the remote server interface Local interface where the telnet connection is originated local-ip-addr Local IP address where the telnet connection is originated
/debug A negotiation process for openning the debug at the client side and printing the connection
echo/noecho Enable or disable the local echo. The default value is noecho. scriptname A script name used for auto login
- 21 -
Baisc Configuration Commands
Default
The default port number is 23. The interface has no default number.
Command mode
Management mode
Instruction
You can use one of the following command lines to establish a remote login. telnet server-ip-addr/server-host-name
In this case, the application program directly sends the telnet login request to port 23 of the remote server. The local IP address is the IP address which is nearest to the peer and found by the routing table.
telnet server-ip-addr/server-host-name /port port
In this case, the application program sends a telnet login request to the port of the peer. telnet server-ip-addr/server-host-name /source-interface interface
In this case, the application program uses the IP address on the interface ass the local IP address.
telnet server-ip-addr/server-host-name /debug
In this case, the application program opens the debug and exports the connection at the client side. telnet server-ip-addr/server-host-name echo/noecho
In this case, the application program enables or disables the local echo. The local echo is disabled by default. The echo is completed at the server side. Only when the server is not in charge of echo is the local echo enabled.
telnet server-ip-addr/server-host-name /script scriptname
Before executing the automatic login command of the script, run the command ip telnet script to configure the script.
The previous commands can be used together.
During the session with the remote server, you can press the Q button to exit the session. If the session is not manually closed, the session will be complete after a 10-second timeout.
Example
Suppose you want to telnet server 192.168.20.124, the telnet port of the server is port 23 and port 2323, and the local two interfaces are e1/1(192.168.20.240) and s1/0(202.96.124.240). You can run the following operations to complete the remote login.
1.telnet 192.168.20.124 /port 2323
In this case, the telnet connection with port 2323 of the peer is to be established. The local IP address of the peer is 192.168.20.240.
2.telnet 192.168.20.124 /source-interface s1/0 In this case, the telnet connection with port 23 of the peer is to be established. The local IP address of the peer is 202.96.124.240.
3.telnet 192.168.20.124 /local 192.168.20.240
- 22 -
Baisc Configuration Commands
In this case, the telnet connection with port 23 of the peer is to be established. The local IP address of the peer is 192.168.20.240.
4.telnet 192.168.20.124 /debug In this case, the telnet connection negotiation with port 23 of the peer will be printed out.
5.telnet 192.168.20.124 /echo In this case, the local echo is enabled. If the echo is also enabled at the server side, all input will be echoed twice.
6.telnet 192.168.20.124 /script s1 Use login script S1 for automatic login.
2.1.2 ip telnet
The following are the configuration command formats of the telnet session:
ip telnet source-interface vlan value
ip telnet access-class accesslist
ip telnet listen-port start-port [end-port]
ip telnet script scriptname ‘user_prompt’ user_answer ‘pwd_prompt’ pwd_answer
Parameter
Parameter Description
value Local interface where the telnet request is originated
accesslist Access list name to limit the source address when the local client receives the connection
start-port Starting port number designated at the listening port area end-port End port number designated at the listening port area scriptname Name of the login script user_prompt Username prompt returned by the telnet server user_answer Username response information from the client side pwd_prompt Password prompt returned by the telnet server pwd_answer Password response information submitted by the client side
Default
None
Command mode
Global configuration
Instruction
Run the following command to configure the local interface for originating the telnet connection:
ip telnet source-interface interface
- 23 -
Baisc Configuration Commands
In this case, all telnet connections originated afterwards are through the interface. The configuration command is similar to the command telnet source-interface interface. However, the telnet command has no interface parameters followed. When the interface is configured and the telnet command has interface parameters, the interface followed the telnet command is used.
Run the following command to configure the name of the access list which performs limitation on local telnet connection reception.
ip telnet access-class accesslist In this case, the access list will be checked when the server accepts all telnet connections.
Run the following command to configure a port, except the default port 23, to receive the telnet service.
ip telnet listen-port start-port [end-port] Explanation: If the end port number is not designated, the listening will be executed at a specific port. The number of the designated ports cannot be bigger than 16 and the port number ranges between 3001 and 3999.
Run the following command to configure the telnet login script.
ip telnet script s1 ‘login:’ switch ‘Password:’ test Explanation: When the script is configured, the username prompt and password
prompt and their answers must be correctly matched, especially the prompt information is capital sensitive and has inverted comma (‘’). If one of them is wrongly configured, the automatic login cannot be performed.
Note:
You can add the NO prefix on the above four commands and then run them to cancel previous configuration.
Example
1.ip telnet source-interface s1/0
In this case, the s1/0 interface will be adopted to originate all telnet connections afterwards.
2.ip telnet access-class abc
In this case, all the received telnet connections use access list abc to perform the access list check.
3.ip telnet listen-port 3001 3010
Except port 23, all ports from port 3001 to port 3010 can receive the telnet connection.
4.ip telnet script s1 ‘login:’ switch ‘Password:’ test
The login script s1 is configured. The username prompt is login: and the answer is switch. The password prompt is Password: and the answer is test.
2.1.3 ctrl-shift-6+x (the current connection is mounted)
Run the following command to mount the current telnet connection:
ctrl-shift-6+x
- 24 -
Baisc Configuration Commands
Parameter
None
Default
None
Command mode
Any moment in the current telnet session
Instruction
You can use the shortcut key to mount the current telnet connection at the client side.
Example
switchA>telnet 192.168.20.1 Welcome to Multi-Protocol 2000 Series switch switchB>ena switchB#(press ctrl-shift-6+x) switchA>
You press ctrl-shift-6+x to mount the telnet connection to switch B and return to the current state of switch A.
2.1.4 where
Run the following command to check the currently mounted telnet session:
where
Parameter
None
Default
None
Command mode
Global configuration
Instruction
You can use the command to check the mounted outward telnet connection at the client side. The displayed information contains the serial number, peer address, local address and local port.
Note: The where command is different from the show telnet command. The former is used at the client side and the displayed information is the outward telnet connection. The latter is used at the server and the displayed information is the inward telnet connection.
- 25 -
Baisc Configuration Commands
Example
switchA>telnet 192.168.20.1 Welcome to Multi-Protocol 2000 Series switch switchB>ena switchB#(Press ctrl-shift-6+x) switchA> telnet 192.168.20.2 Welcome to Multi-Protocol 2000 Series switch switchC>ena switchC#(Press ctrl-shift-6+x) switchA>where NO. Remote Addr Remote Port Local Addr Local Port 1 192.168.20.1 23 192.168.20.180 20034 2 192.168.20.2 23 192.168.20.180 20035
Enter where at switch A. The mounted outward connection is displayed.
2.1.5 resume
It is used to resume the currently mounted outward telnet connection:
resume no
Parameter
Parameter Description
no Number of the currently mounted telnet session that is checked through the where command
Default
None
Command mode
Global configuration
Instruction
The command can be used to resume the currently mounted outward telnet connection at the client side.
Example
switchA>telnet 192.168.20.1 Welcome to Multi-Protocol 2000 Series switch switchB>ena switchB#( press ctrl-shift-6+x) switchA> telnet 192.168.20.2 Welcome to Multi-Protocol 2000 Series switch switchC>ena switchC#( press ctrl-shift-6+x) switchA>where
- 26 -
Baisc Configuration Commands
NO. Remote Addr Remote Port Local Addr Local Port 1 192.168.20.1 23 192.168.20.180 20034 2 192.168.20.2 23 192.168.20.180 20035 switchA>Resume 1 [Resuming connection 1 to 192.168.20.73 . . . ] (enter) switchB#
After you enter where at switch A and the mounted outward connection of switch A is displayed, enter Resume1. You will be prompted that connection 1 is resumed. The command prompts of switch B are displayed after the Enter key is pressed.
2.1.6 disconnect
The following command is used to clear the currently mounted outward telnet session:
disconnect no
Parameter
Parameter Description
no Number of the currently mounted telnet session that is checked through the where command
Default
None
Command mode
Global configuration
Instruction
The command can be used to clear the currently mounted outward telnet connection at the client side.
Note: The disconnect command is different from the clear telnet command. The former is used at the client side and clears the outward telnet connection. The latter is used at the server and clears the inward telnet connection.
Example
switchA>telnet 192.168.20.1 Welcome to Multi-Protocol 2000 Series switch switchB>ena switchB#(press ctrl-shift-6+x) switchA> telnet 192.168.20.2 Welcome to Multi-Protocol 2000 Series switch switchC>ena switchC#(press ctrl-shift-6+x) switchA>where NO. Remote Addr Remote Port Local Addr Local Port 1 192.168.20.1 23 192.168.20.180 20034
- 27 -
Baisc Configuration Commands
2 192.168.20.2 23 192.168.20.180 20035 switchA>disconnect 1 <Closing connection to 192.168.20.1> <y/n>y Connection closed by remote host. switchA> After you enter where at switch A and the mounted outward connection of switch A is displayed, enter disconnect 1. You will be prompted whether the connection of switch B is closed. After you enter Y, the connection is closed.
2.1.7 switchkey
The following is a command to configure the terminal switch key on the line.
switchkey key cmdalias server-name
Parameter
Parameter Description
key Compound key can be the ctrl key plus any key from A to Z, except the letter h.
cmdalias Alias of the connect command
server-name Name of the remote host, which appears in the switchover prompt and the switchover menu
Default
None
Command mode
Line configuration mode
Instruction
The command is used to configure the terminal switchover key and the corresponding command alias, and the name of the remote host on the line.
Note: 1) The parameter cmdalias must be applied at a correct command.
2) The parameter key cannot be ctrl-h.
3) The parameter server-name will appear at the switchover prompt and the switchover menu.
4) The parameter autocommand cannot be configured at the line, or the terminal switchover function is invalid.
Example
switchA>switchkey ctrl-a cona ServerA
The previous command is to configure the switchover key ctrl-a. The alias of the used command is cona. You switch to Server A.
- 28 -
Baisc Configuration Commands
2.1.8 switchmsg
The following command is used to configure whether the prompt information about the terminal switchover is exported:
switchmsg enable/disable
Parameter
Parameter Description
enable Exports the terminal switchover prompt. disable Do not export the terminal switchover prompt.
Default
disable
Command mode
Line configuration mode
Instruction
The command can be used to decide whether the switchover prompt information is exported when the terminal is switched.
Example
switchA>switchmsg enable
When the terminal is switched, export the switchover prompt information.
2.1.9 sequence-char
The following is a command to configure the terminal switchover key on the line:
sequence-char key char1 char2 char3 …
Parameter
Parameter Description
key Compound key can be the ctrl key plus any key from A to Z, except the letter h.
char1 char2 char3 … Screen character sequence relative to the specific terminal
Default
None
Command mode
Line configuration mode
- 29 -
Baisc Configuration Commands
Instruction
The command can be used to configure the switchover key and the corresponding terminal character sequence on the line.
Note: 1) The key parameter can not be ctrl-h.
2) The character sequence parameter is relative to the detailed terminal. You can find it by checking the terminal manual.
3) The character sequence parameter must be a hex value and starts from 0x. Each character is differentiated by space.
Example
Switch_config_line# sequence-char ctrl-a 0x1b 0x21 0x38 0x51 Set the character sequence of the switchover key ctrl-a to 0x1b 0x21 0x38 0x5. For other commands about alias and async, refer to relative configuration explanation.
Application Example:
The switch is configured as follows: … … … interface Serial1/1 physical-layer mode async no ip directed-broadcast async mode interactive line tty 1 switchkey CTRL-U cona ServerA sequence-char CTRL-U 0x1b 0x21 0x38 0x51 switchkey CTRL-V conb ServerB sequence-char CTRL-V 0x1b 0x21 0x39 0x51 switchkey CTRL-W conc ServerC sequence-char CTRL-W 0x1b 0x21 0x31 0x30 0x51 switchmsg enable … ... alias cona connect 192.168.20.1 alias conb connect 192.168.20.2 alias conc connect 192.168.20.3 When all the configurations are complete and the connection is established, open the terminal. The switchover menu automatically appears. After you press CTRL-U, the system automatically switches to server A and exports the prompt information about server A. After you press CTRL-V, the system automatically switches to server B on the new screen and exports the prompt information about server B. After you press CTRL-W, the system automatically switches to server C on the new screen and exports the prompt information about server C. If you press CTRL-\, the switchover menu appears on the current screen and add the asterisk mark (*) behind the current server.
The following is a result after you press CTRL-\:
- 30 -
Baisc Configuration Commands
====================================== Terminal Switch Menu 1) CTRL-U ServerA * 2) CTRL-V ServerB 3) CTRL-W ServerC
Note:
4) During multiple connection operations, if the system exits from one connection, the system will take the first connection as the current connection and the interface of the first host will appear. If the system has already exited from the first connection, it will take the second connection as the current connection and the interface of the second host will appear.
5) After all services are complete, you are recommended to directly shut down the terminal no matter how many connections are currently open.
6) Before other connections exit, you'd better not enable the system to exit from the first connection.
7) Try not to exit from a connection during operations. Switching connections is a better choice. After all operations are completer, shut down the terminal.
8) During terminal switchover, the functions to mount and resume the connection by pressing ctrl-shift-6+x are forbidden.
2.1.10 clear telnet
The following is a command format to clear the telnet session at the server:
clear telnet no
Parameter
Parameter Description
no Number of the telnet session that is displayed after the show telnet command is run
Default
None
Command mode
Management mode
Instruction
The command is used to clear the telnet session at the server.
Example
clear telnet 1 The telnet session whose sequence number is 1 is cleared at the server.
- 31 -
Baisc Configuration Commands
2.1.11 show telnet
The following is a command format to display the telnet session at the server:
show telnet
Parameter
None
Default
None
Command mode
All command modes except the user mode
Instruction
The command is used to display the telnet session at the server. The displayed information includes the sequence number, peer address, peer port, local address and local port.
Example
Switch# show telnet If you run the previous command, the result is shown as follows: NO. Remote Addr Remote Port Local Addr Local Port
1 192.168.20.220 1097 192.168.20.240 23 2 192.168.20.180 14034 192.168.20.240 23
2.1.12 debug telnet
The following is a format of the debug command for the telnet session:
debug telnet
Parameter
None
Default
None
Command mode
Management mode
Instruction
The command is used to open the switch of the telnet debug.
If the switch of the telnet debug is opened, the negotiation processes of all the incoming telnet sessions are printed on the window that the debug command invokes. The
- 32 -
Baisc Configuration Commands
debug telnet command is different from the telnet debug command. The former is to export the debug information of the telnet session connected to the server. The latter is to export the debug information of the telnet session that the client originates.
Example
debug telnet The debug information of the telnet session that is connected to the server is displayed.
2.2 Terminal Configuration Command The following are terminal configuration commands:
attach-port
autocommand
clear line
connect
disconnect
exec-timeout
length
line
location
login authentication
monitor
no debug all
password
printer enable
printer start
printer stop
resume
script activation
script callback
script connection
script dialer
script reset
script startup
sequence-char
show debug
show line
show tty-status
switchkey
switchmsg
- 33 -
Baisc Configuration Commands
terminal-type
terminal monitor
terminal width
terminal length
where
width
2.2.1 attach-port
The following command is to bind the telnet listening port to the line vty number and enable the telnet connection at a specific port generates vty according to the designated sequence number.
[no] attach-port PORT
Parameter
Parameter Description
port Listening port of the telnet server (3001-3999)
Default
None
Command mode
Line configuration mode
Example
Bind listening port 3001 to line vty 2 3. switch_config# line vty 2 3 switch_config_line#attach-port 3001
2.2.2 autocommand
It is used to set the automatically-run command when user logs in to the terminal. The connection is cut off after the command is executed.
autocommand LINE
no autocommand
Parameter
Parameter Description
LINE Command to be executed
Command mode
Line configuration mode
- 34 -
Baisc Configuration Commands
Example
switch_conf#line vty 1 switch_conf_line#autocommand pad 123456 After you successfully log in, the host whose X.121 address is 123456 will be automatically padded.
2.2.3 clear line
It is to clear the designated line.
clear line [aux | tty | vty] [number]
Parameter
Similar to the line command
Command mode
Management mode
Example
switch#clear line vty 0
2.2.4 connect
It is to connect the telnet server.
connect server-ip-addr/server-host-name {[/port port][/source-interface interface] [/local local-ip-addr]}
Parameter
Parameter Description
server-ip-addr/server-host-name IP address of the server or the host name of the server port Port number interface Name of the interface where the connection is originated local-ip-addr Local IP address where the connection is originated
Command mode
All configuration modes
Example
switch# connect 192.168.20.1
2.2.5 disconnect
It is used to delete the mounted telnet session.
disconnect N
- 35 -
Baisc Configuration Commands
Parameter
Parameter Description
N Number of the mounted telnet session
Command mode
All configuration modes
Example
switch#disconnect 1
2.2.6 exec-timeout
It is to set the maximum spare time for the terminal.
[no] exec-timeout [time]
Parameter
Parameter Description
time Spare time whose unit is second
Default
0 (No time-out limitation)
Command mode
Line configuration mode
Example
Set the spare time of the line to one hour. switch_config_line#exec-timeout 3600
2.2.7 length
It is used to set the line number on the screen of the terminal.
[no] length [value]
Parameter
Parameter Description
value A value between 0 and 512 The value 0 means there is no pause.
- 36 -
Baisc Configuration Commands
Default
24
Command mode
Line configuration mode
2.2.8 line
It is used to enter the line configuration mode.
line [aux | console | tty | vty] [number]
Parameter
Parameter Description
aux Auxiliary line, which has only one number 0
console Monitoring line, which has only one number 0
tty Asynchronous line
vty Virtual lines such as Telnet, PAD and Rlogin
number Number in the line of the type
Command mode
Global configuration
Example
The following example shows how to enter the line configuration mode of VTY 0 to 10. switch_config#line vty 0 10
2.2.9 location
It is used to recoded the description of the current line.
location [LINE]
no location
Parameter
Parameter Description
LINE Description of the current line
Command mode
Line configuration mode
- 37 -
Baisc Configuration Commands
2.2.10 login authentication
It is used to set line login authentication:
[no] line login authentication [default | WORD]
Parameter
Parameter Description
default Default authentication mode WORD Name of the authentication list
Command mode
Line configuration mode
Example
switch_conf_line#login authentication test In the example, the authentication list of the line is set to test.
2.2.11 monitor
It is used to export the log and debugging information to the line:
[no] monitor
Parameter
None
Command mode
Line configuration mode
Example
switch_config_line#monitor
2.2.12 no debug all
It is used to shut down all debugging output of the current VTY:
no debug all
Parameter
None
Command mode
Management mode
- 38 -
Baisc Configuration Commands
Example
switch#no debug all
2.2.13 password
It is used to set the password for the terminal:
password {password | [encryption-type] encrypted-password }
no password
Parameter
Parameter Description
password Password configured on the line, which is entered in the plaintext form and whose maximum length is 30 bits.
[encryption-type] encrypted-password
encryption-type means the encryption type of the password.
Currently, products only support two encryption modes: 0 and 7. The number 0 means the password is not encrypted and the plaintext of password is directly entered. It is the same as the way of directly entering the password. The number 7 means the password is encrypted through an algorithm . You need to enter the encryption text for the encrypted password. The encryption text can be copied from the configuration files of other switches.
For password encryption, refer to the explanation of the commands service password-encryption and enable password.
Command mode
(2) Line configuration mode
Example
switch_conf#line vty 1 switch_conf_line#password test The previous example shows the login password of VTY1 is set to test.
2.2.14 resume
It is used to resume the mounted telnet session:
resume N
Parameter
Parameter Description
N Number of the mounted telnet session
- 39 -
Baisc Configuration Commands
Command mode
All configuration modes
Example
switch#resume 1
2.2.15 switchkey
It is used to configure the terminal switchover key:
switchkey key cmdalias server-name
Parameter
Parameter Description
key Terminal switchover key, ranging from CTRL-A to CTRL-Z except CTRL-H
cmdalias Alias of the command that is executed when terminal switchover is performed
server-name Server name of each terminal's screen corresponds to
Command mode
Line configuration mode
Example
The following example shows how to connect to the sco1 server by the con_sco command when the switchover is performed through pressing ctrl-a: switch_config_line#switchkey ctrl-a con_sco sco1
2.2.16 sequence-char
It is used to configure the character sequence of terminal call-back when the terminal is switched:
sequence-char key char1 char2 char3 …
Parameter
Parameter Description
key Terminal switchover key char1 char2 char3 … Character sequence for call-back
Command mode
Line configuration mode
- 40 -
Baisc Configuration Commands
Example
The following example shows how to configure the character sequence of terminal call-back to 0x1b 0x21 0x38 0x51 when the terminal is switched.
switch_config_line#sequence-char ctrl-a 0x1b 0x21 0x38 0x51
2.2.17 show debug
It is used to display all debugging information of the current VTY:
show debug
Parameter
None
Command mode
Management mode or global configuration mode
Example
Switch# show debug http authentication debug is on http cli debug is on http request debug is on http response debug is on http session debug is on http erro debug is on http file debug is on TELNET: Incoming Telnet debugging is on
2.2.18 show line
It is used to display the status of the current effective line:
show line {[console | aux | tty | vty] [number]}
Parameter
(3) If there is no parameter followed, the status of all effective lines will be displayed.
The definition of other parameters is similar to that of the line command.
Command mode
All configuration modes except the user mode
2.2.19 switchmsg
It is used to decide whether the prompt information is displayed when the terminal is switched:
switchmsg enable
switchmsg disable
- 41 -
Baisc Configuration Commands
Parameter
Parameter Parameter
enable Displays the prompt information when the terminal is switched.
disable Does not display the prompt information when the terminal is switched.
Default
disable
Command mode
Line configuration mode
Example
The following example shows how to display the prompt information when the terminal is switched: switch_config_line#switchmsg enable
2.2.20 terminal length
It is used to change the line number on the current terminal screen. The parameter can be obtained by the remote host. The rlogin protocol uses the parameter to notify the remote UNIX host. Run the no terminal length command to resume the default value:
terminal length length
no terminal length
Parameter
Parameter Description
length Line number displayed on each screen
Default
Pause when 24 lines are displayed on the screen.
Command mode
Global configuration
Instruction
The command is effective only to the current terminal. When the session is complete, the terminal attribute is invalid.
Example
switch#terminal length 40
- 42 -
Baisc Configuration Commands
Relative command
line
2.2.21 terminal monitor
It is used to display the debugging output information and system faulty information at the current terminal. The negative form of the command is used to disable the monitoring:
terminal monitor
no terminal monitor
Parameter
None
Default
The system monitoring port (console) is open by default. Other terminals are closed by default.
Command mode
Global configuration
Instruction
The command is effective only to the current terminal. When the session is complete, the terminal attribute is invalid.
Example
switch#terminal monitor
Relative command
line
debug
2.2.22 terminal width
In default settings, the switch is to export 80 characters in each line. If the default settings cannot meet your requirements, you can reset it. The parameter can be obtained by the remote host. Run the terminal width command to set the character number in each line. Run the no terminal width command to resume to the default value.
terminal width number
no terminal width
Parameter
Parameter Description
number Character number of each line
- 43 -
Baisc Configuration Commands
Default
80 characters in each line
Command mode
Global configuration
Instruction
The command is effective only to the current terminal. When the session is complete, the terminal attribute is invalid.
Example
switch#terminal width 40
Relative command
line
2.2.23 terminal-type
It is used to set the terminal type:
[no] terminal-type [name]
Parameter
Parameter Description
name Terminal name Terminal types currently supported are VT100, ANSI and VT100J.
Default
ANSI
Command mode
Line configuration mode
2.2.24 where
It is used to check the currently mounted outward telnet session at the client side:
where
Parameter
None
Command mode
All configuration modes
- 44 -
Baisc Configuration Commands
Example
switch#where
2.2.25 width
It is used to set the terminal width of the line:
[no] width [value]
Parameter
Parameter Description
value A value between 0 and 512 The value 0 means no execution.
Default
80
Command mode
Line configuration mode
- 45 -
Baisc Configuration Commands
Chapter 3 Network Management Configuration Commands
3.1 SNMP Commands The following are SNMP commands:
snmp-server community
snmp-server contact
snmp-server host
snmp-server location
snmp-server packetsize
snmp-server queue-length
snmp-server trap-source
snmp-server trap-timeout
snmp-server view
show snmp
debug snmp
3.1.1 snmp-server community
Run the command snmp-server community in global configuration mode to permit accessing the community character string of SNMP. Use the negative form of the command to delete the designated community character string.
snmp-server community string [view view-name] [ro | rw] [word]
no snmp-server community string
Parameter
Parameter Description
string Community character string to access SNMP as the password does
view view-name View name that is predefined (optional) The view defines the MIB objects effective to the community.
ro Designates the read-only permission (optional). The authorized management station can only read MIB objects.
rw Designates the read-write permission (optional). The authorized management station can read and modify MIB objects.
word Designates the access list name of the SNMP agent which can be accessed through the community character string.
- 46 -
Baisc Configuration Commands
Default
The SNMP community character string can only read all objects.
Command mode
Global configuration
Instruction
If no parameter is followed, the configuration information of all community character strings are listed.
Example
The following example shows how to distribute the character string comaccess to the SNMP, how to permit the read-only access and how to designate the IP access list allowed to use the community character string: snmp-server community comaccess ro allowed
The following example shows how to distribute the character string mgr to the SNMP, how to permit the read-write access to the objects in the restricted view: snmp-server community mgr view restricted rw
In the following example, the community comaccess is deleted: no snmp-server community comaccess
Relative command
access-list
snmp-server view
3.1.2 snmp-server contact
Run the command snmp-server contact in global configuration mode to set the sysContact information of the management node. Run the negative form of the command to delete the sysContact information.
snmp-server contact text
no snmp-server contact
Parameter
Parameter Description
text Character string of the sysContact information of the node
Default
The sysContact information of the node is not set.
Command mode
Global configuration
- 47 -
Baisc Configuration Commands
Instruction
It corresponds to the sysContact value of the MIB variable in the system group.
Example
The following is an example of the node contact: snmp-server contact Dial_System_Operator_at_beeper_#_27345
3.1.3 snmp-server host
Run the command snmp-server host in global configuration mode to designate the receiver of SNMP trap operation. Run the command no snmp-server host to cancel the designated host.
snmp-server host host community-string [trap-type]
no snmp-server host host
Parameter
Parameter Description
host Host name or internet address community-string Password-like community string sent with the trap operation trap-type If no trap is designated, all traps will be sent to the host.
Authentication: allowing to send the traps with wrong authentication
Configure: allowing to send SNMP-configure traps
Snmp: allowing to send all SNMP traps
Default
The command is invalid by default. The trap is not sent. If the command with keyword is not entered, all traps are sent by default.
Command mode
Global configuration
Instruction
If the snmp-server host command is not entered, the trap is not sent. To configure the switch to send SNMP traps, you need to run the snmp-server host command. If the command without the keyword trap-type is entered, all types of traps of the host are activated. If the command with the keyword trap-type is entered, you can designate multiple trap types in each host.
When you specify multiple snmp-server host commands at the same host, the SNMP trap information sent to the host will be filtered according to the character string and the trap type in the command. To the same host and the community character string, only one trap type can be configured.
The usability of the option trap-type depends on the switch type and the characteristics of the routing software supported by the switch.
- 48 -
Baisc Configuration Commands
Example
In the following example, the SNMP trap defined by RFC1157 to the host whose IP address is 10.20.30.40. The community character string is comaccess.
snmp-server host 10.20.30.40 comaccess snmp
In the following example, the switch uses the community character string public to send all types of traps to the host whose IP address is 10.20.30.40. snmp-server host 10.20.30.40 public
In the following example, only authentication traps are valid and can be sent to host bob. snmp-server host bob public authentication
Relative command
snmp-server queue-length
snmp-server trap-source
snmp-server trap-timeout
3.1.4 snmp-server location
Run the command snmp-server location in global configuration mode to set the character string of the node location. Run the negative form of the command to delete the location character string.
snmp-server location text
no snmp-server location
Parameter
Parameter Description
text Describes the character string of the node location.
Default
The character string of the node location is not set.
Command mode
Global configuration
Instruction
It corresponds to the value of sysLocation of the MIB variable in the system group.
Example
In the following example, the actual location of the switch is defined: snmp-server location Building_3/Room_214
Relative command
snmp-server contact
- 49 -
Baisc Configuration Commands
3.1.5 snmp-server packetsize
Run the command snmp-server packetsize in global configuration mode to define the maximum SNMP packet size when the SNMP server receives the request or generates the response:
snmp-server packetsize byte-count
no snmp-server packetsize
Parameter
Parameter Description
byte-count Integer byte ranging between 484 and 17940 The default value is 3000 bytes.
Default
3000 bytes
Command mode
Global configuration
Instruction
It corresponds to the value of sysLocation of the MIB variable in the system group.
Example
In the following example, a filter is created for the packet with maximum length of 1024 bytes: snmp-server location Building_3/Room_214
Relative command
snmp-server queue-length
3.1.6 snmp-server queue-length
Run the command snmp-server queue-length in global configuration mode to set the queue length for each trap host:
snmp-server queue-length length
Parameter
Parameter Description
length Trap event number that can be saved in the queue (1~1000)
Default
10 events
- 50 -
Baisc Configuration Commands
Command mode
Global configuration
Instruction
The command is used to define the queue length for each trap host. Once the trap message is successfully transmitted, the switch will clear the queue.
Example
The following example shows that a message queue that can capture four events is created. snmp-server queue-length 4
Relative command
snmp-server packetsize
3.1.7 snmp-server trap-source
Run the command snmp-server trap-source in global configuration mode to designate a source address of an interface for all traps. Run no snmp-server trap-source to delete the interface with such a source address.
snmp-server trap-source interface
no snmp-server trap-source
Parameter
Parameter Description
interface Interface where the SNMP trap occurs It contains the interface type with specific platform syntax mode and the sequence number.
Default
No interface is designated.
Command mode
Global configuration
Instruction
When the SNMP server sends the SNMP trap, the SNMP trap has a trap address no matter from which interface it is sent out. If you want use the trap address to track the trap, you can use the command.
Example
The following example shows that the address of the Ethernet’s 1/0 interface is designated as the source address of all traps.
snmp-server trap-source ethernet 1/0
- 51 -
Baisc Configuration Commands
The following example shows that the IP address of the Ethernet’s 1/0 interface is designated as the source address of all traps. snmp-server trap-source ethernet 1/0
Relative command
snmp-server queue-length
snmp-server host
3.1.8 snmp-server trap-timeout
Run the command snmp-server trap-timeout in global configuration mode to define the timeout value of resending the trap message.
snmp-server trap-timeout seconds
Parameter
Parameter Description
seconds An interval integer from 1 to 1000 (unit: second), which is set for resending the message
Default
30 seconds
Command mode
Global configuration
Instruction
Before the switch software sends the trap, it will look for the route of the destination address. If there is no route, the trap is stored in the resending queue. The command server trap-timeout decides the interval for resending the trap.
Example
The following example shows the trap message at the resending queue will be resent after an interval of 20 seconds:
snmp-server trap-timeout 20
Relative command
snmp-server host
snmp-server queue-length
3.1.9 snmp-server view
Run the command snmp-server view in global configuration mode to create or update an MIB view. Run the command no snmp-server view to delete a view of the SNMP server.
- 52 -
Baisc Configuration Commands
snmp-server view view-name oid-tree {included | excluded}
no snmp-server view view-name
Parameter
Parameter Description
view-name Updates or creates a logo of the view. oid-tree Object identifier of the ASN.1 sub-tree contained or declined by
the view Identify the sub-tree, specify a character string containing numbers, such as 1.3.6.2.4 or a system sub-tree. The sub-tree name can be the name which can be found in the MIB tree.
included excluded Type of the view The parameter included or excluded must be designated.
Default
None
Command mode
Global configuration
Instruction
If other SNMP commands need a view as a parameter, you can run the command to create a view to take as the parameter of these SNMP commands. In default settings, the view need not be defined. You can see all objects, which is similar to the everything view predefined by Cisco. You can use the command to define the objects that can seen from the view.
Example
The following example shows that the views of all objects in the MIB-II sub-tree are created: snmp-server view mib2 mib-2 included
The following example shows that the views of all objects in the system group are created: snmp-server view phred system included
The following example shows that the views of all objects in the system group are created, while all objects in sysServices.7 and in the No.1 interface of the interface group are excluded.
snmp-server view agon system included snmp-server view agon system.7 excluded
Relative command
snmp-server community
- 53 -
Baisc Configuration Commands
3.1.10 snmp-server udp-port
Run the command snmp-server trap-source in global configuration mode to designate a port for all traps sent by the destination port. Run the command no snmp-server trap-source to disable the designated function.
snmp-server trap-source ipaddress
no snmp-server trap-source
Parameter
Parameter Description
Udp-port Send SNMP traps to the destination port number. Can’t use the commonly used port number.
Default
The default trap destination port ,port 161
Command mode
Global configuration
Instruction
When the issue SNMP traps from the SNMP server, specify a special destination port number can use this command.
Example
The following example shows that trap sent to host the 1234 port. snmp-server udp-port 1234
Relative command
Snmp-server host
3.1.11 snmp-server source-addr
Run the command snmp-server source-addr in global configuration mode to designate a source address for the SNMP message. Run the command no snmp-server source-addr to disable the designated function.
snmp-server source-addr ipaddress
no snmp-server source-addr
Parameter
Parameter Description
ipaddress Designates the source address where the SNMP generates the message. The parameter is the set IP address of the device.
- 54 -
Baisc Configuration Commands
Default
The interface is not designated.
Command mode
Global configuration
Instruction
The command is used to configure the source address of the SNMP message.
Example
The following example shows that the IP address of the Ethernet’s 1/0 interface is designated as the source address of all SNMP messages. snmp-server source-addr 192.168.213.15
Relative command
None
3.1.12 snmp-server encryption
Run the command snmp-server encryption in global configuration mode the configured snmp community,SHA encrypted passwords amd MD5 encrypted password ciphertext. The command is a one-time command, it can not to save,not to cancel with NO command. Command format is as follows:
snmp-server encryption
Parameter
NONE
Default
The default is expressly show snmp community, SHA encrypted passwords and MD5 encrypted password.
Command mode
Global configuration
Instruction
The SNMP community SHA encrypted passwords and MD5 encrypted password ciphertext display. Used to ensure password security.
- 55 -
Baisc Configuration Commands
Example
In the following example, configure the snmp community ,SHA encrypted passwords and MD5 encryption password ciphertext for the remote host 90.0.0.3 .
snmp-server encryption
Relative command
snmp-server community
3.1.13 show snmp
Run the command show snmp to monitor the SNMP input or output statistics, including the incorrect community character string, the number of faults and requests.
Run the command show snmp host to display information about the SNMP trap host.
Run the command show snmp view to display the information about SNMP views. The following is the format of the command:
show snmp [ host | view ]
Parameter
Parameter Description
host Displays information about the SNMP trap host. view Displays the information about SNMP views.
Default
None
Command mode
Management mode,Global configuration
Instruction
Run the command show snmp to monitor the SNMP input or output statistics.
Run the command show snmp host to display information about the SNMP trap host.
Run the command show snmp view to display the information about SNMP views.
Example
The following example shows that the SNMP input or output statistics is listed out: #show snmp 37 SNMP packets input 0 Bad SNMP version errors 4 Unknown community name
- 56 -
Baisc Configuration Commands
0 Illegal operation for community name supplied 0 Snmp encoding errors 24 Number of requested variables 0 Number of altered variables 0 Get-request PDUs 28 Get-next PDUs 0 Set-request PDUs 78 SNMP packets output 0 Too big errors (Maximum packet size 1500) 0 No such name errors 0 Bad values errors 0 General errors 24 Get-response PDUs PDUs 13 SNMP trap PDUs
The fields for the SNMP Agent to send and receive the message statistics information are shown as follows:
Field Meaning Unknown community name Community name that can not be recognized Illegal operation for community name supplied Incorrect operation Encoding errors Errors that occurs in encoding Get-request PDUs Get-request message Get-next PDUs Get-next message Set-request PDUs Set-request message Too big errors Response message is too big to be generated.
No such name errors No specified instance exists. Bad values errors The value type is wrongly set. General errors Common errors Get-response PDUs Get-response message Trap PDUs SNMP trap message
In the following example, the information about the SNMP trap message is displayed: #show snmp host Notification host: 192.2.2.1 udp-port: 162 type: trap user: public security model: v1
In the following example, information about SNMP views is displayed: #show snmp view mib2 mib-2 - included permanent active
Relative command
snmp-server host
snmp-server view
- 57 -
Baisc Configuration Commands
3.1.14 debug snmp
It is used to display the SNMP event, message sending and receiving, and errors:
debug snmp [ error | event | packet ]
Run the command no debug snmp to stop displaying information.
Parameter
Parameter Description
error Enables the debug switch of the SNMP errors. event Enables the debug switch of SNMP events. packet Enables the debug switch of SNMP incoming or outgoing
message.
Command mode
Management mode
Instruction
After the switch of the SNMP debugging information is enabled, SNMP events and information about message sending and receiving are exported. The exported information helps to diagnose SNMP faults.
Example
The following example shows how to debug SNMP message receiving and sending: switch#debug snmp packet Received 49 bytes from 192.168.0.29:1433 0000: 30 82 00 2D 02 01 00 04 06 70 75 62 6C 69 63 A0 0..-.....public. 0016: 82 00 1E 02 02 7D 01 02 01 00 02 01 00 30 82 00 .....}.......0.. 0032: 10 30 82 00 0C 06 08 2B 06 01 02 01 01 03 00 05 .0.....+........ 0048: 00 . Sending 52 bytes to 192.168.0.29:1433 0000: 30 82 00 30 02 01 00 04 06 70 75 62 6C 69 63 A2 0..0.....public. 0016: 82 00 21 02 02 7D 01 02 01 00 02 01 00 30 82 00 ..!..}.......0.. 0032: 13 30 82 00 0F 06 08 2B 06 01 02 01 01 03 00 43 .0.....+.......C 0048: 03 00 F4 36 ...6 Received 51 bytes from 1192.168.0.29:1434 0000: 30 82 00 2F 02 01 00 04 06 70 75 62 6C 69 63 A0 0../.....public. 0016: 82 00 20 02 02 6B 84 02 01 00 02 01 00 30 82 00 .. ..k.......0.. 0032: 12 30 82 00 0E 06 0A 2B 06 01 02 01 02 02 01 02 .0.....+........ 0048: 01 05 00 ... Sending 62 bytes to 192.168.0.29:1434 0000: 30 82 00 3A 02 01 00 04 06 70 75 62 6C 69 63 A2 0..:.....public. 0016: 82 00 2B 02 02 6B 84 02 01 00 02 01 00 30 82 00 ..+..k.......0.. 0032: 1D 30 82 00 19 06 0A 2B 06 01 02 01 02 02 01 02 .0.....+........ 0048: 01 04 0B 45 74 68 65 72 6E 65 74 30 2F 31 ...Ethernet0/1
- 58 -
Baisc Configuration Commands
Field Description Received SNM receives message. 192.168.0.29 Source IP address 1433 Port number of the source
address 51 bytes Length of the received
message 30 82 00 2D 02 01 00 04 06 70 75 62 6C 69 63 A0
82 00 1E 02 02 7D 01 02 01 00 02 01 00 30 82 00
10 30 82 00 0C 06 08 2B 06 01 02 01 01 03 00 05
00
Message after being encoded by SNMP ASN
0..-.....public.
.....}.......0..
.0.....+........
.
Presentation of the ASCII code which is used to receive message Content that is not in the scope of ASCII code is presented by the full stop.
sending SNMP sends message. 192.168.0.29 Destination IP address 1433 Port number of the destination
address 52 bytes Length of the sent message 30 82 00 30 02 01 00 04 06 70 75 62 6C 69 63 A2
82 00 21 02 02 7D 01 02 01 00 02 01 00 30 82 00
13 30 82 00 0F 06 08 2B 06 01 02 01 01 03 00 43
03 00 F4 36
Message encoded by SNMP ASN
0..0.....public.
..!..}.......0..
.0.....+.......C
...6
Presentation of the ASCII code which is used to receive message Content that is not in the scope of ASCII code is presented by the full stop.
The following example shows how to debug the SNMP event: switch#debug snmp event Received SNMP packet(s) from 192.2.2.51 SNMP: GETNEXT request -- ip.ipReasmFails.0 SNMP: Response >> ip.ipFragOKs.0 = 1 Received SNMP packet(s) from 192.2.2.51 SNMP: GETNEXT request -- ip.ipFragOKs.0 SNMP: Response >> ip.ipFragFails.0 = 0 Received SNMP packet(s) from 192.2.2.51 SNMP: GETNEXT request -- ip.ipFragFails.0
- 59 -
Baisc Configuration Commands
SNMP: Response >> ip.ipFragCreates.0 = 2
Field Description SNMP SNMP is currently being debugged. GETNEXT request getnext request of SNMP RESPONSE SNMP response -- Receiving message >> Sending message ip.ipReasmFails.0 MIB OID that requires to be accessed ip.ipFragOKs.0 = 1 Accessed MIB OID and the returned value
3.2 Configuring RMON Commands The following are RMON configuration commands:
rmon alarm
rmon event
rmon collection stat
rmon collection history
show rmon
3.2.1 rmon alarm
Command description
Run the following command to configure a rmon alarm item: rmon alarm index variable interval {absolute | delta} rising-threshold value [eventnumber] falling-threshold value [eventnumber] [owner string]
Parameter
Parameter Description
variable Objects that need be monitored Value range: oid of the monitored objects
interval Interval for the sampling Value range: 1-4294967295 seconds
value Alarm threshold Value range: -2147483648-2147483647
eventnumber Index of the event that is triggered when the threshold is reached Value range: 1-65535
string Holder description information Value range: 1-127 characters
- 60 -
Baisc Configuration Commands
Default
eventnumberDefault is not set.
Instruction
The command is configured in global configuration mode. It is used to monitor the value of the designated object. When the value exceeds the threshold, the specified event is triggered.
Example
In the following example, an alarm item is configured. The monitored object is ifInOctets.2. The sampling interval is 10. When the rising threshold value exceeds 15, event 1 is triggered. When the falling threshold value exceeds 25, event 2 is triggered. rmon alarm 1 1.3.6.1.2.1.2.2.1.10.2 10 absolute rising-threshold 15 1 falling-threshold 25 2 owner switch
3.2.2 rmon event
Command description
It is used to configure an rmon event item:
rmon event index [description des-string] [log] [owner owner-string] [trap community]
Parameter
Parameter Description
index Index of the event item Value range: 1-65535
des-string Character string of event description Value range: 1-127 characters
owner-string Character string of event description Value range: 1-127 characters
community Community name when the trap is generated Value range: 1-127 characters
Default
None
Instruction
It is used to configure an rmon event item for alarm usage.
Example
In the following example, an rmon event item is configured. The index is 6. The description character string is example. When the event is triggered, items will be added to the log table and the trap will be generated by taking public as the community name.
- 61 -
Baisc Configuration Commands
rmon event 6 log trap public description example owner switch
3.2.3 rmon collection stat
Command description
rmon collection stat index [owner string]
The previous command is used to configure the rmon statistics function
Parameter
Parameter Description
index Index of the statistics table Value range: 1-65535
string Character string for the owner Value range: 1-127 characters
Default
None
Instruction
It is configured in interface mode and used for the statistics on the interface.
Example
In the following example, the statistics function is enabled on interface 8 of fast Ethernet. int f 0/8 rmon collection stats 2 owner switch
3.2.4 rmon collection history
Command description
rmon collection history index [buckets bucket-number] [interval second] [owner owner-name]
The previous command is used to configure a history control item.
Parameter
Parameter Description
index Its value ranges from 1 to 65535.
bucket-number Among the data collected in the history control table, the latest bucket-number items are saved.
Value range: 1-65535
second Interval, whose value ranges from 1 to 3600
owner-name Character string of the owner
- 62 -
Baisc Configuration Commands
Value range: 1-127 characters
Default
The value of bucket-numberDefault is 50. The value of secondDefault is 1800.
Instruction
It is configured in interface mode and used for adding an item to the history control table.
Example
In the following example, the history control item is added to interface 8 of fast Ethernet. The statistics data in the latest 20 intervals is saved. The interval is 20 seconds.
int f 0/8 rmon collection history 2 buckets 20 interval 10 owner switch
3.2.5 show rmon
Command description
show rmon [alarm] [event] [statistics] [history]
The previous command is used to display the rmon configuration.
Parameter
None
Default
None
Instruction
It is used to display the rmon configuration.
Example
In the following example, the rmon configuration is displayed. show rmon
3.3 Configuring PDP Commands The following are RMON configuration commands:
pdp timer
pdp holdtime
pdp version
pdp run
pdp enable
show pdp traffic
- 63 -
Baisc Configuration Commands
show pdp neighbour
3.3.1 pdp timer
Command description
[no|default] pdp timer seconds
The previous command is to configure the time of the PDP timer.
Parameter
Parameter Description
seconds Interval of sending message out by the PDP
Value range: 5-24
Unit: seconds
Default
60 seconds
Instruction
It is configured in global configuration mode.
Example
In the following example, the switch is configured to send out the PDP message every five seconds. pdp timer 5
3.3.2 pdp holdtime
Command description
[no|default] pdp holdtime seconds
The previous command is used to configure the PDP timer's time.
Parameter
Parameter Description
seconds Duration from when the neighbour information is received to when the neighbour information is deleted from the database
Value range: 10-255
Default
180 seconds
Instruction
It is configured in global configuration mode.
- 64 -
Baisc Configuration Commands
Example
In the following example, the switch is configured to save the received neighbour information for 15 seconds
pdp holdtime 15
3.3.3 pdp version
Command description
[no] pdp version <1|2>
The previous command is used to configure the PDP version.
Parameter
Parameter Description
version PDP version
Version 1 or 2 can be selected.
Default
Version 2
Instruction
It is configured in global configuration mode.
Example
In the following example, the PDP version of the switch is set to version 1: pdp version 1
3.3.4 pdp run
Command description
[no] pdp run
The previous command is to start up the PDP.
Parameter
None.
Default
PDP is started up.
Instruction
It is configured in global configuration mode.
- 65 -
Baisc Configuration Commands
Example
In the following example, PDP is forbidden. no pdp run
3.3.5 pdp enable
Command description
[no] pdp enable
The previous command is used to enable PDP.
Parameter
None
Default
PDP is configured to enable.
Instruction
It is configured in interface configuration mode. PDP must be enabled in port mode and global mode. PDP can then be effective. Generally, PDP is forbidden only on several ports.
Example
In the following example, PDP is forbidden on port f0/1. switch_config_f0/1#no pdp enable
3.3.6 show pdp traffic
Command description
show pdp traffic
The previous command is used to display the number of the received or sent PDP messages.
Parameter
None
Default
None
Instruction
It is used to check PDP running.
Example
config#show pdp traffic
- 66 -
Baisc Configuration Commands
Packets output: 253491, Input: 0 Hdr syntax: 0, Chksum error: 0 No memory: 0, Invalid packet: 0
3.3.7 show pdp neighbour
Command description
show pdp neighbour
The previous command is used to display the PDP neighbour.
Parameter
None
Default
None
Instruction
It is used to check the running PDP neighbour.
Example
config#show pdp neighbors Capability Codes:R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H - Host, I - IGMP, r - Repeater Device ID Local IntrfceHoldtmeCapabilityPlatform Port ID joeEth 0 133 4500 Eth 0 samEth 0 152 R AS5200 Eth 0
- 67 -
Baisc Configuration Commands
Chapter 4 Maintenance and Debugging Tool Commands
4.1 Network Testing Tool Commands
4.1.1 ping
It is used to test host accessibility and network connectivity. After the ping command is run, an ICMP request message is sent to the destination host, and then the destination host returns an ICMP response message.
ping [-f] [-i {source-ip-address | source-interface}] [-j host1 [host2 host3 …]] [–k host1 [host2, host3 …]] [-l length] [-n number] [-r hops] [-s tos] [-t ttl] [-v] [-w waittime] host
Parameter
Parameter Description
-f Sets the DF digit (message is not segmented).
If the message required to be sent is larger than the MTU of the path, the message will be dropped by the routing switch on the path and the routing switch will then return an ICMP error message to the source host. If network performance has problems, one node in the network may be configured to a small MTU. You can use the –f option to decide the smallest MTU on the path.
Default value: No resetting -i Sets the source IP address of the message or the IP address of
an interface.
Default value: Main IP address of the message-sending interface
source-ip-address Source IP address adopted by the message source-interface Message takes the IP address of the source-interface interface
as the source address. -j host1 [host2 host3…] Sets the relaxation source route.
Default: Not set -k host1 [host2 host3…] Sets the strict source route
Default: Not set -l length Sets the length of ICMP data in the message.
Default: 56 bytes -n number Sets the total number of messages.
Default: 5 messages -r hops Records routes.
Up to hops routes are recorded.
Default: not record
- 68 -
Baisc Configuration Commands
-s tos Sets IP TOS of the message to tos.
Default: 0 -t ttl Sets IP TTL of the message to ttl.
Default: 255 -v Detailed output
Default: simple output -w waittime Time for each message to wait for response
Default: 2 seconds host Destination host
Command mode
Management mode, global configuration mode and interface configuration mode
Instruction
The command supports that the destination address is the broadcast address or the multicast address. If the destination address is the broadcast address (255.255.255.255) or the multicast address, the ICMP request message is sent on all interfaces that support broadcast or multicast. The routing switch is to export the addresses of all response hosts. By pinging multicast address 224.0.0.1, you can obtain the information about all hosts in directly-connected network segment that support multicast transmission.
Press the Q key to stop the ping command.
Simple output is adopted by default.
Parameter Description
! A response message is received.
. Response message is not received in the timeout time.
U The message that the ICMP destination cannot be reached is received.
Q The ICMP source control message is received.
R The ICMP redirection message is received.
T The ICMP timeout message is received.
P The ICMP parameter problem message is received.
The statistics information is exported:
Parameter Description
packets transmitted Number of transmitted messages
packets received Number of received response messages, excluding other ICMP messages
packet loss Rate of messages that are not responded to
round-trip min/avg/max Minimum/average/maximum time of a round trip (ms)
- 69 -
Baisc Configuration Commands
Example
switch#ping -l 10000 -n 30 192.168.20.125 PING 192.168.20.125 (192.168.20.125): 10000 data bytes !!!!!!!!!!!!!!!!!!!!!!!!!!!!!! --- 192.168.20.125 ping statistics --- 30 packets transmitted, 30 packets received, 0% packet loss round-trip min/avg/max = 50/64/110 ms
4.2 System Debugging Commands
4.3 Fault Diagnosis Commands The chapter describes the commands used for fault diagnosis. All the following commands are used to detect the reason of the fault. You can use other commands to remove the fault, such as the debug command.
The following are fault diagnosis commands:
logging
logging buffered
logging console
logging facility
logging monitor
logging on
logging trap
service timestamps
clear logging
show break
show controller
show debug
show logging
4.3.1 logging
It is used to record the log information to the syslog server.
logging A.B.C.D
no logging A.B.C.D
Parameter
Parameter Description
A.B.C.D IP address of the syslog server
- 70 -
Baisc Configuration Commands
Default:
The log information is not recorded to the server.
Command mode
Global configuration
Instruction
It is used to record the log information to the designated syslog server. It can be used for many times to designate multiple syslog servers.
Example
logging 192.168.1.1
Relative command
logging trap
4.3.2 logging buffered
It is used to record the log information to the memory of the switch.
logging buffered [size | level | dump ]
no logging buffered
Parameter
Parameter Description
size Size of memory cache
Value range: 4096-2147483647
Unit: byte
level Information level of the log recorded to memory cache
Refer to table 1.
dump When the system has abnormality, the information in the current memory is currently recorded to the flash and the information is resumed after the system is restarted.
Default
The information is not recorded to the memory cache.
Command mode
Global configuration
- 71 -
Baisc Configuration Commands
Instruction
The command records the log information to the memory cache of the switch. The memory cache is circularly used. After the memory cache is fully occupied, the latter information will cover the previous information.
You can use the show logging command to display the log information recorded in the memory cache of the switch.
Do not use big memory for it causes the shortage of memory.
Table 1 Level of log recording
Prompt Level Description Syslog Definition
emergencies 0 System unusable LOG_EMERG
alerts 1 Immediate action needed
LOG_ALERT
critical 2 Critical conditions LOG_CRIT
errors 3 Error conditions LOG_ERR
warnings 4 Warning conditions LOG_WARNING
notifications 5 Normal but significant condition
LOG_NOTICE
informational 6 Informational messages only
LOG_INFO
debugging 7 Debugging messages LOG_DEBUG
Relative command
clear logging
show loggin
4.3.3 logging console
Run the command logging console to control the information volume displayed on the console.
Run the command no logging console to forbid the log information to be displayed on the console:
logging console level
no logging console
Parameter
Parameter Description
level Information level of the logs displayed on the console
Refer to table 2.
Default
None
- 72 -
Baisc Configuration Commands
Command mode
Global configuration
Instruction
After the information level is specified, information of this level or the lower level will be displayed on the console.
Run the command show logging to display the currently configured level and the statistics information recorded in the log.
Table 2 Level of log recording
Prompt Level Description Syslog Definition
emergencies 0 System unusable LOG_EMERG
alerts 1 Immediate action needed
LOG_ALERT
critical 2 Critical conditions LOG_CRIT
errors 3 Error conditions LOG_ERR
warnings 4 Warning conditions LOG_WARNING
notifications 5 Normal but significant condition
LOG_NOTICE
informational 6 Informational messages only
LOG_INFO
debugging 7 Debugging messages LOG_DEBUG
Example
logging console alerts
Relative command
logging facility show logging
4.3.4 logging facility
Run the command logging facility to configure to record specified error information. To restore to local7, run the command no logging facility.
logging facility facility-type
no logging facility
Parameter
Parameter Description
facility-type Facility type
Refer to table 3.
- 73 -
Baisc Configuration Commands
Default
local7
Command mode
Global configuration
Instruction
Table 3 Facility type
Type Description
auth Authorization system
cron Cron facility
daemon System daemon
kern Kernel
local0-7 Reserved for locally defined messages
lpr Line printer system
mail Mail system
news USENET news
sys9 System use
sys10 System use
sys11 System use
sys12 System use
sys13 System use
sys14 System use
syslog System log
user User process
uucp UNIX-to-UNIX copy system
Example
logging facility kern
Relative command
logging console
4.3.5 logging monitor
Run the command logging monitor to control the information volume displayed on the terminal line.
Run the command no logging monitor to forbid the log information to be displayed on the terminal line.
- 74 -
Baisc Configuration Commands
logging monitor level
no logging monitor
Parameter
Parameter Description
level Information level of the logs displayed on the terminal line
Refer to table 4.
Default
debugging
Command mode
Global configuration
Instruction
Table 4 Level of log recording
Prompt Level Description Syslog Definition
emergencies 0 System is unusable LOG_EMERG
alerts 1 Immediate action needed
LOG_ALERT
critical 2 Critical conditions LOG_CRIT
errors 3 Error conditions LOG_ERR
warnings 4 Warning conditions LOG_WARNING
notifications 5 Normal but significant condition
LOG_NOTICE
informational 6 Informational messages only
LOG_INFO
debugging 7 Debugging messages LOG_DEBUG
Example
logging monitor errors
Relative command
terminal monitor
4.3.6 logging on
Run the command logging on to control the recording of error information.
Run the command no logging on to forbid all records.
logging on
- 75 -
Baisc Configuration Commands
no logging on
Parameter
None
Default
logging on
Command mode
Global configuration
Example
switch_config# logging on switch_config# ^Z switch# Configured from console 0 by DEFAULT switch# ping 192.167.1.1 switch#ping 192.167.1.1 PING 192.167.1.1 (192.167.1.1): 56 data bytes !!!!! --- 192.167.1.1 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max = 0/4/10 ms switch#IP: s=192.167.1.111 (local), d=192.167.1.1 (FastEthernet0/0), g=192.167.1.1, len=84, sending IP: s=192.167.1.1 (FastEthernet0/0), d=192.167.1.111 (FastEthernet0/0), len=84,rcvd IP: s=192.167.1.111 (local), d=192.167.1.1 (FastEthernet0/0), g=192.167.1.1, len=84, sending IP: s=192.167.1.1 (FastEthernet0/0), d=192.167.1.111 (FastEthernet0/0), len=84,rcvd IP: s=192.167.1.111 (local), d=192.167.1.1 (FastEthernet0/0), g=192.167.1.1, len=84, sending IP: s=192.167.1.1 (FastEthernet0/0), d=192.167.1.111 (FastEthernet0/0), len=84,rcvd IP: s=192.167.1.111 (local), d=192.167.1.1 (FastEthernet0/0), g=192.167.1.1, len=84, sending IP: s=192.167.1.1 (FastEthernet0/0), d=192.167.1.111 (FastEthernet0/0), len=84,rcvd IP: s=192.167.1.111 (local), d=192.167.1.1 (FastEthernet0/0), g=192.167.1.1, len=84, sending IP: s=192.167.1.1 (FastEthernet0/0), d=192.167.1.111 (FastEthernet0/0), len=84,rcvd switch_config# no logging on switch_config# ^Z switch# switch# ping 192.167.1.1 PING 192.167.1.1 (192.167.1.1): 56 data bytes !!!!! --- 192.167.1.1 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max = 0/4/10 ms
Relative command
logging
- 76 -
Baisc Configuration Commands
logging buffered
logging monitor
logging console
4.3.7 logging trap
Run the command logging trap to control the information volume recorded to the syslog server.
Run the command no logging trap to forbid the information to be recorded to the syslog server.
logging trap level
no logging trap
Parameter
Parameter Description
level Information level of the logs displayed on the syslog server
Refer to table 5.
Default
Informational
Command mode
Global configuration
Instruction
Table 5 Level of log recording
Prompt Level Description Syslog Definition emergencies 0 System is unusable LOG_EMERG
alerts 1 Immediate action needed
LOG_ALERT
critical 2 Critical conditions LOG_CRIT
errors 3 Error conditions LOG_ERR
warnings 4 Warning conditions LOG_WARNING
notifications 5 Normal but significant condition
LOG_NOTICE
informational 6 Informational messages only
LOG_INFO
debugging 7 Debugging messages LOG_DEBUG
- 77 -
Baisc Configuration Commands
Example
logging 192.168.1.1 logging trap notifications
Relative command
logging
4.3.8 service timestamps
Run the command service timestamps to configure the time stamp that is added when the system is debugged or records the log information.
Run the command no service timestamps to cancel the time stamp that is added when the system is debugged or records the log information.
service timestamps [log|debug] [uptime| datetime]
no service timestamps [log|debug]
Parameter
Parameter Description
log Adds the time stamp before the log information.
debug Adds the time stamp before the debug information.
uptime Duration between the startup of the switch and the current time
datetime Real-time clock time
Default
service timestamps log date
service timestamps debug date
Command mode
Global configuration
Instruction
The time stamp in the uptime form is displayed like HHHH:MM:SS, meaning the duration from the start-up of the switch to the current time.
The time stamp in the date form is displayed like YEAR-MON-DAY HH:MM:SS, meaning the real-time clock time.
Example
service timestamps debug uptime
4.3.9 clear logging
It is used to clear the log information recorded in the memory cache.
- 78 -
Baisc Configuration Commands
clear logging
Parameter
None
Command mode
Management mode
Relative command
logging buffered
show logging
4.3.10 show break
It is used to display the information about abnormal breakdown of the switch.
show break [map-filename]
Parameter
Parameter Description
map-filename Specifies the filename of the function mapping table.
Default
None
Command mode
Management mode
Instruction
It is used to display the information about abnormal breakdown of the switch, helping to find the cause of the abnormality.
Example
switch#sh break Exception Type:1400-Data TLB error BreakNum: 1 s date: 2000-1-1 time: 0:34:6 r0 r1 r2 r3 r4 r5 r6 00008538-01dbc970-0054ca18-00000003-80808080-fefefeff-01dbcca1- r7 r8 r9 r10 r11 r12 r13 00000000-00009032-00000000-7ffffff0-00008588-44444444-0054c190- r14 r15 r16 r17 r18 r19 r20 000083f4-000083f4-00000000-00000000-00000000-00000000-00000000- r21 r22 r23 r24 r25 r26 r27 00000000-0000000a-00000001-00000000-00000000-004d6ce8-01dbd15c- r28 r29 r30 r31 spr8 spr9 ip 00000002-00467078-00010300-00000300-00000310-00008588-00000370-
- 79 -
Baisc Configuration Commands
Variables : 00008538-44444444-01dbd15c-01dbcaac-00000002-00000000-004d6ce8- 01dbca18- 00008538 --- do_chram_mem_sys_addr---bspcfg.o 0001060c --- subcmd---cmdparse.o---libcmd.a 000083e4 --- do_chram_mem_sys---bspcfg.o 0000fb24 --- lookupcmd---cmdparse.o---libcmd.a 0000f05c --- cmdparse---cmdparse.o---libcmd.a 003e220c --- vty---vty.o---libvty.a 00499820 --- pSOS_qcv_broadcast---ksppc.o---os\libsys.a
The whole displayed content can be divided into six parts: 1 RROR:file function.map not found
The prompt information means that the system has not been installed the software function.map, which does not affect the system running.
If the version of the software function.map is not consistent with that of the switch, the system prompts that the version is not consistent.
2 Exception Type—Abnormal hex code plus abnormal name
3 BreakNum
It is the current abnormal number. It means the number of abnormalities that the system has since it is powered on in the latest time. It is followed by the time when the abnormality occurs.
4 Content of the register
The common content of the register is listed out.
5 Variable area
The content in the stack is listed out.
6 数的调用关系 Calling relationship of the number
If the map file is not installed on the system, only the function's address is displayed. If the map file is installed on the system, the corresponding function name, .o file name and .a file name are displayed.
The calling relationship is from bottom to top.
4.3.11 show controller
It is used to display the information about the interface control of the switch.
show controller [interface]
Parameter
Parameter Description
interface Specifies the interface name.
- 80 -
Baisc Configuration Commands
Default
None
Command mode
Management mode
Instruction
It is used to display the controller state and the configuration information of the specified interface. When the fault occurs, you can analyze the data to discover the cause of the fault.
Example
switch#show controller s1/0 Interface Serial1/0 Hardware is PowerQUICC MPC860T SCC Registers: General [GSMR]=0x68034:0x22, Protocol-specific [PSMR]=0x3000 Events [SCCE]=0, Mask [SCCM]=0xcf, Status [SCCS]=0x3 Transmit on Demand [TODR]=0, Data Async [DSR]=0x7e7e Interrupt Registers: [CICR]=00e49f80 [CIPR]=4000c006 [CIMR]=48000000, [CISR]=00000000 Command register [CR]=0x6c0 SICR=0900002c, BRG=00000000:00010288:00000000:00000000 (aux=0) Statistics: scc4, port3 int 751229 bad_first 0 too_long 0 drop 0 tx_count 1 bk_count 0 h_Q 81 s_Q 0 Port A [PADIR]=0000 [PAPAR]=53c3 [PAODR]=0000 [PADAT]=fefe Port B [PBDIR]=00021001 [PBPAR]=00001020 [PBODR]=0000 [PBDAT]=0001e3be Port C [PCDIR]=0000 [PCPAR]=0008 [PCSO]=0438 [PCDAT]=0fe7 [PCINT]=0008 Receive Ring rmd(fff02320): status=9000 length=0000 address=01155f58 rmd(fff02328): status=9000 length=0000 address=01156c90 rmd(fff02330): status=9000 length=0000 address=01156b18 rmd(fff02338): status=9000 length=0000 address=011569a0 rmd(fff02340): status=9000 length=0000 address=01156828 rmd(fff02348): status=9000 length=0000 address=011566b0 rmd(fff02350): status=9000 length=0000 address=01156538 rmd(fff02358): status=b000 length=0000 address=01156f80 Transmit Ring tmd(fff02360): status=0000 length=0000 address=00000000 tmd(fff02368): status=0000 length=0000 address=00000000 tmd(fff02370): status=0000 length=0000 address=00000000 tmd(fff02378): status=0000 length=0000 address=00000000 tmd(fff02380): status=0000 length=0000 address=00000000 tmd(fff02388): status=9000 length=0051 address=01156df4 tmd(fff02390): status=0000 length=0000 address=00000000 tmd(fff02398): status=2000 length=0000 address=00000000 SCC GENERAL PARAMETER RAM (at 0xfff03f00) Rx BD Base [RBASE]=0x2320, Fn Code [RFCR]=0x15 Tx BD Base [TBASE]=0x2360, Fn Code [TFCR]=0x15 Max Rx Buff Len [MRBLR]=252
- 81 -
Baisc Configuration Commands
Current Rx(2) State [RSTATE]=0x9000, BD Ptr [RBPTR]=0x1156b18 Current Tx(5) State [TSTATE]=0x9000, BD Ptr [TBPTR]=0x1156df4 SCC UART PARAMETER RAM (at 0xfff03f30) Maximum idle characters 1 Break Character 1 Received Parity Error 58445 Received Frame Error 65261 Received Noise Error 39256 Number of break conditions 22595 Last Received Break length 1524 uart1 63220 uart2 1 Transmit Out of sequence 0 cc[0] = 4011 cc[1] = 4013 cc[2] = 8000 cc[3] = 4011 cc[4] = 4013 cc[5] = 8000 cc[6] = 9c80 cc[7] = 7051 rccm = c0ff rccr = bf28 rlbc = a6fe RxBufSiz 254 flow 1 flag=00000120, size=00000008, X=11, Xoff=13 DCR_B3#
The whole displayed information can be divided into the following parts:
(4) Name and type of interface control
Here it is MPC860 and SCC.
(5) Running state of the controller
Statistics data about breakdown, error and resetting Length of the receiving and transmitting queue
(6) Controller configuration parameter
Register content parameter Controller partial parameter Physical protocol parameter
(7) State when BD is received or sent
The length, state and indicator of BD are listed out. The location where BD is received or sent and relative states
4.3.12 show debug
It is used to display all the enabled debugging options of the switch.
show debug
Parameter
None
Command mode
Management mode
Example
switch# show debug
- 82 -
Baisc Configuration Commands
Crypto Subsystem: Crypto Ipsec debugging is on Crypto Isakmp debugging is on Crypto Packet debugging is on
Relative command
debug
4.3.13 show logging
It is used to display the state of logging (syslog).
show logging
Parameter
None
Command mode
Management mode
Instruction
It is used to display the state of logging (syslog), including the login information about the console, monitor and syslog.
Example
switch# show logging Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns) Console logging: level debugging, 12 messages logged Monitor logging: level debugging, 0 messages logged Buffer logging: level debugging, 4 messages logged Trap logging: level informations, 0 message lines logged Log Buffer (4096 bytes): 2000-1-4 00:30:11 Configured from console 0 by DEFAULT 2000-1-4 00:30:28 User DEFAULT enter privilege mode from console 0, level = 15
Relative command
clear logging
- 83 -
Baisc Configuration Commands
Chapter 5 SSH Configuration Commands
5.1.1 ip sshd enable
Command description
ip sshd enable
no ip sshd enable
Parameter
None
Default
1024 bits
Instruction
It is used to generate the rsa encryption key and then monitor the connection to the ssh server. The process of generating encryption key is a process of consuming the calculation time. It takes one or two minutes.
Command mode
Global configuration mode
Example
In the following example, the SSH service is generated. device_config#ip sshd enable
5.1.2 ip sshd timeout
Command description
ip sshd timout time-length
no ip timeout
Parameter
Parameter Description
time-length Maximum time from the establishment of connection to the authentication approval Value range: 60-65535
Default
180 seconds
- 84 -
Baisc Configuration Commands
Instruction
To prevent the illegal user from occupying the connection resources, the connections that are not approved will be shut down after the set duration is exceeded.
Command mode
Global configuration mode
Example
In the following example, the timeout time is set to 360 seconds: device_config#ip sshd timeout 360
5.1.3 ip sshd auth-method
Command description
ip sshd auth-method method
no sshd auth-method
Parameter
Parameter Description
method Sets authentication method list.
Default
The default authentication method list is used.
Instrunction
The ssh server uses the authentication method list of the login type.
Command mode
Global configuration mode
Example
In the following example, an auth-ssh authentication method list is configured and it is applied to the ssh server: device_config#aaa authentication login auth-ssh local device_config#ip sshd auth-method auth-ssh
5.1.4 ip sshd access-class
Command description
ip sshd access-class access-list
no ip sshd access-class
- 85 -
Baisc Configuration Commands
Parameter
Parameter Description
access-list Standard IP access list
Default
No access control list
Instrunction
It is used to configure the access control list for the ssh server. Only the connections complying with the regulations in the access control list can be approved.
Command mode
Global configuration mode
Example
In the following example, an ssh-accesslist access control list is configured and applied in the ssh server: device_config# ip access-list standard ssh-accesslist device_config_std_nacl#deny 192.168.20.40 device_config#ip sshd access-class ssh-accesslist
5.1.5 ip sshd auth-retries
Command description
ip sshd auth-retries times
no ip sshd auth-retries
Parameter
Parameter Description
times Maximum re-authentication times Value range: 0-65535
Default
3 times
Instrunction
The connection will be shut down when the re-authentication times exceeds the set times.
Command mode
Global configuration mode
- 86 -
Baisc Configuration Commands
Example
In the following example, the maximum re-authentication times is set to five times: device_config#ip sshd auth-retries 5
5.1.6 ip sshd clear
Command description
ip sshd clear ID
Parameter
Parameter Description
ID Number of the SSH connection to the local device Value range: 0-65535
Default
N/A
Instruction
It is used to mandatorily close the incoming ssh connection with the specified number. You can run the command show ip sshd line to check the current incoming connection’s number.
Command mode
Global configuration mode
Example
In the following example, the No.0 incoming connection is mandatorily closed: device_config#ip sshd clear 0
5.1.7 ssh
Command description
ssh –l userid –d destIP [-c {des|3des|blowfish }] [-o numberofpasswdprompts] [-p port]
Parameter
Parameter Description
–l userid User account on the server
–d destI Destination IP address in the dotted decimal system
-o numberofpasswdprompts
Re-authentication times after the first authentication fails
Actual re-authentication times is the set value plus the smallest value set
- 87 -
Baisc Configuration Commands
on the server. Its default value is three times.
Value range: 0-65535
-p port Port number that the server monitors
Its default value is 22.
Value range: 0-65535
-c {des|3des|blowfish}
Encryption algorithm used during communication
The encryption algorithm is 3des by default.
Default
N/A
Instruction
The command is used to create a connection with the remote ssh server.
Command mode
Privileged mode
Example
In the following example, a connection with the ssh server whose IP address is 192.168.20.41 is created. The account is zmz and the encryption algorithm is blowfish: device#ip ssh –l zmz –d 192.168.20.41 –c blowfish
5.1.8 show ssh
Command description
show ssh
Parameter
None
Default
N/A
Instrunction
It is used to display the sessions on the ssh server.
Command mode
Privileged mode
Example
In the following example, the sessions on the ssh server are displayed: device#show ssh
- 88 -
Baisc Configuration Commands
5.1.9 show ip sshd
Command description
show ip sshd
Parameter
None
Default
N/A
Instrunction
It is used to display the current state of the ssh server.
Command mode
Privileged mode
Example
In the following example, the current state of the ssh server is displayed: device#show ip sshd
- 89 -
Baisc Configuration Commands
Chapter 6 Other system Command
6.1 The link scan command
Command description
This command is to configure the scan interval of the port
[no] link scan time
Parameter
Parameter Description
time Port scan interval,the range of 10 to 1000 milliseconds
Default
Default IES model is 10ms, and the general switch models is 1000ms.
Command mode
Global configuration
Example
In the following example, Configure the switch every 20 milliseconds to do a port scan:
Link scan 20
- 90 -
Interface Configuration Commands
Table of Contents
Table of Contents
Chapter 1 Interface Configuration Commands................................................................................... 1 1.1 Interface Configuration Commands...................................................................................... 1
1.1.1 description .................................................................................................................. 1 1.1.2 bandwidth ................................................................................................................... 2 1.1.3 delay........................................................................................................................... 2
- I -
Interface Configuration Commands
Chapter 1 Interface Configuration Commands
1.1 Interface Configuration Commands
Interface configuration commands include:
description
bandwidth
delay
1.1.1 description
description
To configure the description information on an interface, use the description command. [no] description line
parameter
parameter description
line Specifies the description character string, including the spaces in the middle of the line.
default
disabled
instruction
Use this command in the interface configuration mode.
example
The following example configures ‘up link’ as the interface f0/1 description:
Switch(config)# interface FastEthernet0/1 Switch(Switch_config_g0/1)# description up link
- 1 -
Interface Configuration Commands
1.1.2 bandwidth
description
To configure the bandwidth on an interface, use the bandwidth command.
bandwidth kilobps
parameter
parameter description
kilobps Specifies the interface bandwidth. The value is the same as the interface type.
default
default:10000.
instruction
Use this command in the interface configuration mode.
Note:
The configured bandwidth isn’t the actural bandwidth of the interface. It is only used to compute the interface cost by certain protocols (like spanning-tree).
Example
The following example configures 1000000 as the interface f0/1 bandwidth:
Switch(config)# interface FastEthernet1/1 Switch(config-if)# bandwidth 10000000
1.1.3 delay
description
To set a delay value for an interface, use the delay command in interface configuration mode.
delay tensofmicroseconds
- 2 -
Interface Configuration Commands
parameter
parameter Description
tensofmicroseconds specifies the interface delay.
default
1
instruction
Use this command in the interface configuration come.
example
The following example configures 10 as the delay value for an interface:
Switch(config-if)# delay 10
- 3 -
Port Additional Characteristics Configuration Commands
Table of Contents
Table of Contents
Chapter 1 Port Security ...................................................................................................................... 1 1.1 switchport port-security mode static ..................................................................................... 1 1.2 switchport port-security mode dynamic ................................................................................ 1 1.3 switchport port-security static mac-address.......................................................................... 1 1.4 switchport port-security dynamic maximum.......................................................................... 1
Chapter 2 Port Protection................................................................................................................... 2 2.1 switchport protected.............................................................................................................. 2
Chapter 3 Port Storm Control............................................................................................................. 3 3.1 storm-control ......................................................................................................................... 3
Chapter 4 Port Rate Limitation ........................................................................................................... 4 4.1 switchport rate-limit ............................................................................................................... 4
- I -
Port Additional Characteristics Configuration Commands
Chapter 1 Port Security
1.1 switchport port-security mode static
Command description
switchport port-security mode static {accept | reject}
no switchport port-security mode
Set the static mode of the security port.
1.2 switchport port-security mode dynamic
Command description
switchport port-security mode dynamic
no switchport port-security mode
Add/delete the dynamic mode of the security port.
1.3 switchport port-security static mac-address
Command description
switchport port-security static mac-address mac-addr
no switchport port-security static mac-address
Configure the static MAC address of the security port.
1.4 switchport port-security dynamic maximum
Command description
switchport port-security dynamic maximum value
no switchport port-security dynamic maximum
Add/delete the maximum number of dynamic MAC addresses of the security port.
- 1 -
Port Additional Characteristics Configuration Commands
Chapter 2 Port Protection
2.1 switchport protected
Command description
[no] switchport protected
Configure the port isolation function.
Parameter
None
Default
The port is not isolated.
Explanation
The command must be configured in layer-2 port configuration mode.
Example
Configure port f0/1 not to forward the unknown unicast frame. Switch(config)# interface fastethernet0/1
Switch(config-if)# switchport protected
- 2 -
Port Additional Characteristics Configuration Commands
Chapter 3 Port Storm Control
3.1 storm-control
Command description
Configure the storm control function of the port.
storm-control {broadcast | multicast | unicast} threshold count
no storm-control {broadcast | multicast | unicast} threshold count
Parameter
Parameter Description
broadcast | multicast | unicast
Defines the storm control of the broadcast, multicast and unicast.
threshold count
Defines the flow percent of the storm control. The count parameter defines the flow caps that lead to the storm.
<1-127>, n*64Kbps(n<=28);(n-27)Mbps(n>28)
Default
The storm control function is not enabled.
Explanation
The command must be configured in layer-2 port configuration mode.
Example
Set the storm control of the unknown unicast frame on port f0/1 to 192 Kbps. Switch(config)# interface fastethernet0/1 Switch(config-f0/1)# storm-control unicast threshold 3
- 3 -
Port Additional Characteristics Configuration Commands
Chapter 4 Port Rate Limitation
4.1 switchport rate-limit
Command description
[no] switchport rate-limit band { ingress|egress}
Configure the flow rate limitation for the port.
Parameter
Parameter Description
Band Flow rate
n*64Kbps(n<=28); (n-27)Mbps(n>28)
ingress Functions at the incoming port. egress Functions at the outgoing port.
Default
The port has no port rate limitation.
Explanation
Layer-2 port configuration mode
Example
Set the incoming flow rate limitation on port f0/1 to 1M. Switch(config)# interface f0/1 Switch(config-if)# switchport rate-limit 28 ingress
- 4 -
Interface Range Command
Table of Contents
Table of Contents
Chapter 1 Interface range command.................................................................................................. 1 1.1 interface range...................................................................................................................... 1
- I -
Interface Range Commands
Chapter 1 Interface Range Command
1.1 Interface Range
Description
interface range type slot/<port1 - port2 | port3>[<port1 - port2|port3>]
Parameter
Name Description Description
type Interface type All legal interface types except for the management interface on the main contril board of the rack-mounted switch.
slot Slot number All legal slot numbers
port1 Beginning value of the port number
All legal port numbers on the slot.
port2 Ending value of the port number
All legal port numbers on the slot except for port 1.
port3 A single port. All legal port numbers on the slot.
Default
none
Instruction
Use this command to enter the interface range mode.
Example
Use the following command to enter the enterface configuration mode, including slot 0 and fast Ethernet port 1,2,3,6,8,10,11,12:
switch_config#interface range 1 - 3 , 6 , 8 , 10 - 12 switch_config_if_range#
- 1 -
Port Mirroring Configuration Commands
Table of Contents
Table of Contents
Chapter 1 Configuring Port Mirroring Commands.............................................................................. 1 1.1 Port Mirroring Configuration Commands .............................................................................. 1
1.1.1 mirror .......................................................................................................................... 1 1.1.2 show mirror................................................................................................................. 1
- I -
Port Mirroring Configuration Commands
Chapter 1 Configuring Port Mirroring Commands
1.1 Port Mirroring Configuration Commands The following are port mirroring configuration commands:
mirror
show mirror
1.1.1 mirror
Description
[no] mirror session session_number {destination {interface interface-id } | source {interface interface-id [, | -] [both | rx | tx ] }
It is used to configure the command.
Parameters
Parameter Description
session_number Number of port mirroring, whose value is 1
destination Information about the destination port mirroring
source Information about the mirrored port
both | rx | tx Data flow that will be mirrored
rx means that the input data is mirrored. tx means that the output data is mirrored. both means that input and output data are mirrored.
Instruction
Configure the command at the global configuration mode.
Example
Port g0/2 functions as the output mirror of port g0/1. Switch(config)# mirror session 1 destination interface g0/2 Switch(config)# mirror session 1 source interface g0/1 tx
1.1.2 show mirror
Description
show mirror [session session_number]
It is used to display the port mirroring information.
- 1 -
Port Mirroring Configuration Commands
Parameter
Parameter Description
session_number Number of port mirroring, whose value is 1
Default
None
Instruction
It is used to display the port mirroring information.
Example
All port mirroring information are displayed. Switch# show mirror Session 1 --------- Source Ports: RX Only: Fe0/3 TX Only: None Both: None Source VLANs: RX Only: None TX Only: None Both: None
- 2 -
VLAN Configuration Commands
Table of Contents
Table of Contents
Chapter 1 VLAN Configuration Commands ....................................................................................... 1 1.1 VLAN Configuration Commands........................................................................................... 1
1.1.1 vlan............................................................................................................................. 1 1.1.2 name .......................................................................................................................... 2 1.1.3 switchport pvid............................................................................................................ 3 1.1.4 switchport mode ......................................................................................................... 3 1.1.5 switchport trunk .......................................................................................................... 4 1.1.6 show vlan ................................................................................................................... 6
- I -
VLAN Configuration Commands
Chapter 1 VLAN Configuration Commands
1.1 VLAN Configuration Commands
VLAN configuration commands include:
vlan
name
switchport pvid
switchport mode
switchport trunk
show vlan
1.1.1 vlan
To add a VLAN, use the vlan command. Use the no form of this command to delete a VLAN.
[no] vlan vlan-id
Parameter
Parameter Description
vlan-id ID of the VLAN. Range is from 1 to 4094。
Default
none
Command mode
global
Instruction
Use this command to enter VLAN configuration mode and to modify some attributes of the VLAN.
- 1 -
VLAN Configuration Commands
Example
This example shows how to add a new VLAN:
Switch_config# Switch_config#vlan 2 Switch_config_vlan_2#
1.1.2 name
To assign a name to a VLAN, use the name command. Use the no form of this command to remove the name assigned to a VLAN.
[no] name str
Parameter
Parameter Description
str Name of the defined VLAN。The name consists of up to 32 characters.
Default
The default VLAN name is ‘Default’. Other VLAN name is VLANxxxx (xxxx is 4-digit stack ID)
Command mode
VLAN configuration mode
Instruction
This command can modify VLAN name to indicate special VLAN according to special requirements.
Example
The following command modify vlan200 to main405.
Switch_config# Switch_config# Switch_config#vlan 200 Switch_config_vlan_200#name ? WORD The ascii name of VLAN(32bytes) Switch_config_vlan_200#name main405
- 2 -
VLAN Configuration Commands
1.1.3 switchport pvid
To configure port VLAN of in the access mode, use the switchport pvid command.
switchport pvid vlan-id
no switchport pvid
Parameter
Parameter Description
vlan-id VLAN ID of the port。 Range is from 1 to 4094。
Default
All ports are subordinate to VLAN 1.
Command mode
interface configuration mode
Instruction
Vlan of the pvid must exist before configuring this command. The port can be access mode or frame relay mode.
Example
The following example configures interface fastethernet 0/1 as the access interface of VLAN 10:
Switch(config)#interface f0/1 Switch(config)#vlan10 Switch(config-f0/1)#switchport pvid 10
1.1.4 switchport mode
To configure the interface mode, use the switchport mode command.
switchport mode {access | dot1q-tunnel | trunk}
Parameter
Parameter Description
access Sets a nontrunking, nontagged single VLAN Layer 2 interface.
- 3 -
VLAN Configuration Commands
dot1q-tunnel Sets the trunking mode to TUNNEL unconditionally.
trunk Specifies a trunking VLAN Layer 2 interface.
Default
Access mode
Command mode
interface configuration mode
Instruction
If you enter access mode, the interface goes into permanent nontrunking mode and negotiates to convert the link into a nontrunk link even if the neighboring interface does not agree to the change.
If you enter trunk mode, the interface goes into permanent trunking mode and negotiates to convert the link into a trunk link even if the neighboring interface does not agree to the change.
If you enter dot1q-tunnel mode, the port is set unconditionally as an 802.1Q tunnel port.
The switchport mode command conflicts with 802.1X protocol. You cannot configure 802.1X protocol in trunk mode. 802.1X protocol is valid only in access mode.
Example
The following example configures the port to the trunk mode:
Switch(config-f0/1)#switchport mode trunk
1.1.5 switchport trunk
To set the trunk characteristics, use the switchport trunk commands. To reset all of the trunking characteristics back to the original defaults, use the no form of this command.
[no] switchport trunk {vlan-allowed vlan-list} | {vlan-untagged vlan-list }
Parameter
Parameter Description
vlan-allowed Sets the list of allowed VLANs that transmit traffic from this interface in tagged format. Value is from 1 to 4094.
vlan-untagged Sets the list of allowed VLANs that transmit traffic from this interface in untagged format.Value is from 1 to 4094.
- 4 -
VLAN Configuration Commands
Default
The default native vlan ID is 1.
The valid VLAN ID is from 1 to 4094 (all VLANs).
Command mode
interface configuration
Instruction
You can use this command on an interface no matter it is in access or trunk mode. But this command is valid only when the interface is in trunking mode.
The vlan-allowed parameter sets the list of allowed VLANs that transmit traffic from this interface in tagged format. The vlan-untagged parameter sets the list of allowed VLANs that transmit traffic from this interface in untagged format.
The vlan-list format is all | none | add | remove | except vlan-list[,vlan-list...] where:
•all—Specifies all VLANs from 1 to 1005. Beginning with Cisco IOS Release 12.4(15)T, the valid VLAN ID range is from 1 to 4094.
•none—Indicates an empty list. This keyword is not supported in the switchport trunk allowed vlan form of the command.
•add—Adds the defined list of VLANs to those currently set instead of replacing the list.
•remove—Removes the defined list of VLANs from those currently set instead of replacing the list.
•except—Lists the VLANs that should be calculated by inverting the defined list of VLANs.
•vlan-list—Is either a single VLAN number from 1 to 1005 or a continuous range of VLANs described by two VLAN numbers, the lesser one first, separated by a hyphen that represents the VLAN IDs of the allowed VLANs when this port is in trunking mode. Beginning with Cisco IOS Release 12.4(15)T, the valid VLAN ID range is from 1 to 4094.
Example
The following example configures VLAN ID range to 1-10:
Switch(config-f0/1)#switchport trunk vlan-allowed 1-10,20-30,55 Switch(config-f0/1)#switchport trunk vlan-untagged 2-1000
- 5 -
VLAN Configuration Commands
1.1.6 show vlan
To display VLAN information, use the show vlan command.
show vlan [id vlan-id | interface intf-id]
Parameter
Parameter Description
id Displays information about a single VLAN that is identified by a VLAN ID number; valid values are from 1 to 4094.
interface Displays the specified interface
Default
none
Command mode
EXEC/ All configuration modes
Instruction
none
Example
The following example shows all VLAN information:
Switch#sho vlan VLAN Status Name Ports ---- ------- ---------------- ------------------------------------------------- 1 Static Default F0/1, F0/2, F0/3, F0/4, F0/5, F0/6, F0/7, F0/8 F0/9, F0/10, F0/11, F0/12, F0/13, F0/14, F0/15 F0/16, F0/17, F0/18, F0/19, F0/20, F0/21, F0/22 F0/23, F0/24, G1/1, G2/1, P1 2 Static VLAN0002 F0/3 3 Static VLAN0003 F0/3 4 Static VLAN0004 F0/3 5 Static VLAN0005 F0/3 6 Static VLAN0006 F0/3
Status: indicates the source of VLAN. Static: indicates the VLAN is formed by configuration. Dynamic: indicates the VLAN is dynamically formed by GVRP protocol.
The following example shows the concrete information of a VLAN:
- 6 -
VLAN Configuration Commands
Switch> show vlan id 1 VLAN id: 1, Name: default, TotalPorts:11 Ports Atttributes ----------------------------------------------------------------- F0/1 Trunk,Untagged F0/2 Access F0/5 Trunk,Untagged F0/7 Trunk,Tagged F0/8 Trunk,Tagged F0/9 Trunk,Tagged F0/11 Access F0/12 Access F0/14 Trunk,Tagged F0/15 Trunk,Tagged F0/16 Trunk,Untagged
The following example shows the relevant information about a VLAN on an interface:
Switch#sho vlan int f0/6
Interface VLAN Name Property PVID Vlan-Map uTagg-VLan-Map -------------------- -------- ---- ---------------- ---------------- FastEthernet0/6 Trunk 1 3,5,7,9,11,13,15 none 17,19 Switch#sho vlan int f0/7 Interface VLAN Name Property PVID Vlan-Map uTagg-VLan-Map -------------------- -------- ---- ---------------- ---------------- FastEthernet0/7 Access 7 7 ----
- 7 -
STP Configuration Commands
Table of Contents
Table of Contents
Chapter 1 STP Configuration Commands ............................................................................................................................ 1 1.1 SSTP Configuration Commands ........................................................................................................................... 1
1.1.1 spanning-tree mode .................................................................................................................................. 1 1.1.2 spanning-tree sstp priority ......................................................................................................................... 2 1.1.3 spanning-tree sstp hello-time .................................................................................................................... 2 1.1.4 spanning-tree sstp max-age...................................................................................................................... 3 1.1.5 spanning-tree sstp forward-time................................................................................................................ 4 1.1.6 spanning-tree sstp cost ............................................................................................................................. 5 1.1.7 spanning-tree cost..................................................................................................................................... 6 1.1.8 spanning-tree sstp port-priority.................................................................................................................. 7 1.1.9 spanning-tree port-priority ......................................................................................................................... 8 1.1.10 show spanning-tree................................................................................................................................. 9
1.2 RSTP Configuration Commands ......................................................................................................................... 10 1.2.1 spanning-tree mode rstp ......................................................................................................................... 10 1.2.2 spanning-tree rstp forward-time .............................................................................................................. 10 1.2.3 spanning-tree rstp hello-time................................................................................................................... 11 1.2.4 spanning-tree rstp max-age .................................................................................................................... 12 1.2.5 spanning-tree rstp priority........................................................................................................................ 13 1.2.6 spanning-tree rstp cost............................................................................................................................ 13 1.2.7 spanning-tree rstp port-priority ................................................................................................................ 14 1.2.8 spanning-tree rstp migration-check ......................................................................................................... 15
Chapter 2 MSTP Configuration Commands ....................................................................................................................... 16 2.1 MSTP Configuration Command........................................................................................................................... 16
2.1.1 spanning-tree mode mstp........................................................................................................................ 16 2.1.2 spanning-tree mstp name........................................................................................................................ 16 2.1.3 spanning-tree mstp revision .................................................................................................................... 17 2.1.4 spanning-tree mstp instance ................................................................................................................... 18 2.1.5 spanning-tree mstp root .......................................................................................................................... 19 2.1.6 spanning-tree mstp priority...................................................................................................................... 20 2.1.7 spanning-tree mstp hello-time................................................................................................................. 21 2.1.8 spanning-tree mstp forward-time............................................................................................................. 21 2.1.9 spanning-tree mstp max-age................................................................................................................... 22 2.1.10 spanning-tree mstp diameter................................................................................................................. 23 2.1.11 spanning-tree mstp max-hops ............................................................................................................... 24 2.1.12 spanning-tree mstp port-priority ............................................................................................................ 24 2.1.13 spanning-tree mstp cost ........................................................................................................................ 25 2.1.14 spanning-tree mstp mst-compatible ...................................................................................................... 26 2.1.15 spanning-tree mstp migration-check ..................................................................................................... 27 2.1.16 show spanning-tree mstp ...................................................................................................................... 27 2.1.17 show spanning-tree mstp region ........................................................................................................... 29 2.1.18 show spanning-tree mstp detail............................................................................................................. 29
- I -
Table of Contents
2.1.19 show spanning-tree mstp interface ....................................................................................................... 31
- II -
STP Configuration Commands
Chapter 1 STP Configuration Commands
1.1 SSTP Configuration Commands
1.1.1 spanning-tree mode
description
To switch between RSTP and SSTP modes, use the spanning-tree mode command. To return to the default settings, use the no form of this command.
spanning-tree mode {rstp|sstp}
no spanning-tree mode
parameter
parameter description
rstp Enables RSTP mode
sstp Enbales SSRP mode
default
SSTP
instruction
none
command mode
global configuration
example
The following example enables SSTP mode:
Switch(config)# spanning-tree mode sstp Switch(config)#
- 1 -
STP Configuration Commands
1.1.2 spanning-tree sstp priority
description
To set the sstp bridge priority, use the spanning-tree sstp priority command. To return to the default settings, use the no form of this command.
spanning-tree sstp priority value
no spanning-tree sstp priority
parameter
parameter description
value Value is from 0 to 61440.
default
32768
Instruction
The switch becomes the root of the whole network spanning-tree when configured the priority value. You can set the bridge priority in increments of 4096 only. When you set the priority, valid values are 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440.
Command mode
global configuration
example
This example shows how to set the SSTP priority:
Switch(config)# spanning-tree sstp priority 4096 Switch(config)#
1.1.3 spanning-tree sstp hello-time
description
To set the hello-time delay timer, use the spanning-tree sstp hello-time command. To return to the default settings, use the no form of this command.
spanning-tree sstp hello-time time
- 2 -
STP Configuration Commands
no spanning-tree sstp hello-time
parameter
parameter description
time Number of seconds to set the hello-time delay timer; valid values are from 1 to 10 seconds.
default
4s
Instruction
The hello-time configured by the local switch is valid only when the local switch is the root switch.
Command mode
Global configuration
Example
The following example sets the SSTP hello-time to 8 seconds:
Switch(config)# spanning-tree sstp hello-time 8 Switch(config)#
1.1.4 spanning-tree sstp max-age
description
To set the SSTP max-age timer, use the spanning-tree sstp max-age command. To return to the default settings, use the no form of this command.
spanning-tree sstp max-age time
no spanning-tree sstp max-age
parameter
parameter description
seconds Number of seconds to set the max-age timer; valid values are from 6 to 40 seconds.
- 3 -
STP Configuration Commands
default
20s
instruction
none
command mode
global configuration
example
This example shows how to set the max-age timer: Switch(config)# spanning-tree sstp max-age 24 Switch(config)#
1.1.5 spanning-tree sstp forward-time
description
To set the forward-delay timer, use the spanning-tree sstp forward-time command in global configuration mode. To return to the default settings, use the no form of this command.
spanning-tree sstp forward-time time
no spanning-tree sstp forward-time
parameter
parameter description
time Number of seconds to set the forward-delay timer; valid values are from 4 to 30 seconds.
default
15 seconds
instruction
none
- 4 -
STP Configuration Commands
command mode
global configuration
example
The following example shows how to set forward delay timer:
Switch(config)# spanning-tree sstp forward-delay 20 Switch(config)#
1.1.6 spanning-tree sstp cost
description
To set the path cost of the interface for SSTP calculations, use the spanning-tree sstp cost command in interface configuration mode. To revert to the default value, use the no form of this command.
spanning-tree sstp cost value
no spanning-tree sstp cost
parameter
parameter description
value Path cost. Valid values are from 1 to 200000000
default
10M Ethernet:100 。
100M Ethernet: 19 。
1000M Ethernet: 1 。
instruction
none
command mode
interface configuration
- 5 -
STP Configuration Commands
example
This example shows how to set a path cost value of 100 for the spanning tree VLAN associated with the interface F1/10:
Switch(config_f0/10)#spanning-tree sstp cost 100 Switch(config_f0/10)#
1.1.7 spanning-tree cost
description
To set the path cost of the interface for Spanning Tree Protocol (STP) calculations, use the spanning-tree cost command in interface configuration mode. To revert to the default value, use the no form of this command.
spanning-tree cost value
no spanning-tree cost
parameter
parameter description
value Path cost; valid values are from 1 to 200000000
default
The default path cost is computed from the bandwidth setting of the interface.
instruction
The configuration result of this command is valid to all spanning-tree modes. In STP mode, the path cost of all VLAN spanning-trees on the interface will be updated. In MSTP mode, the path cost of all spanning-tree examples will be updated.
But the configuration result of the command will not influence the independent configuration in various modes. For example, the switch respectively configured with the spanning-tree sstp cost 100 and the spanning-tree cost 110 in SSTP mode, the port priority will be 100.
command mode
interface configuration mode
- 6 -
STP Configuration Commands
example
This example shows how to set a path cost value of 24 for the spanning tree VLAN associated with that interface:
Switch(config_f0/0)# spanning-tree cost 24 Switch(config_f0/0)#
1.1.8 spanning-tree sstp port-priority
description
To set the priority value in SSTP mode, use the spanning-tree sstp port-priority command. Use the no form of this command to restore the default value.
spanning-tree sstp port-priority value
no spanning-tree sstp port-priority
parameter
parameter description
value Port priority。Value is from 0 to 255
default
128(0x80)
instruction
The port priority must be set in increments of 16 only.
command mode
interface configuration
example
The following example sets 32 as the priority value on interface f0/0:
Switch(config_f0/0)# spanning-tree sstp port-priority 32 Switch(config_f0/0)#
- 7 -
STP Configuration Commands
1.1.9 spanning-tree port-priority
description
To prioritize an interface when two bridges compete for position as the root bridge, use the spanning-tree port-priority command. The priority you set breaks the tie. To revert to the default setting, use the no form of this command.
spanning-tree port-priority value
no spanning-tree port-priority
parameter
parameter parameter
value Port priority。Value is from 0 to 255,
default
Port priority value is 128
instruction
The configuration result of this command is valid to all spanning-tree modes. In STP mode, the priority of all VLAN spanning-trees on the interface will be updated. In MSTP mode, the priority of all spanning-tree examples will be updated.
But the configuration result of the command will not influence the independent configuration in various modes. For example, the switch respectively configured with the spanning-tree sstp port-priority 100 and the spanning-tree port-priority 110 in SSTP mode, the port priority will be 100.
command mode
interface configuration
example
This example shows how to set the priority value:
Switch(config_f1/10)#spanning-tree port-priority 16 Switch(config_f1/10)#
- 8 -
STP Configuration Commands
1.1.10 show spanning-tree
description
To display spanning-tree information for the specified spanning-tree instances, use the show spanning-tree command.
show spanning-tree [detail | interface intf-i]
parameter
parameter Description
intf-i Pory name,like F0/10, G1/1
default
none
instruction
Show spanning-tree state.
command mode
Interface configuration/EXEC/global configuration
example
Switch_config#show span Spanning tree enabled protocol SSTP SSTP Root ID This bridge is the root Bridge ID Priority 32768 Address 00E0.0F64.8365 Hello/MaxAge/FwdDly 4/20/15(s) Intf Port ID Designated Port ID Name Pri.Nbr Role Sts Cost Bridge ID Pri.Nbr Cost -------- ------- ---- --- --------- -------------------- ------- --------- F0/47 128.47 Desg LIS 12 32768 00E0.0F64.8365 128.47 0 Switch_config#
- 9 -
STP Configuration Commands
1.2 RSTP Configuration Commands
1.2.1 spanning-tree mode rstp
description
To enable RSTP feature, use the spanning-tree mode rstp command. Use the no form of this command to disable RSTP.
spanning-tree mode rstp
no spanning-tree mode
parameter
none
default
RSTP disabled,SSTP enabled
instruction
none
example
The following example enables rstp on the switch:
switch(config)# spanning-tree mode rstp switch(config)#
1.2.2 spanning-tree rstp forward-time
description
To set the rstp forward-delay timer, use the spanning-tree rstp forward-time command in global configuration mode. To return to the default settings, use the no form of this command.
spanning-tree rstp forward-time time
no spanning-tree rstp forward-time
- 10 -
STP Configuration Commands
parameter
parameter description
time Number of seconds to set the forward-delay timer; valid values are from 4 to 30 seconds.
default
15 seconds
instruction
none
example
The following example sets 20 seconds as the rstp forward-delay timer:
switch(config)# spanning-tree rstp forward-time 20 switch(config)#
1.2.3 spanning-tree rstp hello-time
description
To set the RSTP hello-time delay timer, use the spanning-tree rstp hello-time command in global configuration mode. To return to the default settings, use the no form of this command.
spanning-tree rstp hello-time time
no spanning-tree rstp hello-time
parameter
parameter description
time Number of seconds to set the hello-time delay timer; valid values are from 1 to 10 seconds.
default
4 seconds
- 11 -
STP Configuration Commands
instruction
The hello-time configured by the local switch is valid only when the local switch is the root switch.
example
The following example sets 8 seconds as the rstp hello-time:
switch(config)# spanning-tree rstp hello-time 8 switch(config)#
1.2.4 spanning-tree rstp max-age
description
To set the RSTP max-age timer, use the spanning-tree rstp max-age command. To return to the default settings, use the no form of this command.
spanning-tree rstp max-age time
no spanning-tree rstp max-age
parameter
parameter description
time Number of seconds to set the max-age timer; valid values are from 6 to 40 seconds.
default
20 seconds
instruction
none
example
The following example sets 24 seconds as the rstp max-age timer:
switch(config)# spanning-tree rstp max-age 24 switch(config)#
- 12 -
STP Configuration Commands
1.2.5 spanning-tree rstp priority
description
To set the rstp bridge priority, use the spanning-tree rstp priority command. To return to the default settings, use the no form of this command.
spanning-tree rstp priority value
no spanning-tree rstp priority
parameter
parameter description
value Bridge priority。Value is from 0 to 61440,
default
32768
instruction
none
example
The following example sets 4096 as the bridge priority:
switch(config)# spanning-tree rstp priority 4096 switch(config)#
1.2.6 spanning-tree rstp cost
description
To set the path cost of the interface, use the spanning-tree rstp cost command. To revert to the default value, use the no form of this command.
spanning-tree rstp cost value
no spanning-tree rstp cost
parameter
parameter description
value Path cost; valid values are from 1 to 200000000
- 13 -
STP Configuration Commands
default
The default path cost is computed from the bandwidth setting of the interface
10 Mbps: 2000000
100 Mbps: 200000
1000 Mbps: 20000
instruction
none
example
The following example sets a path cost value of 24 for the interface f0/0:
switch(config_f0/0)# spanning-tree rstp cost 24 switch(config_f0/0)#
1.2.7 spanning-tree rstp port-priority
description
To set an interface priority, use the spanning-tree rstp port-priority command. To revert to the default value, use the no form of this command.
spanning-tree rstp port-priority value
no spanning-tree rstp port-priority
parameter
parameter description
value Port priority; valid values are from 0 to 255.
default
128
instruction
none
- 14 -
STP Configuration Commands
example
The following example sets 24 as the priority value on interface f0/0:
switch(config_f0/0)# spanning-tree rstp port-priority 24 switch(config_f0/0)#
1.2.8 spanning-tree rstp migration-check
Command description
spanning-tree rstp migration-check
Restart the protocol coversion check at the port of the RSTP.
Parameter
None
Default
None
Usage description
It is used to restart the protocol coversion check at the port, change the port from the STP-compatible mode to the RSTP mode, enabling the port to send RSTP BPDU.
The command is supported only in the switches that support IEEE 802.1D 2004 RSTP.
Command mode
Global/port configuration mode
Example
The following example shows the protocol coversion check is performed on port F0/10:
Switch(config_f0/10)#spanning-tree rstp migration-check Switch(config_f0/10)
- 15 -
STP Configuration Commands
Chapter 2 MSTP Configuration Commands
2.1 MSTP Configuration Command
2.1.1 spanning-tree mode mstp
Command description
spanning-tree mode mstp
no spanning-tree mode
Run the spanning-tree mode mstp command to set the running mode of STP to MSTP. Run the no spanning-tree mode command to disable STP.
Parameter
None
Default
The MSTP mode is closed, while the SSTP mode is running.
Usage description
None
Example
The following commands are used to enable the MSTP protocol on the switch:
switch(config)# spanning-tree mode mstp switch(config)#
2.1.2 spanning-tree mstp name
Command description
spanning-tree mstp name string
no spanning-tree mstp name
- 16 -
STP Configuration Commands
Run the spanning-tree mstp name string command to configure the regional name of the STP. Run the no spanning-tree mstp name command to resume the default name.
Parameter
Parameter Description
String Configures the character string of the name. The character string can have up to 32 characters, capital sensitive. The default value is in the form of character string like the MAC address of the switch.
Default
Character string form of the switch’s MAC address
Usage description
None
Example
The following commands are used to set the configuration name of the switch’s STP to reg-01.
switch(config)# spanning-tree mstp name reg-01 switch(config)#
2.1.3 spanning-tree mstp revision
Command description
spanning-tree mstp revision value
no spanning-tree mstp revision
Run the spanning-tree mstp revision value command to generate the revision number of STP. Run the no spanning-tree mstp revision to restore the revision number to the default value.
Parameter
Parameter Description
Value Revision number: 0 ~65535
Its default value is 0.
- 17 -
STP Configuration Commands
Default
The default value of the revision number is 0.
Usage description
None
Example
The following commands are used to set the regional revision number of STP to 100.
switch(config)# spanning-tree mstp revision 100 switch(config)#
2.1.4 spanning-tree mstp instance
Command description
spanning-tree mstp instance instance-id vlan vlan-list
no spanning-tree mstp instance instance-id
Run the command spanning-tree mstp instance instance-id vlan vlan-list to map the VLAN to the MSTI. Run the command no spanning-tree mstp instance instance-id to re-map the VLAN to the CIST.
Parameter
Parameter Description
instance-id Instance number of the STP, meaning an MSTI which ranges from 1 to 15.
vlan-list VLAN list which is mapped to the STP, ranging from 1 to 4094.
Default
All VLANs are mapped to the CIST (MST00).
Usage description
instance-id is an unique value representing an STP instance.
vlan-list represents a VLAN group, such as “1,2,3”, “1-5” and “1,2,5-10”.
- 18 -
STP Configuration Commands
Example
The following commands map VLAN1 to instance 1 of STP, and VLAN5,7,10-20 to instance 2 of STP, and then re-map these VLANs to MST00.
switch(config)# spanning-tree mstp instance 1 vlan 2 switch(config)# spanning-tree mstp instance 2 vlan 5,7,10-20 switch(config)# no spanning-tree mstp instance 2
2.1.5 spanning-tree mstp root
Command description
spanning-tree mstp instance-id root {primary | secondary}
[ diameter net-diameter [ hello-time seconds ] ]
no spanning-tree mstp root
Configure the specified MSTP instance to the primary/secondary root. Run its negative form to restore the priority of MSTP instance to the default value.
Both the diameter command and the hello-time command can modify the network diameter and the HelloTime parameter of the MSTP when they are setting the root.
Parameter
Parameter Description
instance-id MSTP instance, ranging from 0 to 15 Primary Sets the MSTP instance to the primary root.
Secondary Sets the MSTP instance to the secondary root.
net-diameter Network diameter, which is optional
When the instance-id parameter is 0, it is effective.
It ranges from 2 to 7.
Seconds Hello time, an optional parameter, which ranges from 1 to 10 seconds
Default
The priority value of all default roots of all MSTP instances are 32768, the network diameter is 7 and the HelloTime is 2 seconds.
Usage description
Both the diameter command and the hello-time command are valid only when instanc-id is 0.
- 19 -
STP Configuration Commands
Generally, after you run the command to set the primary root, the protocol automatically checks the ID of the current network root and then sets the priority field of the root identifier to 24576 if this value gurantees the current switch to be the root of the MSTP instance. If the priority value of the root is smaller than 24576, the protocol will automatically set the MSTP priority of the current root to a value which is 4096 smaller than the root’s priority. Here, 4069 is the step of the root priority.
Different from the configuration of the primary root, the protocol directly sets the MSTP priority of the switch to 28672 after the command for configuring the secondary root is run. Thus, the current switch can be the secondary root when the priorities of other switches are the default value 28672.
Example
The following commands are used to set tbe switch to the primary root in the CIST and recalculate the time parameter of the MSTP through network diameter 3 and HelloTime3, and at last set the switch to the secondary root in the MST01.
switch(config)# spanning-tree mstp 0 root primary diameter 3 hello-time 3 switch(config)# spanning-tree mstp 1 root secondary
2.1.6 spanning-tree mstp priority
Command description
spanning-tree mstp instance-id priority value
no spanning-tree mstp priority
It is used to configure the bridge priority of the MSTP instance. Its negative form is used to resume the default value of the priority.
Parameter
Parameter Description
instance-id MSTP instance number, ranging from 0 to 15 Value Bridge priority, which can be one of the given values:
0, 4096, 8192, 12288, 16384, 20480, 24576, 28672,
32768, 36864, 40960, 45056, 49152, 53248, 57344, 61440
Default
The default priority of the bridges of all MSTP instances is 32768.
Usage description
Each priority value in the MSTP instance is independent and can be configured independently.
- 20 -
STP Configuration Commands
Example
The following commands are used to set the priority of the switch in the CIST and MST01 to 4096 and 8192 respectively.
switch(config)# spanning-tree mstp 0 priority 4096 switch(config)# spanning-tree mstp 1 priority 8192
2.1.7 spanning-tree mstp hello-time
Command description
spanning-tree mstp hello-time seconds
no spanning-tree mstp hello-time
It is used to configure the hello-time of the MSTP, and its negative form is used to resume the default settings of the HelloTime.
Parameter
Parameter Description
Seconds It ranges from 1 to 10 seconds. Its default value is 2 seconds.
Default
Two seconds
Usage description
None
Example
The following commands are used to set the HelloTime of the MSTP to 10.
switch(config)# spanning-tree mstp hello-time 10 switch(config)# no spanning-tree mstp hello-time
2.1.8 spanning-tree mstp forward-time
Command description
spanning-tree mstp forward-time seconds
no spanning-tree mstp forward-time
- 21 -
STP Configuration Commands
It is used to configure the Forward Delay of the MTSP. Its negative is used to resume the default settings.
Parameter
Parameter Description
Seconds It ranges from 4 to 30 seconds. Its default value is 15 seconds.
Default
15 seconds
Usage description
None
Example
The following commands are used to set the Forward Delay parameter of the MTSP to 10.
switch(config)# spanning-tree mstp forward-time 10 switch(config)# no spanning-tree mstp forward-time
2.1.9 spanning-tree mstp max-age
Command description
spanning-tree mstp max-age seconds
no spanning-tree mstp max-age
It is used to configure the Max Age parameter of the MSTP. Its negative is used to resume the default settings.
Parameter
Parameter Description
Seconds Range: 6 – 40 seconds
The default value is 20 seconds.
Default
20 seconds
- 22 -
STP Configuration Commands
Usage description
None
Example
The following commands are used to set the MaxAge parameter of the MSTP to 10.
switch(config)# spanning-tree mstp max-age 10 switch(config)# no spanning-tree mstp max-age
2.1.10 spanning-tree mstp diameter
Command description
spanning-tree mstp diameter net-diameter
no spanning-tree mstp diameter
It is used to configure the network diameter of the MSTP. Its negative is used to resume the default settings.
Parameter Description
net-diameter Range: 2 – 7
Its default value is 7.
Default
The default network diameter is 7.
Usage description
The net-diameter parameter is not saved as an independent settings in the switch. The time parameter that is modified through network diameter configuration can be saved. The net-diameter parameter is valid in the CIST. After settings, the three time parameters of the STP can be automatically updated to a relatively advantageous value.
It is recommended to set the time parameters of the STP through root configuration or network diameter configuration. In this way, the reasonability of the time parameters can be assured.
Example
The following first command is to set the bridge diameter of MSTP to 5. The second command is to resume the default value of the bridge diameter.
switch(config)# spanning-tree mstp diameter 5
- 23 -
STP Configuration Commands
switch(config)# no spanning-tree mstp diameter
2.1.11 spanning-tree mstp max-hops
Command description
spanning-tree mstp max-hops hop-count
no spanning-tree mstp max-hops
The spanning-tree mstp max-hops hop-count command is used to set the maximum number of hops of the MSTP BPDU. Its negative is used to resume the default settings.
Parameter
Parameter Description
hop-count Range: 1 -40
Its default value is 20.
Default
The default vaue of the maximum hop counts is 20.
Usage description
None
Example
The first command is to set the maximum hop counts of the MSTP BPDU to 5. The second command is to restore the default value of the maximum hop counts.
switch(config)# spanning-tree mstp max-hops 5 switch(config)# no spanning-tree mstp max-hops
2.1.12 spanning-tree mstp port-priority
Command description
spanning-tree mstp instance-id port-priority value
no spanning-tree instance-id port-priority
The spanning-tree mstp instance-id port-priority value command is used to the port priority in the specified STP instance. Its negative is used to resume the default settings.
- 24 -
STP Configuration Commands
Parameter
Parameter Description
instance-id Number of the STP instance, ranging from 0 to 15 Value Port priority, which is one of the following values:
0, 16, 32, 48, 64, 80, 96, 112
128, 144, 160, 176, 192, 208, 224, 240
Default
The default priority value of the port in all STP instances is 128.
Usage description
None
Example
The first command is to set the priority of port F0/1 in the CIST to 16. The second command is to resume the default value.
switch(config_f0/1)# spanning-tree mstp 0 port-priority 16 switch(config_f0/1)# no spanning-tree mstp 0 port-priority
2.1.13 spanning-tree mstp cost
Command description
spanning-tree mstp instance-id cost value
no spanning-tree mstp instance-id cost
The command spanning-tree mstp instance-id cost value is used to set the path cost of the port in the specified STP instance. Its negative is used to resume the default settings.
Parameter
Parameter Description
instance-id Number of the STP instance, ranging from 0 to 15 Value Path cost of the port, ranging from 1 to 200000000
Default
It depends on the connection rate of the port:
- 25 -
STP Configuration Commands
10 Mbps: 2000000
100 Mbps: 200000
1000 Mbps: 20000
Usage description
None
Example
The following commands are used to set the path cost of port F0/1 in the CIST to 200.
switch(config_f0/1)# spanning-tree mstp 0 cost 200 switch(config_f0/1)#
2.1.14 spanning-tree mstp mst-compatible
Command description
spanning-tree mstp mst-compatible
no spanning-tree mstp mst-compatible
Activate or shut down the MST-compatible mode.
Parameter
None
Default
The MSTP-compatible mode is not activated.
Usage description
After the MST-compatible mode is enabled, configure other connected switches that are running other MSTP protocols to the roots of CIST, ensuring that the switch can enter the MSTP-compatible mode by receiving the message.
Example
The following command is to activate the MST-compatible mode in global configuration mode:
switch(config)#spanning-tree mstp mst-compatible
- 26 -
STP Configuration Commands
2.1.15 spanning-tree mstp migration-check
Command description
spanning-tree mstp migration-check
Clear the STP information that is checked by the port, and restart the protocol conversion process.
Parameter
None
Default
None
Usage description
The command is valid in global configuration mode and in port configuration mode.
Example
The following commands are used to check the protocol conversion on all ports first, and then check the protocol conversion on port F0/1 again.
switch(config)# spanning-tree mstp migration-check switch(config)# interface f 0/1 switch(config_f0/1)# spanning-tree mstp migration-check
2.1.16 show spanning-tree mstp
Command description
show spanning-tree mstp [ instance instance-id ]
The command above is used to check the MSTP information. If you run the command show spanning-tree mstp, the information about all STP instances is displayed.
Parameter
Parameter Description
instance-id Number of the STP instance, ranging from 0 to 15
- 27 -
STP Configuration Commands
Default
None
Usage description
It is valid in monitoring mode, global configuration mode or port mode.
Example
The following shows how to view all STP instances through the command. Here, MST00 stands for CIST, and the Type field stands for the port connection type.
Switch#show spanning-tree mstp MST00 Vlans Mapped: 1,4-4094 Root Address 00E0.0F64.8365 Priority 32768 (32768 mst-id 0) Root This root is the CIST and regional root Configured Hello Time 2, Forward Delay 15, Max Age 20, Max Hops 20 Root Times Hello Time 2, Forward Delay 15, Max Age 20 Interface Role Sts Cost Pri.Nbr Type ---------------- ---- --- --------- ------- -------------------------------- F0/1 Desg FWD 200000 128.1 P2p F0/3 Back BLK 200000 128.3 P2p F0/47 Desg FWD 200000 128.47 Edge MST01 Vlans Mapped: 2 Root Address 00E0.0F64.8365 Priority 32769 (32768 mst-id 1) Root This root for MST01 Interface Role Sts Cost Pri.Nbr Type ---------------- ---- --- --------- ------- -------------------------------- F0/1 Desg FWD 200000 128.1 P2p MST02 Vlans Mapped: 3 Root Address 00E0.0F64.8365 Priority 32770 (32768 mst-id 2) Root This root for MST02 Interface Role Sts Cost Pri.Nbr Type ---------------- ---- --- --------- ------- -------------------------------- F0/1 Desg FWD 200000 128.1 P2p
- 28 -
STP Configuration Commands
2.1.17 show spanning-tree mstp region
Command description
show spanning-tree mstp region
Check the regional configuration information about the MSTP.
Parameter
None
Default
None
Usage description
None
Example
See the following information. MST Config Table shows the relation between VLAN and STP instance.
switch(config)# show spanning-tree mstp region MST Region: Name: [reg01] Revision:[0] MST Config Table: Instance VLAN IDs ---------- ---------- 0 1,4-4094 1 2 2 3
2.1.18 show spanning-tree mstp detail
Command description
show spanning-tree mstp detail
The command above is used to check the detailed information about MSTP.
- 29 -
STP Configuration Commands
Parameter
None
Default
None
Usage description
None
Example
The following example shows the detailed STP information after the command is run, including the port connection type and optional characteristics:
Switch#show spanning-tree mstp detail MST00 Vlans Mapped: 1,4-4094 Root Address 00E0.0F64.8365 Priority 32768 (32768 mst-id 0) Root This root is the CIST and regional root Configured Hello Time 2, Forward Delay 15, Max Age 20, Max Hops 20 Root Times Hello Time 2, Forward Delay 15, Max Age 20 FastEthernet0/1 of MST00 is designated forwarding Port Info Port ID 128.1 Priority 128 Cost 200000 Designated Root Address 00E0.0F64.8365 Priority 32768 Cost 0 CIST Regional Root Address 00E0.0F64.8365 Priority 32768 Cost 0 Designated Root Address 00E0.0F64.8365 Priority 32768 Port ID 128.1 Edge Port: disabled Link Type: point-to-point (auto) Bpdu Guard: disabled (default) Root Guard: disabled (default) Loop Guard: disabled (default) Timers: message expires in 0 sec, forward delay 0 sec, up time 662 sec Number of transitions to forwarding state: 1 Bpdu sent 335, received 5 FastEthernet0/3 of MST00 is backup blocking Port Info Port ID 128.3 Priority 128 Cost 200000 Designated Root Address 00E0.0F64.8365 Priority 32768 Cost 0 CIST Regional Root Address 00E0.0F64.8365 Priority 32768 Cost 0 Designated Root Address 00E0.0F64.8365 Priority 32768 Port ID 128.1 Edge Port: disabled Link Type: point-to-point (auto) Bpdu Guard: disabled (default) Root Guard: disabled (default) Loop Guard: disabled (default) Timers: message expires in 5 sec, forward delay 15 sec, up time 662 sec
- 30 -
STP Configuration Commands
Number of transitions to forwarding state: 0 Bpdu sent 5, received 335 FastEthernet0/47 of MST00 is designated forwarding Port Info Port ID 128.47 Priority 128 Cost 200000 Designated Root Address 00E0.0F64.8365 Priority 32768 Cost 0 CIST Regional Root Address 00E0.0F64.8365 Priority 32768 Cost 0 Designated Root Address 00E0.0F64.8365 Priority 32768 Port ID 128.47 Edge Port: enabled (auto) Link Type: point-to-point (auto) Bpdu Guard: disabled (default) Root Guard: disabled (default) Loop Guard: disabled (default) Timers: message expires in 0 sec, forward delay 0 sec, up time 1485 sec Number of transitions to forwarding state: 1 Bpdu sent 744, received 0 MST01 Vlans Mapped: 2 Root Address 00E0.0F64.8365 Priority 32769 (32768 mst-id 1) Root This root for MST01 FastEthernet0/1 of MST01 is designated forwarding Port Info Port ID 128.1 Priority 128 Cost 200000 Designated Root Address 00E0.0F64.8365 Priority 32769 Cost 0 Desingated Root Address 00E0.0F64.8365 Priority 32769 Port ID 128.1 Timers: message expires in 0 sec, forward delay 0 sec, up time 662 sec Number of transitions to forwarding state: 1 MST Config Message transmitted 335, received 0 MST02 Vlans Mapped: 3 Root Address 00E0.0F64.8365 Priority 32770 (32768 mst-id 2) Root This root for MST02 FastEthernet0/1 of MST02 is designated forwarding Port Info Port ID 128.1 Priority 128 Cost 200000 Designated Root Address 00E0.0F64.8365 Priority 32770 Cost 0 Desingated Root Address 00E0.0F64.8365 Priority 32770 Port ID 128.1 Timers: message expires in 0 sec, forward delay 0 sec, up time 662 sec Number of transitions to forwarding state: 1 MST Config Message transmitted 335, received 0
2.1.19 show spanning-tree mstp interface
Command description
show spanning-tree mstp interface interface-id
- 31 -
STP Configuration Commands
The command above is used to check the information about the port which is run under MSTP.
Parameter
Parameter Description
interface-id Port name, such as F0/1 and FastEtnernet0/3
Default
None
Usage description
None
Example
The following example shows the information about port F0/1 after you run the command show spanning-tree mstp interface f0/1: Switch#show spanning-tree mstp interface f0/1 FastEthernet0/1 of MST00 is designated forwarding Port Info Port ID 128.1 Priority 128 Cost 200000 Designated Root Address 00E0.0F64.8365 Priority 32768 Cost 0 CIST Regional Root Address 00E0.0F64.8365 Priority 32768 Cost 0 Designated Root Address 00E0.0F64.8365 Priority 32768 Port ID 128.1 Edge Port: disabled Link Type: point-to-point (auto) Bpdu Guard: disabled (default) Root Guard: disabled (default) Loop Guard: disabled (default) Timers: message expires in 0 sec, forward delay 0 sec, up time 851 sec Number of transitions to forwarding state: 1 Bpdu sent 430, received 5 FastEthernet0/1 of MST01 is designated forwarding Port Info Port ID 128.1 Priority 128 Cost 200000 Designated Root Address 00E0.0F64.8365 Priority 32769 Cost 0 Desingated Root Address 00E0.0F64.8365 Priority 32769 Port ID 128.1 Timers: message expires in 0 sec, forward delay 0 sec, up time 851 sec Number of transitions to forwarding state: 1 MST Config Message transmitted 430, received 0 FastEthernet0/1 of MST02 is designated forwarding Port Info Port ID 128.1 Priority 128 Cost 200000 Designated Root Address 00E0.0F64.8365 Priority 32770 Cost 0
- 32 -
STP Configuration Commands
Desingated Root Address 00E0.0F64.8365 Priority 32770 Port ID 128.1 Timers: message expires in 0 sec, forward delay 0 sec, up time 851 sec Number of transitions to forwarding state: 1 MST Config Message transmitted 430, received 0 Instance Role Sts Cost Pri.Nbr Vlans Mapped -------- ---- --- --------- ------- -------------------- 0 Desg FWD 200000 128.1 1,4-4094 1 Desg FWD 200000 128.1 2 2 Desg FWD 200000 128.1 3show spanning-tree mstp protocol-migration
Command description
show spanning-tree mstp protocol-migration
The command above is used to check the protocol conversion information when the port is running under MSTP.
Parameter
None
Default
None
Usage description
None
Example
The following example shows the information about protocol conversion after the command show spanning-tree mstp protocol-migration is run. Note that port F0/2 has transferred to the 802.1D STP mode.
Switch#show spanning-tree mstp protocol-migration MSTP Port Protocol Migration Interface Protocol Info ---------------- ---------- ------------------------------------------------ F0/2 802.1D
- 33 -
STP Optional Characteristic Configuration Commands
Table of Contents
Table of Contents
Chapter 1 STP Optional Characteristic Configuration Commands .................................................... 1 1.1 STP Optional Characteristic Configuration Commands ....................................................... 1
1.1.1 spanning-tree portfast ................................................................................................ 1 1.1.2 spanning-tree bpduguard ........................................................................................... 2 1.1.3 spanning-tree bpdufilter ............................................................................................. 3 1.1.4 spanning-tree uplinkfast ............................................................................................. 4 1.1.5 spanning-tree backbonefast....................................................................................... 4 1.1.6 spanning-tree guard ................................................................................................... 5 1.1.7 spanning-tree loopguard ............................................................................................ 6
- I -
STP Optional Characteristic Configuration Commands
Chapter 1 STP Optional Characteristic Configuration Commands
1.1 STP Optional Characteristic Configuration Commands
1.1.1 spanning-tree portfast
description
To enable bridge protocol data unit (BPDU) filtering by default on all PortFast ports, use the spanning-tree portfast bpdufilter default command in global configuration mode. To return to the default settings, use the no form of this command.
spanning-tree portfast {bpdufilter default | bpduguard default | default}
no spanning-tree portfast {bpdufilter default | bpduguard default | default}
To enable PortFast mode where the interface is immediately put into the forwarding state upon linkup without waiting for the timer to expire, use the spanning-tree portfast command in interface configuration mode. To return to the default settings, use the no form of this command.
spanning-tree portfast [disable | trunk]
no spanning-tree portfast
parameter
parameter description
bpdufilter default Enables bpdu flter.
bpduguard default Enables bpdu guard.
default Specifies the default method.
default
disabled
instruction
In SSTP/PVST mode, the Port Fast characteristic makes a port immediately enter Forwarding state without experiencing any status change process. This configuration is invalid in RSTP/MSTP mode.
- 1 -
STP Optional Characteristic Configuration Commands
After configuring Port Fast, BPDU Guard or BPDU Filter needs to be configured for protection.
command mode
global and interface configuration mode
example
This example shows how to enable PortFast mode globally:
Switch(config)# spanning-tree portfast default Switch(config)#
This example shows how to enable PortFast mode on the interface f0/0:
Switch(config_f0/0)# spanning-tree portfast Switch(config_f0/0)#
1.1.2 spanning-tree bpduguard
description
To enable bridge protocol data unit (BPDU) guard on the interface, use the spanning-tree bpduguard command in interface configuration mode. To return to the default settings, use the no form of this command.
spanning-tree bpduguard {disable | enable}
no spanning-tree bpduguard
parameter
none
default
disabled
instruction
In SSTP/PVST mode, if a port that configured BPDU Guard and Port Fast receives BPDU, this port will be forced to shutdown. User can restore it by the manual configuration. In RSTP/MSTP mode, if a port that configured BPDU Guard receives BPDU, this port will be configured to Blocking state for a period of time.
- 2 -
STP Optional Characteristic Configuration Commands
command mode
interface configuration
example
This example shows how to enable BPDU guard on this interface:
Switch(config_f0/0)# spanning-tree bpduguard enable Switch(config_f0/0)#
1.1.3 spanning-tree bpdufilter
description
To enable bridge protocol data unit (BPDU) filtering on the interface, use the spanning-tree bpdufilter command in interface configuration mode. To return to the default settings, use the no form of this command.
spanning-tree bpdufilter {disable | enable}
no spanning-tree bpdufilter
parameter
none
default
disabled
instruction
In SSTP/PVST mode, if a port that configured BPDU Filter and Port Fast receives BPDU, the BPDU Filter and Port Fast characteristics on that port will be disabled automatically to restore the port to an ordinary port. Then this port must endure the wait from Listening to Learning before entering Forwarding state.
This feature is invalid in RSTP/MSTP mode.
command mode
interface configuration
example
This example shows how to enable BPDU filtering on this interface:
Switch(config_f0/0)# spanning-tree bpdufilter enable
- 3 -
STP Optional Characteristic Configuration Commands
Switch(config_f0/0)#
1.1.4 spanning-tree uplinkfast
description
To enable the debugging of the spanning-tree UplinkFast events, use the debug spanning-tree uplinkfast command. To disable the debugging output, use the no form of this command.
spanning-tree uplinkfast [max-update-rate pkts-per-second]
no spanning-tree uplinkfast [max-update-rate]
parameter
none
default
disabled
instruction
Uplink Fast characteristic is only valid in SSTP/PVST mode.
command mode
global configuration
example
The following example enables uplinkfast characteristic:
Switch(config)# spanning-tree uplinkfast Switch(config)#
1.1.5 spanning-tree backbonefast
description
To enable debugging of the spanning-tree BackboneFast events, use the debug spanning-tree backbonefast command. To disable the debugging output, use the no form of this command.
spanning-tree backbonefast
- 4 -
STP Optional Characteristic Configuration Commands
no spanning-tree backbonefast
parameter
none
default
disabled
instruction
Backbone Fast characteristic is only valid in SSTP/PVST mode.
command mode
global configuration
example
The following command enables backbonefast characteristic:
Switch(config)# spanning-tree backbonefast Switch(config)#
1.1.6 spanning-tree guard
description
To enable or disable the guard mode, use the spanning-tree guard command in interface configuration mode. To return to the default settings, use the no form of this command.
spanning-tree guard {loop | none | root}
no spanning-tree guard
parameter
parameter description
loop Enables the loop-guard mode on the interface. Value is from 1 to 0xfe.
none Sets the guard mode to none. Value is 48-bit.
root Enables root-guard mode on the interface.
- 5 -
STP Optional Characteristic Configuration Commands
default
disabled
instruction
Root Guard characteristic can prevent a port from becoming Root port due to receving high priority BPDU.
Loop Guard characteristic can protect a Root Port or a Alternate Port when it becomes the Designated Port. This function can prevent a port from occuring the loop when it cannot continuously receive BPDU.
command mode
interface configuration
example
This example shows how to enable root guard: Switch(config_f0/0)# spanning-tree guard root Switch(config_f0/0)#
1.1.7 spanning-tree loopguard
description
To enable loop guard as a default on all ports of a given bridge, use the spanning-tree loopguard default command in global configuration mode. To disable loop guard, use the no form of this command.
spanning-tree loopguard default
parameter
none
default
none
instruction
none
- 6 -
STP Optional Characteristic Configuration Commands
command mode
global configuration
example
The following command enables loopguard function:
Switch(config)# spanning-tree loopguard default Switch(config)#
- 7 -
MAC Address Table Characteristics Configuration Commands
Table of Contents
Table of Contents
Chapter 1 MAC Address Table Characteristics Configuration Commands ....................................... 1 1.1 MAC Address Table Characteristic Configuration Commands ............................................. 1
1.1.1 mac address-table static ............................................................................................ 1 1.1.2 mac address-table aging-time.................................................................................... 1 1.1.3 show mac address-table ............................................................................................ 2 1.1.4 clear mac address-table............................................................................................. 3
- I -
MAC Address Table Characteristics Configuration Commands
Chapter 1 MAC Address Table Characteristics Configuration Commands
1.1 MAC Address Table Characteristic Configuration Commands
1.1.1 mac address-table static
description
To add/delete a static MAC address, use the mac address-table static command.
[no] mac address-table static mac-addr vlan vlan-id interface interface-id
parameter
parameter description
mac-addr MAC address. Value format: H.H.H.
vlan-id Vlan id of the MAC address, in the range from 1 to 4094.
interface-id Interface id of the MAC address.
Default
none
command mode
global configuration
example
The following example binds the MAC address 0004.5600.67ab to the interface g0/2 of VLAN 1: Switch(config)# mac address-table static 0004.5600.67ab vlan 1 interface g0/2
1.1.2 mac address-table aging-time
description
To configure the maximum aging time for MAC address table, use the mac-address-table aging-time command in global configuration mode.
mac address-table aging-time [0 | 10-1000000]
parameter
parameter description
0 The aging time for MAC address table is disabled.
10-1000000 The aging time for MAC address table. Valid values are from 10
- 1 -
MAC Address Table Characteristics Configuration Commands
to 1000000 seconds.
Default
none
command mode
global configuration mode
example
The following example configures the aging time for MAC address table to 100 seconds: Switch(config)# mac address-table aging-time 100
1.1.3 show mac address-table
description
To display the content of the switch MAC address table, use the show mac address-table command.
show mac address-table {dynamic [interface interface-id | vlan vlan-id] | static}
parameter
parameter description
dynamic The MAC address table that acquires dynamically.
interface-id Interface name
vlan-id VLAN ID, in the range from 1 to 4094.
static The static MAC address table.
default
none
instruction
Use this command to display MAC address table.
example
The following example displays all static MAC address tables: Switch# show mac address-table static Mac Address Table ------------------------------------------ Vlan Mac Address Type Ports ---- ----------- ---- ----- All 0000.0000.0001 STATIC CPU
- 2 -
MAC Address Table Characteristics Configuration Commands
All 0000.0000.0002 STATIC CPU All 0000.0000.0003 STATIC CPU All 0000.0000.0009 STATIC CPU All 0000.0000.0012 STATIC CPU All 0180.c200.000b STATIC CPU All 0180.c200.000c STATIC CPU All 0180.c200.000d STATIC CPU All 0180.c200.0010 STATIC CPU
1.1.4 clear mac address-table
description
To delete a dynamic MAC address, use the clear mac address-table
clear mac address-table dynamic [address mac-addr | interface interface-id | vlan vlan-id]
parameter
parameter description
dynamic The dynamic MAC address
address mac-addr The MAC address. Value range: H.H.H.
interface-id Layer 2 interface name.
vlan-id VLAN ID, in the range from 1 to 4094.
default
none
command mode
EXEC
example
The following example deletes all MAC addresses that acquire dynamically on interface f0/2: Switch# clear mac address-table dynamic interface f0/2
- 3 -
Link Aggregation Configuration Commands
Table of Contents
Table of Contents
Chapter 1 Link Aggregation Configuration Commands...................................................................... 1 1.1 Link Aggregation Configuration Commands ......................................................................... 1
1.1.1 aggregator-group ....................................................................................................... 1 1.1.2 aggregator-group load-balance.................................................................................. 2 1.1.3 show aggregator-port ................................................................................................. 3 1.1.4 show interface port-aggregator .................................................................................. 4 1.1.5 debug lacp errors ....................................................................................................... 5 1.1.6 debug lacp state ......................................................................................................... 6 1.1.7 debug lacp packet ...................................................................................................... 7
- I -
Link Aggregation Configuration Commands
Chapter 1 Link Aggregation Configuration Commands
1.1 Link Aggregation Configuration Commands
1.1.1 aggregator-group
description
To configure interface aggregation, use the aggregator-group command. Use the no form of this command to restore the default value.
aggregator-group id mode {lacp-negotiation |static }
no aggregator-group
parameter
parameter description
id ID number of the logical port. Value range: none. lacp-negotiation Uses LACP negotiation. Value range:N/A. static Negotiation is not used on an port. Value range:N/A.
default
disabled
instruction
Port link aggregation is to bind several ports with the familiar attrubute to one logical port. LACP negotiation can be used to form binding process. Also the binding process can be forced to be formed without any LACP negotiation .
If the static aggregation is used, please make sure the attribute of the ports to be binded is the same,that is, they are all full-duplex mode and with the same rate. Meantime make sure the connection of the ports to be binded is peer-to-peer connection. Also the remote ports of the peer-to-peer connection are also binded to one logical port.
You can select LACP negotiation mode when configuring port aggregation. Active—Places a port into an active negotiating state, in which the port initiates negotiations with remote ports by sending LACP packets. Passive—Places a
- 1 -
Link Aggregation Configuration Commands
port into a passive negotiating state, in which the port responds to LACP packets it receives but does not initiate LACP negotiation.
Switches of partial models doesn’t support dynamic negotiation mode, therefore relevant configuration commands are not provided.
Command mode
interface configuration mode
example
Switch(config_f0/24)#aggregator-group 3 mode lacp-negotiation Creating a port-aggregator interface Port-aggregator3 Switch(config_f0/24)#int f0/23 Switch(config_f0/23)#aggregator-group 3 mode lacp-negotiation
1.1.2 aggregator-group load-balance
description
To configure the load balance after port aggregation, use the aggregator-group load-balance command. Use the no form of this command to restore the default value.
aggregator-group load-balance { dst-mac| src-mac| both-mac | src-ip | dst-ip | both-ip }
no aggregator-group load-balance
parameter
parameter description
dst-mac Sets destination mac address as standard. Value range: N/A. src-mac Sets source mac address as standard. Value range: N/A. both-mac Sets source and destination mac address as standard. Value
range:N/A. dst-ip Sets destination ip address as standard. Value range:N/A. src-ip Sets source ip address as standard. Value range:N/A. both-ip Sets source and destination ip address as standard. Value
range:N/A.
default
dst-mac
- 2 -
Link Aggregation Configuration Commands
instruction
To ensure load balance of each physical port after port aggregation, use this command to equably distribute data flow on each physical port.
When dst-mac mode is selected, the distribution of data flow sets destination MAC address of the data packet as standard. The same MAC address is only sent out on a certain physical interface. The src-mac uses source MAC address as standard.
The supporting capability in load balance policy varies according to different models of switches. The command prompt only shows the sharing policy that the switch supports. If the switch doesn’t support any sharing polich or just supports one of them, the relevant subcommands will not be displayed.
Command mode
global configuration mode
Example
The following command modifies load balance of the port-aggregator 3 to src mode:
Switch(config)#port-aggregator load-balance 3 src-mac Switch(config)#
1.1.3 show aggregator-port
description
To show the concrete information of aggregator-group, use the show aggregator-port command.
show aggregator-port [id] {detail|brief|summary}
parameter
parameter Description
id THE CONCRETE LOGICAL PORT ID.
default
none
instruction
This command is used to show port aggregation information.
- 3 -
Link Aggregation Configuration Commands
Command mode
EXEC/ All configuration modes
1.1.4 show interface port-aggregator
description
To show concrete information of the aggregator-group, use the show interface port-aggregator command.
show interface port-aggregator id
parameter
parameter Description
id The concrete port ID, in the range from 1 to 16.
default
none
instruction
This command is used to show port aggregation information.
Command mode
EXEC/All configuration modes
example
The following example shows information about port-aggregator 1.
Switch#sho int po1 Port-aggregator1 is down, line protocol is down Hardware is PortAggregator, Address is 0000.0000.0000(0000.0000.0000) MTU 1500 bytes, BW 1000 kbit, DLY 2000 usec Encapsulation ARPA, loopback not set Members in this Aggregator: 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 multicasts
- 4 -
Link Aggregation Configuration Commands
0 input errors, 0 input discards 0 CRC, 0 frame, 0 overrun, 0 ignored 0 packets output, 0 bytes, 0 underruns Transmited 0 broadcasts, 0 multicasts 0 output errors, , 0 discards 0 output buffer failures, 0 output buffers swapped out
Note: Members in this Aggregator indicates the physical port aggregated to the logical port.
Statistics descriptions are as follows:
Packets input indicates total number of error-free packets received by the system, including unicasts, multicasts and broadcasts.
Bytes indicate total number of in the error-free packets received by the system.
Broadcasts indicate total number of broadcast packets received by the interface.
Multicasts indicate total number of multicast packets received by the interface.
Input errors indicate the received error packets.
Input discards indicate the received packets are discarded, like the received packets when the interface protocol is down.
Packets output indicates total number of messages transmitted by the system, including unicasts, multicasts and broadcasts.
Bytes indicate total number of bytes transmitted by the system.
Broadcasts indicate total number of broadcast packets transmitted by the system.
Multicasts indicate total number of multicast packets transmitted by the system.
Input errors indicate the sending error packets.
Input discards indicate the sending packets are discarded, like the sending packets when the interface protocol is down.
1.1.5 debug lacp errors
description
To debug LACP errors information, use the debug lacp errors command.
debug lacp errors
no debug lacp errors
- 5 -
Link Aggregation Configuration Commands
parameter
none
default
none
instruction
This command is used to debug all errors information during lacp operation to locate the error.
Command mode
EXEC
example
Switch# debug lacp error Switch#
1.1.6 debug lacp state
description
To debug lacp state, use the debug lacp state command.
debug lacp state
no debug lacp state
parameter
none
default
none
command mode
EXEC
- 6 -
Link Aggregation Configuration Commands
example
Switch# debug lacp state Switch#
1.1.7 debug lacp packet
description
To debug lacp packet information, use the debug lacp packet command.
debug lacp packet
no debug lacp packet
parameter
none
default
none
command mode
EXEC
example
Switch# debug lacp packet Switch#
- 7 -
MAC Address List Characteristic Configuration Commands
Table of Contents
Table of Contents
Chapter 1 MAC Access List Configuration Commands........................................................................................................ 1 1.1 MAC Access List Configuration Commands.......................................................................................................... 1
1.1.1 mac access-list.......................................................................................................................................... 1 1.1.2 permit ........................................................................................................................................................ 1 1.1.3 deny........................................................................................................................................................... 2 1.1.4 mac access-group..................................................................................................................................... 3
- I -
MAC Address List Characteristic Configuration Commands
Chapter 1 MAC Access List Configuration Commands
1.1 MAC Access List Configuration Commands mac access-list
permit
deny
mac access-group
1.1.1 mac access-list
description
To add a MAC access list, use the mac access-list command. To delete a MAC access list, use the mac access-list command.
[no] mac access-list name
parameter
parameter Description
name MAC access list name.
default
none
command mode
Global configuration mode
example
The following example establishes MAC access list named mac-acl: Switch-config_# mac access-list mac-acl Switch-config-macl#
1.1.2 permit
description
To add a permit entry to the MAC access list, use the permit command. Use the no form of this command to delete a permit entry from the MAC access list.
[no] permit {any | host src-mac-addr} {any | host dst-mac-addr}[ethertype]
- 1 -
MAC Address List Characteristic Configuration Commands
parameter
parameter description Value range
any Any value -
host Host -
src-mac-addr Source MAC address H.H.H
dst-mac-addr Destination MAC address H.H.H
ethertype Types of the matching ethernet data packet.
0-0xFFFF
default
deny all
command mode
MAC access list configuration mode
example
The following example permits host whose source MAC address is 1234.5678.abcd: Switch-config-macl#permit host 1234.5678.abcd any 0x806
1.1.3 deny
description
To add a deny entry to the MAC access list, use the deny command. Use the no form of this command to delete a deny entry from the MAC access list.
[no] deny {any | host src-mac-addr} {any | host dst-mac-addr}[ethertype]
parameter
parameter Description Value range
any Any value -
host Host -
src-mac-addr Source MAC address H.H.H
dst-mac-addr Destination MAC address H.H.H
ethertype Types of the matching ethernet data packet.
0-0xFFFF
default
deny all
- 2 -
MAC Address List Characteristic Configuration Commands
comamnd mode
MAC access list configuration mode
example
The following example denies host whose source MAC address is 1234.5678.abcd: Switch-config-macl#deny host 1234.5678.abcd any 0x806
1.1.4 mac access-group
description
To apply the configured MAC access list in global configuration mode, use the mac access-group command. Use the no form of this comand to delete the mac access-list.
[no] mac access-group name
parameter
parameter Description
name Name of the MAC access list.
default
No MAC access list is applied.
Command mode
Global configuration mode
example
The following example configures MAC access list named macacl: Switch_config#mac access-group macacl
- 3 -
IP Access List Configuration Commands
Table of Contents
Table of Contents
Chapter 1 Configuring Physical Interface IP Access List Command ................................................. 1 1.1 IP Access List Configuration Commands Based on Physical Interface................................ 1
1.1.1 deny............................................................................................................................ 1 1.1.2 ip access-group.......................................................................................................... 3 1.1.3 ip access-list............................................................................................................... 4 1.1.4 permit ......................................................................................................................... 5 1.1.5 show ip access-list ..................................................................................................... 7
- I -
Physical Interface IP Access List Configuration Commands
Chapter 1 Configuring Physical Interface IP Access List Command
1.1 IP Access List Configuration Commands Based on Physical Interface
deny
ip access-group
ip access-list
permit
show ip access-list
1.1.1 deny
To set conditions in a named IP access list that will deny packets, use the deny command in access list configuration mode. To remove a deny condition from an access list, use the no form of this command.
deny source [source-mask]
no deny source [source-mask]
deny protocol source source-mask destination destination-mask [tos tos]
no deny protocol source source-mask destination destination-mask [tos tos]
Internet Control Message Protocol (ICMP)
deny icmp source source-mask destination destination-mask [icmp-type] [tos tos]
Internet Group Management Protocol (IGMP)
deny igmp source source-mask destination destination-mask [igmp-type] [tos tos]
Transmission Control Protocol (TCP)
deny tcp source source-mask [operator port] destination destination-mask [operator port ] [tos tos]
User Datagram Protocol (UDP)
deny udp source source-mask [operator port] destination destination-mask [operator port] [tos tos]
parameter
parameter Description
Name or number of an Internet protocol. The protocol argument can be one of the keywords eigrp, gre, icmp, igmp, ip, ipinip, nos, ospf, tcp, or udp, or an integer in the range from 0 to 255 representing an Internet protocol number.
protocol
source Number of the network or host from which the packet is being sent. There are two alternative ways to specify the source. Use a 32-bit quantity in four-part dotted-decimal format. Use the any keyword as an abbreviation for a source and source-wildcard of 0.0.0.0
- 1 -
Physical Interface IP Access List Configuration Commands
0.0.0.0.
Source address network masn. Use the any keyword as an abbreviation for the source mask and source of 0.0.0.0 0.0.0.
source-mask
destination Number of the network or host to which the packet is being sent. There are two alternative ways to specify the destination:
Use a 32-bit quantity in four-part dotted-decimal format.
Use the any keyword as an abbreviation for the destination and destination-wildcard of 0.0.0.0 255.255.255.255.
destination-mask Destination address network mask. Use the any keyword as an abbreviation for the destination address and destination address mask of 0.0.0.0 0.0.0.
tos tos (Optional) Packets can be filtered by type of service (ToS) level, as specified by a number from 0 to 15, or by a name as listed in the "Usage Guidelines" section of the access-list (IP extended) command.
icmp-type (Optional) ICMP packets can be filtered by ICMP message type. The type is a number from 0 to 255.
igmp-type (Optional) IGMP packets can be filtered by IGMP message type or message name. A message type is a number from 0 to 15. IGMP message names are listed in the "Usage Guidelines" section of the access-list (IP extended) command.
operator (Optional) Compares source or destination ports. Operators include lt (less than), gt (greater than), eq (equal), neq (not equal), and range (inclusive range).
If the operator is positioned after the source and source-wildcard arguments, it must match the source port. If the operator is positioned after the destination and destination-wildcard arguments, it must match the destination port.
port (Optional) The decimal number or name of a TCP or UDP port. A port number is a number from 0 to 65535.
Command mode
IP Access List Configuration Mode
Instruction
Use this command following the ip access-list command to specify conditions under which a packet cannot pass the named access list. The time-range keyword allows you to identify a time range by name. The time-range, absolute, and periodic commands specify when this deny statement is in effect.
Note:
- 2 -
Physical Interface IP Access List Configuration Commands
After initially establishing an access list, any subsequent adding content(which can be input by terminal) is put in the bottom of the list.
example
The following example denies the network range 192.168.5.0: ip access-list standard filter deny 192.168.5.0 255.255.255.0
Note:
IP access table is concluded in a crytic deny rule.
Related commands
ip access-group
ip access-list
permit
show ip access-list
1.1.2 ip access-group
To apply an access control list to control packet access, use the ip access-group command in the appropriate configuration mode. To remove the specified access group, use the no form of this command.
ip access-group {access-list-name}
no ip access-group {access-list-name}
parameter
parameter Description
Name of an IP access list as specified by an ip access-list command.
access-list-name
Command mode
Interface configuration mode
Instruction
Access lists can be applied on either outbound or inbound interfaces. For standard inbound access lists, after receiving a packet, the Cisco IOS software checks the source address of the packet against the access list. For extended access lists, the router also checks the destination access list. If the access list permits the address, the software continues to process the packet. If the access list rejects the address, the software discards the packet and returns an ICMP host unreachable message. If the specified access list does not exist, all packets are passed.
example
The following example applies list on packets outbound from Ethernet interface g0/10::
- 3 -
Physical Interface IP Access List Configuration Commands
Interface f0/10 ip access-group filter
related commands
ip access-list
show ip access-list
1.1.3 ip access-list
To define an IP access list by name or number, use the ip access-list command in global configuration mode. To remove the IP access list, use the no form of this command.
ip access-list {standard | extended} name
no ip access-list {standard | extended} name
parameter
parameter description
standard Specifies a standard IP access list.
extended Specifies an extended IP access list.
Name of the access list. Names cannot contain a space or quotation mark, and must begin with an alphabetic character to prevent ambiguity with numbered access lists.
name
default
No IP access list is defined.
Command mode
global configuration mode
instruction
Use this command to configure a named or numbered IP access list. This command will place the router in access-list configuration mode, where you must define the denied or permitted access conditions with the deny and permit commands.
example
The following example defines a standard access list: ip access-list standard filter deny 192.168.1.0 255.255.255.0 permit any
related commands
deny
ip access-group
- 4 -
Physical Interface IP Access List Configuration Commands
permit
show ip access-list
1.1.4 permit
To set conditions to allow a packet to pass a named IP access list, use the permit command in access list configuration mode. To remove a permit condition from an access list, use the no form of this command.
permit source [source-mask]
no permit source [source-mask]
permit protocol source source-mask destination destination-mask [tos tos]
no permit protocol source source-mask destination destination-mask [tos tos]
Internet Control Message Protocol (ICMP)
permit icmp source source-mask destination destination-mask [icmp-type] [tos tos]
Internet Group Management Protocol (IGMP)
permit igmp source source-mask destination destination-mask [igmp-type] [tos tos]
Transmission Control Protocol (TCP)
permit tcp source source-mask [operator port] destination destination-mask [operator port ] [tos tos]
User Datagram Protocol (UDP)
permit udp source source-mask [operator port [port]] destination destination-mask [tos tos]
parameter
parameter description
protocol Name or number of an Internet protocol. The protocol argument can be one of the keywords eigrp, gre, icmp, igmp, ip, ipinip, nos, ospf, tcp, or udp, or an integer in the range from 0 to 255 representing an Internet protocol number.
source Number of the network or host from which the packet is being sent. There are two alternative ways to specify the source: Use a 32-bit quantity in four-part dotted-decimal format. Use the any keyword as an abbreviation for a source and source-wildcard of 0.0.0.0 0.0.0.0.
Source address network masn. Use the any keyword as an abbreviation for the source mask and source of 0.0.0.0 0.0.0.
source-mask
destination Number of the network or host to which the packet is being sent. There are two alternative ways to specify the destination:
Use a 32-bit quantity in four-part dotted-decimal format.
Use the any keyword as an abbreviation for the destination and destination-wildcard of 0.0.0.0 255.255.255.255.
destination-mask Destination address network mask. Use the any keyword as an abbreviation for the destination address and destination address
- 5 -
Physical Interface IP Access List Configuration Commands
mask of 0.0.0.0 0.0.0.
tos tos (Optional) Packets can be filtered by type of service (ToS) level, as specified by a number from 0 to 15, or by a name as listed in the "Usage Guidelines" section of the access-list (IP extended) command.
icmp-type (Optional) ICMP packets can be filtered by ICMP message type. The type is a number from 0 to 255.
(Optional) IGMP packets can be filtered by IGMP message type or message name. A message type is a number from 0 to 15. IGMP message names are listed in the "Usage Guidelines" section of the access-list (IP extended) command.
igmp-type
operator (Optional) Compares source or destination ports. Operators include lt (less than), gt (greater than), eq (equal), neq (not equal), and range (inclusive range).
If the operator is positioned after the source and source-wildcard arguments, it must match the source port. If the operator is positioned after the destination and destination-wildcard arguments, it must match the destination port.
port (Optional) The decimal number or name of a TCP or UDP port. A port number is a number from 0 to 65535.
Command mode
Access list configuration
Instruction
Use this command following the ip access-list command to define the conditions under which a packet passes the named access list.
The time-range keyword allows you to identify a time range by name. The time-range, absolute, and periodic commands specify when this permit statement is in effect.
Note:
After initially establishing an access list, any subsequent adding content(which can be input by terminal) is put in the bottom of the list.
example
The following example permits network range 192.168.5.0: ip access-list standard filter permit 192.168.5.0 255.255.255.0
Note:
IP access table is concluded in a crytic deny rule.
- 6 -
Physical Interface IP Access List Configuration Commands
Related commands
deny
ip access-group
ip access-list
show ip access-list
1.1.5 show ip access-list
To display the contents of all current IP access lists, use the show ip access-list command in user EXEC or privileged EXEC mode.
show ip access-list[access-list-name]
parameter
parameter Description
Name of the IP access list to display. access-list-name
default
All standard and extended IP access lists are displayed.
Command mode
EXEC
Instruction
The show ip access-list command provides output identical to the show access-lists command, except that it is IP-specific and allows you to specify a particular access list
example
The following is sample output from the show ip access-list command when the name of a specific access list is not requested:: Switch# show ip access-list ip access-list standard aaa permit 192.2.2.1 permit 192.3.3.0 255.255.255.0 ip access-list extended bbb permit tcp any any eq 25 permit ip any any
The following is sample output from the show ip access-list command when the name of a specific access list is requested:: ip access-list extended bbb permit tcp any any eq 25 permit ip any any
- 7 -
Network Protocol Configuration Commands
Table of Contents
Table of Contents
Chapter 1 IP Address Configuration Commands.................................................................................................................. 1 1.1 IP Address Configuration Commands ................................................................................................................... 1
1.1.1 arp ............................................................................................................................................................. 1 1.1.2 arp timeout ................................................................................................................................................ 2 1.1.3 clear arp-cache.......................................................................................................................................... 3 1.1.4 ip address.................................................................................................................................................. 3 1.1.5 ip host........................................................................................................................................................ 4 1.1.6 ip default-gateway ..................................................................................................................................... 5 1.1.7 show arp.................................................................................................................................................... 6 1.1.8 show hosts ................................................................................................................................................ 6 1.1.9 show ip interface ....................................................................................................................................... 7
Chapter 2 IP Service Configuration Commands................................................................................................................... 9 2.1 IP Service Configuration Commands .................................................................................................................... 9
2.1.1 clear tcp..................................................................................................................................................... 9 2.1.2 clear tcp statistics .................................................................................................................................... 11 2.1.3 debug arp ................................................................................................................................................ 11 2.1.4 debug ip icmp.......................................................................................................................................... 12 2.1.5 debug ip packet ....................................................................................................................................... 15 2.1.6 debug ip raw............................................................................................................................................ 19 2.1.7 debug ip tcp packet ................................................................................................................................. 21 2.1.8 debug ip tcp transactions ........................................................................................................................ 22 2.1.9 debug ip udp............................................................................................................................................ 24 2.1.10 ip mask-reply ......................................................................................................................................... 25 2.1.11 ip mtu..................................................................................................................................................... 26 2.1.12 ip redirects............................................................................................................................................. 26 2.1.13 ip source-route ...................................................................................................................................... 27 2.1.14 ip tcp synwait-time................................................................................................................................. 28 2.1.15 ip tcp window-size ................................................................................................................................. 28 2.1.16 ip unreachables..................................................................................................................................... 29 2.1.17 show ip sockets ..................................................................................................................................... 30 2.1.18 show ip traffic ........................................................................................................................................ 31 2.1.19 show tcp ................................................................................................................................................ 32 2.1.20 show tcp brief ........................................................................................................................................ 36 2.1.21 show tcp statistics ................................................................................................................................. 37 2.1.22 show tcp tcbI ......................................................................................................................................... 39
- I -
Network Protocol Configuration Commands
Chapter 1 IP Address Configuration Commands
1.1 IP Address Configuration Commands
IP address configuration commands include:
arp
arp timeout
clear arp-cache
ip address
ip directed-broadcast
ip forward-protocol
ip helper-address
ip host
ip default-gateway
ip proxy-arp
show arp
show hosts
show ip interface
1.1.1 arp
To add a static and permanent entry in the Address Resolution Protocol (ARP) cache, use the arp command in global configuration mode. To remove an entry from the ARP cache, use the no form of this command.
arp ip-address hardware-address [alias]
no arp ip-address
parameter
parameter description
ip-address IP address corresponding to the local data-link address.
hardware-address Physical address of local data-link address
alias (optional) router responds to ARP requests as if it were the interface of the specified address.
default
No entries are permanently installed in the ARP cache.
- 1 -
Network Protocol Configuration Commands
command mode
global configuration mode
instruction
The common host all supports dynamic ARP analysis, so user doesn’t need to configure static ARP entries for host.
Example
The following is an example of a static ARP entry for a typical Ethernet host:
arp 1.1.1.1 00:12:34:56:78:90
related commands
clear arp-cache
1.1.2 arp timeout
To configure the exist time that a dynamic ARP entry remains in the Address Resolution Protocol (ARP) cache, use the arp timeout. To restore the default value, use the no form of this command or default arp timeout command.
arp timeout seconds
no arp timeout
default arp timeout
parameter
parameter description
seconds Time in seconds that an entry remains in the ARP cache. A value of zero means that entries are never cleared from the cache.
default
14400 seconds (4 hours)
mode
interface configuration mode
instruction
This command is ignored when it is not configured on interfaces using ARP. The show interface command displays the ARP timeout value, as seen in the following example from the show interfaces command:
ARP type: ARPA, ARP timeout 04:00:00
- 2 -
Network Protocol Configuration Commands
example
The following example sets the ARP timeout to 900 seconds on Ethernet 1/0 to allow entries to time out more quickly than the default interface vlan 10 arp timeout 900
related commands
show interface
1.1.3 clear arp-cache
To clear all dynamic entries from the ARP cache, use the clear arp-cache command.
clear arp-cache [ ip-address [ mask ] ]
parameter
parameter description
ip-address IP or subnets
mask Subnets mask
mode
EXEC
example
The following example removes all dynamic entries from the ARP cache: clear arp-cache
related commands
arp
1.1.4 ip address
To set an IP address and mask for an interface, use the ip address command. Currently, there is no strict regulation to distinguish A.B.C IP address. But multicast address and broadcast address can not be used( all host section is ‘1’). Other than the Ethernet,multiple interfaces of other types can be connected to the same network. Other than the unnumbered interface, the configured network range ot the Ethernet interface can not be the same as the arbitrary interfaces of other types. You should configure the primary address before configuring the secondary address. Also you should delete all secondary addresses before deleting the primary address. IP packets generanted by the system, if the upper application does not specify the soruce address, the router will use the IP address configured on the sending interface that on the same network range with the gateway as the source address of the packet. If the IP address is uncertain (like interface route), the router will use the primary address of the sending interface. If the ip address is not configured on an interface, also it is not the
- 3 -
Network Protocol Configuration Commands
unnumbered interface, and then this interface will not deal with any IP packet.To remove an IP address or disable IP processing, use the no form of this command.
ip address ip-address mask [secondary]
no ip address ip-address mask
no ip address
parameter
parameter description
ip-address IP address
mask IP mask
secondary (optional) Specifies that the configured address is a secondary IP address. If this keyword is omitted, the configured address is the primary IP address.
default
No IP address is defined for the interface.
command mode
interface configuration mode
instruction
If any router on a network segment uses a secondary address, all other devices on that same segment must also use a secondary address from the same network or subnet. Inconsistent use of secondary addresses on a network segment can very quickly cause routing loops. When you are routing using the Open Shortest Path First (OSPF) algorithm, ensure that all secondary addresses of an interface fall into the same OSPF area as the primary addresses
example
In the following example, 202.0.0.1 is the primary address, 255.255.255.0 is the mask and 203.0.0.1 and 204.0.0.1 are secondary addresses for Ethernet interface 1/0: interface vlan 10 ip address 202.0.0.1 255.255.255.0 ip address 203.0.0.1 255.255.255.0 secondary ip address 204.0.0.1 255.255.255.0 secondary
1.1.5 ip host
To define a static host name-to-address mapping in the host cache, use the ip host command in global configuration mode. To remove the host name-to-address mapping, use the no form of this command.
ip host name address
- 4 -
Network Protocol Configuration Commands
no ip host name
parameter
parameter description
name Host name
Address IP address
default
disabled
command mode
global configuration mode
example
The following example shows how to configure host name dns-server to IP host address 202.96.1.3: ip host dns-server 202.96.1.3
1.1.6 ip default-gateway
TO configure the default gateway of switch, use the ip default-gateway command. To delete the default gateway of switch, use the no form of this command.
ip default-gateway address
no ip default-gateway
parameter
parameter description
address IP address
default
no configuration
mode
global configuration mode
example
The following example configure the IP address 202.96.1.3 as default-gateway ip default-gateway 202.96.1.3
- 5 -
Network Protocol Configuration Commands
1.1.7 show arp
To display the entries in the Address Resolution Protocol (ARP) table, including the ARP mapping of interface IP address, the static ARP mapping that user configures and the dynamic ARP mapping, use the show arp command.
show arp
parameter
this command has no parameters or keywords
mode
EXEC
instruction
The display includes:
parameter description
Protocol Displays the type of the network address that maps with the physical address. IP, for example.
Address Displays the network address that maps with the physical address. IP address, for example.
Age Displays the age in seconds. The router will refresh the time to 0 when using this ARP entry.
Hardware Address Displays the physical address that corresponds to the network address. It is empty for the unanalyzed entries.
Type Specifies request encapsulation types that the interface use, including ARPA, SNAP and so on.
example
The following command displays ARP cache. switch#show arp Protocol IP Address Age(min) Hardware Address Type Interface IP 192.168.20.77 11 00:30:80:d5:37:e0 ARPA vlan 10 IP 192.168.20.33 0 Incomplete IP 192.168.20.22 - 08:00:3e:33:33:8a ARPA vlan 10 IP 192.168.20.124 0 00:a0:24:9e:53:36 ARPA vlan 10 IP 192.168.0.22 - 08:00:3e:33:33:8b ARPA vlan 11
1.1.8 show hosts
To display all entries of the host name—address cathe, use the show hosts command.
- 6 -
Network Protocol Configuration Commands
show hosts
parameter
This command has no parameters or keywords.
command mode
EXEC
example
The following command shows how to display all host names/address mappings. show hosts
related commands
clear host
1.1.9 show ip interface
To display the IP configuration on interface, use the show ip interface command
show ip interface [type number]
parameter
parameter description
type (Optional) Interface type.
number (Optional) Interface number.
command mode
EXEC
instruction
If the interface link layer is usable, the line protocol is marked "Protocol up." If you configure IP address on this interface, the router will add a direct route to the routing table. If the link layer protocol is marked “Protocol down”, the direct route will be deleted. This command displays the specified interface information if specified interface type and number, or IP configuration information of all interfaces will be displayed.
Example
The following example shows how to display IP configuration on interface e0/1.
switch#show ip interface vlan 11 vlan 10 is up, line protocol is up IP address : 192.168.20.167/24 Broadcast address : 192.168.20.255
- 7 -
Network Protocol Configuration Commands
Helper address : not set MTU : 1500(byte) Forward Directed broadcast : OFF Multicast reserved groups joined: 224.0.0.9 224.0.0.6 224.0.0.5 224.0.0.2 224.0.0.1 Outgoing ACL : not set Incoming ACL : not set IP fast switching : ON IP fast switching on the same interface : OFF ICMP unreachables : ON ICMP mask replies : OFF ICMP redirects : ON
display description :
domain description
Ethernet1/0 is up If the interface hardware is usable, the interface is marked "up." For an interface to be usable, both the interface hardware and line protocol must be up.
line protocol is up If the interface can provide two-way communication, the line protocol is marked "up." For an interface to be usable, both the interface hardware and line protocol must be up.
IP address IP address and mask for interface
Broadcast address Displays broadcast address
MTU Displays the MTU value set on the interface.
- 8 -
Network Protocol Configuration Commands
Chapter 2 IP Service Configuration Commands
2.1 IP Service Configuration Commands The following are IP service configuration commands:
clear tcp
clear tcp statistics
debug arp
debug ip icmp
debug ip packet
debug ip raw
debug ip tcp packet
debug ip tcp transactions
debug ip udp
ip mask-reply
ip mtu
ip redirects
ip route-cache
ip source-route
ip tcp synwait-time
ip tcp window-size
ip unreachables
show ip cache
show ip irdp
show ip sockets
show ip traffic
show tcp
show tcp brief
show tcp statistics
show tcp tcb
2.1.1 clear tcp
It is used to delete a TCP connection.
clear tcp {local host-name port remote host-name port | tcb address}
- 9 -
Network Protocol Configuration Commands
Parameter
Parameter Description
local host-name port IP address and TCP port of the local host remote host-name port IP address and TCP port of the remote host tcb address TCB address of the to-be-deleted TCP connection
TCB is an identifier of TCP connection in the inner system, which can be obtained by the command show tcp brief.
Command mode
Management mode
Instruction
The clear tcp command is mainly used to delete the terminated TCP connection. In some cases, such as faulty in communication lines, restarting TCP connection or the peer host, the TCP connections are terminated in fact. However, the system cannot obtain information about the terminated TCP connection because there is no communication on the TCP connections. In this case, you can run the clear tcp command to terminate these invalid TCP connections. The command clear tcp local host-name port remote host-name port is used to terminate the connections between the specified host's IP address/port and the remote host’s IP address/port. The command clear tcp tcb address is used to terminate the TCP connections identified by the TCB address.
Example
The following example shows that the TCP connection between 192.168.20.22:23 and 192.168.20.120:4420 is deleted. The show tcp brief command is used to show the information about the local host and the remote host in TCP connection.
switch#show tcp brief TCB Local Address Foreign Address State 0xE85AC8 192.168.20.22:23 192.168.20.120:4420 ESTABLISHED 0xEA38C8 192.168.20.22:23 192.168.20.125:1583 ESTABLISHED switch#clear tcp local 192.168.20.22 23 remote 192.168.20.120 4420 switch#show tcp brief TCB Local Address Foreign Address State 0xEA38C8 192.168.20.22:23 192.168.20.125:1583 ESTABLISHED
In the following example, the TCP connection whose TCB address is 0xea38c8 is deleted. The command show tcp brief displays the TCB address of the TCP connection. switch#show tcp brief TCB Local Address Foreign Address State 0xEA38C8 192.168.20.22:23 192.168.20.125:1583 ESTABLISHED switch#clear tcp tcb 0xea38c8 switch#show tcp brief TCB Local Address Foreign Address State
- 10 -
Network Protocol Configuration Commands
Related command
show tcp
show tcp brief
show tcp tcb
2.1.2 clear tcp statistics
It is used to clear the TCP statistics data.
clear tcp statistics
Parameter
The command has no parameter or keyword.
Command mode
Management mode
Example
The following command is used to delete the TCP statistics data: switch#clear tcp statistics
Related command
show tcp statistics
2.1.3 debug arp
It is used to display the ARP interaction information, such as sending ARP requests, receiving ARP requests, sending ARP response and receiving ARP response. When the switch cannot communicate with the host, the command is used to analyze the ARP interaction. You can run the no debug arp command to stop displaying the relative information.
debug arp
no debug arp
Parameter
The command has no parameter or keyword.
Command mode
Management mode
Example
switch#debug arp switch#IP ARP: rcvd req src 192.168.20.116 00:90:27:a7:a9:c2, dst 192.168.20.111, vlan 10 IP ARP: req filtered src 192.168.20.139 00:90:27:d5:a9:1f, dst 192.168.20.82 00: 00:00:00:00:00, wrong cable, vlan 11 IP ARP: created an incomplete entry for IP address 192.168.20.77, vlan 10
- 11 -
Network Protocol Configuration Commands
IP ARP: sent req src 192.168.20.22 08:00:3e:33:33:8a, dst 192.168.20.77, vlan 10 IP ARP: rcvd reply src 192.168.20.77 00:30:80:d5:37:e0, dst 192.168.20.22, vlan 10 The first information indicates: the switch receives an ARP request on interface vlan 10; the IP address of the host that sends the ARP request is 192.168.20.116 and the MAC address of the host is 00:90:27:a7:a9:c2; the MAC address of the host 192.168.20.111 is IP ARP: rcvd req src 192.168.20.116 00:90:27:a7:a9:c2, dst 192.168.20.111, vlan 10.
The second information indicates that the switch receives an ARP request from 192.168.20.139 host on interface vlan 10. However, the interface is not in the network the host declares according to the interface configuration on the switch. The host may not be correctly configured. If the switch creates the ARP cache according to the information, it may not communicate with the host that is configured the same address and connected to the normal interface IP ARP: req filtered src 192.168.20.139 00:90:27:d5:a9:1f, dst 192.168.20.82 00: 00:00:00:00:00, wrong cable, vlan 11
In the third information, to resolve the MAC address of host 192.168.20.77, the switch first creates an incomplete ARP item in the ARP cache. After receiving an ARP response, the MAC address is then added to the ARP cache. According to the location of the switch, the host connects the interface vlan 10. IP ARP: created an incomplete entry for IP address 192.168.20.77, vlan 10
In the fourth information, the switch sends out the ARP request from the interface vlan 10. The IP address of the switch is 192.168.20.22. The MAC address of the interface is 08:00:3e:33:33:8a. The IP address of the requested host is 192.168.20.77. The fourth information is relative with the third information. IP ARP: sent req src 192.168.20.22 08:00:3e:33:33:8a, dst 192.168.20.77, vlan 10
In the fifth information, the switch receives the ARP response on interface vlan 10 from host 192.168.20.77 to host 192.168.20.22. The switch is then informed that the MAC address of the host that returns the ARP response is 00:30:80:d5:37:e0. The information is relative to the third and fourth information. IP ARP: rcvd reply src 192.168.20.77 00:30:80:d5:37:e0, dst 192.168.20.22, vlan 10
2.1.4 debug ip icmp
It is used to display the ICMP interaction information. You can run the command no debug ip icmp to close the debugging output.
debug ip icmp
no debug ip icmp
Parameter
The command has no parameter or keyword.
Command mode
Management mode
Instruction
The command is used to display the received or transmitted ICMP message, which helps to solve end-to-end connection problems. To know the detailed meaning of the command debug ip icmp, refer to RFC 792, “Internet Control Message Protocol”.
- 12 -
Network Protocol Configuration Commands
Example
switch#debug ip icmp switch#ICMP: sent pointer indicating to 192.168.20.124 (dst was 192.168.20.22), len 48 ICMP: rcvd echo from 192.168.20.125, len 40 ICMP: sent echo reply, src 192.168.20.22, dst 192.168.20.125, len 40 ICMP: sent dst (202.96.209.133) host unreachable to 192.168.20.124, len 36 ICMP: sent dst (192.168.20.22) protocol unreachable to 192.168.20.124, len 36 ICMP: rcvd host redirect from 192.168.20.77, for dst 22.0.0.3 use gw 192.168.20.26, len 36 ICMP: rcvd dst (22.0.0.3) host unreachable from 192.168.20.26, len 36 ICMP: sent host redirect to 192.168.20.124, for dst 22.0.0.5 use gw 192.168.20.77, len 36 ICMP: rcvd dst (2.2.2.2) host unreachable from 192.168.20.26, len 36
Details about the first information are shown in the following table: ICMP: sent pointer indicating to 192.168.20.124 (dst was 192.168.20.22), len 48
Field Description
ICMP Information about the ICMP message Sent Sending the ICMP message pointer indicating ICMP message which means that the original parameters of the
IP message are incorrect and incorrect domain is pointed out
The following are other types of ICMP message:
echo reply
dst unreachable:
---net unreachable
---host unreachable
---protocol unreachable
---port unreachable
---fragmentation needed and DF set
---source route failed
---net unknown
---destination host unknown
---source host isolated
---net prohibited
---host prohibited
---net tos unreachable
---host tos unreachable
source quench
redirect messages:
---net redirect
---host redirect
---net tos redirect
---host tos redirect
- 13 -
Network Protocol Configuration Commands
echo
router advertisement
router solicitation
time exceeded :
---ttl exceeded
---reassembly timeout
parameter problem :
---pointer indicating
---option missed
---bad length
timestamp
timestamp reply
information request
information reply
mask request
mask reply
If the ICMP type is unknown, the system is to display the values of the ICMP type and code.
to 192.168.20.124 Destination address of the ICMP message, which is also the source address of the original message that generates the ICMP message
(dst was 192.168.20.22) Destination address of the original message that generates the ICMP message
len 48 Length of the ICMP message, excluding the length of the IP header
Details about the second information are shown in the following table:
ICMP: rcvd echo from 192.168.20.125, len 40
Field Description
rcvd Receiving the ICMP message echo Echo request message, which is a type of the ICMP message from 192.168.20.125 Source address of the ICMP message
Details about the third information are shown in the following table: ICMP: sent echo reply, src 192.168.20.22, dst 192.168.20.125, len 40
Field Description
src 192.168.20.22 Means that the source address of the ICMP message is 192.168.20.22.
dst 192.168.20.125 Means that the destination address of the ICMP message is 192.168.20.125.
- 14 -
Network Protocol Configuration Commands
According to the type of the ICMP message, the information that generates the ICMP message adopts different formats to display the message content.
For example, the redirect message of ICMP is printed in the following format: ICMP: rcvd host redirect from 192.168.20.77, for dst 22.0.0.3 use gw 192.168.20.26, len 36 ICMP: sent host redirect to 192.168.20.124, for dst 22.0.0.5 use gw 192.168.20.77, len 36
In the first information, an ICMP redirect message from host 192.168.20.77 is received. Gateway 192.168.20.26 is recommended to reach the destination host 22.0.0.3. The length of the ICMP message is 36 bytes.
In the second information, the ICMP redirect message is sent to from host 192.168.20.124 to host 22.0.0.5 through gateway 192.168.20.77. The length of the ICMP message is 36 bytes.
The dst unreachable message of ICMP adopts the following format for printing: ICMP: sent dst (202.96.209.133) host unreachable to 192.168.20.124, len 36 ICMP: rcvd dst (2.2.2.2) host unreachable from 192.168.20.26, len 36
In the first information, the switch cannot route a certain IP message, so it sends the destination (202.96.209.133) unreachable message to the source host (192.168.20.124). The length of the ICMP message is 36 bytes.
In the second information, after receiving an ICMP message from host192.168.20.26, the switch notifies host 192.168.20.26 that the destination address (2.2.2.2) cannot be reached. The length of the ICMP message is 36 bytes.
2.1.5 debug ip packet
It is used to display the IP interaction information. The command no debug ip packet is used to stop displaying information.
debug ip packet [detail] [ip-access-list-name]
no debug ip packet
Parameter
Parameter Description
detail An optional parameter, which is used to export the protocol information about IP message encapsulation, such as protocol number, UDP, TCP port number and ICMP message type
ip-access-list-name An optional parameter, which is used to filter the names of the IP access control list in the exported information
Only the information about the IP message in the specified IP access control list can be exported.
access-group An optional parameter, which is used to filter the names of the IP access control list in the exported information
Only the information about the IP message in the specified IP access control list can be exported.
interface An optional parameter, which is used to filter the port name of the exported information
Only the information about the IP message satisfied the designated port can be exported.
- 15 -
Network Protocol Configuration Commands
Command mode
Management mode
Instruction
The command is used to find the destination of each received or locally generated IP message, which helps to detect the reason of communication problems.
The command is used in the following cases:
forwarded
forwarded as the multicast message or the broadcast message
addressing failure during message forwarding
Sending the redirect message
Rejected because of having the original routing option
Rejected because of illegal IP options
Original route
Message sent from the local machine should be segmented, but the DF is reset.
Receiving message
Receiving IP segment
Sending message
Sending broadcast/multicast
Addressing failure when message is generated locally
Locally generated message is segmented
Received message is filtered
Transmitted message is filtered
Link layer fails to be encapsulated (only for Ethernet)
Unknown protocol
This command may export lots of information. You'd better use it when the switch is in the free state. Otherwise, the performance of the system will be badly affected. You are recommended to filter the output information through the IP access control list, enabling the system to export the useful message.
Command mode
Management mode
Example
switch#debug ip packet switch#IP: s=192.168.20.120 (vlan 10), d=19.0.0.9 (vlan 10), g=192.168.20.1, len=60, redirected IP: s=192.168.20.22 (local), d=192.168.20.120 (vlan 10), g=192.168.20.120, len=56, sending IP: s=192.168.20.120 (vlan 10), d=19.0.0.9 (vlan 10), g=192.168.20.1, len=60, forward IP: s=192.168.20.81 (vlan 10), d=192.168.20.22 (vlan 10), len=56, rcvd
Field Description
IP Means that the information is about the IP message.
- 16 -
Network Protocol Configuration Commands
s=192.168.20.120 (vlan 10)
Source address of the IP message and the interface name that receives message (for message that is not locally generated)
d=19.0.0.9 (vlan 10) Destination address of the IP message and the interface name that sends message (if routing is successful)
g=192.168.20.1 Next-hop destination address of the IP message, which may be the gateway’s address or the destination address
len Length of the IP message redirected Means that the routing switch is to send the ICMP redirect
message to the source host. Other cases are shown in the following:
forward --- the message is forwarded.
forward directed broadcast---the message is forwarded as the redirect message and the message will become the physical broadcast on the transmitting interface.
unroutable---the message addressing fails and the message will be dropped.
source route---source route
rejected source route---the current system does not support the source route, therefore, the message with the IP source route is declined.
bad options---the IP option is incorrect and the message will be dropped.
need frag but DF set---the local message need be fragmented,while the DF is set.
rcvd---the message is locally received.
rcvd fragment---the message fragment is received.
sending---the locally generated message is sent.
sending broad/multicast---the locally generated broadcast/muticast message is sent.
sending fragment--- the IP message locally fragmented is sent.
denied by in acl---It is declined by the access control list on the reception interface.
denied by out acl---It is declined by the transmitter access control on the transmitter interface.
unknown protocol--- unknown protocol
encapsulation failed---The protocol fails to be encapsulated.It is only for the Ethernet. When the message on the Ethernet is dropped because of the ARP resolution failure, the information is displayed.
In the first information, the switch receives an IP message; the source address of the received message is 192.168.20.120; the message is from the network segment the vlan 10 interface connects; its destination address is 19.0.0.9. According to the routing table, the transmitter interface is vlan 10, the address of the gateway is 192.168.20.1 and the message length is 60 bytes. The gateway and the source host are directly
- 17 -
Network Protocol Configuration Commands
connected in the same network, that is, the network that vlan 10 connects. In this case, the switch sends out the ICMP redirect message. IP: s=192.168.20.120 (vlan 10), d=19.0.0.9 (vlan 10), g=192.168.20.1, len=60, redirected
In the second information, the transimmission of the ICMP redirect message is described. The source address is the local address 192.168.20.22. The destination address is 192.168.20.120. The message is directly sent from the vlan 10 interface to the destination address. Therefore, the gateway’s address is the detination address 192.168.20.120. The length of the ICMP redirect message is 56 bytes. IP: s=192.168.20.22 (local), d=192.168.20.120 (vlan 10), g=192.168.20.120, len=56, sending
The third information shows that the IP layer receives an IP message. The source address and destination address of the IP message are 192.168.20.120 and 19.0.0.9 respectively. The reception interface is vlan 10. By checking the routing table, the system finds that the IP message need be forwarded to the vlan10 interface. The length of the IP message is 60 bytes. The third information shows that the message shown in the first information will be forwarded after the system sends the ICMP redirect message. IP: s=192.168.20.120 (vlan 10), d=19.0.0.9 (vlan 10), g=192.168.20.77, len=60, forward
The fourth information shows that the IP layer receives an IP message. The source address and destination address of the IP message are 192.168.20.81 and 192.168.20.22 respectively. The reception interface is vlan 10. The length of the IP message is 56 bytes. The IP message is locally received. IP: s=192.168.20.81 (vlan 10), d=192.168.20.22 (vlan 10), len=56, rcvd
The following is an example about the output information after running the debug ip packet detail command. Only the newly added parts are described.
switch#debug ip packet detail switch#IP: s=192.168.12.8 (vlan 10), d=255.255.255.255 (vlan 10), len=328, rcvd, UDP: src=68, dst=67 IP: s=192.168.20.26 (vlan 10), d=224.0.0.5 (vlan 10), len=68, rcvd, proto=89 IP: s=192.168.20.125 (vlan 10), d=192.168.20.22 (vlan 10), len=84, rcvd, ICMP: type=0, code = 0 IP: s=192.168.20.22 (local), d=192.168.20.124 (vlan 10), g=192.168.20.124, len=40, sending, TCP: src=1024, dst=23, seq=75098622, ack=161000466, win=17520, ACK
Field Description
UDP Name of the protocol, such as UDP, ICMP and TCP
Other protocols are represented by their protocol number. type, code Type and code of the ICMP message src, dst Source address and destination address of the UDP message
and the TCP message seq Sequence number of the TCP message ack Acknowledge number of the TCP message win Window value of the TCP message ACK If ACK is set in the control bit of the TCP message, the
acknowledge number is valid. Other control bits include SYN, URG, FIN, PSH and RST.
- 18 -
Network Protocol Configuration Commands
The first information indicates that the UDP message is received. The source port is port 68 and the destination port is port 67. IP: s=192.168.12.8 (vlan 10), d=255.255.255.255 (vlan 10), len=328, rcvd, UDP: src=68, dst=67
The second information indicates that the protocol number of the received message is 89.
IP: s=192.168.20.26 (vlan 10), d=224.0.0.5 (vlan 10), len=68, rcvd, proto=89
The third information indicates that the ICMP message is received. Both the type and the code of the message are represented by the number 0.
IP: s=192.168.20.125 (vlan 10), d=192.168.20.22 (vlan 10), len=84, rcvd, ICMP: type=0, code = 0
The fourth information indicates that the TCP message is sent. The source port and destination port are port 1024 and port 23 respectively. The sequence number and the acknowledge number are 75098622 and 161000466 respectively. The size of the receiption window is 17520. The ACK logo is set. For details, refer to RFC 793— Transmission Control Protocol.
IP: s=192.168.20.22 (local), d=192.168.20.124 (vlan 10), g=192.168.20.124, len=40, sending, TCP: src=1024, dst=23, seq=75098622, ack=161000466, win=17520, ACK
The access control list is described in the following. For example, if the messages with the source address 192.168.20.125 require to be displayed, you need to define the standard access control list to permit only the IP message whose source address is 192.168.20.125. You then run the command debug ip packet to use the access control list. switch#config switch_config#ip access-list standard abc switch_config_std_nacl#permit 192.168.20.125 switch_config_std_nacl#exit switch_config#exit switch#debug ip packet abc switch#IP: s=192.168.20.125 (vlan 101), d=192.168.20.22 (vlan 101), len=48, rcvd
In the previous commands, the standard access control list is used. You can also use the extensible access control list.
Related command
debug ip tcp packet
2.1.6 debug ip raw
It is used to display the IP interaction information. Run the command no debug ip raw to stop displaying the information.
debug ip raw [detail] [access-list-group] [interface]
no debug ip raw
Parameter
Parameter Description
detail An optional parameter, which is used to export the protocol information about IP message encapsulation, such as protocol number, UDP, TCP port number and ICMP message type
- 19 -
Network Protocol Configuration Commands
access-group An optional parameter, which is used to filter the names of the IP access control list in the exported information
Only the information about the IP message in the specified IP access control list can be exported.
interface An optional parameter, which is used to filter the port name of the exported information
Only the information about the IP message satisfied the designated port can be exported.
Command mode
Management mode
Instruction
The command is used to find the destination of each received or locally generated IP message, which helps to detect the reason of communication problems.
The command is used in the following cases:
Forwarded
Forwarded as the multicast message or the broadcast message
Addressing failure during message forwarding
Sending the redirect message
Rejected because of having the original routing option
Rejected because of illegal IP options
Original route
Message sent from the local machine should be segmented, but the DF is reset.
Receiving message
Receiving IP segment
Sending message
Sending broadcast/multicast
Addressing failure when message is generated locally
Locally generated message is segmented
Received message is filtered
Transmitted message is filtered
Link layer fails to be encapsulated (only for Ethernet)
Unknown protocol
This command may export lots of information. You'd better use it when the switch is in the free state. Otherwise, the performance of the system will be badly affected. You are recommended to filter the output information through the IP access control list, enabling the system to export the useful message.
Example
Similar to the debug ip packet command
- 20 -
Network Protocol Configuration Commands
Related command
debug ip tcp packet 8.1content
2.1.7 debug ip tcp packet
It is used to display the TCP message. To stop displaying the TCP message, run the command no debug ip tcp packet.
debug ip tcp packet
no debug ip tcp packet
Parameter
The command has no parameter or keyword.
Command mode
Management mode
Example
switch#debug ip tcp packet switch#tcp: O ESTABLISHED 192.168.20.22:23 192.168.20.125:3828 seq 50659460 DATA 1 ACK 3130379810 PSH WIN 4380 tcp: I ESTABLISHED 192.168.20.22:23 192.168.20.125:3828 seq 3130379810 DATA 2 ACK 50659460 PSH WIN 16372 tcp: O ESTABLISHED 192.168.20.22:23 192.168.20.125:3828 seq 50659461 DATA 50 ACK 3130379812 PSH WIN 4380 tcp: O FIN_WAIT_1 192.168.20.22:23 192.168.20.125:3828 seq 50659511 ACK 3130379812 FIN WIN 4380 tcp: I FIN_WAIT_1 192.168.20.22:23 192.168.20.125:3828 seq 3130379812 ACK 50659511 WIN 16321 tcp: I FIN_WAIT_1 192.168.20.22:23 192.168.20.125:3828 seq 3130379812 ACK 50659512 WIN 16321 tcp: I FIN_WAIT_2 192.168.20.22:23 192.168.20.125:3828 seq 3130379812 ACK 50659512 FIN WIN 16321 tcp: O TIME_WAIT 192.168.20.22:23 192.168.20.125:3828 seq 50659512 ACK 3130379813 WIN 4380 tcp: I LISTEN 0.0.0.0:23 0.0.0.0:0 seq 3813109318 DATA 2 ACK 8057944 PSH WIN 17440 tcp: O LISTEN 0.0.0.0:23 0.0.0.0:0 seq 8057944 RST
Field Description
tcp: Information about the TCP message O Sending the TCP message ESTABLISHED Current state of the TCP connection
For the description of the TCP connection state, refer to the description of the command debug ip tcp transactions.
192.168.20.22:23 Means that the source address of the message is 192.168.20.22 and the source port is port 23.
- 21 -
Network Protocol Configuration Commands
192.168.20.125:3828 Means that the destination address of the message is 192.168.20.125 and the destination port is port 3828.
seq 50659460 Means that the sequence number of the message is 50659460. DATA 1 Means that the number of valid data bytes contained in the
message is 1. ACK 3130379810 Means that the acknowledge number of the message is
3130379810. PSH Means that PSH in the control bits of the message is set.
Other control bits include ACK, FIN, SYN, URG and RST.
WIN 4380 It is used to notify the peer reception end of the cache size. The current cache size is 4380 sizes.
I Receiving the TCP message
If the previous fields are not displayed, the field in the TCP message does not have the valid value.
Related command
debug ip tcp transactions
2.1.8 debug ip tcp transactions
It is used to display the TCP interaction information, such as the change of the TCP connection state. Run the command no debug ip tcp transactions to stop displaying the information.
debug ip tcp transactions
no debug ip tcp transactions
Parameter
The command has no parameter or keyword.
Command mode
Management mode
Example
switch#debug ip tcp transactions switch#TCP: rcvd connection attempt to port 23 TCP: TCB 0xE88AC8 created TCP: state was LISTEN -> SYN_RCVD [23 -> 192.168.20.125:3828] TCP: sending SYN, seq 50658312, ack 3130379657 [23 -> 192.168.20.125:3828] TCP: state was SYN_RCVD -> ESTABLISHED [23 -> 192.168.20.125:3828] TCP: connection closed by user, state was LISTEN [23 -> 0.0.0.0:0] TCP: state was TIME_WAIT -> CLOSED [23 -> 192.168.20.125:3827] TCP: TCB 0xE923C8 deleted TCP: TCB 0xE7DBC8 created TCP: connection to 192.168.20.124:513 from 192.168.20.22:1022, state was CLOSED to SYN_SENT
- 22 -
Network Protocol Configuration Commands
TCP: sending SYN, seq 52188680, ack 0 [1022 -> 192.168.20.124:513] TCP: state was SYN_SENT -> ESTABLISHED [1022 -> 192.168.20.124:513] TCP: rcvd FIN, state was ESTABLISHED -> CLOSE_WAIT [1022 -> 192.168.20.124:513] TCP: connection closed by user, state was CLOSE_WAIT [1022 -> 192.168.20.124:513] TCP: sending FIN [1022 -> 192.168.20.124:513] TCP: connection closed by user, state was LAST_ACK [1022 -> 192.168.20.124:513] TCP: state was LAST_ACK -> CLOSED [1022 -> 192.168.20.124:513] TCP: TCB 0xE7DBC8 deleted
Field Description
TCP: Means that the TCP interaction information is displayed. rcvd connection attempt to port 23
Means that the connection request from peer port 23 (telnet port) is received.
TCB 0xE88AC8 created Means a new TCP connection control block is generated and its logo is 0xE88AC8.
state was LISTEN -> SYN_RCVD
Means that the state of the TCP state machine changes from the LISTEN state to the SYN_RCVD state.
The TCP state may be one of the following:
LISTEN---waiting for the TCP connection request from any remote host
SYN_SENT---the connection request for creating TCP connection negotiation has been sent and the reply is being waited.
SYN_RCVD---the connection request from the peer has been received and the acknowledgement information and its own connection request have also been sent out; the acknowledge information about the peer’s connection is being waited.
ESTABLISHED---the connection is successful; the data is being transmitted; the data of the upper application can be received and sent.
FIN_WAIT_1---the connection termination request has been sent to the peer; the acknowledgement information and the connection termination request from the peer are being waited.
FIN_WAIT_2---the connection termination request has been sent to the peer and the acknowledgement information from the peer has been received; the connection termination request from the peer is being waited.
CLOSE_WAIT--- the connection termination request from the peer has been received and the acknowledgement information has been sent out; the local user is being waited to close the connection. Once the user demands to close the connection, the system sends out the connection termination request.
CLOSING--- the connection termination request has been sent to the peer and the connection termination request from the peer has been received and the acknowledgement information has been sent out; the system is waiting for the local connection termination request acknowledge from the peer.
- 23 -
Network Protocol Configuration Commands
LAST_ACK---The system has received the connection termination request from the peer and acknowledged it; the system has already sent out connection termination request; the acknowledge is being waited for.
TIME_WAIT---the period when the system waits for the peer to receive the acknowledgement of the connection termination request
CLOSED---the connection is closed.
For details, refer to RFC 793, Transmission Control Protocol.
[23 -> 192.168.20.125:3828]
The first field (23) in the bracket means the local TCP port.
The second field (192.168.20.125) in the bracket means the remote IP address.
The third field (3828) in the bracket means the remote TCP port.
sending SYN Means a connection request message is sent out (SYN in the control bits of the TCP header is set). Other TCP control bits include SYN, ACK, FIN, PSH, RST and URG.
seq 50658312 Means that the sequence number for sending the message is 50658312.
ack 3130379657 Means that the acknowledgement number for sending the message is 3130379657.
rcvd FIN Means that the connection termination request is received (FIN in the control bits of the TCP header is set).
connection closed by user
Means that the upper application requires closing the TCP connection.
connection timed out Means that connection timeout is closed.
Related command
debug ip tcp packet “8.1content"
2.1.9 debug ip udp
It is used to display the UDP interaction information. Run the command no debug ip udp to stop displaying the information.
debug ip udp
no debug ip udp
Parameter
The command has no parameter or keyword.
Command mode
Management mode
- 24 -
Network Protocol Configuration Commands
Example
switch#debug ip udp switch#UDP: rcvd src 192.168.20.99(520), dst 192.168.20.255(520), len = 32 UDP: sent src 192.168.20.22(20001), dst 192.168.20.43(1001), len = 1008
Field Description
UDP: Means that the information is about the UDP message. rcvd Means that the message is received. sent Means that the message is sent. src Means the source IP address of the UDP message and the UDP
port. dst Means the destination IP address of the UDP message and the
UDP port. len Means the length of the UDP message.
The first line in the previous information shows that a UDP message is received. The UDP message is sent from host 192.168.20.99. Both the source port and the destination port are port 520. The destination address is 192.168.20.255. The length of the message is 32 bytes.
The second line in the previous information shows that a UDP message is sent. The local address and the destination address are 192.168.20.22 and 192.168.20.43 respectively. The source port and the destination port are port 20001 and port 1001 respectively. The length of the message is 1008 bytes.
2.1.10 ip mask-reply
It is used to enable the switch to reply the mask request of the IP address on the designated interface. Run the command no ip mask-reply to disable the function.
ip mask-reply
no ip mask-reply
default ip mask-reply
Parameter
The command has no parameter or keyword.
Default
The mask request of the IP address is not replied.
Command mode
Interface configuration mode
Example
interface vlan 11 ip mask-reply
- 25 -
Network Protocol Configuration Commands
2.1.11 ip mtu
It is used to set the MTU of the IP message. To reuse MTUDefault, run the command no ip mtu.
ip mtu bytes
no ip mtu
Parameter
Parameter Description
bytes Maximum transmission unit of the IP message, which is calculated by byte
Default
It varies with different physical media of the interface. It is the same as MTU. The minimum value is 68 bytes.
Command mode
Interface configuration mode
Instruction
If the length of the IP message exceeds IP MTU configured on the interface, the switch fragments the message. All devices connecting on the same physical media need be configured the same MTU. The MTU affects the IP MTU. If the value of IP MTU is the same as that of the MTU, the value of IP MTU automatically changes to the new value of the MTU when the MTU value changes. The change of the IP MTU does not affectthe MTU.
The minimum value of IP MTU is 68 bytes and the maximum value of IP MTU cannot exceed the MTU value configured on the interface.
Example
The following example shows that IP MTU on interface vlan 10 is set to 200: interface vlan 10 ip mtu 200
Related command
mtu
2.1.12 ip redirects
It is used to send the IP ICMP redirect message. You can run the command no ip redirects not to send the IP ICMP redirect message.
ip redirects
no ip redirects
- 26 -
Network Protocol Configuration Commands
Parameter
The command has no parameter or keyword.
Default
The IP redirect message is sent by default. However, if you configure the hot standby switch protocol, the function is disabled automatically. If the hot standby switch protocol is cancelled, the function cannot be automatically enabled.
Command mode
Interface configuration mode
Instruction
When the switch finds that the forwarding interface of the gateway is the same as the the reception interface and the source host directly connects the logical network of the interface, the switch sends an ICMP redirect message, notifying the source host to take the switch as the gateway to the destination address.
If the hot standby switch protocol is configured on the interface, the message may be dropped when the IP redirect message is sent.
Example
The following example shows that the ICMP redirect message can be sent on interface vlan 10:
interface vlan 10 ip redirects
2.1.13 ip source-route
It is used to enable the routing switch to process the IP message with the source IP route. To enable the routing switch to drop the IP message with the source IP route, run the command no ip source-route.
ip source-route
no ip source-route
Parameter
None
Default
The IP message with the source IP route is processed.
Command mode
Global configuration mode
Example
The following command enables the routing switch to process the IP message with the source IP route.
- 27 -
Network Protocol Configuration Commands
ip source-route
Related command
ping
2.1.14 ip tcp synwait-time
It is used to set the timeout time, which is used in the case when the switch waits for the successful TCP connection. To resume to the default time, run the command no ip tcp synwait-time.
ip tcp synwait-time seconds
no ip tcp synwait-time
Parameter
Parameter Description
seconds Time for waiting for the TCP connection, which ranges from 5 to 300 seconds
Its default value is 75 seconds.
Default
75 seconds
Command mode
Global configuration mode
Instruction
When the switch originates the TCP connection, if the TCP connection is unsuccessful after the waiting time, the switch considers that the connection fails and sends the result to the upper application. You can set the waiting time for the successful TCP connection. The default value is 75 seconds. The option has nothing with the TCP connection message forwarded by the switch. However, it is relevant with the local TCP connection of the switch.
To know the current value of the waiting time, run the command ip tcp synwait-time ?. The value in the square bracket is the current value.
Example
The following example shows that the waiting time of the TCP connection is set to 30 seconds: switch_config#ip tcp synwait-time 30 switch_config#ip tcp synwait-time ? <5-300>[30] seconds -- wait time
2.1.15 ip tcp window-size
It is used to set the size of the TCP window. To resume to the default value, run the command no ip tcp window-size.
- 28 -
Network Protocol Configuration Commands
ip tcp window-size bytes
no ip tcp window-size
Parameter
Parameter Description
bytes Size of the window whose unit is second
The maximum size is 65535 bytes. The default size is 2000 bytes.
Default
2000 bytes
Command mode
Global configuration mode
Instruction
Do not hastly modify the default value of the window size unless you have a definite purpose. You can run the command ip tcp window-size ? to know the current value. The value in the square bracket is the current value.
Example
The following example shows that the size of the TCP window is set to 6000 bytes: switch_config#ip tcp window-size 6000 switch_config#ip tcp window-size ? <1-65535>[6000] bytes -- Window size
2.1.16 ip unreachables
It is used to enable the switch to send the ICMP unreachable message. To stop sending the message, run the command no ip unreachables.
ip unreachables
no ip unreachables
Parameter
The command has no parameter or keyword.
Default
The ICMP unreachable message is sent.
Command mode
Interface configuration mode
- 29 -
Network Protocol Configuration Commands
Instruction
When the switch forwards the IP message, the message is dropped if the relevant route is not in the routing table. In this case, the switch sends the ICMP unreachable message to the source host. According to the information in the ICMP unreachable message, the source host promptly detects the fault and removes it.
Example
The following example shows that the interface vlan 10 is set to send the ICMP unreachable message: interface vlan 10 ip unreachables
2.1.17 show ip sockets
It is used to display the socket information.
show ip sockets
Parameter
The command has no parameter or keyword.
Command mode
Management mode
Example
switch#show ip sockets
Proto Local Port Remote Port In Out 17 0.0.0.0 0 0.0.0.0 0 161 0 6 0.0.0.0 0 0.0.0.0 0 513 0 17 0.0.0.0 0 0.0.0.0 0 1698 0 17 0.0.0.0 0 0.0.0.0 0 69 0 6 0.0.0.0 0 0.0.0.0 0 23 0 17 0.0.0.0 0 0.0.0.0 0 137 122590
Field Description
Proto IP number
The protocol number of UDP is 17 and the number of TCP is 6. Remote Remote address Port Remote port Local Local address Port Local port
- 30 -
Network Protocol Configuration Commands
In Total number of the received bytes Out Total number of the transmitted bytes
2.1.18 show ip traffic
It is used to display the statistics information about the IP traffic.
show ip traffic
Parameter
The command has no parameter or keyword.
Command mode
Management mode
Example
switch#show ip traffic IP statistics: Rcvd: 0 total, 0 local destination, 0 delivered 0 format errors, 0 checksum errors, 0 bad ttl count 0 bad destination address, 0 unknown protocol, 0 discarded 0 filtered , 0 bad options, 0 with options Opts: 0 loose source route, 0 record route, 0 strict source route 0 timestamp, 0 router alert, 0 others Frags: 0 fragments, 0 reassembled, 0 dropped 0 fragmented, 0 fragments, 0 couldn't fragment Bcast: 0 received, 0 sent Mcast: 0 received, 0 sent Sent: 230 generated, 0 forwarded 0 filtered, 0 no route, 0 discarded ICMP statistics: Rcvd: 0 total, 0 format errors, 0 checksum errors 0 redirect, 0 unreachable, 0 source quench 0 echos, 0 echo replies, 0 mask requests, 0 mask replies 0 parameter problem, 0 timestamps, 0 timestamp replies 0 time exceeded, 0 router solicitations, 0 router advertisements Sent: 0 total, 0 errors 0 redirects, 0 unreachable, 0 source quench 0 echos, 0 echo replies, 0 mask requests, 0 mask replies 0 parameter problem, 0 timestamps, 0 timestamp replies 0 time exceeded, 0 router solicitations, 0 router advertisements UDP statistics: Rcvd: 28 total, 0 checksum errors, 22 no port, 0 full sock Sent: 0 total TCP statistics: Rcvd: 0 total, 0 checksum errors, 0 no port Sent: 3 total IGMP statistics:
- 31 -
Network Protocol Configuration Commands
Rcvd: 0 total, 0 format errors, 0 checksum errors 0 host queries, 0 host reports Sent: 0 host reports ARP statistics: Rcvd: 8 total, 7 requests, 1 replies, 0 reverse, 0 other Sent: 5 total, 5 requests, 0 replies (0 proxy), 0 reverse
Field Description
format errors Means that the format of the message is incorrect, such as the incorrect length of the IP header.
bad hop count Means that the TTL value decreases to 0 when the routing switch forwards the message. In this case, the message will be dropped.
no route Means that the routing switch does not have relevant route message.
2.1.19 show tcp
It is used to display the state of all TCP connections.
show tcp
Parameter
The command has no parameter or keyword.
Command mode
Management mode
Example
switch#show tcp TCB 0xE9ADC8 Connection state is ESTABLISHED, unread input bytes: 934 Local host: 192.168.20.22, Local port: 1023 Foreign host: 192.168.20.124, Foreign port: 513 Enqueued bytes for transmit: 0, input: 934 mis-ordered: 0 (0 packets) Timer Starts Wakeups Next(ms) Retrans 33 1 0 TimeWait 0 0 0 SendWnd 0 0 0 KeepAlive 102 0 7199500 iss: 29139463 snduna: 29139525 sndnxt: 29139525 sndwnd: 17520 irs: 709124039 rcvnxt: 709205436 rcvwnd: 4380 SRTT: 15 ms, RXT: 2500 ms, RTV: 687 ms minRXT: 1000 ms, maxRXT: 64000 ms, ACK hold: 200 ms
- 32 -
Network Protocol Configuration Commands
Datagrams (max data segment is 1460 bytes): Rcvd: 102 (out of order: 0), with data: 92, total data bytes: 81396 Sent: 104 (retransmit: 0), with data: 31, total data bytes: 61
Field Description
TCB 0xE77FC8 Internal identifier of the TCP connection control block Connection state is ESTABLISHED
Currrent state of the TCP connection
The TCP connection may be in one of the following state:
LISTEN---waiting for the TCP connection request from any remote host
SYN_SENT---the connection request has been sent and the reply is being waited.
SYN_RCVD---the connection request from the peer has been received and the acknowledgement information and its own connection request have also been sent out; the acknowledge information about the peer’s connection is being waited.
ESTABLISHED---the connection is successful; the data is being transmitted; the data of the upper application can be received and sent.
FIN_WAIT_1---the connection termination request has been sent to the peer; the acknowledgement information and the connection termination request from the peer are being waited.
FIN_WAIT_2---the connection termination request has been sent to the peer and the acknowledgement information from the peer has been received; the connection termination request from the peer is being waited.
CLOSE_WAIT--- the connection termination request from the peer has been received and the acknowledgement information has been sent out; the local user is being waited to close the connection. Once the user demands to close the connection, the system sends out the connection termination request.
CLOSING--- the connection termination request has been sent to the peer and the connection termination request from the peer has been received and the acknowledgement information has been sent out; the system is waiting for the local connection termination request acknowledge from the peer.
LAST_ACK---The system has received the connection termination request from the peer and acknowledged it; the system has already sent out connection termination request; the acknowledgement is being waited for.
TIME_WAIT---the period when the system waits for the peer to receive the acknowledgement of the connection termination request
CLOSED---the connection is closed.
For details, refer to RFC 793, Transmission Control Protocol.
unread input bytes: Data that is processed by the lower-layer TCP and the upper application has not received
- 33 -
Network Protocol Configuration Commands
Local host: Local IP address Local port: Local TCP port Foreign host: Remote IP address Foreign port: Remote TCP port Enqueued bytes for transmit:
Bytes in the transmitter queue, including the data that is sent but not yet acknowledged and the data that is not sent
input: Bytes in the reception queue
After sorting, these data waits for the upper application to accept.
mis-ordered: Number of bytes and messages in the misordered queue
After other data is received, these data can enter the receiption queue in turn and then can be received by the upper application. For example, after messages 1, 2, 4, 5 and 6 are received, messages 1 and 2 can enter the receiption queue, but messages 4, 5 and 6 have to enter the misordered queue and wait for message 3.
After that, the information about the timer of the current connection is displayed, including its startup times, timeout times and the next-time timeout time. The value 0 means that the timer does not run currently. Each connection has its own unique timer. The timeout times is less than the startup times because the timer may be reset in its process. For example, when the retransmission timer works, the system will receive the acknowledgements for all data from the peer. In this case, the retransmission timer stops running. Timer Starts Wakeups Next(ms) Retrans 33 1 0 TimeWait 0 0 0 SendWnd 0 0 0 KeepAlive 102 0 7199500
Field Description
Timer Name of the timer Starts Startup times of the timer Wakeups Timeout times of the timer Next(ms) Next-time timeout time (unit: ms)
The value 0 means the timer does not run. Retrans Retransmission timer, which is used to trigger resending data
The timer is started up after the data is sent. If the data is not acknowledged by the peer within the timeout time, the data will be resent.
TimeWait Time Waiting timer, which is used to know that the peer has already received the acknowledgement of the connection termination request.
SendWnd Timer of the transmission window, which is used to asure that the transmission wind resume to the normal size after the TCP
- 34 -
Network Protocol Configuration Commands
acknowledgement information is dropped KeepAlive Keep-alive timer, which is used to asure that the communication
link is in normal state and the peer is still in the connection state
It triggers the testing message to be sent for testing the state of the communication link and the peer.
After the timer is displayed, the sequence number of the TCP connection is displayed. TCP uses the sequence number to gurantee reliable and orderly data transmission. The local or remote host can control the traffic and send the acknowledgement information according to the sequence number. iss: 29139463 snduna: 29139525 sndnxt: 29139525 sndwnd: 17520 irs: 709124039 rcvnxt: 709205436 rcvwnd: 4380
Field Description
iss: Sequence number of original transmission snduna: Sequence number of the first byte in the data that is already sent
but whose acknowledgement information has not been received sndnxt: Transmission sequence number of the first data in the data that
is sent later sndwnd: TCP window size of the remote host irs: Original receiption sequence number, that is, original
transmission sequence number of the remote host rcvnxt: Receiption sequence number that is acknowledged recently rcvwnd: TCP window size of the local host
The transmission time recorded by the local host is displayed afterwards. The system can adapt itself to different networks according to the transmission time.
SRTT: 15 ms, RXT: 2500 ms, RTV: 687 ms minRXT: 1000 ms, maxRXT: 64000 ms, ACK hold: 200 ms
Field Description
SRTT: Round-trip time after smooth processing RXT: Retransmission timeout time RTV: Change value of the round-trip time MinRXT: Permissible minimum retransmission timeout time MaxRXT: Permissible maximum retransmission timeout time ACK hold: Maximum delay time when the acknowledgement is delayed for
being sent together with the data Datagrams (max data segment is 1460 bytes): Rcvd: 102 (out of order: 0), with data: 92, total data bytes: 81396 Sent: 104 (retransmit: 0), with data: 31, total data bytes: 61
Field Description
max data segment is Maximum length of the data segment which is permitted by the
- 35 -
Network Protocol Configuration Commands
connection Rcvd: Number of messages that the local host receives during the
connection procedure, including the number of the misordered messages
with data: Number of messages that contain valid data total data bytes: Number of data bytes contained by the message Sent: Number of messages that are sent or resent by the local host
during the connection procedure with data: Number of messages that contain valid data total data bytes: Number of data bytes contained by the message
Related command
show tcp brief
show tcp tcb
2.1.20 show tcp brief
It is used to display the brief information about the TCP connection.
show tcp brief [all]
Parameter
Parameter Description
all An optional parameter, which means that all ports are displayed
If the parameter is not entered, the system does not display the ports in the LISTEN state.
Command mode
Management mode
Example
switch#show tcp brief TCB Local Address Foreign Address State 0xE9ADC8 192.168.20.22:1023 192.168.20.124:513 ESTABLISHED 0xEA34C8 192.168.20.22:23 192.168.20.125:1472 ESTABLISHED
Field Description
TCB Internal identifier of the TCP connection Local Address Local IP address and the TCP port Foreign Address Remote IP address and the TCP port State State of the connection
For details, refer to the description of the show tcp command.
- 36 -
Network Protocol Configuration Commands
Related command
show tcp
show tcp tcb
2.1.21 show tcp statistics
It is used to display the TCP statistics data.
show tcp statistics
Parameter
The command has no parameter or keyword.
Command mode
Management mode
Example
switch#show tcp statistics Rcvd: 148 Total, 0 no port 0 checksum error, 0 bad offset, 0 too short 131 packets (6974 bytes) in sequence 0 dup packets (0 bytes) 0 partially dup packets (0 bytes) 0 out-of-order packets (0 bytes) 0 packets (0 bytes) with data after window 0 packets after close 0 window probe packets, 0 window update packets 0 dup ack packets, 0 ack packets with unsend data 127 ack packets (247 bytes) Sent: 239 Total, 0 urgent packets 6 control packets 123 data packets (245 bytes) 0 data packets (0 bytes) retransmitted 110 ack only packets (101 delayed) 0 window probe packets, 0 window update packets 4 Connections initiated, 0 connections accepted, 2 connections established 3 Connections closed (including 0 dropped, 1 embryonic dropped) 5 Total rxmt timeout, 0 connections dropped in rxmt timeout 1 Keepalive timeout, 0 keepalive probe, 1 Connections dropped in keepalive
Field Description Rcvd: Statistics data about the messages received by the routing
switch Total Total number of the received messages no port Number of messages showing the destination port does not
exist checksum error Number of messages showing that sum check is incorrect bad offset Number of messages showing that the data offset is incorrect
- 37 -
Network Protocol Configuration Commands
too short Number of messages showing that the message length is less than the minimum effective length
packets in sequence Number of messages that are received in turn dup packets Number of received duplicate messages partially dup packets Number of received messages that are partly duplicated out-of-order packets Number of misordered messages packets with data after window
Number of messages whose data exceeds the receiption window
packets after close Number of messages that are received after the connection is closed
window probe packets Number of received messages about window probe window update packets Number of received messages about window update dup ack packets Number of received messages that are duplicately
acknowledged ack packets with unsent data
Number of received messages that are acknowledged but has not been sent
ack packets Number of received messages that are acknowledged Sent Statistics data about messages that are sent by the routing
switch Total Total number of the transmitted messages urgent packets Number of the transmitted urgent messages control packets Number of the transmitted control messages (SYN, FIN or RST) data packets Number of the transmitted data messages data packets retransmitted
Number of the retransmitted data messages
ack only packets Number of the purely acknowledged messages window probe packets Number of the transmitted window probe messages window update packets Number of the transmitted window update messages Connections initiated Number of the locally initiated connections connections accepted Number of the locally received connections connections established Number of the locally established connections Connections closed Number of the locally closed connections Total rxmt timeout Total number of retransmission timeouts Connections dropped in rxmit timeout
Number of the connections dropped because of retransmission timeout
Keepalive timeout Number of Keepalive timeouts keepalive probe Number of the transmitted messages for keepalive probe
- 38 -
Network Protocol Configuration Commands
Connections dropped in keepalive
Number of the connections dropped because of Keepalive
Related command
clear tcp statistics 8.1content
2.1.22 show tcp tcbI
It is used to display the state of a certain TCP connection.
show tcp tcb address
Parameter
Parameter Description
address TCB address of the TCP connection
TCB is an identifier of the TCP connection in the system, which can be obtained by the command show tcp brief.
Command mode
Management mode
Example
For detailed explanation, refer to the command show tcp. switch_config#show tcp tcb 0xea38c8 TCB 0xEA38C8 Connection state is ESTABLISHED, unread input bytes: 0 Local host: 192.168.20.22, Local port: 23 Foreign host: 192.168.20.125, Foreign port: 1583 Enqueued bytes for transmit: 0, input: 0 mis-ordered: 0 (0 packets) Timer Starts Wakeups Next(ms) Retrans 4 0 0 TimeWait 0 0 0 SendWnd 0 0 0 KeepAlive +5 0 6633000 iss: 10431492 snduna: 10431573 sndnxt: 10431573 sndwnd: 17440 irs: 915717885 rcvnxt: 915717889 rcvwnd: 4380 SRTT: 2812 ms, RXT: 18500 ms, RTV: 4000 ms minRXT: 1000 ms, maxRXT: 64000 ms, ACK hold: 200 ms Datagrams (max data segment is 1460 bytes): Rcvd: 5 (out of order: 0), with data: 1, total data bytes: 3 Sent: 4 (retransmit: 0), with data: 3, total data bytes: 80
- 39 -
Network Protocol Configuration Commands
Related command
show tcp
show tcp brief
- 40 -
Commands for Fast Ethernet Ring Protection Mechanism
Table of Contents
Table of Contents
Table of Contents ................................................................................................................................ I
Chapter 1 Commands for Fast Ethernet Ring Protection Mechanism ............................................... 1 1.1 Global Configuration Commands.......................................................................................... 1
1.1.1 ether-ring .................................................................................................................... 1 1.1.2 control-vlan................................................................................................................. 2 1.1.3 master-node ............................................................................................................... 2 1.1.4 transit-node ................................................................................................................ 3 1.1.5 hello-time.................................................................................................................... 4 1.1.6 fail-time....................................................................................................................... 5 1.1.7 pre-forward-time......................................................................................................... 6 1.1.8 distributed-mode......................................................................................................... 7 1.1.9 centralized-mode........................................................................................................ 8
1.2 Port Configuration Commands ............................................................................................. 9 1.2.1 ether-ring primary-port ............................................................................................... 9 1.2.2 ether-ring secondary-port......................................................................................... 10 1.2.3 ether-ring transit-port................................................................................................ 10
1.3 Show-Related Commands.................................................................................................. 12 1.3.1 show ether-ring......................................................................................................... 12
- I -
Commands for Fast Ethernet-Ring Potection Mechanism
Chapter 1 Commands for Fast Ethernet Ring Protection Mechanism
1.1 Global Configuration Commands
1.1.1 ether-ring
To configure the node of the Ethernet ring, you need enter the node configuration mode first and then run the following command.
ether-ring id
To cancel the node of the Ethernet ring, run the following command:
no ether-ring id
Parameter
Parameter Description
id ID of the node
Default value
By default, the node of the Ethernet ring is not configured.
Command mode
Global configuration mode
Usage Explanation
Before configuring the node, you need shut down the spanning tree protocol by running no spanning-tree.
Example
S1_config#no spanning-tree S1_config#ether-ring 1 S1_config_ring1#
Related command
None
- 1 -
Commands for Fast Ethernet-Ring Potection Mechanism
1.1.2 control-vlan
To configure the control VLAN of the ring node, run the following command:
control-vlan vlan-id
Parameter
Parameter Description
vlan-id ID of the control VLAN
Value range: 1-4094
Default value
By default, the control VLAN of a node is not configured.
Command mode
Node configuration mode for the Ethernet ring
Usage Explanation
1. Any VLAN can be configured as the control VLAN of the node. However, the establishment of the control VLAN does not mean that the corresponding system VLAN can be created. The user need create the system VLAN manually.
2. After the control VLAN and node types of the Ethernet ring are configured, you cannot modify the control VLAN even if the system exits from the Ethernet ring configuration mode because the Ethernet ring has already been started.
Example
S1_config#ether-ring 1 S1_config_ring1#control-vlan 2
Related command
ether-ring
master-node
transit-node
1.1.3 master-node
To configure an Ethernet ring as a master node, run the following command:
master-node
- 2 -
Commands for Fast Ethernet-Ring Potection Mechanism
Parameter
None
Default value
By default, the node type is not configured.
Command mode
Node configuration mode
Usage Explanation
1. A node can be set to be a master node or a transit node.
2. After the control VLAN and node types of the Ethernet ring are configured, you cannot modify the control VLAN even if the system exits from the Ethernet ring configuration mode because the node of the Ethernet ring has already been started.
Example
S1_config#ether-ring 1 S1_config_ring1#control-vlan 2 S1_config_ring1#master-node
Related command
control-vlan
transit-node
1.1.4 transit-node
To configure the node type to a transit node, run the following command:
transit-node
Parameter
None
Default value
By default, the node type is not configured.
- 3 -
Commands for Fast Ethernet-Ring Potection Mechanism
Command mode
Node configuration mode
Usage Explanation
1. A node can be set to be a master node or a transit node.
2. After the control VLAN and node types of the Ethernet ring are configured, you cannot modify the control VLAN even if the system exits from the Ethernet ring configuration mode because the node of the Ethernet ring has already been started.
Example
S1_config#ether-ring 1 S1_config_ring1#control-vlan 2 S1_config_ring1#transit-node
Related command
control-vlan
master-node
1.1.5 hello-time
To configure the cycle for the master node to transmit the HEALTH packets of the Ethernet ring, run the following command:
hello-time value
To resume the default value of the cycle, run the following command:
no hello-time
Parameter
Parameter Description
value Stands for a time value, whose unit is second.
The default value is one second. The value ranges between 1 and 10 seconds.
Default value
By default, the hello-time is one second.
- 4 -
Commands for Fast Ethernet-Ring Potection Mechanism
Command mode
Node configuration mode for the Ethernet ring
Usage Explanation
1. The hello-time configuration validates only on the master node.
2. By default, the value of the hello-time is smaller than that of the fail-time, which avoids the Ethernet ring protocol from being shocked. After the hello-time is modified, the corresponding fail-time need be modified too.
Example
S1_config#ether-ring 1 S1_config_ring1#control-vlan 2 S1_config_ring1#master-node S1_config_ring1#hello-time 2
Related command
fail-time
1.1.6 fail-time
To configure the time cap of waiting for the HEALTH packets for the secondary port of the master node, run the following command:
fail-time value
To resume the default value of the fail-time, run the following command:
no fail-time
Parameter
Parameter Description
value Stands for a time value, whose unit is second.
The default value is three seconds. The value ranges between 3 and 30 seconds.
Default value
By default, the fail-time is 3 seconds.
- 5 -
Commands for Fast Ethernet-Ring Potection Mechanism
Command mode
Node configuration mode for the Ethernet ring
Usage Explanation
1. The fail-time configuration validates only on the master node.
2. By default, the value of the fail-time is triple of the fail-time, which avoids the Ethernet ring protocol from being shocked. After the hello-time is modified, the corresponding fail-time need be modified too.
Example
S1_config#ether-ring 1 S1_config_ring1#control-vlan 2 S1_config_ring1#master-node S1_config_ring1#hello-time 2 S1_config_ring1#fail-time 6
Related command
hello-time
1.1.7 pre-forward-time
To configure the time of maintaining the pre-forward state on the transit port, run the following command:
pre-forward-time value
To resume the default value of the pre-forward-time, run the following command:
no pre-forward-time
Parameter
Parameter Description
value Stands for a time value, whose unit is second.
The default value is three seconds. The value ranges between 3 and 30 seconds.
Default value
By default, the pre-forward-time is 3 seconds.
- 6 -
Commands for Fast Ethernet-Ring Potection Mechanism
Command mode
Node configuration mode for the Ethernet ring
Usage Explanation
1. The pre-forward-time configuration validates only on the transit node.
2. By default, the pre-forward-time on the transit node is three times the value of the hello-time on the master node, which avoids the network loop from being occurred after the transmission link recovers from disconnection. After the hello-time of the master node is modified, the corresponding pre-forward-time on the transit node need be adjusted.
Example
S1_config#ether-ring 1 S1_config_ring1#control-vlan 2 S1_config_ring1#transit-node S1_config_ring1#pre-forward-time 8
Related command
None
1.1.8 distributed-mode
To configure the protection of wire-card-distributed Ethernet ring, run distributed-mode.
Parameter
None
Default value
By default, the configured node of the Ethernet ring automatically works in distributed mode.
Command mode
Node configuration mode for the Ethernet ring
Usage Explanation
1. The command validates only on S6800 and S8500.
- 7 -
Commands for Fast Ethernet-Ring Potection Mechanism
2. In distributed mode, all events about the Ethernet ring such as the link disconnection of the Ethernet ring are handled in priority by the wire card of the switch to obtain the higher convergence performance.
Example
S1_config#ether-ring 1 S1_config_ring1#distributed-mode
Related command
centralized-mode
1.1.9 centralized-mode
To set the working mode of the Ethernet ring protection protocol to the MSU centralized control, run centralized-mode.
Parameter
None
Default value
By default, the Ethernet-ring protection protocol works in distributed mode.
Command mode
Node configuration mode for the Ethernet ring
Usage Explanation
1. The command validates only on S6800 and S8500.
2. After the MSU centralized mode is configured, the wire card of the switch does not handle the Ethernet ring events.
Example
S1_config#ether-ring 1 S1_config_ring1#distributed-mode
Related command
distributed-mode
- 8 -
Commands for Fast Ethernet-Ring Potection Mechanism
1.2 Port Configuration Commands
1.2.1 ether-ring primary-port
To set a port to be the primary port of a master node, run the following command:
ether-ring id primary-port
To cancel the primary port configuration of a port, run the following command:
no ether-ring id primary-port
Parameter
Parameter Description
id ID of the node
Default value
The primary port is not configured by default.
Command mode
The physical port configuration mode and the converged port configuration mode
Note: The versions of switch software prior to version 2.0.1L and the versions of hi-end switch software prior to version 4.0.0M do not support the configuration of the converged port.
Usage Explanation
The primary port can be configured only after the control VLAN and node type of the Ethernet ring are configured, and when the node type is the master node.
Example
S1_config#interface fastEthernet 0/1 S1_config_f0/1#ether-ring 1 primary-port S1_config_f0/1#exit
Related command
master-node
ether-ring secondary-port
- 9 -
Commands for Fast Ethernet-Ring Potection Mechanism
1.2.2 ether-ring secondary-port
To set a port to be the secondary port of a master node, run the following command:
ether-ring id secondary-port
To cancel the secondary port configuration, run the following command:
no ether-ring id secondary-port
Parameter
Parameter Description
id ID of the node
Default value
The secondary port on the master node is not configured by default.
Command mode
The physical port configuration mode and the converged port configuration mode
Note: The versions of switch software prior to version 2.0.1L and the versions of hi-end switch software prior to version 4.0.0M do not support the configuration of the converged port.
Usage Explanation
The secondary port can be configured only after the control VLAN and node type of the Ethernet ring are configured, and when the node type must be the master node.
Example
S1_config#interface fastEthernet 0/3 S1_config_f0/3#ether-ring 1 secondary-port S1_config_f0/3#exit
Related command
master-node
ether-ring primary-port
1.2.3 ether-ring transit-port
To set a port to be the transit port of a transit node, run the following command:
- 10 -
Commands for Fast Ethernet-Ring Potection Mechanism
ether-ring id transit-port
To cancel the transit port, run the following command:
no ether-ring id transit-port
Parameter
Parameter Description
id ID of the node
Default value
The transit port on the transit node is not configured by default.
Command mode
The physical port configuration mode and the converged port configuration mode
Note: The versions of switch software prior to version 2.0.1L and the versions of hi-end switch software prior to version 4.0.0M do not support the configuration of the converged port.
Usage Explanation
The transit port can be configured only after the control VLAN and node type of the Ethernet ring are configured, and when the node type must be the transit node. Two transit ports can be configured on one transit node.
Example
S1_config_ring1#exit S1_config#interface fastEthernet 0/1 S1_config_f0/1#ether-ring 1 transit-port S1_config_f0/1#exit S1_config#interface fastEthernet 0/3 S1_config_f0/3#ether-ring 1 transit-port S1_config_f0/3#exit
Related command
transit-node
- 11 -
Commands for Fast Ethernet-Ring Potection Mechanism
1.3 Show-Related Commands
1.3.1 show ether-ring
To display the summary information about the Ethernet-ring node, run the following command:
show ether-ring id
To display the detailed information about the Ethernet-ring node, run the following command:
show ether-ring id detail
To display the information about the Ethernet-ring port, run the following command:
show ether-ring id interface intf-name
Parameter
Parameter Description
id ID of the node
intf-name Name of an interface
Default value
None
Command mode
Monitoring mode, global configuration mode, node configuration mode or port configuration mode
Usage Explanation
None
Example
None
Related command
None
- 12 -
QoS Function Configuration Commands
Table of Contents
Table of Contents
Chapter 1 QoS Service Configuration Commands ............................................................................ 1 1.1 QoS Configuration Commands............................................................................................. 1
1.1.1 cos default .................................................................................................................. 1 1.1.2 cos map...................................................................................................................... 2 1.1.3 scheduler wrr bandwidth ............................................................................................ 3 1.1.4 scheduler policy.......................................................................................................... 3 1.1.5 policy-map.................................................................................................................. 4 1.1.6 classify........................................................................................................................ 5 1.1.7 action.......................................................................................................................... 5 1.1.8 qos policy ................................................................................................................... 6
- I -
QoS Function Configuration Commands
Chapter 1 QoS Service Configuration Commands
1.1 QoS Configuration Commands QoS Configuration Commands include:
cos default
cos map
scheduler wrr bandwidth
scheduler policy
policy-map
classify
action
qos policy
1.1.1 cos default
description
cos default cos
no cos default
To configure the default value of CoS, use the cos default command. To disable the configuration, use the no form of this command.
parameter
parameter description
cos Default cos value. The range is 0-7
default
The default CoS value is 0
instruction
Layer 2 interface configuration mode
example
Set the CoS value of no-label frame received on ge0/1 interface as 4 Switch(config)# interface gigabitethernet0/1 Switch(config-if)# cos default 4
- 1 -
QoS Function Configuration Commands
1.1.2 cos map
description
cos map quid cos1..cosn
no cos map
To set the CoS priority queues, use the cos map command.
parameter
parameter description
quid ID of CoS priority queues. The range is 1 to 8 cos1..cosn CoS value defined by IEEE802.1p. The range is 0 to 7
default
CoS value Priority queues
0 1
1 2
2 3
3 4
4 5
5 6
6 7
7 8
instruction
Layer 2 interface configuration mode and the global configuration mode
Using this command in the global configuration mode will affect all CoS priority queue; while configuring this command in layer 2 interface command will only affect CoS priority queue of the interface.
example
The following example maps CoS 0-2 to CoS priority queue 1and maps CoS 3 to priority queue 2: Switch(config-if)# cos map 1 0 1 2 Switch(config-if)# cos map 2 3
- 2 -
QoS Function Configuration Commands
1.1.3 scheduler wrr bandwidth
description
scheduler wrr bandwidth weight1...weightn
no scheduler wrr bandwidth
To configure cos priotiry queue bandwidth, use the scheduler wrr bandwidth command
parameter
parameter description
weight1…weight8 WRR 8 CoS priority queue metrics the range is 1to 5。
default
All CoS priority queue metrics must be the same, the eight CoS priority queue metrics are all 12.
instruction
It works in the global configuration mode
Using this command will affect the priority queue broadband of all interfaces. It enables only when queue debug mode is configured wrr. It defines the CoS priority queue broadband metrics when wrr debug policy is applied.
example
Configure the eight CoS priority queue metrics as 1,2,3,4,5,6,7,8
Switch(config)# scheduler wrr bandwidth 1,2,3,4,5,6,7,8
1.1.4 scheduler policy
description
scheduler policy { sp | wrr }
no scheduler policy
To set CoS priority queue debug policy, use the scheduler policy command.
parameter
parameter description
sp Use the sp debug stratefgy. wrr Use the wrr debug strategy
- 3 -
QoS Function Configuration Commands
default
use SP
instruction
the global configuration mode
After configure the command, the interface send debug mode is configured to specified value.
example
Configure interface send debug mode as wrr.
Switch(config)#scheduler policy wrr
1.1.5 policy-map
description
policy-map name
no policy-map name
To set QOS policy-map, use the policy-map command
parameter
Parameter description
name Name of the policy map , the value range is 1 to 16 characters
default
none
instruction
the global configuration mode
After inputting this command, the system will enter QoS policy mapping configuration mode. There are following commands in this mode:
classify: it is used to configure QoS flow.
description:it is used to describe QoS policy mapping.
exit:it is used to quit from QoS policy mapping configuration mode.
no:it is used to cancel the command that formerly inputs.
action:it is used to define QoS action.
example
The following example shows how to configure QoS policy map: Switch(config)# policy-map myqos
- 4 -
QoS Function Configuration Commands
1.1.6 classify
description
classify {ip access-group access-list-name | dscp dscp-value | mac access-group mac-access-name | vlan vlan-id | cos cos | any }
no classify {ip access-group access-list-name | dscp dscp-value | mac access-group mac-access-name | vlan vlan-id | cos cos | any }
To configure the matching data traffic of QoS policy, use the classify command
Parameter Description
ip access-group access-list-name
Configure the matching IP access list name, the range is 1 to 16 characters
dscp dscp-value diffserv field in IP packet. The valid range is 0 to 63 mac access-group mac-access-name
Configure the matching MAC access list name. the valid range is 1 to 16 characters
vlan vlan-id Configure the matching VLAN, the valid range is 1 to 4094 cos cos Configure the matching COS value, the valid range is 0 to 7 any match any data packets
default
match any data packets
instruction
QoS policy map configuration mode
All data traffic in one QoS policy map must have the identical mask value, interface number in the ip access-list must be definite rather than a scope.
Only one item of rule can be included in the ip access list that used to match data flow, or the configuration fails. When the action (permit or deny) of the rule is permit, this rule is used to separate data flow; when the action of the rule is deny, this rule has no effect, that is, it will not be used to match data flow.
example
Switch(config-qos)# classify ip access-group ipacl1 cos 3
1.1.7 action
description
action [no-match] {bandwidth max-band | cos cos-value | dscp dscp-value | redirect interface-id | drop | stat | monitor }
To configure the matching data traffic policy of QoS policy map, use the action command
- 5 -
QoS Function Configuration Commands
parameter
paramter description
no-match Influence all the traffic that do not meet the demand bandwidth max-band maximum bandwidth to a class ,the range is 1 to 1000kbps。
dscp dscp-value Define the dscp field of the matching traffic as dscp-value, the range is 0 to 63
cos cos-value Define cos field of the matching traffic as cos-value, the range is 0 to 7
redirect interface-id redirect the exit of the matching traffic
drop drops the configured packets
stat Switch stat information of the related matching traffic monitor 将该数据包发送到镜像端口。Send the packets to monitor
interface
default
none
instruction
QoS policy map configuration mode.
One QoS policy mapping can only configures one kind of policy. Bandwidth and stat can only influence the match packets, and the above actions can be enabled at the same time, if the action is empty, then it means to forward, which means allowing the data traffic to pass.
example
Switch(config-qos)# action redirect interface g0/1
1.1.8 qos policy
description
[no] qos policy name { ingress|egress}
To configure the QoS policy on interface, use the qos policy command.
paramter
parameter description
name Name of QoS policy maps ingress Affect the entrance egress Affect the exit
- 6 -
QoS Function Configuration Commands
deault
none
instruction
layer 2 interface configuration mode
example
Apply the QoS policy named pmap on the f0/1 interface Switch(config)# interface Gigaethernet0/1 Switch(config-if)# qos policy pmap ingress
- 7 -
Anti-Attack Configuration Commands
Table of Contents
Table of Contents
Chapter 1 Anti-Attack Configuration Commands.................................................................................................................. 1 1.1 Anti-Attack Configuration Commands.................................................................................................................... 1
1.1.1 filter period time......................................................................................................................................... 1 1.1.2 filter threshold value .................................................................................................................................. 1 1.1.3 filter block-time value................................................................................................................................. 2 1.1.4 filter igmp................................................................................................................................................... 3 1.1.5 filter arp ..................................................................................................................................................... 3 1.1.6 filter enable................................................................................................................................................ 3 1.1.7 show filter .................................................................................................................................................. 4
- I -
Anti-Attack Configuration Commands
Chapter 1 Anti-Attack Configuration Commands
1.1 Anti-Attack Configuration Commands
1.1.1 filter period time
To configure filter period for attack, use the filter period command.
parameter
parameter Description
time The filter period for attack in seconds. It is considered as attack when the attack source sends packets above the specified number in any filter period time.
default
10 seconds
Command mode
Global configuration mode
example
Switch_config#filter period 15
Related commands
filter threshold value
1.1.2 filter threshold value
To configure the filter threshold value, use the filter thresholf value command.
parameter
parameter Description
value It is considered as attack when the receiving packets excddes the filter threshold value.
- 1 -
Anti-Attack Configuration Commands
default
1000
command mode
global configuration mode
example
Switch_config#filter threshold 1500
Related commands
filter period time
1.1.3 filter block-time value
To configure the time to block attack resource, use the filter block-time value command.
parameter
parameter description
Value Time to block attack source in seconds.
default
300 seconds
command mode
global configuration mode
example
Switch_config#filter block-time 600
Related commands
filter period time
filter threshold value
- 2 -
Anti-Attack Configuration Commands
1.1.4 filter igmp
To filter IGMP attack, use the filter igmp command.
parameter
none
Command mode
Global configuration mode
example
Switch_config#filter igmp
Related commands
filter enable
1.1.5 filter arp
To fliter ARP attack, use the filter arp command.
parameter
none
Command mode
physical interface configuration mode
example
Switch_config_f0/1#filter arp
Related commands
filter enable
1.1.6 filter enable
To enable filter feature, use the filter enable command.
- 3 -
Anti-Attack Configuration Commands
parameter
none
Command mode
Global configuration mode
example
Switch_config#filter enable
Related commands
filter igmp
filter arp
1.1.7 show filter
To display working state of the anti-attack feature of the current switch, use the show filter command.
parameter
none
command mode
non-user mode
Switch#show fil Filter threshold: 1000 packet in any 10 seconds Filters blocked: Address seconds source interface 00a0.0c13.647d 27.0 FastEthernet1/2 Filters counting: Address seconds count source interface 00a0.0c43.647d 1.84 371 FastEthernet1/2
Filters blocked: indicates MAC address of the blocked attack source, blocked time and source interface.
Filters counting: indicates MAC address of the attack source, counting time, the number of the receiving packets and the source interface.
- 4 -
Security Configuration Command
Table of Contents
Table of Contents Chapter 1 AAA Authentication Configuration Commands .................................................................................................... 1
1.1 AAA Authentication Configuration Commands ...................................................................................................... 1 1.1.1 aaa authentication enable default ............................................................................................................. 1 1.1.2 aaa authentication login ............................................................................................................................ 2 1.1.3 aaa authentication password-prompt ........................................................................................................ 4 1.1.4 aaa authentication username-prompt........................................................................................................ 5 1.1.5 aaa group server ....................................................................................................................................... 6 1.1.6 debug aaa authentication.......................................................................................................................... 7 1.1.7 enable password ....................................................................................................................................... 8 1.1.8 server ........................................................................................................................................................ 9 1.1.9 service password-encryption................................................................................................................... 10 1.1.10 username .............................................................................................................................................. 11
Chapter 2 RADIUS Configuration Commands.................................................................................................................... 13 1.2 RADIUS Configuration Commands ..................................................................................................................... 13
1.2.1 debug radius............................................................................................................................................ 13 1.2.2 ip radius source-interface........................................................................................................................ 14 1.2.3 radius-server challenge-noecho.............................................................................................................. 15 1.2.4 radius-server deadtime............................................................................................................................ 16 1.2.5 radius-server host.................................................................................................................................... 17 1.2.6 radius-server optional-passwords ........................................................................................................... 18 1.2.7 radius-server key..................................................................................................................................... 18 1.2.8 radius-server retransmit .......................................................................................................................... 19 1.2.9 radius-server timeout............................................................................................................................... 20 1.2.10 radius-server vsa send.......................................................................................................................... 21
- I -
Security Configuration Commands
Chapter 1 AAA Authentication Configuration Commands
1.1 AAA Authentication Configuration Commands This chapter describes the commands used to configure AAA authentication methods. Authentication identifies users before they are allowed access to the network and network services.
For information on how to configure authentication using AAA methods, refer to the "Configuring Authentication" chapter. For configuration examples using the commands in this chapter, refer to the "Authentication Examples" section located at the end of the "Configuring Authentication" chapter.
AAA Authentication Configuration Commands include:
aaa authentication enable default
aaa authentication login
aaa authentication password-prompt
aaa authentication username-prompt
aaa group server
debug aaa authentication
enable password
server
service_password-encryption
username
1.1.1 aaa authentication enable default
To enable AAA authentication to determine if a user can access the privileged command level, use the aaa authentication enable default global configuration command. Use the no form of this command to disable this authentication method.
aaa authentication enable default method1 [method2...]
no aaa authentication enable default method1 [method2...]
parameter
parameter description
method At least one of the keywords described in Table 1.
default
If the default list is not set, only the enable password is checked. This has the same effect as the following command:
- 1 -
Security Configuration Commands
aaa authentication enable default enable
On the console, the enable password is used if it exists. If no password is set, the process will succeed anyway.
command mode
Global configuration
instruction
Use the aaa authentication enable default command to create a series of authentication methods that are used to determine whether a user can access the privileged command level. Method keywords are described in Table 1. The additional methods of authentication are used only if the previous method returns an error, not if it fails. To specify that the authentication should succeed even if all methods return an error, specify none as the final method in the command line.
Table 0-1 aaa authentication enable default Methods
Keyword Description
group name Uses the server group for authentication.
enable Uses the enable password for authentication.
line Uses the line password for authentication.
none Uses no authentication.
group radius Uses RADIUS authentication.
example
The following example creates an authentication list that first tries to contact a TACACS+ server. If no server can be found, AAA tries to use the enable password. If this attempt also returns an error (because no enable password is configured on the server), the user is allowed access with no authentication. aaa authentication enable default line enable none
related commands
enable password
1.1.2 aaa authentication login
To set authentication, authorization, and accounting (AAA)authentication at login, use the aaa authentication login command in global configuration mode. To disable AAA authentication, use the no form of this command.
aaa authentication login {default | list-name} method1 [method2...]
no aaa authentication login {default | list-name} method1 [method2...]
- 2 -
Security Configuration Commands
parameter
parameter description
Default Uses the listed authentication methods that follow this argument as the default list of methods when a user logs in.
list-name Character string used to name the list of authentication methods activated when a user logs in.
method At least one of the keywords described in Table 2.
default
If the default list is not set, only the local user database is checked. This has the same effect as the following command:
aaa authentication login default none
command mode
Global configuration
instruction
The default and optional list names that you create with the aaa authentication login command are used with the login authentication command.
The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify none as the final method in the command line.
If authentication is not specifically set for a line, the default is to deny access and no authentication is performed.
Table 0-2 AAA authentication login Methods
Keyword Description
enable Uses the enable password for authentication.
group Uses the server group for authentication.
line Uses the line password for authentication.
local Uses the local username database for authentication.
local-case Uses case-sensitive local username authentication.
none Uses no authentication.
group radius Used RADIUS for authentication.
example
The following example creates an AAA authentication list called TEST. This authentication first tries to contact a TACACS+ server. If no server is found, TACACS+
- 3 -
Security Configuration Commands
returns an error and AAA tries to use the enable password. If this attempt also returns an error (because no enable password is configured on the server), the user is allowed access with no authentication.
aaa authentication login TEST tacacs+ enable none
The following example creates the same list, but it sets it as the default list that is used for all login authentications if no other list is specified:
aaa authentication login default tacacs+ enable none
related commands
none
1.1.3 aaa authentication password-prompt
To change the text displayed when users are prompted for a password, use the aaa authentication password-prompt global configuration command. Use the no form of this command to return to the default password prompt text.
aaa authentication password-prompt text-string
no aaa authentication password-prompt text-string
parameter
parameter description
test-string String of text that will be displayed when the user is prompted to enter a password.
default
There is no user-defined text-string, and the password prompt appears as "Password."
command mode
Global configuration
instruction
Use the aaa authentication password-prompt command to change the default text that the software displays when prompting a user to enter a password. This command changes the password prompt for the enable password as well as for login passwords that are not supplied by remote security servers. The no form of this command returns the password prompt to the default value:
Password:
The aaa authentication password-prompt command does not change any dialog that is supplied by a remote TACACS+ server.
- 4 -
Security Configuration Commands
example
The following example changes the text for the username prompt: aaa authentication password-prompt YourPassword:
related commands
aaa authentication username-prompt
enable password
1.1.4 aaa authentication username-prompt
To change the text displayed when users are prompted to enter a username, use the aaa authentication username-prompt global configuration command. Use the no form of this command to return to the default username prompt text.
aaa authentication username-prompt text-string
no aaa authentication username-prompt text-string
parameter
parameter description
text-string String of text that will be displayed when the user is prompted to enter a username.
default
There is no user-defined text-string, and the username prompt appears as "Username."
command mode
Global configuration
instruction
Use the aaa authentication username-prompt command to change the default text that the software displays when prompting a user to enter a username. The no form of this command returns the username prompt to the default value:
Username:
Some protocols (for example, TACACS+) have the ability to override the use of local username prompt information. Using the aaa authentication username-prompt command will not change the username prompt text in these instances.
Note:
- 5 -
Security Configuration Commands
The aaa authentication username-prompt command does not change any dialog that is supplied by a remote TACACS+ server.
example
The following example changes the text for the username prompt: aaa authentication username-prompt YourUsernam:
related commands
aaa authentication password-prompt
1.1.5 aaa group server
To group different RADIUS server hosts into distinct lists and distinct methods, enter the aaa group server radius command in global configuration mode. To remove a group server from the configuration list, enter the no form of this command.
aaa group server radius group-name
no aaa group server radius group-name
parameter
parameter description
group-name Character string used to name the group of servers.
default
No default behavior or values.
command mode
Global configuration
instruction
The authentication, authorization, and accounting (AAA) server-group feature introduces a way to group existing server hosts. The feature enables you to select a subset of the configured server hosts and use them for a particular service.
Example
The following example adds a radius server group named radius-group: aaa group server radius radius-group
related commands
server
- 6 -
Security Configuration Commands
1.1.6 debug aaa authentication
To display information on authentication, authorization, and accounting (AAA) TACACS+ authentication, use the debug aaa authentication command in privileged EXEC mode. To disable debugging output, use the no form of this command.
debug aaa authentication
no debug aaa authentication
parameter
none
default
disabled
command mode
EXEC
instruction
Use this command to learn the methods of authentication being used and the results of these methods.
example
The following is sample output from the debug aaa authentication command. switch#debug aaa authentication AAA: Authen start (0x1f74208), user=, authen_type=ASCII, priv=0, method-list=default AAA: Use authen method LOCAL (0x1f74208). AAA: Authen CONT, need username. AAA: Authen CONT, need password. AAA: Authen ERROR (0x1f74208)! Use next method. AAA: Authen FAIL(0x1f74208)! Method-list polling finish.
Output information description
Authen start (0x1f74208), user=, authen_type=ASCII, priv=0, method-list=default
The authentication starts and the username is unknown. Uses ASCII-type authentication. The privileged level required for the user to enter is 0. Uses the default authentication method list.
UserID = 0x1f74208
Use authen method LOCAL (0x1f74208) Uses local authentication method. UserID = 0x1f74208
Authen CONT, need username Prompts for username
Authen CONT, need password Prompts for password
Authen ERROR (0x1f74208)! Use next Indicates that the local authentication fails,
- 7 -
Security Configuration Commands
method Uses the next method in the list.
Authen FAIL(0x1f74208)! Method-list polling finish
Method-list polling is finished. The authentication fails.
related commands
none
1.1.7 enable password
To set a local password to control access to various privilege levels, use the enable password command in global configuration mode. To remove the password requirement, use the no form of this command.
enable password { password | [encryption-type] encrypted-password } [level number]
no enable password [level number]
parameter
parameter description
password Password users type to enter enable mode.
encryption-type Algorithm used to encrypt the password.
encrypted-password Encrypted password you enter, copied from another router configuration.
level Level for which the password applies.
number Number between 1 and 15 that specifies the privilege level for the user.
default
No password is defined.
command mode
Global configuration
instruction
Can not have spaces in the password that the switch configures. When using the enable password command, you cannot input space if you enter a clear text password. The length of the clear text password cannot exceed 126 characters.
The default level parameter is 15 without inputting the level parameter. If a privilege level is not configured password, then no authentication is performed when a user entering this priviledge level.
Our switch system only supports two types of encryption. The encryption type is 0 and 7 respectively. Parameter O indicates no password is defined and you enter a clear text password in the following encrypted-password blank. Parameter 7 indicates a
- 8 -
Security Configuration Commands
self-defined algorithm is used for encryption and you enter encrypted text password in the following encrypted-password blank. This encryted text password can be copied from the configuration file of other switch.
example
The following example adds password clever for the privige level 10, uses encryption-type 0, that is, the clear text password: enable password 0 clever level 10
The following example adds password Oscar for the default privilege (15), uses encryption-type 7, that is, the encrypted text password: enable password 7 074A05190326
Assuming the encrypted text password of Oscar is 074A05190326, which is obtained from the configuration file of other switch.
related commands
aaa authentication enable default
service password-encryption
1.1.8 server
To add a server in the AAA server group, use the server command in server-group configuration mode. To remove the associated server from the authentication, authorization, and accounting (AAA) group server, use the no form of this command.
server A.B.C.D
no server A.B.C.D
parameter
parameter description
A.B.C.D IP address of the server.
default
No server
command mode
Server-group configuration
instruction
You can add 20 different servers in a server group at most.
- 9 -
Security Configuration Commands
example
The following example adds a server at 12.1.1.1 to the server group: server 12.1.1.1
related commands
aaa group server
1.1.9 service password-encryption
To encrypt passwords, use the service password-encryption command in global configuration mode. To restore the default, use the no form of this command.
service password-encryption
no service password-encryption
parameter
none
default
No encryption
command mode
global configuration
instruction
Currently in the realization of our switch system, this command is related to username password, enable password and password. If this command is not configured on the switch (namely default state), and the system uses the clear text storage method in the above three commands, then the configured clear text of the password can be displayed in the show running-config command. If this command is configured on the switch, then the configured password of the above three commands will be encrypted, then the configured clear text of the password cannot be displayed in the show running-config command, even using the no service password-encryption cannot restore the clear text of the password. Please make sure of the configured password before using this command for encryption. The no service password-encryption command only has effect on the password configured by the service password-encryption command.
example
Use the following command to encrypt for the configured clear text password and also to encrypt for the clear text password that configured after using this command. switch_config#service password-encryption
related commands
username username password enable password
- 10 -
Security Configuration Commands
password
1.1.10 username
To establish a username-based authentication system, use the username command in global configuration mode. Use the no form of this command to remove an established username-based authentication.
username username [password { password | [encryption-type] encrypted-password }] [user-maxlinks number] [autocommand command]
no username username
parameter
parameter description
Username Username character string password Password a user enters.
password Clear text of the password character string encryption-type Encryption type
encrypted-password Encrypted password a user enters.
user-maxlinks Limits the user's number of inbound links.
number Link number that established simultaneously.
autocommand Causes the specified command to be issued automatically after the user logs in. The autocommand must be used in the end of the command line.
command Executes automatically command character string
default
No username-based authentication system is established.
command mode
global configuration
instruction
The password is considered as empty character string when there is no password parameter. The trust-host will bind the user to the specified host. This user and other hosts cannot pass authentication when logging in switch. The user-maxlinks command limit the user's number of inbound links. User can use the show users command to check which kind of authentication that each online user passes.
White spaces are not allowed in the configured password of our switch. This also applies to the enable password command.
Our switch system only supports two types of encryption. The encryption type is 0 and 7 respectively. Parameter O indicates no password is defined and you enter a clear text password in the following encrypted-password blank. Parameter 7 indicates a
- 11 -
Security Configuration Commands
self-defined algorithm is used for encryption and you enter encrypted text password in the following encrypted-password blank. This encryted text password can be copied from the configuration file of other switch.
example
The following example adds a local user, its username is someone, its password is someother: username someone password someother
The following example adds a local user, its user name is Oscar, its password is Joan, uses encryption-type 7, that is, the encrypted text password: enable password 7 1105718265
Assuming the encrypted text password is 1105718265, which is obtained from the configuration file of other switch.
related commands
aaa authentication login
- 12 -
Security Configuration Commands
Chapter 2 RADIUS Configuration Commands This chapter describes the commands used to configure RADIUS. RADIUS is a distributed client/server system that secures networks against unauthorized access. In the implementation, RADIUS clients run on switches and send authentication requests to a central RADIUS server that contains all user authentication and network service access information.
For information on how to configure RADIUS, refer to the chapter "Configuring RADIUS".
1.2 RADIUS Configuration Commands
RADIUS Configuration Commands include:
debug radius
ip radius source-interface
radius-server challenge-noecho
radius-server deadtime
radius-server host
radius-server optional-passwords
radius-server key
radius-server retransmit
radius-server timeout
radius-server vsa send
1.2.1 debug radius
To display information associated with RADIUS, use the debug radius command in EXEC mode. To disable debugging output, use the no form of this command.
debug radius{event | packet}
no debug radius{event | packet}
parameter
parameter description
event Displays radius event
packet Displays radius packet.
default
none
- 13 -
Security Configuration Commands
command mode
EXEC
instruction
Use this command to debug network system to locate the authentication failure reason.
Switch#debug radius event
RADIUS:return message to aaa, Give me your username
RADIUS:return message to aaa, Give me your password
RADIUS:inital transmit access-request [4] to 192.168.20.126 1812 <length=70>
RADIUS:retransmit access-request [4] to 192.168.20.126 1812 <length=70>
RADIUS:retransmit access-request [4] to 192.168.20.126 1812 <length=70>
RADIUS:192.168.20.126 is dead to response [4]
RADIUS:Have tried all servers,return error to aaa
output information description
return message to aaa, Give me your username
It needs username
return message to aaa, Give me your password
It needs the password that corresponds to the username
inital transmit access-request [4] to 192.168.20.126 1812 <length=70>
Sends authentication request to RADIUS server for the first time. The server address is 192.168.20.126, port number 1812, packet length 70
retransmit access-request [4] to 192.168.20.126 1812 <length=70>
The server doesn’t respond to the request in time. The authentication request will be retransmitted.
192.168.20.126 is dead to response [4] The server doesn’t respond after many times of retransmittion. This serve is marked as dead.
Have tried all servers,return error to aaa RADIUS cannot complete this authentication and returns to error.
example
The following example debugs RADIUS event: debug radius event
1.2.2 ip radius source-interface
To force RADIUS to use the IP address of a specified interface for all outgoing RADIUS packets, use the ip radius source-interface command in global configuration mode. To prevent RADIUS from using the IP address of a specified interface for all outgoing RADIUS packets, use the no form of this command.
ip radius source-interface interface-name
- 14 -
Security Configuration Commands
no ip radius source-interface
parameter
parameter description
interface-name Name of the interface that RADIUS uses for all of its outgoing packets.
default
No default behavior or values
command mode
global configuration
instruction
Use this command to set the IP address of a subinterface to be used as the source address for all outgoing RADIUS packets. The IP address is used as long as the subinterface is in the up state. In this way, the RADIUS server can use one IP address entry for every network access client instead of maintaining a list of IP addresses.
This command is especially useful in cases where the router has many subinterfaces and you want to ensure that all RADIUS packets from a particular router have the same IP address.
The specified subinterface must have an IP address associated with it. If the specified subinterface does not have an IP address or is in the down state, then RADIUS reverts to the default. To avoid this, add an IP address to the subinterface or bring the subinterface to the up state.
example
The following example shows how to configure RADIUS to use the IP address of vlan 1 for all outgoing RADIUS packets: ip radius source-interface vlan 1
related commands
ip tacacs source-interface
1.2.3 radius-server challenge-noecho
To prevent user responses to Access-Challenge packets from being displayed on the screen, use the radius-server challenge-noecho command in global configuration mode. To return to the default condition, use the no form of this command.
radius-server challenge-noecho
no radius-server challenge-noecho
parameter
none
- 15 -
Security Configuration Commands
default
All user responses to Access-Challenge packets are echoed to the screen.
command mode
global configuration
instruction
none
example
radius-server challenge-noecho
1.2.4 radius-server deadtime
To improve RADIUS response times when some servers might be unavailable and cause the unavailable servers to be skipped immediately, use the radius-server deadtime command in global configuration mode. To set dead-time to 0, use the no form of this command.
radius-server deadtime minutes
no radius-server deadtime
parameter
parameter description
minutes Length of time, in minutes, for which a RADIUS server is skipped over by transaction requests, up to a maximum of 1440 minutes (24 hours).
default
Dead time is set to 0.
command mode
global configuration
instruction
Use this command to cause the software to mark as "dead" any RADIUS servers that fail to respond to authentication requests, thus avoiding the wait for the request to time out before trying the next configured server. A RADIUS server marked as "dead" is skipped by additional requests for the duration of minutes or unless there are no servers not marked "dead."
example
The following example specifies five minutes deadtime for RADIUS servers that fail to respond to authentication requests: radius-server deadtime 5
- 16 -
Security Configuration Commands
related commands
radius-server host
radius-server retransmit
radius-server timeout
1.2.5 radius-server host
To specify a RADIUS server host, use the radius-server host command in global configuration mode. To delete the specified RADIUS host, use the no form of this command.
radius-server host ip-address [auth-port port-number1] [acct-port port-number2]
no radius-server host ip-address
parameter
parameter Description
ip-address IP address of the RADIUS server host.
auth-port (Optional) Specifies the UDP destination port for authentication requests.
port-number1 (Optional) Port number for authentication requests; the host is not used for authentication if set to 0.
acct-port (Optional) Specifies the UDP destination port for accounting requests.
port-number2 (Optional) Specifies the UDP destination port for accounting requests; the host is not used for accounting if set to 0.
default
No RADIUS host is specified;
command mode
global configuration
instruction
You can use multiple radius-server host commands to specify multiple hosts. The software searches for hosts in the order in which you specify them.
example
The following example specifies host 1.1.1.1 as the RADIUS server and uses default ports for both accounting and authentication radius-server host 1.1.1.1
The following example specifies port 12 as the destination port for authentication requests and port 16 as the destination port for accounting requests on the RADIUS host named host1:
- 17 -
Security Configuration Commands
radius-server host 1.2.1.2 auth-port 12 acct-port 16
related commands
aaa authentication
radius-server key
tacacs server
username
1.2.6 radius-server optional-passwords
To specify that the first RADIUS request to a RADIUS server be made without password verification, use the radius-server optional-passwords command in global configuration mode. To restore the default, use the no form of this command.
radius-server optional-passwords
no radius-server optional-passwords
parameter
This command has no parameters or keywords.
default
disabled
command mode
global configuration
instruction
When the user enters the login name, the login request is transmitted with the name and a zero-length password. If accepted, the login procedure completes. If the RADIUS server refuses this request, the server software prompts for a password and tries again when the user supplies a password. The RADIUS server must support authentication for users without passwords to make use of this feature.
example
The following example configures the first login to not require RADIUS verification: radius-server optional-passwords
related commands
radius-server host
1.2.7 radius-server key
To set the authentication and encryption key for all RADIUS communications between the router and the RADIUS daemon, use the radius-server key command in global configuration mode. To disable the key, use the no form of this command.
radius-server key string
- 18 -
Security Configuration Commands
no radius-server key
parameter
parameter description
string Spedifies the encrypted key.
This encrypted key must match the encrypted key that RADIUS server uses.
default
The encrypted key is the empty character string.
command mode
Global configuration
instruction
The key entered must match the key used on the RADIUS daemon. All leading spaces are ignored, and all white spaces cannot be included in the encrypted key.
example
The following example sets the encryption key to " firstime ": radius-server key firstime
related commands
radius-server host
tacacs server
username
1.2.8 radius-server retransmit
To specify the number of times the software searches the list of RADIUS server hosts before giving up, use the radius-server retransmit command in global configuration mode. To disable retransmission, use the no form of this command.
radius-server retransmit retries
no radius-server retransmit
parameter
parameter description
retries Maximum number of retransmission attempts. The default is 3 attempts.
- 19 -
Security Configuration Commands
default
3 attemps
command mode
global configuration
instruction
This command is generally used with the radius-server timeout command, indicating the interval for which a router waits for a server host to reply before timing out and the times of retry after timing out.
example
The following example specifies a retransmit counter value of five times: radius-server retransmit 5
related commands
radius-server timeout
1.2.9 radius-server timeout
To set the interval for which a router waits for a server host to reply, use the radius-server timeout command in global configuration mode. To restore the default, use the no form of this command.
radius-server timeout seconds
no radius-server timeout
parameter
parameter description
seconds Number that specifies the timeout interval, in seconds. The default is 5 seconds.
default
5 seconds
command mode
global configuration
instruction
This command is generally used with the radius-server retransmit command.
- 20 -
Security Configuration Commands
example
Use this command to set the number of seconds a router waits for a server host to reply before timing out. radius-server timeout 10
related commands
none
1.2.10 radius-server vsa send
To configure the network access server to recognize and use vendor-specific attributes, use the radius-server vsa send command. To restore the default, use the no form of this command.
radius-server vsa send [authentication]
no radius-server vsa send [authentication]
parameter
parameter description
authentication (Optional) Limits the set of recognized vendor-specific attributes to only authentication attributes.
default
disabled
command mode
global configuration
instruction
The Internet Engineering Task Force (IETF) draft standard specifies a method for communicating vendor-specific information between the network access server and the RADIUS server by using the vendor-specific attribute (attribute 26). Vendor-specific attributes (VSAs) allow vendors to support their own extended attributes not suitable for general use. The radius-server vsa send command enables the network access server to recognize and use both accounting and authentication vendor-specific attributes. Use the accounting keyword with the radius-server vsa send command to limit the set of recognized vendor-specific attributes to just accounting attributes. Use the authentication keyword with the radius-server vsa send command to limit the set of recognized vendor-specific attributes to just authentication attributes.
example
The following example configures the network access server to recognize and use vendor-specific accounting attributes: radius-server vsa send accounting
- 21 -
Security Configuration Commands
related commands
radius-server host
- 22 -
EPON OAM Configuration Commands
Table of Contents
Table of Contents
Chapter 1 OAM Configuration Commands......................................................................................... 1 1.1 OAM Configuration Commands............................................................................................ 1
1.1.1 ethernet oam timeout ................................................................................................. 1 1.1.2 ethernet oam log ........................................................................................................ 2 1.1.3 ethernet oam log discovery ........................................................................................ 2 1.1.4 ethernet oam log link-monitor..................................................................................... 3 1.1.5 ethernet oam remote-loopback {start | stop | test} ..................................................... 4 1.1.6 show ethernet oam statistics...................................................................................... 5 1.1.7 show ethernet oam configuration............................................................................... 6 1.1.8 show ethernet oam ctc version-negotiation-result ..................................................... 6 1.1.9 show ethernet oam loopback-test-result .................................................................... 7 1.1.10 show ethernet oam status ........................................................................................ 8
- I -
EPON OAM Configuration Command
Chapter 1 OAM Configuration Commands
1.1 OAM Configuration Commands
1.1.1 ethernet oam timeout
Syntax
[no] ethernet oam timeout value
ethernet oam timeout value
It is used to set the timeout time of the OAM connection.
Parameter
Parameter Parameter description
value Timeout time of the OAM connection, which ranges between 2 and 30 and whose unit is second
Default value
The value of timeout is 10.
Command mode
Global configuration mode
Instruction
This command can be used to configure some optional parameters for establishing the OAM connection.
Example
The following example shows how to set the timeout time of connection to five seconds.
switch_config#ethernet oam timeout 5
- 1 -
EPON OAM Configuration Command
1.1.2 ethernet oam log
Syntax
ethernet oam log {disable | enable}
It is used to enable or disable the EPON OAM log.
Parameter
None
Default value
enable
Command mode
Global configuration mode
Instruction
This command can be used to display or limit the EPON OAM log (including the OAM discovery state machine and the link monitor). It is recommended to enable this log.
Example
The following example shows how to set and limit the EPON OAM log.
switch_config# ethernet oam log disable
1.1.3 ethernet oam log discovery
Syntax
ethernet oam log discovery {disable | enable}
To display or restrain the discovery log of EPON OAM, run the previous command.
Parameter
None
- 2 -
EPON OAM Configuration Command
Default value
enable
Command mode
Global configuration mode
Instruction
This command is used to restrain the discovery log of EPON OAM, however, it is recommended to enable this log.
Example
The following example shows how to display or restrain the discovery log of EPON OAM:
switch_config# ethernet oam log discovery disable
1.1.4 ethernet oam log link-monitor
Syntax
ethernet oam log link-monitor {disable | enable}
It is used to enable or disable the link monitor log of EPON OAM.
Parameter
None
Default value
enable
Command mode
Global configuration mode
Instruction
This command is used to restrain the link monitor log of EPON OAM, however, it is recommended to enable this log.
- 3 -
EPON OAM Configuration Command
Example
The following example shows how to display or restrain the link monitor log of EPON OAM:
switch_config# ethernet oam log link-monitor disable
1.1.5 ethernet oam remote-loopback {start | stop | test}
Syntax
ethernet oam remote-loopback {start | stop | {test frame-size pkt-num}} interface intf-type intf-id
To start or stop the remote OAM loopback, run the previous command.
Parameter
Parameter Parameter description
frame-size Stands for the size of a frame.
pkt-num Stands for the number of the frames.
intf-id Stands for an designated interface.
Default value
None
Command mode
Privileged mode
Remarks
The remote OAM loopback cannot be enabled on the physical interface that belongs to the aggregation interface.
Example
The following example shows how to positively start the remote OAM loopback on interface EPON 0/1:1.
switch#ethernet oam remote-loopback start interface EPON0/1:1
- 4 -
EPON OAM Configuration Command
1.1.6 show ethernet oam statistics
Syntax
show ethernet oam statistics interface [intf-type intf-id]
To display the OAM statistics information on a designated interface or all interfaces, run the previous command.
Parameter
Parameter Parameter description
intf-id Displays the statistics information on the designated interface or on all protocol-up ports and enables the statistics information on the OAM interface.
Default value
None
Remarks
None
Example
The following example shows how to display the number of the OAM packets which are classified by packet types on interface EPON0/1:1.
switch#show ethernet oam statistics interface EPON0/1:1 Interface: E0/1:1 Counters: --------- Information OAMPDU Tx : 494 Information OAMPDU Rx : 494 Unique Event Notification OAMPDU Tx : 0 Unique Event Notification OAMPDU Rx : 0 Duplicate Event Notification OAMPDU TX: 0 Duplicate Event Notification OAMPDU RX: 0 Loopback Control OAMPDU Tx : 0 Loopback Control OAMPDU Rx : 0 Variable Request OAMPDU Tx : 0 Variable Request OAMPDU Rx : 0 Variable Response OAMPDU Tx : 0 Variable Response OAMPDU Rx : 0 Organization Specific OAMPDU Tx : 1
- 5 -
EPON OAM Configuration Command
Organization Specific OAMPDU Rx : 1 Unsupported OAMPDU Tx : 0 Unsupported OAMPDU Rx : 0 Frames Lost due to OAM : 0
1.1.7 show ethernet oam configuration
Syntax
show ethernet oam configuration
The following example shows how to display global OAM configuration:
Parameter
None
Default value
None
Remarks
None
Example
The following example shows how to display global OAM configuration:
switch#show ethernet oam configuration General ------- Link timeout : 10 seconds
1.1.8 show ethernet oam ctc version-negotiation-result
Syntax
show ethernet oam ctc version-negotiation-result interface [intf-type intf-id]
To display the negotiation result of Telecom OAM on all interfaces or a specific interface, run the previous command.
Parameter
Parameter Parameter description
intf-id Displays the negotiation result of Telecom OAM on a specific interface, otherwise displays all protocols are up and the
- 6 -
EPON OAM Configuration Command
negotiation result of Telecom OAM on the OAM interface.
Default value
None
Remarks
None
Example
The following example shows how to display the OAM Runtime information on interface E0/1:1.
switch# show ethernet oam ctc version-negotiation-result interface E0/1:1 Interface : E0/1:1 ctc_OAM_Ext_Status : 0x3 OUI : 11:11:11 ctc_OAM_Ext_version: 0x20
1.1.9 show ethernet oam loopback-test-result
Syntax
show ethernet oam loopback-test-result interface [intf-type intf-id]
It is used to display the result of OAM loopback testing of a designated port.
Parameter
Parameter Parameter description
intf-id Displays the loopback result of OAM on a specific interface, otherwise displays all protocols are up and the loopback result of OAM on the OAM interface.
Default value
None
Remarks
None
- 7 -
EPON OAM Configuration Command
Example
The following example shows how to display the OAM loopback result on interface E0/1:1.
switch#ethernet oam remote-loopback start interface E0/1:1
switch #ethernet oam remote-loopback test 64 10 interface E0/1:1
switch # show ethernet oam loopback-test-result interface E0/1:1 Loopback test result: Out of Seqance frames: 5 10 packets transmitted, 9 received, 10% packet loss rtt min/avg/max = 0/0/0 ms value = 0 = 0x0
1.1.10 show ethernet oam status
Syntax
show ethernet oam status [interface [intf-type intf-id]]
It is used to display the OAM status on all interfaces or a designated interface.
Parameter
Parameter Parameter description
intf-id Displays the OAM status on a designated interface, or displays all protocol-up ports and enables the OAM status on the OAM interface.
Default value
None
Remarks
None
Example
The following example shows how to display the OAM status on interface E0/1:1.
switch#show ethernet oam status Interface: E0/1:1 oam_table: ---------- Admin state: Enabled Operational status: 108270576
- 8 -
EPON OAM Configuration Command
Mode: 4662140 Maximum oam pdu: 1518 Configuration revision: 0 Function supported: 7 peer_table: ----------- Status: 4662140 MAC address: 00:13:25:ff:ff:81 Vendor OUI: 00:13:25 Vendor info: 0 mode: Passive Maximum oam pdu: 1518 Configuration revision: 1 Function supported: 7 loopback_table: -------------- Status:
- 9 -
Flow Encryption Configuration Commands
Table of Contents
Table of Contents
Chapter 1 Encryption Configuration Commands................................................................................ 1 1.1 Encryption Configuration Commands................................................................................... 1
1.1.1 epon encryption triple-churning rekeying-timer-value ........................................... 1 1.1.2 epon encryption {enable | disable} ........................................................................ 2
- I -
Flow Encryption Configuration Commands
Chapter 1 Encryption Configuration Commands
1.1 Encryption Configuration Commands
The following are encryption configuration commands:
epon encryption triple-churning rekeying-timer-value
epon encryption {enable | disable}
1.1.1 epon encryption triple-churning rekeying-timer-value
Syntax
epon encryption triple-churning rekeying-timer-value
no epon encryption
To enable or disable the global encryption of OLT, run the previous two commands respectively.
Parameter
Parameter Parameter description
rekeying-timer-value Stands for the time for key update, which falls between 600 and 10000ms.
Default value
The default value of the encryption mode is triple-chuming and the time for key update is 10000ms.
Command mode
Global configuration mode
Remarks
Only when the encryption function of the LLID port is enabled at the same time, the underline encryption function can take effect.
- 1 -
Flow Encryption Configuration Commands
Example
The following example shows how to set the encryption mode of OLT to triple-chuming.
switch_config# epon encryption triple-churning
1.1.2 epon encryption {enable | disable}
Syntax
epon encryption enable
epon encryption disable
To enable or disable the underline encryption function of the LLID port, run the previous two commands respectively.
Parameter
None
Default value
The encryption function of the LLID port is enabled by default.
Command mode
LLID port configuration mode
Remarks
This command takes effect only when it is used together with the command epon encryption triple-churning rekeying-timer-value.
Example
The following example shows how to disable the encryption function of interface EPON0/1:1.
switch_config# interface EPON0/1:1 switch_config_epon0/1:1# epon encryption disable
- 2 -
EPON Multicast Configuration Commands
Table of Contents
Table of Contents
Chapter 1 OLT IGMP Multicast Configuration Commands ................................................................ 1 1.1.1 ip mcst {enable | disable} ........................................................................................... 2 1.1.2 ip mcst mc-vlan vlan_id range A.B.C.D&<1-n> ....................................................... 2 1.1.3 ip mcst vlan vlan_id static A.B.C.D interface intf ..................................................... 3 1.1.4 ip mcst timer router-age timer_value.................................................................. 4 1.1.5 ip mcst timer response-time timer_value ................................................................... 4 1.1.6 ip mcst mrouter interface inft_name........................................................................... 5 1.1.7 ip igmp-proxy enable.................................................................................................. 6 1.1.8 ip mcst querier{enable | disable} ................................................................................ 6 1.1.9 ip mcst querier address [ip_addr]............................................................................... 7 1.1.10 ip igmp-proxy last-member-query {count value1| interval value2} ........................... 8 1.1.11 ip mcst compatible {enable | disable} ....................................................................... 9 1.1.12 ip mcst mode............................................................................................................ 9 1.1.13 ip mcst preview time............................................................................................... 10 1.1.14 show ip mcst............................................................................................................11 1.1.15 show ip mcst timer ................................................................................................. 12 1.1.16 show ip mcst groups............................................................................................... 12 1.1.17 show ip mcst statistics............................................................................................ 13 1.1.18 show ip igmp-proxy ................................................................................................ 14 1.1.19 debug ip mcst packet ............................................................................................. 14 1.1.20 debug ip mcst timer................................................................................................ 15 1.1.21 debug ip mcst timer................................................................................................ 16 1.1.22 debug ip mcst event ............................................................................................... 16 1.1.23 debug ip mcst error ................................................................................................ 17 1.1.24 debug ip igmp-proxy............................................................................................... 17
Chapter 2 Commands for OLT MLD Multicast Settings ................................................................... 19 2.1.1 ip mld-snooping {enable | disable} ........................................................................... 19 2.1.2 ip mld-snooping solicitation ...................................................................................... 20 2.1.3 ip mld-snooping mc-vlan vlan_id range A.B.C.D&<1-n>....................................... 21 2.1.4 ip mld-snooping vlan vlan_id static X:X:X:X::X interface intf ................................. 21 2.1.5 ip mld-snooping timer router-age timer_value .................................................... 22 2.1.6 ip mld-snooping timer response-time timer_value ................................................... 23 2.1.7 ip mld-snooping mrouter interface inft_name........................................................... 23 2.1.8 ip mld-proxying enable ............................................................................................. 24 2.1.9 ip mld-proxying querier address [ip_addr]................................................................ 25 2.1.10 ip mld-proxying last-member-query {count value1| interval value2} ...................... 25 2.1.11 show ip mld-snooping............................................................................................. 26 2.1.12 show ip mld-snooping timer ................................................................................... 27 2.1.13 show ip mld-snooping groups ................................................................................ 28 2.1.14 show ip mld-snooping statistics.............................................................................. 28 2.1.15 show ip mld-proxying ............................................................................................. 29
- I -
Table of Contents
Chapter 3 Remote Configuration Commands for ONU Multicast .................................................... 31 3.1.1 epon onu mcst enable.............................................................................................. 31 3.1.2 epon onu ctc mcst switch ......................................................................................... 32 3.1.3 epon onu ctc mcst fast-leave enable ....................................................................... 32 3.1.4 epon onu ctc mcst premission.................................................................................. 33 3.1.5 epon onu port port_id ctc mcst tag-stripe enable..................................................... 34 3.1.6 epon onu port port_id ctc mcst max-group-number value ....................................... 35 3.1.7 epon onu port port_id ctc mcst mc-vlan {add vlanmap| delete vlanmap|clear}........ 35
- II -
EPON Multicast Configuration Commands
Chapter 1 OLT IGMP Multicast Configuration Commands
The OLT IGMP multicast configuration commands include:
ip mcst {enable | disable}
ip mcst mc-vlan vlan_id range A.B.C.D&<1-n>
ip mcst vlan vlan_id static A.B.C.D interface intf
ip mcst timer router-age timer_value
ip mcst timer response-time timer_value
ip mcst mrouter interface inft_name
ip igmp-proxy enable
ip mcst querier address ip_addr
ip igmp-proxy last-member-query {count value1| interval value2}
ip mcst mode
ip mcst permission
show ip mcst
show ip mcst timer
show ip mcst groups
show ip mcst statistics
show ip igmp-proxy
debug ip mcst packet
debug ip mcst timer
debug ip mcst event
debug ip mcst error
debug ip igmp-proxy
- 1 -
EPON Multicast Configuration Commands
1.1.1 ip mcst {enable | disable}
Syntax
ip mcst enable
{no ip mcst | ip mcst disable}
To enable and disable the IGMP snooping function, run epon onu mcst enable; to resume the default value, run {no epon onu mcst | epon onu mcst disable}.
Parameter
None
Default value
The IGMP snooping is disabled.
Remarks
After IGMP snooping is enabled, when DLF occurs on multicast packets (that is, the destination address is not registered in the swap chip through the igmp-snooping), all multicast packets whose destination addresses are not registered on any port will be dropped.
Example
The following example shows how to enable the IGMP snooping function:
switch_config# ip mcst enable
1.1.2 ip mcst mc-vlan vlan_id range A.B.C.D&<1-n>
Syntax
ip mcst mc-vlan vlan_id range A.B.C.D&<1-n>
no ip mcst mc-vlan vlan_id [range A.B.C.D&<1-n>]
Parameter
Parameter Parameter description
vlan_id VLAN ID
A.B.C.D IP address of the multicast
- 2 -
EPON Multicast Configuration Commands
Default value
None
Remarks
This command has two functions: one is that only the Report and Leave packets whose destination IP addresses have been added to a multicast VLAN can be received by IGMP snooping; the other one is that the VLAN tag which transforms the next multicast flow is the multicast VLAN tag. One multicast VLAN can include multiple continuous or discontinuous multicast IP addresses, while one multicast IP address can only belong to one multicast VLAN.
Example
The following command is used to add multicast group 225.1.1.1 to multicast VLAN2:
switch_config#ip mcst mc-vlan 2 range 225.1.1.1
Note:
224.0.0.0-224.0.0.255, as unroutable multicast addresses, cannot be registered on each port.
1.1.3 ip mcst vlan vlan_id static A.B.C.D interface intf
Syntax
ip mcst vlan vlan_id static A.B.C.D interface intf
no ip mcst vlan vlan_id static A.B.C.D interface intf
Parameter
Parameter Parameter description
vlan id Stands for the ID of a VLAN. Value range: 1-4094 A.B.C.D IP address of the multicast inft An interface
Default value
None
Remarks
This command is used to configure the static multicast address of VLAN. Its negative form is used to cancel the static multicast address.
- 3 -
EPON Multicast Configuration Commands
Example
The following example shows how to add the static multicast address 234.5.6.7 to port EPON0/1:1.
switch_config# ip mcst vlan 1 static 234.5.6.7 interface EPON0/1:1 switch_config#
Note:
224.0.0.0-224.0.0.255 stands for irroutable multicast addresses which cannot be registered on each port.
1.1.4 ip mcst timer router-age timer_value
Syntax
ip mcst timer router-age timer_value
no ip mcst timer router-age
Parameter
Parameter Parameter description
time value Queries the time of the timer. Value range: 10-2147483647
Default value
260 seconds
Remarks
This command is used to query the time of the timer of IGMP-Snooping. The negative form of this command is used to resume the default value.
Example
The following example shows how to set the query time of the router to 300 seconds.
switch_config# ip mcst timer router-age 300 switch_config#
1.1.5 ip mcst timer response-time timer_value
Syntax
ip mcst timer response-time timer_value
- 4 -
EPON Multicast Configuration Commands
no ip mcst timer response-time
To configure the maximum response time of IGMP snooping, run ip igmp-snooping timer response-time timer_value. To resume the default value of IGMP snooping, run no ip igmp-snooping timer response-time timer_value.
Parameter
Parameter Parameter description
time value Queries the time of the timer. Value range: 1-255
Default value
15 seconds
Remarks
None
Example
The following example shows how to set the query response time of IGMP snooping to 20 seconds.
switch_config# ip mcst timer response-time 20
1.1.6 ip mcst mrouter interface inft_name
Syntax
ip mcst mrouter interface inft_name
no ip mcst mrouter interface inft_name
To configure the port of the static multicast router of IGMP snooping, run ip mcst mrouter interface inft_name.
Parameter
Parameter Parameter description
inft_name Shows the port type, the slot and the port ID.
Default value
15 seconds
- 5 -
EPON Multicast Configuration Commands
Remarks
None
Example
The following example shows how to set port G0/4 to the port of the static multicast router of IGMP snooping.
switch_config# ip mcst timer mrouter interface G0/4
1.1.7 ip igmp-proxy enable
Syntax
ip igmp-proxy enable
{no ip igmp-proxy enable}
To enable IGMP proxy, run ip mcst enable. To resume the default value, run {no ip mcst | ip mcst disable}.
Parameter
None
Default value
The IGMP proxy is disabled by default.
Remarks
None
Example
The following example shows how to enable the IGMP proxy:
switch_config# ip igmp-proxy enable
1.1.8 ip mcst querier{enable | disable}
Syntax
ip mcst querier enable
{no ip mcst querier | ip mcst querier disable}
- 6 -
EPON Multicast Configuration Commands
To enable or disable the querier port in OLT, run ip mcst querier enable; to resume the default settings, run no ip mcst querier | ip mcst querier disable.
Parameter
None
Default value
The querier port of OLT is disabled.
Remarks
After the querier port of OLT is added, this port can transmit the query packets automatically in a regular time.
Example
The following example shows how to enable the querier port of OLT.
switch_config# ip mcst querier enable
1.1.9 ip mcst querier address [ip_addr]
Syntax
ip mcst querier address ip_addr
no ip mcst querier address
To set the source IP address of the automatic query packet, run ip mcst querier address ip_addr. The negative form of this command is used to resume the default value.
Parameter
Parameter Parameter description
ip_addr IP address of a normal broadcast
Default value
The default source IP address is 10.0.0.200.
- 7 -
EPON Multicast Configuration Commands
Remarks
None
Example
The following example shows how to set the source IP address of the query packet to 11.1.1.200:
switch_config# ip mcst querier address 11.1.1.200
1.1.10 ip igmp-proxy last-member-query {count value1| interval value2}
Syntax
ip igmp-proxy last-member-query {count value1| interval value2}
no ip igmp-proxy last-member-query {count | interval}
To set the source IP address of the automatic query packet, run ip igmp-proxy last-member-query {count value1| interval value2}. The negative form of this command is used to resume the default value.
Parameter
Parameter Parameter description
value1 1-5 value2 1-60 seconds
Default value
Both Value1 and Value2 are 2 by default.
Remarks
None
Example
The following example shows how to set last-member-query count to 3.
switch_config# ip igmp-proxy last-member-query count 3
- 8 -
EPON Multicast Configuration Commands
1.1.11 ip mcst compatible {enable | disable}
Syntax
ip mcst compatible enable
{no ip mcst compatible | ip mcst compatible disable}
It is used to enable or disable the multicast-compatible function. The negative form of command is used to resume the default value.
Parameter
None
Default value
The multicast compatible function is disabled by default.
Remarks
After the multicast compatible mode is enabled, OLT can support the IGMP snooping multicast mode and the dynamic multicast mode by taking the LLID port as a unit. Only in the default mode can the multicast mode of OLT be set and OLT only supports one kind of multicast process at this case.
Example
The following example shows how to disable the multicast compatible function of OLT:
switch_config# ip mcst compatible disable
1.1.12 ip mcst mode
Syntax
ip mcst mode {igmp-snooping | dynamic-controllable}
{no ip mcst mode | ip mcst igmp-snooping}
It is used to switch over the multicast mode.
Parameter
None
- 9 -
EPON Multicast Configuration Commands
Default value
Igmp-snooping mode
Remarks
After the OLT multicast mode is switched over, the multicast modes of all ONUs will be automatically switched over to the same mode. The users therefore are free of the trouble of setting ONUs one by one.
Example
The following example shows how to set the multicast mode to the controllable multicast:
switch_config# ip mcst mode dynamic-controllable
1.1.13 ip mcst preview time
Syntax
ip mcst preview time (1 – 60 )
no ip mcst preview time
Parameter
Parameter Parameter description
time Stands for the preview time (minute).
Default value
None
Remarks
None
Example
The following example shows how to set the preview time to 1.
switch_config#ip mcst previre time 1
- 10 -
EPON Multicast Configuration Commands
1.1.14 show ip mcst
Syntax
show ip mcst
Parameter
None
Default value
None
Remarks
This command is used to display the information about IGMP-snooping configuration.
Example
The following example shows how to display the information about the IGMP-snooping settings.
switch# show ip mcst
Global multicast configuration: ----------------------------------- Globally enable : Enabled Multicast mode : IGMP Snooping Dlf-frames filtering : Enabled Querier : Disabled Querier address : 10.0.0.200 Router age : 260 s Response time : 15 s
Router Port List: ----------------- G0/4 (querier); switch#
- 11 -
EPON Multicast Configuration Commands
1.1.15 show ip mcst timer
Syntax
show ip mcst timer
Parameter
None
Default value
None
Remarks
This command is used to display the information about the IGMP-snooping clock.
Example
The following example shows how to display the information about the IGMP-snooping clock.
switch#show ip mcst timers
Querier on port G0/4: 258
vlan 2 multicast address 0100.5e01.0101 response time : 13
switch# Querier on port G0/4: 251 means the timeout time of the ageing timer of the router. vlan 2 multicast address 0100.5e01.0101 response time : This shows the time period from receiving a multicast query packet to the present; if there is no host to respond when the timer times out, the port will be canceled.
1.1.16 show ip mcst groups
Syntax
show ip mcst groups
Parameter
None
- 12 -
EPON Multicast Configuration Commands
Default value
None
Remarks
This command is used to display the information about the multicast group of IGMP-snooping.
Example
The following example shows how to display the information about the multicast group of IGMP-snooping.
switch# show ip mcst timer
Vlan Group Type Port(s) ---- --------------- -------- -------------------------------------
2 225.1.1.1 LEARNING E0/1:1 switch#
1.1.17 show ip mcst statistics
Syntax
show ip mcst statistics
Parameter
None
Default value
None
Remarks
This command is used to display the information about IGMP-snooping statistics.
Example
The following example shows how to display the information about IGMP-snooping statistics.
switch#show ip mcst statistics v1_packets:0 Number of the IGMPv1 packets v2_packets:6 Number of the IGMPv2 packets
- 13 -
EPON Multicast Configuration Commands
v3_packets:0 Number of the IGMPv3 packets general_query_packets:5 Number of the general query packets special_query_packets:0 Number of the special query packets join_packets:6 Number of the report packets leave_packets:0 Number of the Leave packets
err_packets:0 Number of the error packets
1.1.18 show ip igmp-proxy
Syntax
show ip igmp-proxy
Parameter
None
Default value
None
Remarks
This command is used to display the information about IGMP proxy.
Example
The following example shows how to display the information about IGMP proxy.
switch#show ip igmp-proxy Global IGMP proxy configuration ------------------------------- Status : Disable Last member query interval: 2 Last member query count : 2 switch#
1.1.19 debug ip mcst packet
Syntax
debug ip mcst packet
no debug ip mcst packet
- 14 -
EPON Multicast Configuration Commands
Parameter
None
Default value
None
Remarks
This command is used to enable or disable the MCST packet.
Example
The following example shows how to enable the debugging switch of MCST packets.
switch# debug ip mcst packet switch#
1.1.20 debug ip mcst timer
Syntax
debug ip mcst timer
no debug ip mcst timer
Parameter
None
Default value
None
Remarks
This command is used to enable or disable the MCST timer.
Example
The following example shows how to enable the MCST timer.
switch# debug ip mcst timer switch#
- 15 -
EPON Multicast Configuration Commands
1.1.21 debug ip mcst timer
Syntax
debug ip mcst timer
no debug ip mcst timer
Parameter
None
Default value
None
Remarks
This command is used to enable or disable the MCST timer.
Example
The following example shows how to enable the MCST timer.
switch# debug ip mcst timer switch#
1.1.22 debug ip mcst event
Syntax
debug ip mcst event
no debug ip mcst event
Parameter
None
Default value
None
- 16 -
EPON Multicast Configuration Commands
Remarks
This command is used to enable or disable the MCST event.
Example
The following example shows how to enable the MCST event.
switch# debug ip mcst event
1.1.23 debug ip mcst error
Syntax
debug ip mcst error
no debug ip mcst error
Parameter
None
Default value
None
Remarks
This command is used to enable or disable the MCST error.
Example
The following example shows how to enable the error debugging switch of IGMP snooping.
switch# debug ip mcst error
1.1.24 debug ip igmp-proxy
Syntax
debug debug ip igmp-proxy
no debug ip igmp-proxy
- 17 -
EPON Multicast Configuration Commands
Parameter
None
Default value
None
Remarks
It is used to enable or disable the debugging switch of IGMP proxy.
Example
The following example shows how to enable the debugging switch of IGMP proxy.
switch# debug ip igmp-proxy switch#
- 18 -
EPON Multicast Configuration Commands
Chapter 2 Commands for OLT MLD Multicast Settings
The OLT MLD multicast configuration commands include:
ip mld-snooping {enable | disable}
ip mld-snooping mc-vlan vlan_id range X:X:X:X::X&<1-n>
ip mld-snooping vlan vlan_id static X:X:X:X::X interface intf
ip mld-snooping timer router-age timer_value
ip mld-snooping timer response-time timer_value
ip mld-snooping mrouter interface inft_name
ip mld-proxying enable
ip mld-proxying querier address ip_addr
ip mld-proxying last-member-query {count value1| interval value2}
show ip mld-snooping
show ip mld-snooping timer
show ip mld-snooping groups
show ip mld-snooping statistics
show ip mld-proxying
2.1.1 ip mld-snooping {enable | disable}
Syntax
ip mld-snooping enable
{no ip mld-snooping | ip mld-snooping disable}
To set the MLD snooping function, run ip mld-snooping enable; to resume the default value, run {no ip mld-snooping | ip mld-snooping disable}.
Parameter
None
- 19 -
EPON Multicast Configuration Commands
Default value
The MLD snooping is disabled.
Remarks
After MLD snooping is enabled, when DLF occurs on multicast packets (that is, the destination address is not registered in the swap chip through the MLD-snooping), all multicast packets whose destination addresses are not registered on any port will be dropped.
Example
The following example shows how to enable the MLD snooping function:
switch_config# ip mld-snooping enable
2.1.2 ip mld-snooping solicitation
Syntax
ip mld-snooping solicitation
no ip mld-snooping solicitation
To enable or disable the hardware forwarding of the multicast group, run ip mld-snooping solicitation.To resume the default value, run no ip mld-snooping solicitation.
Parameter
None
Default value
This function is shut down.
Remarks
None
Example
The following example shows how to enable the hardware forward of the multicast group.
switch_config#ip mld-snooping solicitation
- 20 -
EPON Multicast Configuration Commands
2.1.3 ip mld-snooping mc-vlan vlan_id range A.B.C.D&<1-n>
Syntax
ip mld-snooping mc-vlan vlan_id range X:X:X:X::X&<1-n>
no ip mld-snooping mc-vlan vlan_id [range X:X:X:X::X&<1-n>]
Parameter
Parameter Parameter description
vlan_id VLAN ID
X:X:X:X::X IP address of the multicast
Default value
None
Remarks
This command has two functions: one is that only the Report and Leave packets whose destination IP addresses have been added to a multicast VLAN can be received by MLD snooping; the other one is that the VLAN tag which transforms the next multicast flow is the multicast VLAN tag. One multicast VLAN can include multiple continuous or discontinuous multicast IP addresses, while one multicast IP address can only belong to one multicast VLAN.
Example
The following command shows how to add multicast group ff12::5 to multicast VLAN2:
switch_config#ip mld-snooping mc-vlan 2 range ff12::5
2.1.4 ip mld-snooping vlan vlan_id static X:X:X:X::X interface intf
Syntax
ip mld-snooping vlan vlan_id static X:X:X:X::X interface intf
no ip mld-snooping vlan vlan_id static X:X:X:X::X interface intf
Parameter
Parameter Parameter description
vlan id Stands for the ID of a VLAN. Value range: 1-4094
- 21 -
EPON Multicast Configuration Commands
X:X:X:X::X IP address of the multicast inft An interface
Default value
None
Remarks
This command is used to configure the static multicast address of VLAN. Its negative form is used to cancel the static multicast address.
Example
The following example shows how to add the static multicast address ff12::5 to port EPON0/1:1.
switch_config# ip mld-snooping vlan 1 static ff12::5 interface EPON0/1:1 switch_config#
2.1.5 ip mld-snooping timer router-age timer_value
Syntax
ip mld-snooping timer router-age timer_value
no ip mld-snooping timer router-age
Parameter
Parameter Parameter description
time value Queries the time of the timer. Value range: 10-2147483647
Default value
260 seconds
Remarks
This command is used to query the time of the timer of MLD-Snooping. The negative form of this command is used to resume the default value.
Example
The following example shows how to set the query time of the router to 300 seconds.
switch_config# ip mld-snooping timer router-age 300
- 22 -
EPON Multicast Configuration Commands
switch_config#
2.1.6 ip mld-snooping timer response-time timer_value
Syntax
ip mld-snooping timer response-time timer_value
no ip mld-snooping timer response-time
To configure the maximum response time of IGMP snooping, run ip mld-snooping timer response-time timer_value. To resume the default value of IGMP snooping, run no ip mld-snooping timer response-time timer_value.
Parameter
Parameter Parameter description
time value Queries the time of the timer. Value range: 1-255
Default value
15 seconds
Remarks
None
Example
The following example shows how to set the query response time of IGMP snooping to 20 seconds.
switch_config# ip mld-snooping timer response-time 20
2.1.7 ip mld-snooping mrouter interface inft_name
Syntax
ip mld-snooping mrouter interface inft_name
no ip mld-snooping mrouter interface inft_name
To configure the port of the static multicast router of IGMP snooping, run ip mcst mrouter interface inft_name.
Parameter
Parameter Parameter description
- 23 -
EPON Multicast Configuration Commands
inft_name Shows the port type, the slot and the port ID.
Default value
15 seconds
Remarks
None
Example
The following example shows how to set port G0/4 to the port of the static multicast router of MLD snooping.
switch_config# ip mld-snooping timer mrouter interface G0/4
2.1.8 ip mld-proxying enable
Syntax
ip igmp-proxy enable
{no ip igmp-proxy enable}
To enable IGMP proxy, run ip igmp-proxy enable. To resume the default value, run {no ip igmp-proxy enable}.
Parameter
None
Default value
The MLD proxy is disabled by default.
Remarks
None
Example
The following example shows how to enable the MLD proxy:
switch_config# ip igmp-proxy enable
- 24 -
EPON Multicast Configuration Commands
2.1.9 ip mld-proxying querier address [ip_addr]
Syntax
ip mld-proxying querier address ip_addr
no ip mld-proxying querier address
To set the source IP address of the automatic query packet, run ip mcst querier address ip_addr. The negative form of this command is used to resume the default value.
Parameter
Parameter Parameter description
ip_addr IP address of a normal broadcast
Default value
源 IP 地址默认为 FE80::3FF:FEFE:FD00:1。
Remarks
None
Example
The following example shows how to set the source IP address of the query packet to FE80::3FF:FEFE:FD00:2:
switch_config# ip mld-proxying querier address FE80::3FF:FEFE:FD00:2
2.1.10 ip mld-proxying last-member-query {count value1| interval value2}
Syntax
ip mld-proxying last-member-query {count value1| interval value2}
no ip mld-proxying last-member-query {count | interval}
To set the source IP address of the automatic query packet, run ip mld-proxying last-member-query {count value1| interval value2}. The negative form of this command is used to resume the default value.
Parameter
Parameter Parameter description
- 25 -
EPON Multicast Configuration Commands
value1 1-5 value2 1-60 seconds
Default value
Both Value1 and Value2 are 2 by default.
Remarks
None
Example
The following example shows how to set last-member-query count to 3.
switch_config# ip mld-proxying last-member-query count 3
2.1.11 show ip mld-snooping
Syntax
show ip mld-snooping
Parameter
None
Default value
None
Remarks
This command is used to display the information about MLD-snooping configuration.
Example
The following example shows how to display the information about MLD snooping.
switch#show ip mld-snooping
Global multicast configuration: ----------------------------------- Globally enable : Disabled Multicast mode : MLD Snooping Dlf-frames filtering : Disabled
- 26 -
EPON Multicast Configuration Commands
Router age : 260 s Response time : 10 s Handle Solicitation : Disabled
Router Port PVID VLANMAP=
Router Port List: -----------------
None
switch#
2.1.12 show ip mld-snooping timer
Syntax
show ip mld-snooping timer
Parameter
None
Default value
None
Remarks
This command is used to display the information about the MLD-snooping clock.
Example
The following example shows how to display the information about the MLD-snooping clock.
switch#show ip mld-snooping timers
Querier on port G0/4: 258
vlan 2 multicast address 3333.0000.0005 response time : 13
switch# Querier on port G0/4: 251 means the timeout time of the ageing timer of the router. vlan 2 multicast address 3333.0000.0005 response time : This shows the time period from receiving a multicast query packet to the present; if there is no host to respond when the timer times out, the port will be canceled.
- 27 -
EPON Multicast Configuration Commands
2.1.13 show ip mld-snooping groups
Syntax
show ip mld-snooping groups
Parameter
None
Default value
None
Remarks
This command is used to display the information about the multicast group of MLD-snooping.
Example
The following example shows how to display the information about the multicast group of MLD-snooping.
switch# show ip mld-snooping timer
Vlan Group Type Port(s) ---- --------------- -------- -------------------------------------
2 ff12::5 LEARNING E0/1:1 switch#
2.1.14 show ip mld-snooping statistics
Syntax
show ip mld-snooping statistics
Parameter
None
Default value
None
- 28 -
EPON Multicast Configuration Commands
Remarks
This command is used to display the information about MLD-snooping statistics.
Example
The following example shows how to display the information about MLD-snooping statistics.
switch#show ip mld-snooping statistics v1_packets:0 Number of the IGMPv1 packets v2_packets:6 Number of the IGMPv2 packets v3_packets:0 Number of the IGMPv3 packets general_query_packets:5 Number of the general query packets special_query_packets:0 Number of the special query packets listener_packets:6 Number of the Report packets leave_packets:0 Number of the Leave packets
err_packets:0 Number of the error packets
2.1.15 show ip mld-proxying
Syntax
show ip mld-proxying
Parameter
None
Default value
None
Remarks
This command is used to display the information about MLD proxy.
Example
The following example shows how to display the information about MLD proxy.
switch#show ip mld-proxying Global MLD Proxying configuration ------------------------------- Status : Disable Last member query interval: 1 Last member query count : 2
- 29 -
EPON Multicast Configuration Commands
Querier address : FE80::3FF:FEFE:FD00:1
switch#
- 30 -
EPON Multicast Configuration Commands
Chapter 3 Remote Configuration Commands for ONU Multicast
The IGMP-Snooping configuration commands include:
epon onu mcst enable
epon onu mcst switch
epon onu ctc mcst fast-leave enable
epon onu port port_id ctc mcst tag-stripe enable
epon onu port port_id ctc mcst max-group-number value
epon onu port port_id ctc mcst mc-vlan {add vlanmap| delete vlanmap|clear}
3.1.1 epon onu mcst enable
Syntax
epon onu mcst enable
{no epon onu mcst | epon onu mcst disable}
To enable and disable the IGMP snooping function, run epon onu mcst enable; to resume the default value, run {no epon onu mcst | epon onu mcst disable}.
Parameter
None
Default value
The IGMP snooping is disabled.
Remarks
After IGMP snooping is enabled, when DLF occurs on multicast packets (that is, the destination address is not registered in the swap chip through the igmp-snooping), all multicast packets whose destination addresses are not registered on any port will be dropped. ONU only supports IGMP snooping V1 and IGMP snooping V2.
- 31 -
EPON Multicast Configuration Commands
Example
The following example shows how to enable the IGMP snooping function:
switch_config#interface e0/1:1 switch_config_e0/1:1#epon onu mcst enable
3.1.2 epon onu ctc mcst switch
Syntax
epon onu ctc mcst switch { dynamic-controllable | igmp-snooping }
no epon onu ctc mcst switch
To enable the ONU multicast mode, run epon onu ctc mcst switch { dynamic-controllable | igmp-snooping }; to resume the default value, run no epon onu ctc mcst switch.
Parameter
None
Default value
The ONU multicast mode is IGMP snooping by default.
Remarks
None
Example
The following example shows how to switch the ONU multicast mode over to the controllable multicast:
switch_config#interface e0/1:1 switch_config_epon0/1:1#epon onu ctc mcst switch dynamic-controllable
3.1.3 epon onu ctc mcst fast-leave enable
Syntax
epon onu ctc mcst fast-leave enable
{no epon onu ctc mcst fast-leave | epon onu ctc mcst fast-leave disable}
- 32 -
EPON Multicast Configuration Commands
To configure the fast-leave attribute, run epon onu ctc mcst fast-leave enable; to resume the default value, run {no epon onu ctc mcst fast-leave | epon onu ctc mcst fast-leave disable}.
Parameter
None
Default value
The fast-leave attribute is enabled by default.
Remarks
The configuration of the fast-leave attribute makes the ONU delete the corresponding port in the port list of the corresponding multicast group shortly after ONU receives the leave packet, while the timer is not enabled any more for waiting to see whether other hosts will be added to the multicast group; if other hosts of a same port also belong to this multicast group and are reluctant to leave, the multicast communication of these hosts may be affected and in this case the fast-leave function should not be enabled.
Example
The following example shows how to disable the fast-leave attribute.
switch_config_epon0/1:1#epon onu ctc mcst fast-leave disable
3.1.4 epon onu ctc mcst premission
Syntax
ip mcst permission uni uni-index range A.B.C.D&<1-n> {permit | preview| forbidden}
no ip mcst permission uni uni-index range A.B.C.D&<1-n>
Parameter
Parameter Parameter description
uni-index UNI 端口索引
A.B.C.D IP address of the multicast
Default value
None
- 33 -
EPON Multicast Configuration Commands
Remarks
None
Example
The following example shows how to configure UNI 1 of ONU to forward the multicast flow of the multicast 225.1.1.1.
switch_config#ip mcst permission interface E3/1:2 uni 1 range 225.1.1.1 permit
3.1.5 epon onu port port_id ctc mcst tag-stripe enable
Syntax
epon onu port port_id ctc mcst tag-stripe enable
{no epon onu port port_id ctc mcsttag-stripe | epon onu port port_id ctc mcst tag-stripe disable}
To configure the tag-stripe attribute, which is used to remove the VLAN tag of the next multicast packet that ONU receives, run epon onu port port_id ctc mcst tag-stripe enable.
Parameter
Parameter Parameter description
port_id UNI ID of ONU
Default value
Disable
Remarks
None
Example
The following example shows how to enable the Tag-Stripe function on UNI1 of ONU.
switch_config_epon0/1:1#epon onu port 1 ctc mcst tag-stripe enable
- 34 -
EPON Multicast Configuration Commands
3.1.6 epon onu port port_id ctc mcst max-group-number value
Syntax
epon onu port port_id ctc mcst max-group-number value
no epon onu port port_id ctc mcst max-group-number
To configure the max-group-number attribute, which enables the UNI port of ONU to limit the number of the concurrently forwarded multicast groups, run epon onu port port_id ctc mcst max-group-number value.
Parameter
Parameter Parameter description
port_id UNI ID of ONU
value Maximum number of multicast groups
Default value
The default value is 128.
Remarks
None
Example
The following example shows how to configure UNI1 of ONU to allow 64 concurrent multicast flows simultaneously: 1 最多同时允许 64 条组播流。
switch_config_epon0/1:1#epon onu port 1 ctc mcst max-group-number 64
3.1.7 epon onu port port_id ctc mcst mc-vlan {add vlanmap| delete vlanmap|clear}
Syntax
epon onu port port_id ctc mcst mc-vlan {add vlanmap| delete vlanmap|clear}
To configure the correlation of the UNI port and the multicast VLAN so that ONU can remove the VLAN tag of the downlink multicast packets, run the command above.
Parameter
Parameter Parameter description
- 35 -
EPON Multicast Configuration Commands
vlanmap VLAN bitmap
Default value
None
Remarks
None
Example
The following example shows how to configure UNI 1 of ONU to forward the multicast flow of the multicast VLAN2.
switch_config_e0/1:1#epon onu port 1 ctc mcst mc-vlan add 2
- 36 -
Optical Fiber Protection Shift Commands
Table of Contents
Table of Contents
Chapter 1 Optical Fiber Protection Shift Commands ......................................................................... 1 1.1 epon b-psg ............................................................................................................................ 1 1.2 epon c-psg ............................................................................................................................ 2 1.3 epon psg member ................................................................................................................. 2 1.4 epon psg switch .................................................................................................................... 3
- I -
Optical Fiber Protection Shift Commands
Chapter 1 Optical Fiber Protection Shift Commands
1.1 epon b-psg
Syntax
epon b-psg [ sequence sequence-number ]
no epon b-psg sequence sequence-number
The commands above are used to create and delete a B-type PSG port respectively.
Parameter
Parameter Parameter description
sequence-number Stands for the sequence number of the logic port, which ranges from 1 to 8.
Default value
If the sequence number of the logic port is not designated, you should take the unused minimum value between 1 and 8.
Command mode
Global configuration mode
Remarks
This command is used to create a virtual port ; after the virtual port is successfully created, you have to run epon psg member active epon-port standby epon-port immediately to bind the to-be-protected PON port.
Example
The following example shows how to create a B-type PSG port.
switch_config#epon b-psg sequence 1 switch_config#
- 1 -
Optical Fiber Protection Shift Commands
1.2 epon c-psg
Syntax
epon c-psg [ sequence sequence-number ]
no epon c-psg sequence sequence-number
The commands above are used to create and delete a C-type PSG port respectively.
Parameter
Parameter Parameter description
sequence-number Stands for the sequence number of the logic port, which ranges from 1 to 8.
Default value
If the sequence number of the logic port is not designated, you should take the unused minimum value between 1 and 8.
Command mode
Global configuration mode
Remarks
This command is used to create a virtual port ; after the virtual port is successfully created, you have to run epon psg member active epon-port standby epon-port immediately to bind the to-be-protected PON port.
Example
The following example shows how to create a C-type PSG port.
switch_config#epon c-psg sequence 1 switch_config#
1.3 epon psg member
Syntax
epon psg member active epon-port standby epon-port
no epon psg member active epon-port standby epon-port
The first command is used to add a protected PON port to the PSG port.
- 2 -
Optical Fiber Protection Shift Commands
Parameter
Parameter Parameter description
epon-port Stands for the EPON port.
Default value
None
Command mode
PSG port configuration mode
Remarks
This command is to add the actually to-be-protected PON port to the PSG port. Currently only when two PON ports are on the same OLT chip can they be supported.
Example
The following example shows how to bind EPON0/1 and EPON0/4 to PSG0/1:
switch_config#epon b-psg sequence 1 switch_config#interface psg 0/1 switch_config_psg0/1#epon psg member active e0/1 standby e0/4
1.4 epon psg switch
Syntax
epon psg member switch interface psg-port
It is used to force the switchover of the key PON port of B-type PSG.
Parameter
Parameter Parameter description
psg-port PSG port
Default value
None
Command mode
Privileged mode
- 3 -
Optical Fiber Protection Shift Commands
Remarks
This command is used to force the switchover of the PSG port only on the CTC B-type protection mechanism.
Example
The following example shows how to switch over the PSG port mandatorily.
switch_config# epon psg switch interface psg 0/1
- 4 -
ONU Management Configuration Commands
Table of Contents
Table of Contents
Chapter 1 Local ONU Management Commands ............................................................................... 1 1.1 Local ONU Management Commands................................................................................... 1 1.2 epon onu-registration-method mac....................................................................................... 2 1.3 epon bind-onu....................................................................................................................... 2 1.4 epon onu-authen-method manual......................................................................................... 3 1.5 epon mpcp-registration-mode............................................................................................... 4 1.6 epon onu description ............................................................................................................ 5 1.7 epon conform-onu................................................................................................................. 6 1.8 epon deregister-onu.............................................................................................................. 6 1.9 clear epon dynamic-binding.................................................................................................. 7 1.10 epon dynamic-binding-timeout {disable | enable}............................................................... 8 1.11 epon dynamic-binding-timeout value .................................................................................. 9 1.12 epon ctc-oam-discovery-timeout {disable | enable}............................................................ 9 1.13 epon ctc-oam-discovery-timeout value ............................................................................. 10 1.14 epon ace-reset-delay value count......................................................................................11 1.15 epon dying-gasp-log {disable | enable}............................................................................. 12 1.16 epon snmp-ipaddress ....................................................................................................... 12 1.17 serial-bridge remote.......................................................................................................... 13 1.18 show epon basic-info ........................................................................................................ 14 1.19 show epon encryption....................................................................................................... 15 1.20 show epon mpcp-registration-mode ................................................................................. 15 1.21 show epon onu-authen-method........................................................................................ 16 1.22 show epon onu-registration-method ................................................................................. 17 1.23 show epon onu-information .............................................................................................. 18
Chapter 2 Global Remote Control Commands of ONU ................................................................... 19 2.1 Global Remote Control Commands of ONU....................................................................... 19 2.2 epon reboot onu.................................................................................................................. 20 2.3 epon update onu image ...................................................................................................... 21 2.4 epon commit-onu-image-update......................................................................................... 22 2.5 epon update onu eeprom-image......................................................................................... 22 2.6 epon ace-recover................................................................................................................ 23 2.7 epon switch-onu-pon .......................................................................................................... 24 2.8 epon switch-onu-pon-and-back .......................................................................................... 25 2.9 epon onu encryption ........................................................................................................... 25 2.10 epon onu mac address-table static................................................................................... 26 2.11 epon onu clear mac address-table dynamic ..................................................................... 27 2.12 epon onu mac address-table learning .............................................................................. 28 2.13 epon onu mac address-table aging-time .......................................................................... 28 2.14 epon onu scheduler policy ................................................................................................ 29 2.15 epon onu scheduler wrr bandwidth................................................................................... 30 2.16 epon onu cos map ............................................................................................................ 31
- I -
Table of Contents
2.17 epon onu scheduler-pon policy......................................................................................... 32 2.18 epon onu scheduler-pon wrr bandwidth............................................................................ 32 2.19 epon onu cos-pon map ..................................................................................................... 33 2.20 epon onu port-protect ....................................................................................................... 34 2.21 epon onu ip address ......................................................................................................... 35 2.22 epon onu spanning-tree.................................................................................................... 36 2.23 epon onu mirror................................................................................................................. 37 2.24 epon onu filter ................................................................................................................... 37 2.25 epon onu serial-mode ....................................................................................................... 38 2.26 epon onu serial-remote..................................................................................................... 39 2.27 epon onu vlan ................................................................................................................... 40 2.28 show epon interface onu basic-info .................................................................................. 41 2.29 show epon interface onu ctc basic-info ............................................................................ 43 2.30 show epon onu mac address-table................................................................................... 44
Chapter 3 Remote UNI Control Commands of ONU........................................................................ 45 3.1 Remote UNI Control Commands of ONU........................................................................... 45 3.2 epon onu port ctc vlan mode .............................................................................................. 46 3.3 epon onu port ctc vlan translation-entry ............................................................................. 46 3.4 epon onu port ctc vlan aggregation-entry ........................................................................... 47 3.5 epon onu port ctc flow-control............................................................................................. 48 3.6 epon onu port mac address-table dynamic maximum........................................................ 49 3.7 epon onu port storm-control................................................................................................ 50 3.8 epon onu port ctc rate-limit ................................................................................................. 51 3.9 epon onu port loopback detect ........................................................................................... 51 3.10 epon onu port duplex ........................................................................................................ 52 3.11 epon onu port speed ......................................................................................................... 53 3.12 epon onu port ctc auto-negotiation ................................................................................... 54 3.13 epon onu port block mac .................................................................................................. 55 3.14 epon onu port default-cos ................................................................................................. 55 3.15 epon onu port ctc shutdown.............................................................................................. 56 3.16 epon onu port qos policy................................................................................................... 57 3.17 epon onu port ctc qos policy ............................................................................................. 58 3.18 epon onu port mac access-group ..................................................................................... 58 3.19 epon onu port ip access-group ......................................................................................... 59 3.20 epon onu serial serial-attribute ......................................................................................... 60 3.21 epon onu serial serial-buffer ............................................................................................. 62 3.22 epon onu serial serial-keepalive ....................................................................................... 63 3.23 epon onu serial loopback detect ....................................................................................... 63 3.24 show epon onu {port | serial} statistics ............................................................................. 64 3.25 show epon onu {port | serial} state ................................................................................... 65 3.26 show epon onu port ctc vlan ............................................................................................. 66
- II -
ONU Management Configuration Commands
Chapter 1 Local ONU Management Commands
1.1 Local ONU Management Commands
The following are local ONU management commands:
epon onu-registration-method mac
epon bind-onu
epon onu-authen-method manual
epon mpcp-registration-mode
epon onu description
epon conform-onu
epon deregister-onu
clear epon dynamic-binding
epon dynamic-binding-timeout {disable | enable}
epon dynamic-binding-timeout value
epon ctc-oam-discovery-timeout {disable | enable}
epon ctc-oam-discovery-timeout value
epon ace-reset-delay
epon dying-gasp-log
epon snmp-ipaddress
serial-bridge remote
show epon basic-info
show epon encryption
show epon mpcp-registration-mode
show epon onu-authen-method
show epon onu-registration-method
show epon onu-information
- 1 -
ONU Management Configuration Commands
1.2 epon onu-registration-method mac
Syntax
epon onu-registration-method mac
no epon onu-registration-method
To open the checkup mechanism of the ONU MAC address during MPCP registration, run epon onu-registration-method mac.
Parameter
None
Default value
The MAC address of ONU is not checked by default.
Command mode
EPON port configuration mode
Remarks
After the checkup of the ONU MAC address is enabled during MPCP registration, successful registration can only be conducted to those ONUs that has been bound to static entries through the running of the epon bind-onu mac-address llid-sequence command.
Example
The following example shows how to open the checkup of MAC address' registration on ONU of interface EPON0/1.
switch_config# interface EPON0/1 switch_config_epon0/1# epon onu-registration-method mac
1.3 epon bind-onu
Syntax
epon bind-onu mac-address llid-sequence
no epon bind-onu mac-address
- 2 -
ONU Management Configuration Commands
To bind the MAC address of ONU to the EPON port and the LLID sequence number, run this command.
Parameter
Parameter Parameter description
mac-address The format of the MAC address is <xxxx.xxxx.xxxx>.
llid-sequence Value range: 1-64
Default value
The MAC address has no default value, while the default value of llid-sequence is the unoccupied minimum LLID sequence.
Command mode
EPON port configuration mode
Remarks
Only when this command is used together with the epon onu-registration-method mac command can it take effect.
Example
The following example shows how to bind LLID sequence 1 of port EPON0/1 to ONU 00e0.0f00.00001:
switch_config# interface EPON0/1 switch_config_epon0/1# epon bind-onu 00e0.0f00.00001 1
1.4 epon onu-authen-method manual
Syntax
epon onu-authen-method manual
no epon onu-authen-method manual
To set the ONU authentication mode, run epon onu-authen-method manual. At present, you have options to abandon the authentication or to conduct manual authentication.
Parameter
None
- 3 -
ONU Management Configuration Commands
Default value
If the ONU authentication is not conducted, the registration then automatically passes the authentication.
Command mode
EPON port configuration mode
Remarks
If the epon onu-authen-method manual command is configured for manual authentication, the administrator needs to confirm it manually after ONU registration is complete and then can a corresponding bandwidth be obtained and the remote configuration can be done.
Example
The following example shows how to set the ONU authentication mode on port EPON0/1 to the manual authentication:
switch_config# interface EPON0/1 switch_config_epon0/1#epon onu-authen-method manual
1.5 epon mpcp-registration-mode
Syntax
epon mpcp-registration-mode {normal | ctc value}
To configure the delay of MPCP, run the previous command.
Parameter
Parameter Parameter description
value 1-50ms
Default value
The delay is 20ms by default.
Command mode
EPON port configuration mode
- 4 -
ONU Management Configuration Commands
Remarks
None
Example
The following example shows how to set the delay of MPCP of port EPON0/1 to 30ms.
OLT_config_epon0/1# epon mpcp-registration-mode ctc 20
1.6 epon onu description
Syntax
epon onu description string
To add the description string for ONU, run the previous command.
Parameter
Parameter Parameter description
string A character sting to describe ONU, which consists only of ASCII characters
Default value
None
Command mode
LLID port configuration mode
Remarks
None
Example
The following example shows how to set the description string of ONU on port EPON0/1:1 to p1004.
OLT_config_epon0/1:1# epon onu description p1004
- 5 -
ONU Management Configuration Commands
1.7 epon conform-onu
Syntax
epon conform-onu {mac-address value | interface epon slot/port:sequence}
To enable the registered ONU to pass authentication, run the previous command.
Parameter
Parameter Parameter description
value The format of the MAC address is <xxxx.xxxx.xxxx>. slot/port[:sequence] The slot parameter stands for the slot number, the port
parameter stands for the EPON port number and the sequence parameter stands for the LLID sequence.
Default value
None
Command mode
Privileged mode
Remarks
None
Example
The following example shows how to get ONU authenticated on port EPON0/1:1.
Switch# epon conform-onu interface epon 0/1:1
1.8 epon deregister-onu
Syntax
epon deregister-onu { interface epon slot/port:sequence}
To deregister ONU, run the previous command.
Parameter
Parameter Parameter description
- 6 -
ONU Management Configuration Commands
slot/port[:sequence] The slot parameter stands for the slot number, the port parameter stands for the EPON port number and the sequence parameter stands for the LLID sequence.
Default value
None
Command mode
Privileged mode
Remarks
None
Example
The following example shows how to deregister the registered ONU on port EPON0/1:1.
Switch# epon deregister-onu interface epon0/1:1
1.9 clear epon dynamic-binding
Syntax
clear epon dynamic-binding [interface epon slot/port]
To remove the information about dynamic ONU binding, run the previous command.
Parameter
Parameter Parameter description
slot/port The slot parameter stands for the slot ID and the port parameter stands for the EPON port ID.
Default value
None
Command mode
Privileged mode
- 7 -
ONU Management Configuration Commands
Remarks
Only when ONU does not pass authentication and after ONU is deregistered can the information about dynamic ONU binding be removed.
Example
The following example shows how to remove the information about dynamic ONU binding on port EPON0/1:1 manually.
switch# clear epon dynamic-binding interface epon0/1:1
1.10 epon dynamic-binding-timeout {disable | enable}
Syntax
epon dynamic-binding-timeout {disable | enable}
To remove the information about dynamic ONU binding automatically, run the previous command.
Parameter
None
Default value
disable
Command mode
Global configuration mode
Remarks
None
Example
The following example shows how to remove the information about dynamic ONU binding automatically.
OLT_config#epon dynamic-binding-timeout enable
- 8 -
ONU Management Configuration Commands
1.11 epon dynamic-binding-timeout value
Syntax
epon dynamic-binding-timeout value
To set the timeout time of the automatic removal of the information about dynamic ONU binding , run the previous command.
Parameter
Parameter Parameter description
value 30-300s
Default value
300s
Command mode
Global configuration mode
Remarks
None
Example
The following example shows how to set the timeout time of the automatic removal of the information about dynamic ONU binding to 200s.
OLT_config# epon dynamic-binding-timeout 200
1.12 epon ctc-oam-discovery-timeout {disable | enable}
Syntax
epon ctc-oam-discovery-timeout {disable | enable}
To enable or disable ONU registration when the successful discovery of CTC OAM of ONU times out, run this command.
Parameter
None
- 9 -
ONU Management Configuration Commands
Default value
disable
Command mode
Global configuration mode
Remarks
None
Example
The following example shows that ONU registration is disabled when the successful discovery of CTC OAM of ONU times out.
OLT_config#epon ctc-oam-discovery-timeout enable
1.13 epon ctc-oam-discovery-timeout value
Syntax
epon ctc-oam-discovery-timeout value
To set the timeout time for waiting for successful CTC OAM discovery of ONU, run this command.
Parameter
Parameter Parameter description
value 30-300s
Default value
60s
Command mode
Global configuration mode
Remarks
None
- 10 -
ONU Management Configuration Commands
Example
The following example shows how to set the timeout time for waiting for successful CTC OAM discovery of ONU.
OLT_config# epon ctc-oam-discovery-timeout 200
1.14 epon ace-reset-delay value count
Syntax
epon ace-reset-delay value count
To set the waiting time and transmission times of OAM transmission after the initial registration of ACE ONU is resumed, run the above-mentioned command.
Parameter
Parameter Parameter description
value 500-10000ms count 1-10
Default value
3000ms, 3 times
Command mode
Global configuration mode
Remarks
None
Example
The following example shows that the waiting time and transmission times of OAM transmission after the initial registration of ACE ONU are set to 4000ms and 5 times respectively.
OLT_config# epon ace-reset-delay 4000 5
- 11 -
ONU Management Configuration Commands
1.15 epon dying-gasp-log {disable | enable}
Syntax
epon dying-gasp-log {disable | enable}
To enable and disable the print of ONU power-off alarm log, run the above-mentioned command.
Parameter
None
Default value
enable
Command mode
Global configuration mode
Remarks
None
Example
The following example shows how to shut down the print of the ONU power-off alarm log.
OLT_config#epon dying-gasp-log disable
1.16 epon snmp-ipaddress
Syntax
epon snmp-ipaddress ip-address
To set the IP address of OLT manager, run the above-mentioned command.
Parameter
Parameter Parameter description
ip-address Stands for the IP address of the network manager.
- 12 -
ONU Management Configuration Commands
Default value
None
Command mode
Global configuration mode
Remarks
This IP address is used for network topology discovery in the hand-in-hand environment.
Example
The following example shows how to set the IP address of OLT manager to 192.168.1.10.
OLT_config# epon snmp-ipaddress 192.168.1.10
1.17 serial-bridge remote
Syntax
serial-bridge remote index address A.B.C.D
no serial-bridge remote index address
To set the IP address of the bridge of the serial interface of ONU, run serial-bridge remote index address A.B.C.D.
Parameter
Parameter Parameter description
index Index of the bridge
A.B.C.D IP address of the bridge
Default value
None
Command mode
Global configuration mode
- 13 -
ONU Management Configuration Commands
Remarks
This command is used to set the index and IP address of the front bridge.
Example
The following example shows how to set the bridge 10.0.0.1 to 1.。
OLT_config# serial-bridge remote 1 address 10.0.0.1
1.18 show epon basic-info
Syntax
show epon basic-info
To display the basic OLT information, run the previous command.
Parameter
None
Default value
None
Command mode
Any mode will do.
Remarks
Relevant information will not be displayed unless the OLT chip is hot plugged.
Example
The following are basic information about OLT.
Switch# show epon basic-info ONU registration flapping suppression: disabled Hello interval : 3 seconds Dead interval : 5 counts IROS : enabled SC software version : 1025.0.0.1798569984 Number of registered OLTs : 1 -------------------------------------
- 14 -
ONU Management Configuration Commands
OLT chip index : 0 OLT chip module id : 0 OLT chip device id : 0x0 OLT chip MAC address: 00:e0:0f:de:d0:10 OLT status : operational
1.19 show epon encryption
Syntax
show epon encryption
To display the information about EPON encryption configuration, run the above-mentioned command.
Parameter
None
Default value
None
Command mode
Any mode will do.
Remarks
None
Example
The following example shows how to display the information about EPON encryption configuration:
Switch#show epon encryption Encryption mode rekey time(ms) --------------- -------------- ctc churning 10000
1.20 show epon mpcp-registration-mode
Syntax
show epon mpcp-registration-mode [interface epon slot/port]
- 15 -
ONU Management Configuration Commands
To display the MPCP registration mode of the EPON port, run the previous command.
Parameter
Parameter Parameter description
slot/port The slot parameter stands for the slot ID and the port parameter stands for the EPON port ID.
Default value
None
Command mode
Any mode will do.
Remarks
None
Example
The following example shows how to display the ONU MPCP registration mode of the EPON port.
Switch# show epon mpcp-registration-mode interface epon 0/1 MPCP registeration is delay time enabled on E0/1, and delay time is 20 ms
1.21 show epon onu-authen-method
Syntax
show epon onu-authen-method [interface epon slot/port]
To display the ONU authentication mode, run the previous command.
Parameter
Parameter Parameter description
slot/port The slot parameter stands for the slot ID and the port parameter stands for the EPON port ID.
Default value
None
- 16 -
ONU Management Configuration Commands
Command mode
Any mode will do.
Remarks
None
Example
The following example shows how to display the ONU registration mode of the EPON0/1 port.
Switch# show epon onu-authen-method interface epon 0/1 ONU authentication mode is manual on E0/1.
1.22 show epon onu-registration-method
Syntax
show epon onu-registration-method [interface epon slot/port]
To display the ONU MAC address checkup mode, run the previous command.
Parameter
Parameter Parameter description
slot/port The slot parameter stands for the slot ID and the port parameter stands for the EPON port ID.
Default value
None
Command mode
Any mode will do.
Remarks
None
Example
The following example shows how to display the ONU MAC address checkup mode of the EPON0/1 port.
- 17 -
ONU Management Configuration Commands
Switch# show epon onu-registration-method interface epon 0/1 ONU MAC address check when registeration is enabled on E0/1.
1.23 show epon onu-information
Syntax
show epon onu-information [interface epon slot/port]
To display the ONU information, run the previous command.
Parameter
Parameter Parameter description
slot/port The slot parameter stands for the slot ID and the port parameter stands for the EPON port ID.
Default value
None
Command mode
Any mode will do.
Remarks
None
Example
The following example shows how to display all ONU binding information on port epon0/1.
Switch# show epon onu-information interface epon0/1 OLT#show epon onu-information interface e0/1 Interface EPON0/1 has registered 2 ONUs: Intf Name MAC Address Description Bind Type Status Distance(m) RTT(TQ) ---------- -------------- --------------- --------- --------------- ----------- ------- EPON0/1:1 00e0.0fa7.0150 N/A static deregistered N/A N/A EPON0/1:2 0025.5e1a.dbe6 N/A static auto_configured 52 2407
- 18 -
ONU Management Configuration Commands
Chapter 2 Global Remote Control Commands of ONU
2.1 Global Remote Control Commands of ONU
Global remote control commands of ONU are shown below:
epon reboot onu
epon update onu image
epon update onu eeprom-image
epon ace-recover
epon commit-onu-image-update
epon switch-onu-pon
epon switch-onu-pon-and-back
epon onu encryption
epon onu mac address-table static
epon onu clear mac address-table dynamic
epon onu mac address-table learning
epon onu mac address-table aging-time
epon onu scheduler policy
epon onu scheduler wrr bandwidth
epon onu cos map
epon onu scheduler-pon policy
epon onu scheduler-pon wrr bandwidth
epon onu cos-pon map
epon onu port-protect
epon onu ip address
epon onu spanning-tree
epon onu mirror
- 19 -
ONU Management Configuration Commands
epon onu filter
epon onu serial-mode
epon onu serial-remote
epon onu vlan
show epon interface onu basic-info
show epon interface onu ctc basic-info
show epon onu mac address-table
2.2 epon reboot onu
Syntax
epon reboot onu {mac-address value | interface epon slot/port:sequence}
To restart ONU, run the previous command.
Parameter
Parameter Parameter description
value The format of the MAC address is <xxxx.xxxx.xxxx>. slot/port[:sequence] The slot parameter stands for the slot number, the port
parameter stands for the EPON port number and the sequence parameter stands for the LLID sequence.
Default value
None
Command mode
Privileged mode
Remarks
None
Example
The following example shows how to restart the registered ONU on port EPON0/1:1.
switch# epon reboot onu interface epon0/1:1
- 20 -
ONU Management Configuration Commands
2.3 epon update onu image
Syntax
epon update onu image image_name interface epon slot/port[:sequence]
To update the ONU version remotely through OLT, run the previous command.
Parameter
Parameter Parameter description
image_name Contains up to 32 characters.
slot/port[:sequence] The slot parameter stands for the slot number, the port parameter stands for the EPON port number and the sequence parameter stands for the LLID sequence.
Default value
None
Command mode
Privileged mode
Remarks
1. Unless the to-be-updated software matches the corresponding ONU type can this software not be updated.
2. During the update process of ONU software, do not cut off the power of ONU. After the completion of ONU update, OLT will notify users of the successful ONU update by the way of log, and ONU will use the updated version for rebooting.
3. After the ONU version is updated and restarted, you need to run epon commit-onu-image-update on OLT to confirm the ONU version.
Example
The following example shows how to update the ONU version on port EPON0/1:1.
OLT# epon update onu image onu_bin interface epon epon0/1:1
- 21 -
ONU Management Configuration Commands
2.4 epon commit-onu-image-update
Syntax
epon commit-onu-image-update {mac-address value | interface epon slot/port:sequence}
To confirm the update of the ONU version, run the above-mentioned command.
Parameter
Parameter Parameter description
value The format of the MAC address is <xxxx.xxxx.xxxx>. slot/port[:sequence] The slot parameter stands for the slot number, the port
parameter stands for the EPON port number and the sequence parameter stands for the LLID sequence.
Default value
None
Command mode
Privileged mode
Remarks
This command is used after the ONU version is upgraded, restarted and re-registered.
Example
The following example shows how to confirm the upgrade of the ONU version on port EPON0/1:1.
switch# epon commit-onu-image-update interface epon0/1:1
2.5 epon update onu eeprom-image
Syntax
epon update onu eeprom-image image_name interface epon slot/port:sequence
The ONU EEPROM file has saved the MAC address and the sequence ID of ONU. If the information need be altered, the ONU EEPROM file need be updated. This command is used to update the ONU EEPROM file remotely from OLT.
- 22 -
ONU Management Configuration Commands
Parameter
Parameter Parameter description
image_name Contains up to 32 characters.
slot/port:sequence The slot parameter stands for the slot number, the port parameter stands for the EPON port number and the sequence parameter stands for the LLID sequence.
Default value
None
Command mode
Privileged mode
Remarks
1. After the ONU EEPROM file is updated, ONU need be restarted and then the newly configured information takes effect.
2. During the update process of ONU software, do not cut off the power of ONU.
Example
The following example shows how to use the onu_eeprom.dat file to update the ONU EEPROM on port EPON0/1:1.
OLT# epon update onu eeprom-image onu_eeprom.dat interface epon epon0/1:1
2.6 epon ace-recover
Syntax
epon ace-recover {mac-address value | interface epon slot/port:sequence}
To resume the default settings of ACE ONU, run the above-mentioned command.
Parameter
Parameter Parameter description
value The format of the MAC address is <xxxx.xxxx.xxxx>. slot/port[:sequence] The slot parameter stands for the slot number, the port
parameter stands for the EPON port number and the sequence parameter stands for the LLID sequence.
- 23 -
ONU Management Configuration Commands
Default value
None
Command mode
Privileged mode
Remarks
This command is valid only for the ONU of ACE.
Example
The following example shows how to resume the default settings of ACE ONU on port EPON0/1:1.
Switch# epon ace-recover interface epon0/1:1
2.7 epon switch-onu-pon
Syntax
epon switch-onu-pon interface epon slot/port:sequence
To switch the current PON port on ONU, run the above-mentioned command.
Parameter
Parameter Parameter description
slot/port[:sequence] The slot parameter stands for the slot number, the port parameter stands for the EPON port number and the sequence parameter stands for the LLID sequence.
Default value
None
Command mode
Privileged mode
Remarks
This command is only valid for ONU with dual PON ports.
- 24 -
ONU Management Configuration Commands
Example
The following example shows how to switch the current PON port of ONU on port epon0/1:1.
switch# epon switch-onu-pon interface epon0/1:1
2.8 epon switch-onu-pon-and-back
Syntax
epon switch-onu-pon-and-back interface epon slot/port:sequence
To switch the current PON port of ONU and then switch back to the original PON port, run the above-mentioned command.
Parameter
Parameter Parameter description
slot/port[:sequence] The slot parameter stands for the slot number, the port parameter stands for the EPON port number and the sequence parameter stands for the LLID sequence.
Default value
None
Command mode
Privileged mode
Remarks
This command is only valid for ONU with dual PON ports.
Example
The following example shows how to switch the current PON port of ONU and then switch back to the original PON port on port epon0/1:1.
switch# epon switch-onu-pon-and-back interface epon0/1:1
2.9 epon onu encryption
Syntax
epon onu encryption triple-churning
- 25 -
ONU Management Configuration Commands
no epon onu encryption
To set the ONU encryption mode, run epon onu encryption triple-churning.
Parameter
None
Default value
The default encryption mode of ONU is triple-churning.
Command mode
LLID port configuration mode
Remarks
The encryption function must be set for OLT and ONU simultaneously and the encryption modes are same, and then the encryption function can take effect.
Example
The following example shows how to set the ONU encryption mode on port EPON0/1:1 to triple churning.
switch_config# interface EPON0/1:1 switch_config_epon0/1:1# epon onu encryption triple-churning
2.10 epon onu mac address-table static
Syntax
[no]epon onu mac address-table static mac-addr port port-num
To add a static MAC address, run mac address-table static mac-addr vlan vlan-id interface interface-id. To cancel the static MAC address, run no mac address-table static
mac-addr vlan vlan-id interface interface-id.
Parameter
Parameter Parameter description
mac-addr Means an MAC address. Value range: H.H.H
port-num Physical port that the MAC address belongs to
- 26 -
ONU Management Configuration Commands
Default value
None
Remarks
This command is configured in LLID port mode.
Example
The following example shows how to bind the MAC address, 0004.5600.67ab, to the UNI2 port.
switch_config#interface e0/1:1
switch_config_epon0/1:1#epon onu mac address-table static 0004.5600.67ab port 2
2.11 epon onu clear mac address-table dynamic
Syntax
epon onu clear mac address-table dynamic [ address H.H.H | port num]
To clear the dynamic MAC address of ONU, run the previous command.
Parameter
Parameter Parameter description
H.H.H Stands for the MAC address that is designated to be deleted.
Num Stands for the UNI port number.
Default value
None
Remarks
This command is configured in LLID port mode.
Example
The following example shows how to remove the MAC address of the UNI1 port, which is corresponded by the LLID port, epon0/1:1.
switch_config#interface epon 0/1:1
- 27 -
ONU Management Configuration Commands
switch_config_epon0/1:1#epon onu clear mac address-table dynamic port 1
2.12 epon onu mac address-table learning
Syntax
epon onu mac address-table learning { disable | svl }
no epon onu mac address-table learning
To configure the learning of ONU MAC address table, run epon onu mac address-table learning { disable | svl }.
Parameter
Parameter Parameter description
disable Shuts down MAC address learning.
svl VLAN learning is shared by default.
Default value
VLAN learning is shared by default.
Remarks
This command is configured in LLID port mode.
Example
The following example shows how to shut down ONU MAC address learning which corresponds to the LLID port, epon0/1:1.
switch_config#interface epon 0/1:1
switch_config_epon0/1:1#epon onu mac address-table learning disable
2.13 epon onu mac address-table aging-time
Syntax
epon onu mac address-table aging-time { 0 | time }
no epon onu mac address-table aging-time
- 28 -
ONU Management Configuration Commands
To set the aging time of the MAC address table of ONU, run epon onu mac address-table aging-time { 0 | time }.
Parameter
Parameter Parameter description
0 Means that the MAC address does not age.
time Stands for the aging time of the MAC address, which ranges from 15 to 3825 seconds.
Default value
300S
Remarks
This command is configured in LLID port mode.
Example
The following example shows how to set the aging time of the MAC address of ONU which corresponds to the LLID port, epon0/1:1.
switch_config#interface epon 0/1:1
switch_config_epon0/1:1#epon onu mac address-table aging-time 200
2.14 epon onu scheduler policy
Syntax
epon onu scheduler policy { sp | wrr }
no epon onu scheduler policy
To set the schedule policy of the ONU CoS priority queue, run epon onu scheduler policy { sp | wrr }.
Parameter
Parameter Parameter description
sp Uses the SP schedule policy.
wrr Uses the WRR schedule policy.
- 29 -
ONU Management Configuration Commands
Default value
The SP schedule policy is used by default.
Remarks
This command is configured in LLID port mode.
Example
The following example shows how to set the ONU CoS priority queue of the LLID port, epon0/1:1, to wrr.
switch_config#interface epon 0/1:1
switch_config_epon0/1:1#epon onu scheduler policy wrr
2.15 epon onu scheduler wrr bandwidth
Syntax
epon onu scheduler wrr bandwidth weight1 ... weightn
no epon onu scheduler wrr bandwidth
To set the bandwidth of the ONU CoS priority queue, run epon onu scheduler wrr bandwidth weight1...weightn.
Note:
At present, the ONU chip does not support the bandwidth settings of the priority queue. The bandwidth settings is a fixed value, 1:2:4:8. 2 : 4 : 8。
Parameter
Parameter Parameter description
weight1 ... weightn Values of four CoS priority queues, ranging between 0 and 255
Default value
The weights of four CoS priority queues are 1, 2, 4 and 8 respectively.
Remarks
This command is configured in LLID port mode.
- 30 -
ONU Management Configuration Commands
Example
The following example shows how to set the bandwidth of the ONU CoS priority queue of the LLID port, epon0/1:1, to 10, 50, 100, or 200.
switch_config#interface epon 0/1:1
switch_config_epon0/1:1#epon onu scheduler wrr bandwidth 10 50 100 200
2.16 epon onu cos map
Syntax
epon onu cos map quid cos1 ... cosn
no epon onu cos map
To set the ONU CoS priority queue, run epon onu cos map quid cos1..cosn.
Parameter
Parameter Parameter description
quid ID of the COS priority queue, ranging between 1 and 4
cos1 ... cosn CoS value defined by IEEE802.1p, ranging between 0 and 7
Default value
CiS Priority Queue
0, 1 1
2, 3 2
4, 5 3
6,7 4
Remarks
This command is configured in LLID port mode.
Example
The following example shows how to map ONU priority values (3, 4, 5) of the LLID epon0/1:1 port to queue 3.
switch_config#interface epon 0/1:1
- 31 -
ONU Management Configuration Commands
switch_config_epon0/1:1#epon onu cos map 3 3-5
2.17 epon onu scheduler-pon policy
Syntax
epon onu scheduler-pon policy { sp | wrr }
no epon onu scheduler-pon policy
To set the schedule policy of the uplink ONU CoS priority queue, run epon onu scheduler-pon policy { sp | wrr }.
Parameter
Parameter Parameter description
sp Uses the SP schedule policy.
wrr Uses the WRR schedule policy.
Default value
The SP schedule policy is used by default.
Remarks
This command is configured in LLID port mode.
Example
The following example shows how to set the uplink priority queue of ONU, which corresponds to the LLID port (epon0/1:1), to wrr.
switch_config#interface epon 0/1:1
switch_config_epon0/1:1#epon onu scheduler-pon policy wrr
2.18 epon onu scheduler-pon wrr bandwidth
Syntax
epon onu scheduler-pon wrr bandwidth weight1 ... weightn
no epon onu scheduler-pon wrr bandwidth
- 32 -
ONU Management Configuration Commands
To set the bandwidth of the ONU CoS priority queue, run epon onu scheduler wrr bandwidth weight1...weightn.
Parameter
Parameter Parameter description
weight1 ... weightn Values of eight CoS priority queues, ranging between 0 and 255
Default value
The following example shows how to set the weight values of eight CoS priority queues to 1, 1, 1, 1, 1, 1, 1 and 1 respectively.
Remarks
This command is configured in LLID port mode.
Example
The following example shows how to set the bandwidth of the ONU CoS priority queue of the LLID port, epon0/1:1, to 1, 2, 4, or 8.
switch_config#interface epon 0/1:1
switch_config_epon0/1:1#epon onu scheduler-pon wrr bandwidth 1 2 4 8 16 32 64 128
2.19 epon onu cos-pon map
Syntax
epon onu cos-pon map quid cos1 ... cosn
no epon onu cos-pon map
To set the ONU CoS priority queue, run epon onu cos map quid cos1..cosn.
Parameter
Parameter Parameter description
quid ID of the COS priority queue, ranging between 1 and 8
cos1 ... cosn CoS value defined by IEEE802.1p, ranging between 0 and 7
Default value
CiS Priority Queue
- 33 -
ONU Management Configuration Commands
0 1
1 2
2 3
3 4
4 5
5 6
6 7
7 8
Remarks
This command is configured in LLID port mode.
Example
The following example shows how to map ONU priority values (3, 4, 5) of the LLID epon0/1:1 port to queue 3.
switch_config#interface epon 0/1:1
switch_config_epon0/1:1#epon onu cos-pon map 3 3-5
2.20 epon onu port-protect
Syntax
epon onu port-protect
no epon onu port-protect
To configure ONU port isolation, run epon onu port-protect.
Parameter
Default value
ONU port isolation is enabled by default.
- 34 -
ONU Management Configuration Commands
Remarks
This command is configured in port configuration mode.
Example
The following example shows how to enable the isolation of the ONU port which corresponds to the LLID port, epon0/1:1.
switch_config#interface epon 0/1:1
switch_config_epon0/1:1# epon onu port-protect
2.21 epon onu ip address
Syntax
ONU,命令如下:
epon onu ip address { dhcp | static ip-address netmask}
bstar ONU,命令如下:
epon onu ip address A.B.C.D netmask A.B.C.D gateway A.B.C.D vlan value
no epon onu ip address
To set the ONU IP address, run epon onu ip address { dhcp | static ip-address netmask}.
Parameter
Parameter Parameter description
Dhcp Sets dynamic IP address obtainment for ONU.
Static Sets static IP address obtainment for ONU.
ip-address Stands for the static IP address.
Netmask Subnet mask
A.B.C.D Address
Value Vlan id
Default value
ONU 默认 DHCP 模式,如果 onu 获取不到,使用默认的 192.168.0.1
- 35 -
ONU Management Configuration Commands
Remarks
This command is configured in port configuration mode.
Example
The following example shows how to set the ONU IP address mode to static and set the IP address to 172.0.0.10.
switch_config#interface epon 0/1:1
switch_config_epon0/1:1# epon onu ip address static 172.0.0.10 255.255.0.0
2.22 epon onu spanning-tree
Syntax
epon onu spanning-tree
no epon onu spanning-tree
开启或关闭 ONU Spanning Tree。
Parameter
Default value
关闭 Spanning Tree 功能。
Remarks
This command is configured in port configuration mode.
Example
在 LLID 端口 epon0/1:1 开启 spanning tree。
switch_config#interface epon 0/1:1
switch_config_epon0/1:1# epon onu spanning-tree
- 36 -
ONU Management Configuration Commands
2.23 epon onu mirror
Syntax
epon onu mirror session num destination dest-port source src-port [both | rx | tx]
no epon onu mirror session num
配置 ONU 镜像功能。
Parameter
Parameter Parameter description
num 镜像会话编号
dest-port 镜像目的端口号
src-port 镜像源端口号
both 镜像入口和出口
rx 镜像入口
tx 镜像出口
Default value
无镜像配置
Remarks
This command is configured in port configuration mode.
Example
配置 LLID 端口 epon0/1:1 镜像功能,将端口 1 的入口报文镜像到端口 2。
switch_config#interface epon 0/1:1
switch_config_epon0/1:1# epon onu mirror session 1 destination 2 source 1 rx
2.24 epon onu filter
Syntax
epon onu filter {icmp | arp | bpdu | igmp} threshold value
- 37 -
ONU Management Configuration Commands
no epon onu filter {icmp | arp | bpdu | igmp}
配置 ONU 防攻击功能。
Parameter
Parameter Parameter description
value 每秒允许收到的报文字节数。 Value range: 52000
Default value
无防攻击功能
Remarks
This command is configured in port configuration mode.
Example
配置 LLID 端口 epon0/1:1 防 BPDU 攻击,阈值每秒 20 个。
switch_config#interface epon 0/1:1
switch_config_epon0/1:1# epon onu filter bpdu threshold 20
2.25 epon onu serial-mode
Syntax
epon onu serial-mode {tcp-server | tcp-client | udp} port port-value [timeout timeout-value]
no epon onu serial-mode
Sets the CTC mode of ONU.
Parameter
Parameter Parameter description
tcp-server tcp server模式
tcp-client tcp client模式
udp udp模式
port-value tcp或udp端口号,1-65535
- 38 -
ONU Management Configuration Commands
timeout-value 超时时间,只有在tcp-server模式下才可以配置,1-65535,单位S
Default value
关闭串口
Remarks
This command is configured in port configuration mode.
Example
配置 LLID 端口 epon0/1:1 串口工作模式为 tcp-server,tcp 端口号为 12000,超时时间为
100S。
switch_config#interface e0/1:1
switch_config_epon0/1:1# epon onu serial-mode tcp-server port 12000 timeout 100
2.26 epon onu serial-remote
Syntax
epon onu serial-remote index
no epon onu serial-remote index
配置 ONU 的串口前置机 IP 地址。
Parameter
Parameter Parameter description
index 前置机索引
Default value
无前置机 IP 地址。
Remarks
This command is configured in port configuration mode.
- 39 -
ONU Management Configuration Commands
Example
配置 LLID 端口 epon0/1:1 串口前置机 IP 地址为索引 1 对应的 IP 地址。
switch_config# serial-bridge remote 1 address 10.0.0.1
switch_config#interface e0/1:1
switch_config_epon0/1:1# epon onu serial-remote 1
2.27 epon onu vlan
Syntax
epon onu vlan word
no epon onu vlan word
在 ONU 上创建或删除 vlan。
Parameter
Parameter Parameter description
word Vlan id范围。 Value range: 1-4094
Default value
None
Remarks
This command is configured in port configuration mode.
Example
配置 LLID 端口 epon0/1:1 下的 ONU 上创建 vlan 1-20。
switch_config#interface epon 0/1:1
switch_config_epon0/1:1# epon onu vlan 1-20
- 40 -
ONU Management Configuration Commands
2.28 show epon interface onu basic-info
Syntax
show epon interface slot/port:sequence onu basic-info
To display the basic ONU information, run the previous command.
Parameter
Parameter Parameter description
slot/por[:sequence The slot parameter stands for the slot number, the port parameter stands for the EPON port number and the sequence parameter stands for the LLID sequence.
Default value
None
Command mode
Any mode will do.
Remarks
The basic ONU information cannot be displayed until ONU is registered.
Example
The following is the basic ONU information of port e0/1:1.
OLT_config#show epon interface epon 0/1:1 onu basic-info ONU Building version: 10.0.1A ONU Compiled time: 15:49:06, Aug 28 2009 ONU SDK software version: 3.4.2.2 ONU chip type: CS8016.B0 ONU chip version: 0 ONU loader version: 02.00.01-1241677674 EEPROM Control Flag : 0xaa MAC address : 00e0.0f46.5f41 EEPROM version : 1 HEC mode : 0 IGMP snooping mode : 1 OAM version : 0
- 41 -
ONU Management Configuration Commands
I2C interface mode : 1 MPCP timeout : 1000 Vendor code : 0 Model number : 0 Hardware version : 0 Year : 0 Week : 256 Serial number : 12200110 CRC Mode : 0 Query Key : 0 Disable auto reset : 0 Enable tk default mode : 0 Normal bringup mode : 1 PON Laser always on : 0 PON Laser ctrl polarity : 0 PON admin status : 1 UNI port MAC type : 0 UNI Auto negotiation : 1 UNI MII type : 3 UNI PinStrapOverWrite : 0 UNI admin status : 1 Security flag 802.1x mode : 1 Security flag UNI port control : 0 Security flag mcst/bcst control: 1 Security flag dot1x tunnel : 0 IOPVendorCode : 255 ONUConfigCode : 254 ONUCtrlVlan : 0 ctc_onu : 0x11-0x11-0x11 Laser on time : 64 Laser off time : 64 CTC OAM Bypass Mode : 0 CRC Mode Config : 0 FEC Enabled : 0 Unknown Multicast Drop : 0 Tx error detection : 0 IGMP vlan learning mode : 0 Laser Delay : 0 User vendor info : UTST/A002 Deregister backofftime : 60 Mdio address : 1 Dying Gasp Trigger Mode : 0 MII enable : 0 Switch Port Num : 4 KT ONU : 0x00-0x00-0x00 Classification Rule Num : 0
- 42 -
ONU Management Configuration Commands
2.29 show epon interface onu ctc basic-info
Syntax
show epon interface slot/port:sequence onu ctc basic-info
To display the CTC-defined basic ONU information, run the previous command.
Parameter
Parameter Parameter description
slot/por[:sequence The slot parameter stands for the slot number, the port parameter stands for the EPON port number and the sequence parameter stands for the LLID sequence.
Default value
None
Command mode
Any mode will do.
Remarks
The basic CTC-defined ONU information cannot be displayed until ONU is registered.
Example
The following is the basic CTC-defined ONU information of port e0/1:1.
OLT_config#show epon interface epon 0/1:1 onu ctc basic-info ONU Vender ID : BDCM ONU MODEL ID : 0x20000000 ONU ID : 00e0.0fa7.0150 Hardware Version : 0x20 30 30 30 00 00 00 00 Software Version : 0x33 34 32 00 00 00 00 00 00 00 00 00 00 00 00 00 Firmware Version : 0x00 00 00 02 00 03 00 04 00 02 Chipset Vendor ID : BD Chipset MODEL ID : 0x2000 Chipset Revision : 1 Chipset Date : 08/01/29 Service Supported : Support GE : NO Support FE : YES Support VOIP : NO
- 43 -
ONU Management Configuration Commands
Support TDM CES : NO Number of GE Ports : 0 Bitmap of GE Ports : Number of FE Ports : 4 Bitmap of FE Ports : 1-4 Number of POTS ports: 0 Number of E1 port : 0 Number of US Queues : 8 QueueMax per US Port: 8 Number of DS Queues : 8 QueueMax per DS Port: 8 Battery Backup : 0 OLT_config#
2.30 show epon onu mac address-table
Syntax
show epon interface interface-id onu mac address-table
To display the ONU MAC address table, run the previous command.
Parameter
Parameter Parameter description
interface-id Stands for the LLID port ID.
Default value
None
Remarks
This command is used to display the ONU MAC address table.
Example
The following information shows the ONU MAC address table of the LLID port, epon0/1:1.
switch#show epon interface epon 0/1:1 onu mac address-table
- 44 -
ONU Management Configuration Commands
Chapter 3 Remote UNI Control Commands of ONU
3.1 Remote UNI Control Commands of ONU
Global remote control commands of ONU are shown below:
epon onu port ctc vlan mode
epon onu port ctc vlan translation-entry
epon onu port ctc vlan aggregation-entry
epon onu port ctc flow-control
epon onu port mac address-table dynamic maximum
epon onu port storm-control
epon onu port ctc rate-limit
epon onu port loopback detect
epon onu port duplex
epon onu port speed
epon onu port ctc auto-negotiation
epon onu port block mac
epon onu port default-cos
epon onu port ctc shutdown
epon onu port qos policy
epon onu port ctc qos policy
epon onu port mac access-group
epon onu port ip access-group
epon onu serial serial-attribute
epon onu serial serial-buffer
epon onu serial serial-keepalive
epon onu serial loopback detect
show epon onu {port | serial} statistics
- 45 -
ONU Management Configuration Commands
show epon onu {port | serial} state
show epon onu port ctc vlan
3.2 epon onu port ctc vlan mode
Syntax
epon onu port port-num ctc vlan mode {transparent | tag value | translation value | vlan-stacking value | aggregation value }
no epon onu port port-num ctc vlan mode
To set the processing mode of UNI VLAN Tag of ONU, run the previous command.
Parameter
Parameter Parameter description
num Stands for the UNI port.
value Stands for the PVID value of the UNI interface and this value ranges from 1 to 4094.
Default value
The default processing mode of VLAN tag is transparent.
Command mode
LLID port configuration mode
Remarks
None
Example
The following example shows how to set the processing mode of UNI VLAN tag of ONU to tag.
switch_config_e0/1:1# epon onu port 1 ctc vlan mode tag pvid 3
3.3 epon onu port ctc vlan translation-entry
Syntax
epon onu port num ctc vlan translation-entry old-vid new-vid
- 46 -
ONU Management Configuration Commands
no epon onu port num ctc vlan translation-entry old-vid new-vid
This command is used to set the translation entries of the ONU UNI port.
Parameter
Parameter Parameter description
num Stands for the UNI port number.
old-vid Stands for the value of the SPVLAN translation entries of the UUI port, which ranges between 1 and 4094.
new-vid Stands for the value of the CVLAN translation entries of the UUI port, which ranges between 1 and 4094.
Default value
None
Command mode
LLID port configuration mode
Remarks
The translation entry takes effect only when the VLAN of the ONU UNI port is in translation or vlan-stacking mode.
Example
The following example shows how to set the number of the translation entries of UNI1 of ONU on the EPON0/1:1 to 1000 to 2000.
OLT_config_e0/1:1# epon onu port 1 ctc vlan translation-entry 1000 2000
3.4 epon onu port ctc vlan aggregation-entry
Syntax
epon onu port num ctc vlan aggregation-entry old-vid-range new-vid
no epon onu port num ctc vlan aggregation-entry old-vid-range new-vid
This command is used to set the translation entries of the ONU UNI port.
Parameter
Parameter Parameter description
- 47 -
ONU Management Configuration Commands
num Stands for the UNI port number.
old-vid-range Stands for the value of the SPVLAN translation entries of the UUI port, which ranges between 1 and 4094.
new-vid Stands for the value of the CVLAN translation entries of the UUI port, which ranges between 1 and 4094.
Default value
None
Command mode
LLID port configuration mode
Remarks
The translation entry takes effect only when the VLAN of the ONU UNI port is in aggregation mode.
Example
The following example shows how to set the number of the VLAN aggregation entries of UNI1 of ONU on the EPON0/1:1 to 101-108 to 2000.
OLT_config_e0/1:1# epon onu port 1 ctc vlan aggregation-entry 101-108 2000
3.5 epon onu port ctc flow-control
Syntax
epon onu port num ctc flow-control
no epon onu port num ctc flow-control
To configure flow control for an ONU interface, run epon onu port num flow-control.
Parameter
Parameter Parameter description
num Stands for the ONU UNI port ID.
Default value
The flow control function of the port is disabled by default.
- 48 -
ONU Management Configuration Commands
Remarks
This command is configured in port configuration mode.
Example
The following example shows how to enable the flow control of ONU UNI port 1 which corresponds to the LLID port, epon0/1:1.
switch_config#interface epon 0/1:1
switch_config_epon0/1:1# epon onu port 1 ctc flow-control
3.6 epon onu port mac address-table dynamic maximum
Syntax
epon onu port port-num mac address-table dynamic maximum addr-num
no epon onu port port-num mac address-table dynamic maximum
To configure the maximum number of MAC addresses for a port, run the first one of the previous two commands.
Parameter
Parameter Parameter description
port-num Stands for the ONU UNI port ID.
addr-num Stands for the maximum number of MAC addresses, which ranges between 1 and 255.
Default value
The number of addresses is not limited.
Remarks
This command is configured in LLID port mode.
Example
The following example shows how to set the maximum number of MAC addresses of ONU UNI port 2 which corresponds to the LLID port, epon0/1:1.
switch_config#interface epon 0/1:1
switch_config_epon0/1:1# epon onu port 2 mac address-table dynamic maximum 3
- 49 -
ONU Management Configuration Commands
3.7 epon onu port storm-control
Syntax
epon onu port port-num storm-control mode mode-num threshold count
no epon onu port port-num storm-control
To configure storm control for an ONU UNI port, run epon onu port port-num storm-control mode mode-num threshold count.
Parameter
Parameter Parameter description
port-num Stands for the ONU UNI port ID.
mode-num
Storm control mode:
1、 Only the broadcast packets are limited.
2、 Both broadcast and multicast packets are limited.
3、 Broadcast/multicast/unknown unicast packets are limited.
4、 All packets are limited.
count Defines the threshold flux of the storm. Value range: 256~100000
Default value
The storm control function is disabled by default.
Remarks
This command is configured in LLID port mode.
Example
The following example shows how to set the storm control rate of the ONU UNI1 port, which corresponds to the Epon0/1:1 port, to 1000.
switch_config#interface epon 0/1:1
switch_config_epon0/1:1# epon onu storm-control mode 1 threshold 1000
- 50 -
ONU Management Configuration Commands
3.8 epon onu port ctc rate-limit
Syntax
epon onu port port-num ctc rate-limit band { ingress | egress}
no epon onu port port-num ctc rate-limit { ingress | egress}
To configure the rate limitation for an ONU port, run epon onu port port-num rate-limit band { ingress | egress}.
Parameter
Parameter Parameter description
port-num Stands for the ONU UNI port ID.
band Means the rate of the flow. The flow rate for the 100M port is from 64Kbps to 100Mbps and the step is 1Kbps.
ingress Functions on the ingress port.
egress Functions on the egress port.
Default value
The rate limitation is shut down on the port by default.
Remarks
This command is configured in LLID port mode.
Example
The following example shows how to set rate limitation of ONU UNI port 1, which corresponds to the LLID port, epon0/1:1, to 128Kbps.
switch_config#interface epon 0/1:1
switch_config_epon0/1:1# epon onu port 1 ctc rate-limit 128 egress
3.9 epon onu port loopback detect
Syntax
epon onu port port-num loopback detect
no epon onu port port-num loopback detect
- 51 -
ONU Management Configuration Commands
To configure loopback detection for an ONU UNI port, run epon onu port port-num loopback detect.
Parameter
Parameter Parameter description
port-num Stands for the ONU UNI port ID.
Default value
The loopback detection of the port is shut down.
Remarks
This command is configured in LLID port mode.
Example
The following example shows how to enable loopback detection on ONU UNI port 1.
switch_config#interface epon 0/1:1
switch_config_epon0/1:1# epon onu port 1 loopback detect
3.10 epon onu port duplex
Syntax
epon onu port port-num duplex { half | full | auto }
no epon onu port port-num duplex
To configure the duplex mode on the ONU UNI port, run epon onu port port-num duplex { half | full | auto }.
Parameter
Parameter Parameter description
port-num Stands for the ONU UNI port ID.
half Sets the duplex mode of the port to half duplex.
full Sets the duplex mode of the port to full duplex.
auto Sets the duplex mode of the port to auto-negotiable.
- 52 -
ONU Management Configuration Commands
Default value
The default duplex mode of the port is auto-negotiable.
Remarks
This command is configured in LLID port mode.
Example
The following example shows how to set ONU UNI port 1, which corresponds to the LLID port, epon0/1:1, to full deplex.
switch_config#interface epon 0/1:1
switch_config_epon0/1:1# epon onu port 1 duplex full
3.11 epon onu port speed
Syntax
epon onu port port-num speed { 10 | 100 | auto }
no epon onu port port-num speed
To configure the speed of ONU UNI port, run epon onu port port-num speed { 10 | 100 | auto }.
Parameter
Parameter Parameter description
port-num Stands for the ONU UNI port ID.
10 Sets the speed of a port to 10M.
100 Sets the speed of a port to 100M.
auto Sets the speed of the interface to auto.
Default value
Automatic negotiation
Remarks
This command is configured in LLID port mode.
- 53 -
ONU Management Configuration Commands
Example
The following example shows how to set the speed of ONU UNI port 1, which corresponds to the LLID port, epon0/1:1, to 100M.
switch_config#interface epon 0/1:1
switch_config_epon0/1:1# epon onu port 1 speed 100
3.12 epon onu port ctc auto-negotiation
Syntax
epon onu port port-num ctc auto-negotiation
no epon onu port port-num ctc auto-negotiation
The above-mentioned commands are used to enable or disable the auto negotiation of the ONU UNI port.
Parameter
Parameter Parameter description
port-num Stands for the ONU UNI port ID.
Default value
The auto negotiation is enabled by default.
Remarks
This command is configured in LLID port mode.
Example
The following example shows how to enable the auto-negotiation of ONU which corresponds to the LLID port, epon0/1:1.
switch_config#interface epon 0/1:1
switch_config_epon0/1:1# epon onu port 1 ctc auto-negotiation
- 54 -
ONU Management Configuration Commands
3.13 epon onu port block mac
Syntax
epon onu port port-num epon onu port port-num block mac {src H.H.H | dest H.H.H}
no epon onu port port-num epon onu port port-num block mac {src H.H.H | dest H.H.H}
To set the frame filtration of ONU UNI port, run epon onu port port-num epon onu port port-num block mac {src H.H.H | dest H.H.H}.
Parameter
Parameter Parameter description
port-num Stands for the ONU UNI port ID.
H.H.H Stands for the MAC address.
Default value
None
Remarks
This command is configured in LLID port mode.
Example
The following example shows how to set the speed of ONU UNI port 1, which corresponds to the LLID port, epon0/1:1, to 100M.
switch_config#interface epon 0/1:1
switch_config_epon0/1:1# epon onu port 1 block mac src 0.0.1 dest 0.0.2
3.14 epon onu port default-cos
Syntax
epon onu port port-num default-cos value
no epon onu port port-num default-cos
- 55 -
ONU Management Configuration Commands
To set the default CoS Value of the ONU UNI port, run epon onu port port-num default-cos value.
Parameter
Parameter Parameter description
port-num Stands for the ONU UNI port ID.
value Stands for the default CoS value.
Default value
0
Remarks
This command is configured in LLID port mode.
Example
The following example shows how to set the default CoS value of ONU UNI port 1, which corresponds to the LLID port, epon0/1:1, to 2.
switch_config#interface epon 0/1:1
switch_config_epon0/1:1# epon onu port 1 default-cos 2
3.15 epon onu port ctc shutdown
Syntax
epon onu port num ctc shutdown
no epon onu port num ctc shutdown
To enable the ONU UNI port, run epon onu port num ctc shutdown. To disable the ONU UNI port, run no epon onu port num ctc shutdown.
Parameter
Parameter Parameter description
num Stands for the ONU UNI port ID.
Default value
The UNI port is enabled by default.
- 56 -
ONU Management Configuration Commands
Remarks
This command is configured in LLID port mode.
Example
The following example shows how to set ONU UNI port 1, which corresponds to the LLID port, epon0/1:1.
switch_config#interface epon 0/1:1
switch_config_epon0/1:1# epon onu port 1 ctc shutdown
3.16 epon onu port qos policy
Syntax
epon onu port num qos policy name
no epon onu qos policy name
To configure the QoS policy of the ONU UNI port, run epon onu port num qos policy name.
Parameter
Parameter Parameter description
num Stands for the ONU UNI port number.
name Stands for the name of QoS policy mapping.
Default value
None
Remarks
This command is configured in LLID port mode.
At present, the policy map only supports the following actions: drop, forward, bandwidth and edit the vlan tag of the outer layer.
Example
The following example shows how to apply the QoS policy map, pmap, on ONU port 1, which corresponds to the LLID port, epon0/1:1.
switch_config#interface epon 0/1:1
- 57 -
ONU Management Configuration Commands
switch_config_epon0/1:1# epon onu port 1 ctc qos policy pmap
3.17 epon onu port ctc qos policy
Syntax
epon onu port num ctc qos policy name
no epon onu qos policy name
To set the QoS policy of the ONU UNI port, run epon onu port num ctc qos policy name.
Parameter
Parameter Parameter description
num Stands for the ONU UNI port number.
name Stands for the name of QoS policy mapping.
Default value
None
Remarks
This command is configured in LLID port mode.
At present, the action of the policy map only supports cos and queue, which of course depends on different ONUs.
Example
The following example shows how to apply the QoS policy map, pmap, on ONU, which corresponds to the LLID port, epon0/1:1.
switch_config#interface epon 0/1:1
switch_config_epon0/1:1# epon onu port 1 ctc qos policy pmap
3.18 epon onu port mac access-group
Syntax
epon onu port num mac access-group name
- 58 -
ONU Management Configuration Commands
no epon onu port num mac access-group name
To set the MAC access list of the ONU UNI port, run epon onu port num mac access-group name.
Parameter
Parameter Parameter description
num Stands for the ONU UNI port number.
name Stands for the name of the MAC access list.
Default value
None
Remarks
This command is configured in LLID port mode.
Example
The following example shows how to apply the MAC access list, mac1, on port 1 of ONU, which corresponds to the LLID port, epon0/1:1.
switch_config#interface epon 0/1:1
switch_config_epon0/1:1# epon onu port 1 mac access-group mac1
3.19 epon onu port ip access-group
Syntax
epon onu port num ip access-group name
no epon onu port num ip access-group name
To set the IP access list of the ONU UNI port, run epon onu port num ip access-group name.
Parameter
Parameter Parameter description
num Stands for the ONU UNI port number.
name Stands for the name of the MAC access list.
- 59 -
ONU Management Configuration Commands
Default value
None
Remarks
This command is configured in LLID port mode.
Example
The following example shows how to apply the IP access list, p1, on port 1 of ONU, which corresponds to the LLID port, epon0/1:1.
switch_config#interface epon 0/1:1
switch_config_epon0/1:1# epon onu port 1 ip access-group p1
3.20 epon onu serial serial-attribute
Syntax
epon onu serial num serial-attribute {speed speed-value | databits databits-value | stopbits stopbits-value | parity {none | odd | even | space | mark} | flow-control {none | software | hardware} | bus-type { RS232 | RS485} | duplex {half | full}}
no epon onu serial num serial-attribute [speed | databits | stopbits | parity | flow-control | bus-type | duplex]
To set the attributes of a serial interface of ONU, run the first one of the previous two commands.
Parameter
Parameter Parameter description
num Stands for the number of the serial interface of ONU.
speed-value Stands for the rate of the serial interface.
databits-value Stands for the data bit.
stopbits-value Stands for the stop bit.
none | odd | even | space | mark
Stands for the check mode.
none: means there is no check.
odd: means it is the odd check.
even: means it is the even check.
space: means it is the space check (0 check).
- 60 -
ONU Management Configuration Commands
mark: means it is the mark check (1 check).
software | hardware Stands for the flow control mode.
software: means it is the software-based flow control mode.
hardware: means it is the hardware-based flow control mode.
RS232 | RS485 Stands for the mode of the serial interface.
RS232: Stands for the 232 mode of the serial interface.
RS485: Stands for the 485 mode of the serial interface.
half | full Duplex mode
half: half duplex
full: full duplex
Default value
Speed: 9600
databits: 8
stopbits: 1
parity: none (no check)
flow-control: none (no flow control)
bus-type: RS485
duplex: half
Remarks
This command is configured in LLID port mode.
Example
The following example shows how to set the speed to 115200, databits to 7, stopbits to 1, parity to odd, flow control to hardware, bus type to RS232 and duplex to half for serial interface 1 of ONU, which corresponds to the LLID port, epon0/1:1.
switch_config#interface e0/1:1
switch_config_epon0/1:1# epon onu serial 1 serial-attribute speed 115200 databits 7 stopbits 1 parity odd flow-control hardware bus-type RS232 duplex half
- 61 -
ONU Management Configuration Commands
3.21 epon onu serial serial-buffer
Syntax
epon onu serial num serial-buffer {read-interval time | read-bytes bytes}
no epon onu serial num serial-buffer [read-interval | read-bytes]
To set the buffer of the serial interface of ONU, run the first one of the previous two commands.
Parameter
Parameter Parameter description
num Stands for the number of the serial interface of ONU.
time Stands for the maximum read time of the buffer.
bytes Stands for the maximum bytes of the buffer.
Default value
read-interval:
read-bytes:
Remarks
This command is configured in LLID port mode.
Example
The following example shows how to set the maximum read time of the buffer of serial interface 1, which corresponds to the LLID port, epon0/1:1, to 50ms.
switch_config#interface epon 0/1:1
switch_config_epon0/1:1# epon onu serial 1 serial-buffer read-interval 50 read-bytes 1000
- 62 -
ONU Management Configuration Commands
3.22 epon onu serial serial-keepalive
Syntax
epon onu serial num serial-keepalive idle idle-value timeout timeout-value count count-value
no epon onu serial num serial-keepalive
To set the keepalive function of the serial interface of ONU, run the first one of the previous two commands.
Parameter
Parameter Parameter description
num Stands for the number of the serial interface of ONU.
idle-value Stands for the idle time.
timeout-value Stands for the timeout time of the keepalive packets.
count-value Stands for the transmission times of the keepalive packets.
Default value
There is no the keepalive function.
Remarks
This command is configured in port configuration mode.
Example
The following example shows how to enable keepalive function of serial interface 1, that is, the idle time is set to 5000ms, the timeout time to 2000ms and the transmission times to 3.
switch_config#interface epon 0/1:1
switch_config_epon0/1:1# epon onu serial 1 serial-keepalive idle 5000 timeout 2000 count 3
3.23 epon onu serial loopback detect
Syntax
epon onu serial serial-num loopback detect
- 63 -
ONU Management Configuration Commands
no epon onu serial serial-num loopback detect
To configure loopback detection for an ONU serial interface, run epon onu serial serial-num loopback detect.
Parameter
Parameter Parameter description
serial-num ID of ONU serial interface
Default value
There is no loopback detection.
Remarks
This command is configured in LLID port configuration mode.
Example
The following example shows how to enable loopback detection of serial interface 1.
switch_config#interface e0/1:1
switch_config_epon0/1:1# epon onu serial 1 loopback detect
3.24 show epon onu {port | serial} statistics
Syntax
show epon interface interface-id onu {port | serial} num statistics
To display packet statistics on the ONU port, run the previous command.
Parameter
Parameter Parameter description
interface-id Stands for the LLID port ID.
num ID of the ONU interface or the serial interface
Default value
None
- 64 -
ONU Management Configuration Commands
Remarks
This command is used to show the transmission and reception of packets on the ONU port.
Example
The following example shows how to show the transmission and reception of packets on ONU UNI port 1 which corresponds to the LLID port, epon0/1:1.
switch#show epon interface epon 0/1:1 onu port 1 statistics
In Good Octets : 0 In Bad Octets : 0 In Broadcasts Frames : 0 In Multicasts Frames : 0 In Unicasts Frames : 0 In Pause Frame : 0 In MAC Received Error Frames : 0 In FCS Error Frames : 0 Undersize Frames : 0 Fragments Frames : 0 Oversize Frames : 0 Jabber Frames : 0 Out Octets : 0 Out Broadcasts Frames : 0 Out Multicasts Frames : 0 Out Unicasts Frames : 0 Out Pause Frames : 0 Out FCS Error Frames : 0 Deferred Frames : 0 Excessive Frames : 0 Single Collision Frames : 0 Multiple Collision Frames : 0 Late Frames : 0 Collisions Frames : 0 Rx/Tx 64 Octets : 0 Rx/Tx 65-127 Octets : 0 Rx/Tx 128-255 Octets : 0 Rx/Tx 256-511 Octets : 0 Rx/Tx 512-1023 Octets : 0 Rx/Tx 1024-Max Octets : 0
3.25 show epon onu {port | serial} state
Syntax
show epon interface interface-id onu {port | serial} port-num state
To display port configuration and state, run the previous command.
- 65 -
ONU Management Configuration Commands
Parameter
Parameter Parameter description
interface-id Stands for the LLID port ID.
port-num ID of the ONU interface or the serial interface
Default value
None
Remarks
This command is used to display the link state of the ONU UNI port.
Example
The following example shows how to display the state of ONU UNI port 1, which corresponds to the LLID port, epon0/1:1.
switch#show epon interface epon 0/1:1 onu port 1 state
Hardware state is Link-Down Admin state is Up Flow-Control is Disable Duplex is Auto-Duplex Speed is Auto-Speed Storm-Control is Disable
3.26 show epon onu port ctc vlan
Syntax
show epon interface interface-id onu port port-num ctc vlan
To display VLAN configuration and state of the UNI port, run the previous command.
Parameter
Parameter Parameter description
interface-id Stands for the LLID port ID.
port-num ID of the ONU interface or the serial interface
Default value
None
- 66 -
ONU Management Configuration Commands
Remarks
This command is used to display VLAN settings and its state on the ONU UNI port.
Example
The following example shows how to display the VLAN state of ONU UNI port 1, which corresponds to the LLID port, epon0/1:1.
Switch#show epon interface e0/1:1 onu port 1 ctc vlan Interface : E0/1:1 UNI : 1 VLAN mode : translate Default VLAN ID : 3 TPID : 0x0 Translation table Old VLAN ID Old TPID New VLAN ID New TPID ----------- -------- ----------- --------
- 67 -