Command Line Interface User Guide L2 Switch CLI M… · 9 User EXEC Mode Users with level 1...

1

Command Line Interface User Guide

2

Table of ContentsIntroduction.............................................................................. 8 Overview............................................................................................. 8 User Privelege Levels/CLI Command Modes........................ 8 User Exec Mode/Priveleged Exec Mode................................. 9 GlobalConfigMode..........................................................................9 Interface/LineConfigurationMode......................................10 AccessingTheCLI/Shortcuts..................................................11Chapter 1 802.1X....................................................................12 dot1x.................................................................................13 dot1x Reauthentication.............................................................18 dot1xTimeoutReauthentication-Period.............................20 dot1xTimoutQuiet-Period.........................................................22 dot1xTimeoutSupp-Timeout..................................................24 dot1xTimeoutMax-Req............................................................26 dot1xGuestVLAN........................................................................28 Show dot1x.................................................................................. 30 Show dot1x Authentication-Hosts..................................... 31 Show dot1x Interface................................................................ 33 Showdot1xGuestVLAN...........................................................35Chapter 2 AAA.........................................................................38 AAAAuthentication......................................................................39 LoginAuthentication...................................................................42 IP http Authentication.............................................................. 45 EnableAuthentication................................................................48 ShowAAAAuthentication.......................................................51 ShowLineLists..............................................................................53 tacacsDefaultConfig..................................................................55 tacacs Host.................................................................................... 58 Show tacacs Default ............................................................... 60 Show tacacs................................................................................... 61 RADIUSDefault.............................................................................62

RADIUSHost.................................................................................. 64 ShowRADIUSDefaultConfiguration...................................66 Show RADIUS................................................................................ 67Chapter 3 ACL.........................................................................69 MACACL...........................................................................................70 Permit (MAC).................................................................................. 72 Deny (MAC)..................................................................................... 74 IPACL.................................................................................................76 Permit (IP)....................................................................................... 78 Deny (IPv6).....................................................................................82 IPv6 ACL...........................................................................................85 Permit(IPv6)....................................................................................87 Deny(IP)...........................................................................................90 BindACL...........................................................................................94 Show ACL....................................................................................... 96 Show ACL Utilization............................................................... 98Chapter 4 Administration...................................................102 Enable............................................................................................ 103 Exit...................................................................................................105 Configure........................................................................................107 Interface........................................................................................108 Line..................................................................................................110 End.................................................................................................. 112 Reboot........................................................................................... 114 SystemName..............................................................................115 System Contact......................................................................... 117 System Location........................................................................ 119 Username....................................................................................... 121 Enable Password........................................................................ 123 IPAddress......................................................................................125 IPDefaultGateway..................................................................127

3

IPDNS..............................................................................................129 IPDHCP...........................................................................................131 IPv6Autoconfiguration............................................................133 IPv6Address.................................................................................135 IPv6DefaultGateway...............................................................137 IPv6 DHCP.....................................................................................139 IPService.......................................................................................141 IPSession-Timeout...................................................................144 Exec-Timeout............................................................................. 146 Password-Thresh...................................................................... 150 Silent-Time.................................................................................. 154 History............................................................................................157 ClearService.................................................................................162 SSL................................................................................................... 163 Ping...................................................................................................165 Traceroute.................................................................................... 167 ClearARP........................................................................................169 ShowVersion................................................................................171 ShowInfo.......................................................................................173 ShowHistory.................................................................................175 Show Username ...................................................................... 177 Show IP......................................................................................... 179 Show IPDHCP............................................................................ 181 ShowIPv6.....................................................................................182 Show IPv6DHCP.......................................................................184 ShowLine.......................................................................................185Chapter 5 Cable Diagnostics................................................187 Show Cable Diag Interfaces.................................................... 188Chapter 6 DHCP Snooping.................................................... 190 IPDHCPSnooping........................................................................191 IPDHCPSnoopingVLAN...........................................................193

IPDHCPSnoopingTrust.............................................................196 IP DHCP Snooping Verify......................................................198 IP DHCP Snooping Rate Limit......................................... 200 Clear IPDHCPSnoopingStatistics....................................202 Show IPDHCPSnooping....................................................... 204 Show IP DHCP Snooping Interface................................ 206 Show IP DHCP Snooping Binding..................................... 208 IPDHCPSnoopingOption..........................................................210 IPDHCPSnoopingOptionAction........................................212 IPDHCPSnoopingOptionCircut-ID....................................214 IPDHCPSnoopingOptionRemote-ID..............................216 Show IPDHCPSnoopingOption........................................218 IP DHCP Snooping Database............................................ 219 IP DHCP Snooping Database Write-Delay.................... 221 IP DHCP Snooping Database Timeout........................... 224 ClearIPDHCPSnoopingDatabaseStatistics.................226 Renew IP DHCP Snooping Database............................. 228 Show IP DHCP Snooping Database................................ 230Chapter 7 DOS...................................................................... 232 DOS.................................................................................................. 233 Show DOS.................................................................................. 238Chapter 8 Dynamic ARP Inspection.................................240 IPARPInspection.......................................................................241 IP ARP Inspection VLAN.................................................... 243 IP ARP Inspection Trust................................................... 245 IPARPInspectionValidate...................................................247 IPARP InspectionRateLimit..............................................248 Clear IP ARP Inspection Statistics............................... 251 Show IPARP Inspection........................................................253 Show IPARP Inspection Interface....................................254Chapter 9 IGMP Snooping..................................................256

4

IPIGMPSnooping.......................................................................257 IPIGMPSnoopingReport-Suppression..............................259 IPIGMPSnoopingVersion.......................................................261 IGMP Snooping Unknown Multicast Action................ 262 IPIGMPSnoopingForwardMethod....................................265 IPIGMPSnoopingQuerier.........................................................267 IPIGMPSnoopingVLAN...........................................................270 IPIGMPSnoopingVLANParameters..................................273 IPIGMPSnoopingStaticReport............................................277 IPIGMPSnoopingVLANStaticRouterPort.....................279 IPIGMPSnoopingStaticGroup............................................281 IPIGMPProfile.............................................................................284 IPIGMPFilter...............................................................................288 IPIGMPMax-Groups....................................................................291 ClearIPIGMPSnoopingGroups............................................294 Clear IGMP Snooping Statistics......................................... 296 ClearIPIGMPSnoopingCounters.......................................297 ShowIP IGMPSnoopingGroups.........................................298 ShowIPIGMPSnoopingRouter............................................300 ShowIPIGMPSnoopingQuerier.............................................302 ShowIPIGMPSnooping...........................................................303 ShowIPIGMPSnoopingVLAN...............................................305 ShowIPIGMPSnoopingForward-All....................................307 ShowIPIGMPProfile................................................................309 ShowIPIGMPSnoopingPortFilter....................................311 ShowIPIGMPSnoopingMax-Group..................................313 ShowIPIGMPSnoopingPortMax-GroupAction.........315Chapter 10 IP Source Guard.................................................317 IPSourceVerify............................................................................318 IPSourceBinding.........................................................................320 Show IP Source Interface.................................................... 322

Show IP Source Binding........................................................ 323Chapter 11 Link Aggregation..............................................325 Lag Load-Balance......................................................................326 LACP System-Priority.............................................................. 328 LACP Port Priority.................................................................... 325 LACPTimeout..............................................................................331 Lag................................................................................................... 333 Show LAG..................................................................................... 333Chapter 12 LLDP....................................................................337 LLDP......................................................................................338 LLDPTX-Interval........................................................................340 LLDPReInit-Delay......................................................................342 LLDP Holdtime-Multiplier...................................................... 344 LLDP TX-Delay........................................................................... 346 LLDP TLV-Select....................................................................... 348 LLDP TLV-Select PVID........................................................... 351 LLDPTLV-SelectVLANName...............................................354 LLDPLLDPU.................................................................................357 LLDP Rx/Tx................................................................................ 359 LLDP Med....................................................................................363 LLDPMedTLV-Select...............................................................366 LLDPMedFast-Start-Repeat-Count...................................369 LLDP Med Network-Policy................................................... 371 LLDPMedNetwork-PolicyAdd/Remove........................ 374 LLDPMed Network-Policy Auto........................................ 377 LLDP Med Location................................................................ 379 Show LLDP................................................................................... 382 Show LLDP Local Drive......................................................... 385 Show LLDPNeighbor.............................................................. 390 Show LLDP MED....................................................................... 395 Show LLDP Statistics............................................................. 399

5

Clear IPv6MLDSnoopingGroups......................................473 ClearIPv6MLDSnoopingStatistics...................................475 Show IPv6MLDSnooping Counters................................ 476 Show IPv6MLD SnoopingGroups.................................... 477 Show IPv6MLD Snooping Router.................................... 479 ShowIPv6MLDSnooping.....................................................481 Show IPv6MLDSnoopingVLAN....................................... 483 ShowIPv6MLDSnoopingVLANForward-All....................485 ShowIPv6MLDProfile............................................................487 ShowIPv6MLDPortFilter...................................................489 ShowIPv6MLDPortMax-Group........................................491 ShowIPv6MLDPortMax-GroupAction..............................493Chapter 17 Port Security.................................................495 Port-Security............................................................................496 Port-SecurityAddressLimit...................................................498 ShowPort-SecurityInterface...............................................502Chapter 18 Port Error Disable...........................................501 ERRdisableRecoveryCause...................................................502 ERRdisableRecovery Interval............................................. 505 Show ERRdisable Recovery................................................. 507Chapter 19 Port...................................................................509 Description....................................................................................510 Speed...............................................................................................512 Duplex.............................................................................................515 Flow-Control..................................................................................518 Shutdown......................................................................................520 Jumbo-Frame................................................................................522 Protected.......................................................................................524 EEE....................................................................................................526 Clear Interface............................................................................528 ShowInterface...........................................................................530

ShowLLDPTLV-Overloading................................................403Chapter 13 Logging.............................................................405 Logging..............................................................................406 Logging Flash/Buffered...........................................................409 LoggingHost................................................................................413 ShowLogging...............................................................................416 ShowLoggingFlash/Buffered..............................................418 Clear Logging Flash/Buffered............................................. 420Chapter 14 MAC Address Table.........................................422 ClearMACAddress-Table..........................................................423 MACAddress-TableAging-Time..........................................425 MACAddress-TableStatic........................................................427 MACAddress-TableDrop..........................................................429 ShowMACAddress-Table.......................................................431 ShowMACAddress-TableCounters...................................433 ShowMACAddress-TableAgingTime..............................434Chapter 15 Mirror.................................................................435 MirrorSession...............................................................................436 ShowMirror................................................................................. 439Chapter 16 MLD Snooping..................................................441 IPv6MLD Snooping...................................................................442 IPv6MLDSnoopingReport-Suppression........................445 IPv6 MLD Snooping Version............................................... 447 IPv6 MLD Snooping VLAN.................................................. 449 IPv6 MLD Snooping VLAN Parameters........................ 452 IPv6 MLD Snooping Static Port...................................... 456 IPv6MLDSnoopingVLANStaticRouterPort................458 IPv6MLDSnoopingStaticGroup...................................... 460 IPv6 MLD Profile...................................................................... 463 IPv6MLDFilter.......................................................................... 467 IPv6MLDMax-Groups..............................................................470

6

Chapter 20 QoS...................................................................533 QoS...........................................................................................534 QoSTrust(1).................................................................................536 QoS Map.........................................................................................539 QoSQueue.....................................................................................545 QoSCoS...........................................................................................548 QoSTrust (2) .............................................................................550 QoSRemark..................................................................................552 ShowQoS.......................................................................................554 ShowQoSMap............................................................................555 ShowQoSMapInterface........................................................558Chapter 21 Rate Limit........................................................559 Rate Limit......................................................................................560 VLANRateLimit.........................................................................563 Show Rate-Limit VLAN.......................................................... 565Chapter 22 RMON................................................................567 RMONEvent..................................................................................568 RMONAlarm................................................................................ 571 RMONHistory............................................................................. 575 Clear RMON Interface Statistics........................................ 578 Show RMON Interface Statistics.................................... 581 ShowRMONEvent...................................................................583 Show RMON Event Log......................................................... 585 Show RMON Alarm.................................................................. 587 Show RMON History............................................................... 589 Show RMON Statistics.......................................................... 591Chapter 23 SNMP.................................................................594 SNMP...............................................................................................595 SNMPTrap......................................................................................597 SNMPView.....................................................................................599 SNMP Access Group..................................................................601

SNMPCommunity........................................................................603 SNMPUser.....................................................................................605 SNMP EngineID............................................................................607 SNMPHost.....................................................................................609 Show SNMP...................................................................................612 ShowSNMPTrap.........................................................................613 ShowSNMPView.......................................................................614 ShowSNMPGroup......................................................................615 ShowSNMPCommunity..........................................................616 Show SNMP Host.......................................................................617 ShowSNMPUser........................................................................618 ShowSNMPEngineID................................................................619Chapter 24 Storm Control...................................................620 Storm-ControlUnit......................................................................621 Storm-ControlIFG........................................................................623 Storm-Control...........................................................................625 Storm-Control Action................................................................628 ShowStorm-Control...................................................................630Chapter 25 Spanning Tree..................................................632 Spanning-Tree..............................................................................633 Spanning-TreeBPDU.................................................................635 Spanning-TreeMode..................................................................637 Spanning-TreePriority..............................................................640 Spanning-TreeHello-Time.......................................................642 Spanning-TreeMax-Hops.......................................................645. Spanning-TreeForward-Delay................................................647 Spanning-TreeMaximum-Age................................................650 Spanning-TreeTXHold-Count...............................................653 Spanning-TreePathcostMethod.........................................658 Spanning-Tree Port-Priority...................................................661 Spanning-Tree Cost...................................................................661

7

Spanning-Tree Edge..................................................................664 Spanning-Tree BPDU-Filter....................................................667 Spanning-Tree BPDU-Guard...................................................670 Spanning-Tree Link-Type........................................................673 Spanning-TreeMSTConfiguration......................................676 Spanning-TreeMSTPriority...................................................679 Spanning-TreeMSTCost.........................................................682 Spanning-Tree Port-Priority...................................................685Chapter 26 System File......................................................688 BootSystem..................................................................................689 Save.................................................................................................691 Copy.................................................................................................693 Delete............................................................................................. 697 Restore-Defaults...................................................................... 700 ShowConfig.................................................................................701 ShowFlash...................................................................................704Chapter 27 Time...................................................................706 ClockSet.........................................................................................707 ClockTimezone...........................................................................709 ClockSource.................................................................................712 ClockSummer-Time..................................................................714 ShowClock....................................................................................717 SNTP................................................................................................720 ShowSNTP.................................................................................. 722Chapter 28 VLAN..................................................................724 VLAN............................................................................725 VLAN Name................................................................................. 727 SwitchportMode....................................................................... 729 SwitchportHybrid PVID......................................................... 732 SwitchportHybridIngress-FilteringDisable..................735 SwitchportHybridAcceptable-Frame-Type....................738

Switchport Hybrid AllowedVLANAdd........................... 741 SwitchportHybridAllowedVLANRemove...................744 SwitchportAccessVLAN.........................................................747 Switchport Tunnel VLAN...................................................... 750 Switchport Trunk Native VLAN........................................ 753 Switchport Trunk Allowed VLAN.................................... 756 SwitchportDefault-VLANTagged.......................................759 SwitchportForbiddenDefault-VLAN................................762 Switchport Forbidden VLAN................................................ 765 ManagementVLAN....................................................................768 ShowManagementVLAN......................................................770 MAC VLAN MAC........................................................................ 771 MAC VLAN Enable.................................................................... 773 Show VLAN MAC-VLAN......................................................... 775 ShowMACVLAN-Interfaces.................................................777 Protocol-VLAN Group............................................................ 779 Protocol VLAN Binding........................................................ 781 Show Protocol VLAN Group................................................ 784 Show Protocol VLAN Interfaces...................................... 786Chapter 29 Voice VLAN.......................................................788 VoiceVLANState.......................................................................789 Voice VLAN ID........................................................................... 791 Voice VLAN VPT..................................................................... 793 Voice VLAN DSCP................................................................... 795 Voice VLAN OUI-Table....................................................... 797 Voice VLAN CoS........................................................................ 800 Voice VLAN Aging-Time........................................................ 802 Voice VLAN CoS Mode...................................................... 804 Voice VLAN Enable................................................................. 807 Show Voice VLAN................................................................... 810

8

Introduction

OverviewThe CLI is divided into variousmodes. Eachmode has agroupofcommandsavailableinit.

Usersareassignedprivilegelevels.EachprivilegelevelcanaccesstheCLImodespermittedtothatlevel.Userprivilegelevels are described in the section below.

User (Privilege) LevelsUsersmaybecreatedwithoneofthefollowinguserlevels:

•Level1—Userswiththis levelcanonlyrunUserEXECmode commands. Users at this level cannot access the web GUI.

•Level7—UserswiththislevelcanruncommandsintheUserEXECmodeandasubsetofcommandsinthePrivilegedEXEC mode. Users at this level cannot access the web GUI.

•Level15—Userswiththis levelcanrunallcommands.OnlyusersatthislevelcanaccessthewebGUI.

A system administrator (user with level 15) can createpasswords that allow a lower level user to temporarilybecomeahigherleveluser.Forexample,theusermaygofromlevel1tolevel7,level1to15,orlevel7tolevel15.

CLI Command ModesThe Command Line Interface (CLI) is divided into fourcommand modes. The command modes are (in the order in whichtheyareaccessed):

•UserEXECmode

•PrivilegedEXECmode

•GlobalConfigurationmode

•InterfaceConfigurationmode

Eachcommandmodehas itsownuniqueconsolepromptandsetofCLIcommands.Enteringaquestionmarkattheconsolepromptdisplaysa listofavailablecommandsforthe currentmode and for the level of the user. Specificcommandsareusedtoswitchfromonemodetoanother.Users are assigned privilege levels that determine themodes and commands available to them.

9

User EXEC ModeUsers with level 1 initially log into User EXEC mode. User EXEC mode is used for tasks that do not change theconfiguration, such as performing basic tests and listingsystem information.

Theuser-levelprompt(defaulthostname)istheswitch’smodel name followed by a #. Eg.

EGS7228P#

ThedefaulthostnamecanbechangedviathehostnamecommandinGlobalConfigurationmode.

Privileged EXEC ModeAuserwithlevel7or15automaticallylogsintoPrivilegedEXEC mode. Users with level 1 can enter Privileged Exec modebyenteringtheenablecommandandwhenprompted,thepasswordforlevel15.

ToreturnfromthePrivilegedEXECmodetotheUserEXECmode,usethedisablecommand.

Global Configuration ModeTheGlobalConfigurationmode isusedto runcommandsthatconfigurefeaturesatthesystemlevel,asopposedtotheinterfacelevel.Onlyuserswithcommandlevelof7or15canaccess thismode.ToaccessGlobalConfigurationmode from Privileged EXEC mode, enter the configurecommandatthePrivilegedEXECmodepromptandpressEnter.TheGlobalConfigurationmodeprompt,consistingofthedevicehostnamefollowedby(config)#,isdisplayed:

EGS7228P(config)#

UseanyofthefollowingcommandstoreturnfromGlobalConfigurationmodetothePrivilegedEXECmode:

•exit

•end

•Ctrl+Z

10

Interface or Line Configuration ModesVarioussubmodesmaybeenteredfromGlobalConfigurationmode.Thesesubmodesenableperformingcommandsonagroupofinterfacesorlines.Forinstancetoperformseveraloperations on a specific port or range of ports, you canentertheInterfaceConfigurationmodeforthatinterface.

Thefollowingsubmodesareavailable:

•Interface—Containscommandsthatconfigureaspecificinterface (port, VLAN, port channel, or tunnel) or rangeof interfaces. The Global Configuration mode commandinterface is used to enter the Interface Configurationmode.TheinterfaceGlobalConfigurationcommandisusedto enter this mode.

•LineInterface—Containscommandsusedtoconfigurethemanagementconnectionsfortheconsole,TelnetandSSH.Theseincludecommandssuchaslinetimeoutsettings,etc.ThelineGlobalConfigurationcommandisusedtoentertheLineConfigurationcommandmode.

•VLANDatabase—ContainscommandsusedtoconfigureaVLANasawhole.ThevlandatabaseGlobalConfigurationmode command is used to enter the VLAN Database

InterfaceConfigurationmode.

•ManagementAccessList—Containscommandsusedtodefinemanagementaccess-lists.Themanagementaccess-listGlobalConfigurationmodecommandisusedtoentertheManagementAccessListConfigurationmode.

•PortChannel—Containscommandsusedtoconfigureport-channels; forexample,assigningports toaport-channel.Most of these commands are the same as the commands in theEthernetinterfacemode,andareusedtomanagethememberportsasasingleentity.Theinterfaceport-channelGlobalConfigurationmodecommandisusedtoenterthePortChannelInterfaceConfigurationmode.

•QoS—Containscommandsrelatedtoservicedefinitions.The qos Global Configurationmode command is used toentertheQoSservicesconfigurationmode.

•MACAccess-List—ConfiguresconditionsrequiredtoallowtrafficbasedonMACaddresses.Themacaccess-listGlobalConfigurationmode command is used to enter theMACaccess-listconfigurationmode.

To return from any Interface Configurationmode to theGlobalConfigurationmode,usetheexitcommand.

11

Accessing the CLITheSwitch’sserialport’sdefaultsettingsareasfollows:

•115200baud

•noparity

•8databits

•1stopbit

AcomputerrunningaterminalemulationprogramcapableofemulatingaVT-100terminalandaserialportconfiguredasabovearethenconnectedtotheSwitch’sConsoleport.Withtheserialportproperlyconnectedtoamanagementcomputer,presstheEnterkeyandentertheusernameandpassword.

ShortcutsThistableidentifiessomeshortcutsintheCLI.

Key(s) Description(up/downarrowkeys)

Scrollsthroughthelistofrecently-usedcommands.Youcaneditanycommandorpress[ENTER]torunitagain.

[TAB] Auto-completesthekeywordyouaretypingifpossible.Forexample,typeconfig,andpress[TAB].TheSwitchfinishesthewordconfigure.

[CTRL]+A Movesthecursortothebeginningof the command line.

[CTRL]+E Movesthecursortotheendofthecommand line.

[CTRL]+U Clearsthecurrentcommand.[CTRL]+Z/End ReturnsbacktothePrivilegedEXEC

modefromanyconfigurationmode.

12

Chapter 1802.1X

13

dot1x

Syntax

dot1x

no dot1x

Parameter

None

Default

Defaultisdisabled

Usage

The“dot1x”commandenablestheglobalsettingsofIEEE802.1Xport-basednetworkaccesscontrol.Onlywhenitisenabled,cantheport-basedsettingwork.

Use the no form of this command to disable.

Example

Thefollowingexampleshowshowtoenable802.1Xaccesscontrolonport1:

Switch(config)#

dot1x

switch(config)#interfacefa1

14

switch(config-if)#

dot1xauto

switch(config-if)#

exit

switch(config)#

show dot1x

802.1xprotocolis:Enabled

802.1xprotocolversion:2

switch(config)#

show dot1x interfaces fa1

Port|Mode|CurrentState|ReauthControl|ReauthPeriod

fa1Authentication|Initialize|Enabled|3600

QuietPeriod:60Second

Supplicanttimeout:30Second

Maxreq:2

SessionTime(HH:MM:SS):0:0:0:0

15

Syntax

dot1x(auto|force-auth|force-unauth)

no dot1x

Parameter

auto Portcontrolwilldependsontheoutcomeofauthentication.force-auth Forcethisporttobeunconditionalauthorized.force-unauth Forcethisporttobeunconditionalunauthorized

Default

Defaultisdisabled.

Mode

InterfaceConfiguration

Usage

The“dot1x”commandenablestheglobalsettingsofIEEE802.1Xport-basednetworkaccesscontrol.Onlywhenitisenabledcantheport-basedsettingwork.Usethenoformofthiscommandtodisableit.

Example

Thefollowingexampleshowshowtoenable802.1Xaccesscontrolonport1:

Switch(config)#

dot1x

16

switch(config)#

interface fa1

switch(config-if)#

dot1xauto

switch(config-if)#

exit

switch(config)#

show dot1x



switch(config)#






Maxreq:2


17

dot1x Reauthentication

Syntax

dot1xreauth

nodot1xreauth

Parameter

None

Default

Defaultisdisabled

Mode


Usage

Usethe“dot1xreauth”commandtoenable802.1Xperiodicalreauthenticationfunctiononport.Usethenoformofthiscommandtodisablethisfunction.

‘Example

Thefollowingexampleshowshowtoenable802.1Xaccesscontrolonport1.

switch(config)#i

nterface fa1

18

switch(config-if)#

dot1xreauth

switch(config-if)#

exit

switch(config)#

show dot1x



switch(config)#






Maxreq:2


19

dot1x Timeout Reauth-Period

Syntax

dot1xtimeoutreauth-period<30-65535>

nodot1xtimeoutreauth-period

Parameter

<30-65535>Specifythere-authenticationperiod.

Default

3600seconds

Mode


Usage

Usethe “dot1xtimeout reauth-period”commandtoconfigurethe re-authenticationperiod.Usethenoformof thiscommandtorestoretheperiodtodefaultvalue.

Example

Theexampleshowshowtoconfigurere-authenticationperiodto300sec.onport1

switch(config)#

interface fa1

20

switch(config-if)#

dot1xtimeoutreauth-period300

switch(config-if)#

exit

switch(config)#






Maxreq:2


21

dot1x Timeout Quiet-Period

Syntax

dot1xtimeoutquiet-period<0-65535>

nodot1xtimeoutquiet-period

Parameter

<0-65535>Specifythequietperiod

Default

60seconds

Mode


Usage

Usethe“dot1xtimeoutquiet-period”commandtoconfigurethequietperiod.Usethenoformofthiscommandtorestoretheperiodtoitsdefaultvalue.

Example

Theexampleshowshowtoconfigurequietperiodto300sec.onport1.

switch(config)#

interface fa1

22

switch(config-if)#

dot1xtimeoutquiet-period300

switch(config-if)#

exit

switch(config)#






Maxreq:2


23

dot1x Timeout Supp-Timeout

Syntax

dot1xtimeoutsupp-timeout<1-65535>

nodot1xtimeoutquiet-period

Parameter

<1-65535>Specifythesupplicantperiod.

Default

30seconds

Mode


Usage

Usethe“dot1xtimeoutsupp-timeout”commandtoconfigurethesupplicantperiod.Usethenoformofthiscommandtorestoretheperiodtodefaultvalue

Example

Theexampleshowshowtoconfiguresupplicantperiodto300sec.onport1.

switch(config)#

interface fa1

24

switch(config-if)#

dot1xtimeoutsupp-timeout300

switch(config-if)#

exit

switch(config)#






Maxreq:2


25

dot1x Timeout Max-Req

Syntax

dot1xmax-req<1-10>

nodot1xmax-req

Parameter

<1-10>Specifythemaximumrequestretries.

Default

2 times

Mode


Usage

Usethe“dot1xtimeoutsupp-timeout”commandtoconfigurethesupplicantperiod.Usethenoformofthiscommandtorestoretheperiodtoitsdefaultvalue.

Example

Theexampleshowshowtoconfiguremaximumrequestretriesto4timesonport1.

switch(config)#

interface fa1

26

switch(config-if)#

dot1xmax-req4

switch(config-if)#

exit

switch(config)#






Maxreq:4


27

dot1x Guest VLAN

Syntax

dot1xguest-vlan<1-4094>

nodot1xguest-vlan

Parameter

<1-4094>SpecifyVLANIDtoenable802.1Xguestvlan

Default

Defaultisdisabled

Mode

GlobalConfiguration

Usage

Usethedot1xguest-vlancommandtogloballyenabletheguestVLANfunction.UsethenoformofthiscommandtodisabletheguestVLANfunction.ForaporttobecomeamemberofthyeguestVLANafteranauthenticationfailure,youshouldalsoenableguestVLANonthatport.

Example

TheexampleshowshowtoconfigureVLAN2asguestVLANandenableguestVLANonport1.

switch(config)#

dot1xguest-vlan2

29

Show dot1x

Syntax

show dot1x

Parameter

Default

Nodefaultvalueforthiscommand.

Mode

Privileged EXEC

Usage

Use“showdot1x”commandtoshowdot1xenablingstatus.

Example

Thisexampleshowshowtoshowthedot1xenablingstatus.

Switch#

show dot1x

802.1xprotocolis:Disabled


30

Show dot1x Authentication-Hosts

Syntax

showdot1xauth-hosts

Parameter

None

Default


Mode

Privileged EXEC

Usage

Use“showdot1xauth-hosts”commandtoshowalldot1xauthorizedhosts.

Example

Thisexampleshowshowtoshowthedot1xauthorizedhosts.

Switch#

showdot1xauth-hosts

UserName|Port|SessionTime|

AuthenticationMethod|MACAddress

31

8389_1|FE3|0:0:0:20|

Remote|00:16:E6:D5:5C:19

32

Show dot1x Interface

Syntax

showdot1xinterfaceIF_PORTS

Parameter

IF_PORTSSelectporttoshowdot1xconfigurations.

Default


Mode

Privileged EXEC

Usage

Use“showdot1xinterfaces”commandtoshowdot1xinformationofthespecifiedport.

Example

Thisexampleshowshowtoshowdot1xconfigurationsoninterfacefa1.

Switch#



fa1|802.1XDisabled|-|Enabled|

33

3600



Maxreq:2


34

Show dot1x Guest VLAN

Syntax

showdot1xguest-vlan

Parameter

None

Default


Mode

Privileged EXEC

Usage

Use“showdot1xguest-vlan”commandtoshowdot1xguest-vlanstatus.

Example

Thisexampleshowshowtoshowthedot1xguest-vlanstatus.

Switch#:showdot1xguest-vlan

GuestVLANID:2

35

Thisexampleshowshowtoshowthedot1xguest-vlanstatus.

Switch#

showdot1xguest-vlan

GuestVLANID:2

Port|GuestVLAN|InGuestVLAN

fa1|Enabled|No

fa2|Disabled|---

fa3|Disabled|---

fa4|Disabled|---

fa5|Disabled|---

fa6|Disabled|---

fa7|Disabled|---

fa8|Disabled|---

fa9|Disabled|---

fa10|Disabled|---

fa11|Disabled|---

fa12|Disabled|---

fa13|Disabled|---

fa14|Disabled|---

36

fa15|Disabled|---

fa16|Disabled|---

fa17|Disabled|---

fa18|Disabled|---

fa19|Disabled|---

fa20|Disabled|---

fa21|Disabled|---

fa22|Disabled|---

fa23|Disabled|---

fa24|Disabled|---

gi1|Disabled|---

gi2|Disabled|---

gi3|Disabled|---

gi4|Disabled|---

37

Chapter 2AAA

38

AAA Authentication

Syntax

aaaauthentication(login|enable)(default|LISTNAME)METHODLIST[METHODLIST][METHODLIST][METHODLIST]

noaaaauthentication(login|enable)LISTNAME

Parameter

login Add/Editloginauthenticationlistenable Add/Editenableauthenticationlistdefault EditdefaultauthenticationlistLISTNAME SpecifythelistnameforauthenticationtypeMETHODLIST Specifytheauthenticatemethod,includingnone,local,enable,tacacs+,radius.

Default

Defaultauthenticationlistnamefortypeloginis“default”anddefaultmethodis“local”.

Defaultauthenticationlistnamefortypeenableis“default”anddefaultmethodis“enable”

Mode

GlobalConfiguration

Usage

Loginauthenticationisusedwhenusertrytologinintotheswitch.SuchasCLIlogindialogandWEBUIloginwebpage.EnableauthenticationisusedonlyonCLIforusertryingtoswitchfromUserEXECmodetoPrivilegedEXECmode.Bothofthemsupportfollowingauthenticatemethods.

39

Local:Uselocaluseraccountdatabasetoauthenticate.(Thismethodisnotsupportedforenableauthentication)

Enable:Uselocalenablepassworddatabasetoauthenticate.

Tacacs+:UseremoteTacas+servertoauthenticate.

Radius:UseremoteRadiusservertoauthenticate.

None:Donothingandjustmakeusertobeauthenticated.

Eachlistallowsyoutocombinethesemethodswithdifferentorders.Forexample,IfyouwanttoauthenticatealoginuserwiththeremoteTacacs+server,butservermayhavecrashed,you’llneedabackupplan,suchasanotherRadiusserver.YoucanconfigurethelistwiththeTacacs+serverasthefirstauthenticationmethodandtheRadiusserverasasecondone.Usethenoformtodeletetheexistinglist.However,the“default”listisnotallowedtoberemoved.

Example

Thisexampleshowshowtoaddaloginauthenticationlisttoauthenticatewithordertacacs+,radius,local.

Switch(config)#

aaaauthenticationlogintest1

tacacs+radiuslocal

Thisexampleshowshowtoshowexistingloginauthenticationlists

Switch#

showaaaauthenticationloginlists

LoginListName|AuthenticationMethodList

default|local

test1|tacacs+radiuslocal

40

Thisexampleshowshowtoaddanenableauthenticationlisttoauthenticate

withordertacacs+,radius,enable.

Switch(config)#

aaaauthenticationenabletest1

tacacs+radiusenable

Thisexampleshowshowtoshowexistingenableauthenticationlists

Switch#


EnableListName|AuthenticationMethodList

default|enable

test2|tacacs+radiusenable

41

Login Authentication

Syntax

loginauthenticationLISTNAME

nologinauthentication

Parameter

LISTNAMESpecifytheloginauthenticationlistnametouse.

Default

Defaultloginauthenticationlistforeachlineis“default”.

Mode

LineConfiguration

Usage

Differentaccessmethodsareallowedtobinddifferentloginauthenticationlists.Use“loginauthentication”commandtobindthelisttospecificline(console,telnet,ssh).

Usenoformtobindthe“default”listback.

Example

Thisexampleshowshowtocreateanewloginauthenticationlistandbindtotelnetline.

Switch(config)#


44

IP http Login Authentication

Syntax

ip(http|https)loginauthenticationLISTNAME

noip(http|https)loginauthentication

http BindloginauthenticationlisttouseraccessWEBUIwithhttpprotocol.https BindloginauthenticationlisttouseraccessWEBUIwithhttpsprotocol.LISTNAME Specifytheloginauthenticationlistnametouse.

Default

Defaultloginauthenticationlistforeachlineis“default”.Mode

Mode

GlobalConfiguration

Usage

Different access methods are allowed to bind different login authentication lists. Use the “ip (http | https) loginauthentication”commandtobindthelisttoWEBUIaccessfromhttporhttps.Usenoformtobindthe“default”listback.

Example

Thisexampleshowshowtocreatetwonewloginauthenticationlistsandbindtohttpandhttps.

45

Thisexampleshowshowtocreatetwonewloginauthenticationlistsandbind

tohttpandhttps.

Switch(config)#


tacacs+radiuslocal

Switch(config)#


radiuslocal

Switch(config)#

iphttploginauthenticationtest1

Switch(config)#

iphttpsloginauthenticationtest2


Switch#

show line lists



|enable|default

|exec|default

47

Enable Authentication

Syntax

enableauthenticationLISTNAME

noenableauthentication

Parameter

LISTNAMESpecifytheenableauthenticationlistnametouse.

Default

Defaultenableauthenticationlistforeachlineis“default”.

Mode

LineConfiguration

Usage

Different accessmethods are allowed to bind different enable authentication lists. Use the “enable authentication”commandtobindthelisttospecificline(console,telnet,ssh).Usenoformtobindthe“default”listback.

Example

Thisexampleshowshowtocreateanewenableauthenticationlistandbindittothetelnetline.

Switch(config)#

aaaauthenticationenabletest1

tacacs+radiusenable

50

Show AAA Authentication

Syntax

showaaaauthentication(login|enable)lists

Parameter

login Showloginauthenticationlistenable Showenableauthenticationlist

Default

Nodefaultvalueforthiscommand

Mode

Privileged EXEC

Usage

Use“showaaaauthentication”commandtoshowloginauthenticationorenableauthenticationmethodlists.

Example

Thisexampleshowshowtoshowexistingloginauthenticationlists.

Switch#


52

Show Line Lists

Syntax

Show line lists

Parameter

Default


Mode

Privileged EXEC

Usage

Usethe“showlinelists”commandtoshowallofthelines’bindinglistofallauthentication,authorization,andaccountingfunctions.

Example


Switch#

show line lists

54

tacacs Default-Config

Syntax

tacacsdefault-config[keyTACACSKEY][timeout<1-30>]

Parameter

Key TACACSKEYSpecifydefaulttacacs+serverkeystringTimeout <1-30>Specifydefaulttacacs+servertimeoutvalue

Default

Defaulttacacs+keyis“”.

Defaulttacacs+timeoutis5seconds.

Mode

GlobalConfiguration

Usage

Usethe“tacacsdefault-config”commandtomodifythedefaultvaluesofthetacacs+server.Thesedefaultvalueswillbeusedwhenausertriestocreateanewtacacs+serveranddoesn’tassignthesevalues.

Example

Thisexampleshowshowmodifydefaulttacacs+configuration

55

Thisexampleshowshowmodifydefaulttacacs+configuration

Switch(config)#

tacacsdefault-configtimeout20

Switch(config)#

tacacsdefault-configkeytackey

Thisexampleshowshowtoshowdefaulttacacs+configurations.

Switch#

showtacacsdefault-config

Timeout|Key

10|tackey

Thisexampleshowshowtocreateanewtacacs+serverwithabovedefault

configandshowresults.

Switch(config)#

tacacshost192.168.1.111

Switch#

show tacacs

Prio|Timeout|IPAddress|Port|

Key

56

1|10|192.168.1.111|49|

tackey

57

tacacs Host

Syntax

tacacshostHOSTNAME[port<0-65535>][keyTACPLUSKEY][priority<0-65535>][timeout<1-30>]

notacacs[hostHOSTNAME]

Parameter

Host HOSTNAMESpecifytacacs+serverhostname,bothIPaddressanddomainnameareavailable.Port<0-65535> Specifytacacs+serverudpportKey TACPLUSKEYSpecifytacacs+serverkeystringPriority<0-65535> Specifytacacs+serverpriority

Timeout <1-30> Specifytacacs+servertimeoutvalue

Default

Defaulttacacs+keyis“”.

Defaulttacacs+timeoutis5seconds

Mode

GlobalConfiguration

Usage

Use“tacacshost”commandtoaddoredittacacs+serverforauthentication,authorizationoraccounting.Usenoformtodeleteoneoralltacacs+serversfromdatabase.

58

Example

Thisexampleshowshowtocreateanewtacacs+server

Switch(config)#

tacacshost192.168.1.111port12345

keytacacs+priority100timeout10

Thisexampleshowshowtoshowexistingtacacs+server.

Switch#

show tacacs

Prio|Timeout|IPAddress|Port|Key

100|10|192.168.1.111|12345|

tacacs+

59

Show tacacs Default-Config

Syntax


Parameter

None

Default


Mode

Privileged EXEC

Usage

Use“showtacacsdefault-config”commandtoshowtacacs+defaultconfigurations.

Example

Thisexampleshowshowtoshowdefaulttacacs+configurations.

Switch#


Timeout|Key

10|tackey

60

Show tacacs

Syntax

Show tacacs

Parameter

None

Default


Mode

Privileged EXEC

Usage

Use“showtacacs”commandtoshowexistingtacacs+servers.

Example

Thisexampleshowshowtoshowexistingtacacs+server.

Switch#

show tacacs

Prio|Timeout|IPAddress|Port|Key

100|10|192.168.1.111|12345|tacacs+

61

Radius Default-Config

Syntax

radiusdefault-config[keyRADIUSKEY][retransmit<1-10>][timeout<1-30>]

Parameter

Key RADIUSKEYSpecifydefaultradiusserverkeystringRetransmit <1-10>SpecifydefaultradiusserverretransmitvalueTimeout <1-30>Specifydefaultradiusservertimeoutvalue

Default

Defaultradiuskeyis“”.

Defaultradiusretransmitis3times.

Defaultradiustimeoutis3seconds.

Mode

GlobalConfiguration

Usage

Usethe“radiusdefault-config”commandtomodifythedefaultvaluesoftheradiusserver.Thesedefaultvalueswillbeusedwhenausertriestocreateanewradiusserverandisn’tassignedthesevalues.

62

Example

Thisexampleshowshowmodifydefaultradiusconfiguration

Switch(config)#

radiusdefault-configtimeout20

Switch(config)#

radiusdefault-configkeyradiuskey

Switch(config)#

radiusdefault-configretransmit5

Thisexampleshowshowtoshowdefaultradiusconfigurations.

Switch#

showradiusdefault-config

Retries|Timeout|Key

5|20|radiuskey

Thisexampleshowshowtocreateanewradiusserverwithabovedefault

configandshowresults.

Switch(config)#

radiushost192.168.1.111

Switch#

showradius

63

Prio|IPAddress|Auth-Port|Retries|

Timeout|Usage-Type|Key

1|192.168.1.111|1812|5|

20|All|radiuskey

64

Radius Host

Syntax

radiushostHOSTNAME[auth-port<0-65535>][keyRADIUSKEY][priority<0-65535>][retransmit<1-10>][timeout<1-30>][type(login|802.1x|all)]

noradius[hostHOSTNAME]

Parameter

Host HOSTNAMESpecifyradiusserverhostname,bothIPaddressanddomainnameareavailable.Auth-port <0- 65535> SpecifyradiusserverudpportKey RADIUSKEY Specifyradiusserverkeystringpriority <0-65535> Specifyradiusserverpriority

Retransmit <1-10> Specifyradiusserverretransmittimes Timeout <1-30> SpecifyradiusservertimeoutvalueType

Login

802.1X

All

Usagetypeofthisserver

Use for login

Usefor802.1Xauthentication

Useforbothloginand802.1Xauthentication

Default

Defaultradiuskeyis“”.

Defaultradiustimeoutis3seconds.

65

Mode

GlobalConfiguration

Usage

Use“radiushost”commandtoaddoreditanexistingradiusserver.Usenoformtodeleteoneorallradiusserversfromdatabase.

Example

Thisexampleshowshowtocreateanewradiusserver

Switch(config)#

radiushost192.168.1.111auth-port12345keyradiuskeypriority100retransmit5timeout10typeall

Thisexampleshowshowtoshowexistingradiusserver.

Switch#

showradius



100|192.168.1.111|12345|5|10

|All|radiuskey

66

Show Radius Default-Config

Syntax


Parameter

None

Default


Mode

Privileged EXEC

Usage

Usethe“showradiusdefault-config”commandtoshowradiusdefaultconfigurations.

Example

Thisexampleshowshowtoshowdefaultradiusconfigurations.

Switch#


Retries|Timeout|Key

5|20|radiuskey

67

Show Radius

Syntax

Showradius

Parameter

None

Default


Mode

Privileged EXEC

Usage

Use“showradius”commandtoshowexistingradiusservers.

Example

Thisexampleshowshowtoshowexistingradiusserver.

Switch#

showradius



68

100|192.168.1.111|12345|5|10

|All|radiuskey

69

Chapter 3ACL

70

MAC ACL

Syntax

macaclNAME

nomacaclNAME

Parameter

NAMESpecifythenameofMACACL

Default

Nodefaultisdefined

Mode

GlobalConfiguration

Usage

UsethemacaclcommandtocreateaMACaccesslistandtoentermac-aclconfigurationmode.ThenameoftheACLmustbeuniqueandcannothavesamenameasanotherACLorQoSpolicy.OnceanACLiscreated,animplicit“denyany”ACEiscreatedattheendoftheACL.Thatis,iftherearenomatches,thepacketsaredenied.Usethenoformofthiscommandto delete it.

Example

Theexampleshowshowtocreateaipacl.Youcanverifysettingsbythefollowingshowaclcommands:

71

Switch334455(config)#

mac acl test

Switch334455(mac-al)#

show acl

MAC access list test

72

Permit (MAC)

Syntax

[sequence<1-2147483647>]permit(A:B:C:D:E:F/A:B:C:D:E:F|any)(A:B:C:D:E:F/A:B:C:D:E:F|any)[vlan<1-4094>][cos<0-7><0-7>]

[ethtype<1501-65535>]

nosequence<1-2147483647>

Parameter

<1-2147483647> (Optional)SpecifysequenceindexofACE,thesequenceindexrepresentthepriorityof an ACE in ACL.

(A:B:C:D:E:F/A:B:C:D:E:F|any) SpecifythesourceMACaddressandmaskofpacketoranyMACaddress.(A:B:C:D:E:F/A:B:C:D:E:F|any) SpecifythedestinationMACaddressandmaskofpacketoranyMACaddress[vlan <1-4094>] (Optional)SpecifythevlanIDofpacket.

[cos <0-7> <0-7>] (Optional)SpecifytheClassofServicevalueandmaskofpacket.[ethtype <1501-65535>] (Optional)SpecifyEthernetprotocolnumberofpacket

Default

Nodefaultisdefined.

Mode

MACACLConfiguration

Usage

73

Usage

UsethepermitcommandtoaddpermitconditionsforamacACEthatbypassthosepacketsthathittheACE.The“sequence”alsorepresentsthehitprioritywhenanACLbindstoaninterface.AnACEthatdoesn’tspecifya“sequence”indexwouldassignasequenceindexwhichisthelargestexistedindexplus20.IfthepacketcontentcanmatchmorethanoneACE,thelowestsequenceACEishit.AnACEcannotbeaddedifithasthesameconditionsasexistingACE.

Example

TheexampleshowshowtoaddanACEthatpermitpacketswiththesourceMACaddress22:33:44:55:66:77,VLAN3,andtheEthernettype1999.Youcanverifysettingsbythefollowingshowaclcommand.


mac acl test


sequence999permit

22:33:44:55:66:77/FF:FF:FF:FF:FF:FFanyvlan3ethtype1999


show acl


sequence999permit22:33:44:55:66:77/FF:FF:FF:FF:FF:FFanyvlan3ethtype1999

74

Deny (MAC)

Syntax

[sequence<1-2147483647>]deny(A:B:C:D:E:F/A:B:C:D:E:F|any)(A:B:C:D:E:F/A:B:C:D:E:F|any)[vlan<1-4094>][cos<0-7><0-7>]

[ethtype<1501-65535>][shutdown]


Parameter

<1-2147483647> (Optional)SpecifysequenceindexofACE,thesequenceindexrepresentthepriorityof an ACE in ACL.

(A:B:C:D:E:F/A:B:C:D:E:F|any) SpecifythesourceMACaddressandmaskofpacketoranyMACaddress.(A:B:C:D:E:F/A:B:C:D:E:F|any) SpecifythedestinationMACaddressandmaskofpacketoranyMACaddress.[vlan <1-4094>] (Optional) SpecifythevlanIDofpacket.

[cos <0-7> <0-7>] (Optional)SpecifytheClassofServicevalueandmaskofpacket.[ethtype <1501-65535>] (Optional)SpecifyEthernetprotocolnumberofpacket.[shutdown] (Optional)ShutdowninterfacewhileACEhit.

Default

Nodefaultisdefined

Mode

MACACLConfiguration

75

Usage

UsethedenycommandtoadddenyconditionsforamacACEthatdropthosepacketshittheACE.The“sequence”alsorepresentshitprioritywhenACLbindtoaninterface.AnACEthatdoesnotspecifya“sequence”indexwouldassignasequenceindexwhichisthelargestexistedindexplus20.IfpacketcontentcanmatchmorethanoneACE,thelowestsequenceACEishit.AnACEcannotbeaddedifhasthesameconditionsasanexistingACE.Use“shutdown”toshutdownthe interface while ACE is hit.

Example

TheexampleshowshowtoaddanACEthatdeniespacketswithdestinationMACaddressaa:bb:cc:xx:xx:xxandVLAN9.Youcanverifysettingsbythefollowingshowaclcommand.


mac acl test


sequence30permitanyany

Switch334455(mac-al)#denyanyaa:bb:cc:00:0:00/FF:FF:FF:00:00:00vlan9shutdown


show acl


sequence30permitanyany

sequence50denyanyAA:BB:CC:00:00:00/FF:FF:FF:00:00:00vlan9shutdown

76

IP ACL

Syntax

IPaclNAME

noIPaclNAME

Parameter

NAMESpecifythenameofIPv4ACL

Default

Nodefaultisdefined

Mode

GlobalConfiguration

Usage

UsetheipaclcommandtocreateanIPv4accesslistandtoentertheip-aclconfigurationmode.ThenameoftheACLmustbeuniqueandcannnothavesamenamewithasanotherACLorQoSpolicy.OnceanACLiscreated,animplicit“denyany”ACEcreatedattheendoftheACL.Thatis,iftherearenomatches,thepacketsaredenied.Usethenoformofthiscommand to delete it.

77

Example

TheexampleshowshowtocreateanIPACL.Youcanverifysettingsbythefollowingshowaclcommand.


ipacliptest

Switch334455(ip-al)#

show acl

IPaccesslistiptest

79

Parameter

<1-2147483647> (Optional)SpecifysequenceindexofACE,thesequenceindexrepresentthepriorityofanACE in ACL.

(A.B.C.D/A.B.C.D|any) SpecifythesourceIPv4addressandmaskofpacketoranyIPv4address.(A.B.C.D/A.B.C.D|any) SpecifythedestinationIPv4addressandmaskofpacketoranyIPv4address.[dscp VALUE] (Optional)SpecifytheDSCPofpacket. [precedence VLAUE] (Optional)SpecifytheIPprecedenceofpacket.

icmp-type SpecifyICMPmessagetypeforfilteringICMPpacket.EnteratypenameoflistoranumberofICMPmessagetype.

icmp-code SpecifyICMPmessagecodeforfilteringICMPpacket.igmp-type SpecifyIGMPtypeforfilteringIGMPpacket.EnteratypenameoflistoranumberofIGMP

type.l4-source-port SpecifyTCP/UDPsourceportofforfilteringTCP/UDPpacket.Enteraportnameoflistora

numberofTCP/UDPport.l4-destination-port SpecifyTCP/UDPdestinationportofforfilteringTCP/UDPpacket.Enteraportnameoflist

oranumberofTCP/UDPport.match-all SpecifytcpflagforTCPpacket.Ifaflagshouldbesetitisprefixedby\”+\”.Ifaflagshould

beunsetitisprefixedby\”-\”.Availableoptionsare+urg,+ack,+psh,+rst,+syn,+fin,-urg,-ack,-psh,-rst,-synand-fin.Todefinemorethan1flag-enteradditionalflagsoneafteranotherwithoutaspace(example+syn-ack).

80

Default

Nodefaultisdefined.

Mode

IPACLConfiguration

Usage

UsethepermitcommandtoaddpermitconditionsforanIPACEthatbypassthosepacketshittheACE.The“sequence”alsorepresentshitprioritywhenACLbindtoaninterface.AnACEnotspecifies“sequence”indexwouldassignasequenceindexwhichisthelargestexistedindexplus20.IfpacketcontentcanmatchmorethanoneACE,thelowestsequenceACE is hit. An ACE can not be added if has the same conditions as existed ACE.

Example

Theexample showshow to adda set ofACEs. You canverify settingsby the following showacl command.ThiscommandshowshowtopermitasourceIPaddresssubnet.

ThiscommandshowshowtopermitasourceIPaddresssubnet.


permitip192.168.1.0/255.255.255.0

ThiscommandshowshowtopermitICMPecho-requestpacketwithanyIPaddress.


permiticmpanyanyecho-requestany

ThiscommandshowshowtopermitanyIPaddressHTTPpacketswithDSCP5.

81


permittcpanyanyanywwwdscp5

ThiscommandshowshowtopermitanysourceIPaddressSNMPpacketconnecttodestinationIPaddress192.168.1.1.


permitudpanyany192.168.1.1/255.255.255.255snmp


show acl

IPaccesslistiptest

sequence1permitip192.168.1.0/255.255.255.0any

sequence21permiticmpanyanyecho-requestany

sequence41permittcpanyanyanywwwdscp5

sequence61permitudpanyany192.168.1.1/255.255.255.255snmp

83

Parameter

<1-2147483647> (Optional)SpecifysequenceindexofACE,thesequenceindexrepresentthepriorityofanACE in ACL.

(A.B.C.D/A.B.C.D|any) SpecifythesourceIPv4addressandmaskofpacketoranyIPv4address.(A.B.C.D/A.B.C.D|any) SpecifythedestinationIPv4addressandmaskofpacketoranyIPv4address.[dscp VALUE] (Optional)SpecifytheDSCPofpacket.[precedence VLAUE] (Optional)SpecifytheIPprecedenceofpacket.




numberofTCP/UDPport.l4-destination-port SpecifyTCP/UDPdestinationportofforfilteringTCP/UDPpacket.Enteraportnameoflist

oranumberofTCP/UDPportmatch-all SpecifytcpflagforTCPpacket.Ifaflagshouldbesetitisprefixedby\”+\”.Ifaflagshouldbe

unsetitisprefixedby\”-\”.Availableoptionsare+urg,+ack,+psh,+rst,+syn,+fin,-urg,-ack,-psh,-rst,-synand-fin.Todefinemorethan1flag-enteradditionalflagsoneafteranotherwithoutaspace(example+syn-ack).

[shutdown] (Optional)ShutdowninterfacewhileACEhit

Default

Nodefaultisdefined.

84

Mode

IPACLConfiguration

Usage

UsethedenycommandtoadddenyconditionsforanIPACEthatdropthosepacketshittheACE.The“sequence”alsorepresentshitprioritywhenACLbindtoaninterface.AnACEnotspecifies“sequence”indexwouldassignasequenceindexwhichisthelargestexistedindexplus20.IfpacketcontentcanmatchmorethanoneACE,thelowestsequenceACEishit.AnACEcannotbeaddedifhasthesameconditionsasexistedACE.Use“shutdown”toshutdowninterfacewhile ACE hit.

Example

TheexampleshowshowtoaddanACEthatdeniespacketswiththesourceIPaddress192.168.1.80.Youcanverifysettings by the following show acl command.


ipacliptest


denyip192.168.1.80/255.255.255.255any


show acl

IPaccesslistiptest

sequence1denyip192.168.1.80/255.255.255.255any

85

IPv6 ACL

Syntax

ipv6aclNAME

noipv6aclNAME

Parameter

NAMESpecifythenameofIPv6ACL

Default

Nodefaultisdefined

Mode

GlobalConfiguration

Usage

Usetheipv6aclcommandtocreateanIPv6accesslistandtoenteripv6-aclconfigurationmode.ThenameofACLmustbeuniquethatcannothavesamenamewithotherACLorQoSpolicy.OnceanACLiscreated,animplicit“denyany”ACEcreatedattheendoftheACL.Thatis,iftherearenomatches,thepacketsaredenied.Usethenoformofthiscommandto delete.

Example

TheexampleshowshowtocreateanIPv6ACL.Youcanverifysettingsbythefollowingshowaclcommand

86


ipv6aclipv6test

Switch334455(ipv6-al)#

show acl

IPv6accesslistiptest

88

Parameter

<1-2147483647>(Optional) SpecifysequenceindexofACE,thesequenceindexrepresentthepriorityofanACEin ACL.

(A.B.C.D/A.B.C.D|any) SpecifythesourceIPv4addressandmaskofpacketoranyIPv4address.(A.B.C.D/A.B.C.D|any) SpecifythedestinationIPv4addressandmaskofpacketoranyIPv4address.[dscpVALUE](Optional) SpecifytheDSCPofpacket.[precedenceVLAUE](Optional)

SpecifytheIPprecedenceofpacket.


icmp-code SpecifyICMPmessagecodeforfilteringICMPpacket.igmp-type SpecifyIGMPtypeforfilteringIGMPpacket.Enteratypenameoflistoranumberof

IGMPtype.l4-source-port SpecifyTCP/UDPsourceportofforfilteringTCP/UDPpacket.Enteraportnameof

listoranumberofTCP/UDPportl4-destination-port SpecifyTCP/UDPdestinationportofforfilteringTCP/UDPpacket.Enteraportname

oflistoranumberofTCP/UDPport.match-all SpecifytcpflagforTCPpacket.Ifaflagshouldbesetitisprefixedby\”+\”.Ifaflag

shouldbeunsetitisprefixedby\”-\”.Availableoptionsare+urg,+ack,+psh,+rst,+syn,+fin,-urg,-ack,-psh,-rst,-synand-fin.Todefinemorethan1flag-enteradditionalflagsoneafteranotherwithoutaspace(example+syn-ack).

Default

Nodefaultisdefined.

89

Mode

IPACLConfiguration

Usage

UsethepermitcommandtoaddpermitconditionsforanIPACEthatbypassthosepacketsthathittheACE.The“sequence”alsorepresentshitprioritywhenACLsbindtoaninterface.AnACEnotspecifyinga“sequence”indexwouldassignasequenceindexwhichisthelargestexistingindexplus20.IfthepacketcontentcanmatchmorethanoneACE,thelowestsequenceACEishit.AnACEcan’tbeaddedifhasthesameconditionsasanexistingACE.

Example

TheexampleshowshowtoaddasetofACEs.Youcanverifysettingsbythefollowingshowaclcommand.

ThiscommandshowshowtopermitasourceIPaddresssubnet.


permitpermitipv6fe80:1122:3344:5566::1/64any


show acl

IPv6accesslistipv6test

sequence1permitipv6fe80:1122:3344:5566::1/64any

90

Deny IP

Syntax

[sequence<1-2147483647>]deny(<0-255>|ipinip|egp|igp|hmp|rdp|ipv6|ipv6:rout|ipv6:frag|rsvp|ipv6:icmp|ospf|pim|l2tp|ip)(A.B.C.D/A.B.C.D|any)(A.B.C.D/A.B.C.D|any)[(dscp|precedence)VALUE]][shutdown]

[sequence<1-2147483647>]denyicmp(A.B.C.D/A.B.C.D|any)(A.B.C.D/A.B.C.D|any)(<0-255>|echo-reply|destination-unreachable|source-quench|echo-request|router-advertisement|router-solicitation|time-exceeded|timestamp|timestamp-reply|traceroute|any)(<0-255>|any)[(dscp|precedence)VALUE][shutdown]

[sequence<1-2147483647>]denyigmp(A.B.C.D/A.B.C.D|any)(A.B.C.D/A.B.C.D|any)(<0-255>|host-query|host-report|dvmrp|pim|cisco-trace|host-report-v2|host-leave-v2|host-report-v3|any)[(dscp|precedence)VALUE][shutdown]

[sequence<1-2147483647>]denytcp(A.B.C.D/A.B.C.D|any)(<0-65535>|echo|discard|daytime|ftp-data|ftp|telnet|smtp|time|hostname|whois|tacacs-ds|domain|www|pop2|pop3||syslog|talk|klogin|kshell|sunrpc|drip|PORT_RANGE|any)(A.B.C.D/A.B.C.D|any)(<0-65535>|echo|discard|daytime|ftp-data|ftp|telnet|smtp|time|hostname|whois|tacacs-ds|domain|www|pop2|pop3|syslog|talk|klogin|kshell|sunrpc|drip|PORT_RANGE|any)[match-allTCP_FLAG][(dscp|precedence)VALUE][shutdown]

[sequence<1-2147483647>]denyudp(A.B.C.D/A.B.C.D|any)(<0-65535>|echo|discard|time|nameserver|tacacs-ds|domain|bootps|bootpc|tftp|sunrpc|ntp|netbios-ns|snmp|snmptrap|who|syslog|talk|rip|PORT_RANGE|any)(A.B.C.D/A.B.C.D|any)(<0-65535>|echo|discard|time|nameserver|tacacs-ds|domain|bootps|bootpc|tftp|sunrpc|ntp|netbios-ns|snmp|snmptrap|who|syslog|PORT_RANGE|any)[(dscp|precedence)VALUE][shutdown]nosequence<1-2147483647>

91

Parameter

<1-2147483647> (Optional)

SpecifysequenceindexofACE,the

sequenceindexrepresentthepriorityofanACE

in ACL.(A.B.C.D/A.B.C.D|any)

SpecifythesourceIPv4addressandmaskof

packetoranyIPv4address.(A.B.C.D/A.B.C.D|any)

SpecifythedestinationIPv4addressandmaskof

packetoranyIPv4address.[dscp VALUE] (Optional)

SpecifytheDSCPofpacket.

[precedence VLAUE] (Optional)

SpecifytheIPprecedenceofpacket.




numberofTCP/UDPport.l4-destination-port SpecifyTCP/UDPdestinationportofforfilteringTCP/UDPpacket.Enteraportnameoflistor

anumberofTCP/UDPport.match-all SpecifytcpflagforTCPpacket.Ifaflagshouldbesetitisprefixedby\”+\”.Ifaflagshouldbe

unsetitisprefixedby\”-\”.Availableoptionsare+urg,+ack,+psh,+rst,+syn,+fin,-urg,-ack,-psh,-rst,-synand-fin.Todefinemorethan1flag-enteradditionalflagsoneafteranotherwithoutaspace(example+syn-ack).

[shutdown] (Optional)

ShutdowninterfacewhileACEhit

92

Default

Nodefaultisdefined.

Mode

IPACLConfiguration

Usage

UsethedenycommandtoadddenyconditionsforanIPv6ACEthatthendropsthosepacketsthathittheACE.The“sequence”alsorepresentshitprioritywhentheACLbindstoaninterface.AnACEthatdoesnnotspecifythe“sequence”indexwouldassignasequenceindexwhichisthelargestexistedindexplus20.IfpacketcontentcanmatchmorethanoneACE,thelowestsequenceACEishit.AnACEcannotbeaddedifithasthesameconditionsasexistingACEs.Use“shutdown”toshutdowntheinterfacewhileACEhits

Example

TheexampleshowshowtoaddanACEthatdeniespacketswithdestinationIPaddressfe80::abcd.Youcanverifysettingsby the following show acl command


ipv6aclipv6test


denyipv6anyfe80::abcd/128


show acl.

IPv6accesslistipv6test

93

sequence1denyipv6anyfe80::abcd/128

94

Bind ACL

Syntax

(mac|ip|ipv6)aclNAME

[no](mac|ip|ipv6)aclNAME

Parameter

(mac|ip|ipv6) SpecifyatypeofACLtobindingtointerfaceNAME SpecifythenameoftheACL

Default

Nodefaultisdefined

Mode


Usage

Usethe(mac|ip|ipv6)aclNAMEcommandtobindanACLtointerfaces.AninterfacecanbindonlyoneACLorQoSpolicy.UsethenoformofthiscommandtoreturntounbindanACLfrominterface

Example

TheexampleshowshowtobindanexistedACLtointerface.

switch(config)#

interface fa1

95

switch(config-if)#

mac acl test

switch(config-if)#

doshowrunning-configinterfacesfa1

interface fa1

mac acl test

96

Show ACL

Syntax

show acl

show(mac|ip|ipv6)acl

show(mac|ip|ipv6)aclNAME

Parameter

(mac|ip|ipv6) SpecifyatypeofACLtoshowNAME SpecifythenameoftheACL

Default

Nodefaultisdefined

Mode

GlobalConfiguration

ContextConfiguration

Usage

UsetheshowaclcommandtoshowcreatedACLs.Youcanspecifymac、iporipv6toshowspecifictypeACLorspecifyuniquenamestringtoshowACLwiththename.

Example

TheexampleshowshowtoshowallIPACL.

97


showipacl

IPaccesslistiptest

sequence1denyip192.168.1.80/255.255.255.255any

98

Show ACL Utilization

Syntax

showaclutilization

Parameter

None

Default

Nodefaultisdefined

Mode

GlobalConfiguration

Usage

UsetheshowaclutilizationcommandtoshowtheusageofPIEofASIC.WhenaACLbindtointerface,itneedsASICPIEresourcetohelptofilterpacket.AnASIChaslimitedPIEresource.ThiscommandhelpusertoknowthePIEusageofAISC.

Example

TheexampleshowshowtoshowPIEutilization.


showaclutilization

GroupIndex:1

GroupAssignto:Mac-basedACLandIPv4-basedACL

99

GroupMaximunACEs:128

GroupRemainACEs:125

GroupUsedACEs:3

ACEsUsedbyACL:3

ACEsUsedbyQoS:0

100

GroupIndex:2

GroupAssignto:None


GroupRemainACEs:128

GroupUsedACEs:0

ACEsUsedbyACL:0

ACEsUsedbyQoS:0

GroupIndex:3

GroupAssignto:None


GroupRemainACEs:128

GroupUsedACEs:0

ACEsUsedbyACL:0

ACEsUsedbyQoS:0

GroupIndex:4

GroupAssignto:None


GroupRemainACEs:128

GroupUsedACEs:0

101

ACEsUsedbyACL:0

ACEsUsedbyQoS:0

102

Chapter 4Administration

103

Enable

Syntax

enable[<1-15>]

disable[<1-14>]

Parameter

<1-15> Specifyprivilegedleveltoenable<1-14> Specifyprivilegedleveltodisable

Default

Defaultprivilegelevelis15ifnoprivilegelevelisspecifiedonenablecommand.

Defaultprivilegelevelis1ifnoprivilegelevelisspecifiedondisablecommand.

Mode

User EXEC

Usage

InUserEXECmode,useronlyallowstodoafewactions.MostofcommandsareonlyavailableinprivilegedEXECmode.Use“enable”commandtoentertheprivilegedmodetodomoreactionsonswitch.InprivilegedEXECmode,use“exit”commandisabletogobacktouserEXECmodewithoriginaluserprivilegelevel.IfyouneedtogobacktouserEXECmodewithdifferentprivilegelevel,use“disable”commandtospecifytheprivilegelevelyouneed.InprivilegedEXECmode,thepromptwillshow“Switch#”

104

Example

ThisexampleshowshowtoenterprivilegedEXECmodeandshowcurrentprivilegelevel.

Switch>

enable

Switch#

showprivilege

CurrentCLIUsername:

CurrentCLIPrivilege:15

ThisexampleshowhowtoenteruserEXECmodewithprivilege3.

Switch#

disable 3

Switch>

showprivilege

CurrentCLIUsername:

CurrentCLIPrivilege:3

105

Exit

Syntax

exit

Parameter

None

Default


Mode

User EXEC

Privileged EXEC

GlobalConfiguration


LineConfiguration

Usage

InUserEXECmode,“exit”commandwillclosecurrentCLIsession.Inothermodes,“exit”commandwillgototheparentmode. And every mode has the “exit” command.

106

Example

ThisexampleshowshowtoenterprivilegedEXECmodeanduseexitcommandtogobacktouserEXECmode.

Switch>

enable

Switch#

exit

Switch>

107

ConfigureSyntax

configure

Parameter

None

Default


Mode

Privileged EXEC

Usage

Use“configure”commandtoenterglobalconfigurationmode. Inglobalconfigurationmode, thepromptwillshowas“Switch(config)#”.

Example

Thisexampleshowshowtoenterglobalconfigurationmode.

Switch#

configure

Switch(config)#

108

Interface

Syntax

interfaceIF_PORTS

interfacerangeIF_PORTS

Parameter

IF_PORTSSpecifytheporttoselect.Thisparameterallowspartialportnameandignorecase.ForExample:

fa1

FastEthernet3

Gigabit4

Ifportrangeisspecified,thelistformatisalsoavailable.ForExample:

fa1,3,5

fa2,gi1-3

Default


Mode

GlobalConfiguration

109

Usage

Someconfigurationsareportbased.Inordertoconfiguretheseconfigurations,weneedtoenterInterfaceConfigurationmodetoconfigurethem.Use“interface”commandtoentertheInterfaceConfigurationmodeandselecttheporttobeconfigured.InInterfaceConfigurationmode,thepromptwillshowas“Switch(configif)#”

Example

ThisexampleshowshowtoenterInterfaceConfigurationmode.

Switch#

configure

Switch(config)#

interface fa1

Switch(config-if)#

110

Line

Syntax

line ( console | telnet | ssh )

Parameter

console Selectconsolelinetoconfigure.telnet Selecttelnetlinetoconfigure.ssh Selectsshlinetoconfigure.

Default


Mode

GlobalConfiguration

Usage

Someconfigurationsarelinebased.Inordertoconfiguretheseconfigurations,weneedtoenterLineConfigurationmodetoconfigurethem.Use“line”commandtoentertheLineConfigurationmodeandselectthelinetobeconfigured.InLineConfigurationmode,thepromptwillshowas“Switch(config-line)#”

111

Example

ThisexampleshowshowtoenterInterfaceConfigurationmode.

Switch#

configure

Switch(config)#

line console


112

End

Syntax

end

Parameter

None

Default


Mode

Privileged EXEC

GlobalConfiguration


LineConfiguration

Usage

Use “end” command to return to privilegedEXECmodedirectly. EverymodeexceptUser EXECmodehas the “end”command.

113

Example

ThisexampleshowshowtoenterInterfaceConfigurationmodeanduseendcommandtogobacktoprivilegedEXECmode

Switch#

configure

Switch(config)#

interface fa1

Switch(config-if)#

end

Switch#

114

Reboot

Syntax

reboot

Parameter

None

Default


Mode

Privileged EXEC

Usage

Usethe“reboot”commandtomakethesystemdoahotrestart.

Example

Thisexampleshowshowtorestartthesystem

Switch#

reboot

115

System Name

Syntax

systemnameNAME

Parameter

NAMESpecifysystemnamestring.

Default

Defaultnamestringis“Switch”.

Mode

GlobalConfiguration

Usage

Use“systemname”commandtomodifysystemnameinformationoftheswitch.ThesystemnameisalsousedtobeCLIprompt.

Example

Thisexampleshowshowtomodifycontactinformation

Switch(config)#

system name myname

myname(config)#

116

Thisexampleshowshowtoshowsystemnameinformation

Switch#

show info

SystemName:myname

SystemLocation:DefaultLocation

SystemContact:DefaultContact

MACAddress:DE:AD:BE:EF:01:02

IPAddress:192.168.1.1

SubnetMask:255.255.255.0

LoaderVersion:1.3.0.26225

LoaderDate:ThuMay1715:19:42CST2012

FirmwareVersion:2.5.0-beta.32811

FirmwareDate:MonSep2419:33:42CST2012

SystemObjectID:1.3.6.1.4.1.27282.3.2.10

SystemUpTime:0days,0hours,2mins,37secs

117

System Contact

Syntax

systemcontactCONTACT

Parameter

CONTACTSpecifycontactstring.

Default

Defaultcontactstringis“DefaultContact”.

Mode

GlobalConfiguration

Usage

Use “system contact” command to modify contact information of the switch.

Example


Switch(config)#

system contact callme

Thisexampleshowshowtoshowsystemcontactinformation

118

Switch#

show info

SystemName:Switch


SystemContact:callme








SystemObjectID:1.3.6.1.4.1.27282.3.2.10


119

System Location

Syntax

CONTACTSpecifylocationstring.

Parameter

None

Default

Defaultlocationstringis“DefaultLocation”.

Mode

GlobalConfiguration

Usage

Use the “system location” command to modify location information of the switch.

Example


Switch(config)#

system location home

Thisexampleshowshowtoshowsystemlocationinformation

120

Switch#

show info

SystemName:

SystemLocation:home









SystemObjectID:1.3.6.1.4.1.27282.3.2.10


121

Username

Syntax

usernameWORD<0-32>[privilege(admin|user|<0-15>)](password|secret)WORD<0-32>

nousernameWORD<0-32>

Parameter

username WORD<0-32> Specifyusernametoadd/delete/edit.privilege admin Specifyprivilegeleveltobeadmin(privilege15)privilege user Specifyprivilegeleveltobeuser(privilege1)

privilege<0-15>SpecifycustomprivilegelevelpasswordWORD<0-32>

Specifypasswordstringandmakeitnotencrypted.secretWORD<0-32>

Default

Defaultusername“”haspassword“”withprivilege1.Defaultusername“admin”haspassword“admin”withprivilege15.

Mode

GlobalConfiguration

Usage

Use“username”commandtoaddanewuseraccountoreditanexistinguseraccount.Anduse“nousername”todeleteanexistinguseraccount.Theuseraccountisalocaldatabaseforloginauthentication.

Example

122

Example

Thisexampleshowshowtoaddanewuseraccount.

Switch(config)#

usernametestsecretpasswd

Thisexampleshowshowtoshowexistinguseraccounts.

Switch#

showusername

Priv|Type|UserName|

Password

01|secret||

dnXencJRwflV6

15|secret|admin|

FzjrGO6vfbERY

15|secret|test|

7p57T9yMkViSUS

123

Enable Password

Syntax

enable[privilege<0-15>](password|secret)WORD<032>

noenable[privilege<0-15>]

Parameter

privilege<0-15> Specifytheprivilegeleveltoconfigure.Ifnoprivilegelevelisspecified,defaultis15.

passwordWORD<0-32> Specifypasswordstringandmakeitnotencrypted.secretWORD<0-32> Specifypasswordstringandmakeitencrypted.

Default

Defaultenablepasswordforallprivilegelevelsare“”.

Mode

GlobalConfiguration

Usage

Usethe“enablepassword”commandtoeditpasswordsforeachprivilegelevelforenablingauthentication.Usethe“noenable”commandtorestorepasswordenablingtoadefaultemptyvalue.Theonlywaytoshowthisconfigurationisusing“showrunning-config”.

Example

Thisexampleshowshowtoeditenablepasswordforprivilegelevel15

124

Example

Thisexampleshowshowtoeditenablepasswordforprivilegelevel15

Switch(config)#

enablesecretenblpasswd

125

IP Address

Syntax

ipaddressA.B.C.D[maskA.B.C.D]

Parameter

address A.B.C.D SpecifyIPv4addressforswitchmask A.B.C.D Specifynetmaskaddressforswitch

Default

DefaultIPaddressis192.168.1.1anddefaultnetmaskis255.255.255.0.

Mode

GlobalConfiguration

Usage

Usethe“ipaddress”commandtomodifyadministrationipv4addresses.Thisaddressisveryimportant.Whenyoutrytousetelnet,ssh,http,https,snmp,etc.toconnecttotheswitch,youneedtousethisipaddresstoaccessit.

Example

Thisexampleshowshowtomodifytheipv4addressoftheswitch.

Switch(config)#ipaddress192.168.1.200mask255.255.255.0

126

Thisexampleshowshowtoshowcurrentipv4addressoftheswitch.

Switch#

showip

IPAddress:192.168.1.200

SubnetNetmask:255.255.255.0

DefaultGateway:192.168.1.254

127

IP Default Gateway

Syntax

ipdefault-gatewayA.B.C.D

noipdefault-gateway

Parameter

A.B.C.DSpecifydefaultgatewayIPv4addressforswitch.

Default

DefaultIPaddressofdefaultgatewayis192.168.1.254.

Mode

GlobalConfiguration

Usage

Use“ipdefault-gateway”commandtomodifydefaultgatewayaddress.Anduse“noipdefault-gateway”torestoredefaultgatewayaddresstofactorydefault.

Example

Thisexampleshowshowtomodifytheipv4addressoftheswitch.

Switch#

showip


128



129

IP DNS

Syntax

ipdnsA.B.C.D[A.B.C.D]

noipdns[A.B.C.D]

Parameter

A.B.C.DSpecifytheDNSserveripaddress.

Default

DefaultIPaddressofDNSserveris168.95.1.1and168.95.192.1

Mode

GlobalConfiguration

Usage

Use“ipdns”commandtomodifyDNSserveraddress.Anduse“noipdns”todeleteexistingDNSserver.

Example

ThisexampleshowshowtomodifytheDNSserveroftheswitch.

Switch(config)#

ipdns111.111.111.111222.222.222.222

ThisexampleshowshowtoshowcurrentDNSserveroftheswitch.

130

Switch#

showipdns

DNSServer1:111.111.111.111

DNSServer2:222.222.222.222

131

IP DHCP

Syntax

ipdhcp

noipdhcp

Parameter

None

Default

.DefaultDHCPclientisdisabled.

Mode

GlobalConfiguration

Usage

Use“ipdhcp”commandtoenableddhcpclienttogetIPaddressfromremoteDHCPserver.Use“noipdhcp”commandtodisableddhcpclientandusestaticipaddress.

Example

Thisexampleshowshowtoenabledhcpclient.

Switch(config)#

ipdhcp

Thisexampleshowshowtoshowcurrentdhcpclientstateoftheswitch.

132

Switch#

showipdhcp

DHCPStatus:enabled

133

IPv6 Autoconfig

Syntax

ipv6autoconfig

noipv6autoconfig

Parameter

None

Default

DefaultIPv6autoconfigisenabled.

Mode

GlobalConfiguration

Usage

Usethe“ipv6autoconfig”commandtoenabletheIPv6autoconfigurationfeature.Use“noipv6autoconfig”commandtodisabletheIPv6autoconfigurationfeature.

Example

ThisexampleshowshowtodisableIPv6autoconfig.

Switch(config)#noipv6autoconfig

ThisexampleshowshowtoshowcurrentIPv6autoconfigstate.

134

Switch#

showipv6

IPv6DHCPConfiguration:Disabled

IPv6DHCPDUID:

IPv6AutoConfiguration:Disabled

IPv6LinkLocalAddress:

fe80::dcad:beff:feef:102/64

IPv6staticAddress:

fe80::20e:2eff:fef1:4b3c/128

IPv6staticGatewayAddress:::

IPv6inuseAddress:


IPv6inuseGatewayAddress:::

135

IPv6 Address

Syntax

ipv6addressX:X::X:Xprefix<0-128>

Parameter

address X:X::X:X SpecifyIPv6addressforswitchprefix <0-128> SpecifyIPv6prefixlengthforswitch

Default

Nodefaultipv6addressontheswitch.

Mode

GlobalConfiguration

Usage

Use“ipv6address”commandtospecifystaticIPv6address.

Example

Thisexampleshowshowtoaddstaticipv6addressoftheswitch.

Switch(config)#

ipv6address

fe80::20e:2eff:fef1:4b3cprefix128

136


Switch#

showipv6


IPv6DHCPDUID:

IPv6AutoConfiguration:Enabled



IPv6staticAddress:

fe80::20e:2eff:fef1:4b3c/128


IPv6inuseAddress:



137

IPv6 Default Gateway

Syntax

ipv6default-gatewayX:X::X:X

Parameter

X:X::X:XSpecifydefaultgatewayIPv6addressforswitch

Default

Nodefaultipv6defaultgatewayaddressontheswitch.

Mode

GlobalConfiguration

Usage

Use“ipv6default-gateway”commandtomodifydefaultgatewayIPv6address.

Example

Thisexampleshowshowtomodifytheipv6defaultgatewayaddressoftheswitch.

Switch(config)#

ipv6default-gatewayfe80::dcad:beff:feef:103

Switch#

showipv6

138


IPv6DHCPDUID:




IPv6staticAddress:

fe80::20e:2eff:fef1:4b3c/128


IPv6inuseAddress:



139

IPv6 DHCP

Syntax

ipv6dhcp

noipv6dhcp

Parameter

None

Default

DefaultDHCPv6clientisdisabled.

Mode

GlobalConfiguration

Usage

Use“ipv6dhcp”commandtoenableddhcpv6clienttogetIPaddressfromremoteDHCPv6server.Use“noipv6dhcp”commandtodisableddhcpv6clientandusestaticipv6addressoripv6autoconfigaddress.

Example

Thisexampleshowshowtoenabledhcpclient.

Switch(config)#

ipv6dhcp

Thisexampleshowshowtoshowcurrentdhcpv6clientstateoftheswitch.

140

Switch#

showipv6dhcp

DHCPv6Status:enabled

141

IP Service

Syntax

ip(telnet|ssh|http|https)

noip(telnet|ssh|http|https)

Parameter

telnet Enable/Disable telnet servicessh Enable/Disable ssh servicehttp Enable/Disablehttpservicehttps Enable/Disablehttpsservice

Default

Defaulttelnetserviceisdisabled.

Defaultsshserviceisdisabled.

Defaulthttpserviceisenabled.

Defaulthttpsserviceisdisabled.

Mode

GlobalConfiguration

142

Usage

Use“ipservice”commandtoenableallkindsofipservices.Suchastelnet,ssh,httpandhttps.Usenoformtodisableservice.

Example

Thisexampleshowshowtoenabletelnetserviceandshowcurrenttelnetservicestatus.

Switch(config)#

iptelnet

Telnetd daemon enabled.

Switch(config)#

exit

Switch#

show line telnet

Telnet

TelnetServer:enabled

SessionTimeout:10(minutes)

HistoryCount:128

PasswordRetry:3

SilentTime:0(seconds)

Thisexampleshowshowtoenablehttpsserviceandshowcurrenthttps

143

servicestatus.

Switch(config)#

iphttps

Switch(config)#

exit

Switch#showiphttps

HTTPSdaemon:enabled


144

IP Session Timeout

Syntax

ip(http|https)session-timeout<0-86400>

Parameter

http Specifysessiontimeoutforhttpservice.https Specifysessiontimeoutforhttpsservice.<0-86400> Specifysessiontimeoutminutes.0meansnevertimeout.

Default

Defaultsessiontimeoutforhttpandhttpsis10minutes.

Mode

GlobalConfiguration

Usage

Use“ipsession-timeout”commandtospecifythesessiontimeoutvalueforhttporhttpsservice.WhenuserloginintoWEBUIanddonotdoanyactionaftersessiontimeoutwillbeloggedout.

Example

Thisexampleshowshowtochangehttpsessiontimeoutto15minandhttpssessiontimeoutto20min

Switch(config)#

iphttpsession-timeout15

145

Switch(config)#

iphttpssession-timeout20

Thisexampleshowshowtoenablehttpsserviceandshowcurrenthttpsservicestatus.

Switch#

showiphttp

HTTPSdaemon:enabled


Switch#

showiphttps

HTTPSdaemon:disabled


146

Exec-Timeout

Syntax

exec-timeout<0-65535>

Parameter

<0-65535>Specifysessiontimeoutminutes.0meansnevertimeout

Default

Defaultsessiontimeoutforalllinesare10minutes.

Mode

LineConfiguration

Usage

Use“exec-timeout”commandtospecifythesessiontimeoutvalueforCLIrunningonconsole,telnetorsshservice.WhenuserloginintoCLIanddonotdoanyactionaftersessiontimeoutwillbeloggedoutfromtheCLIsession.

Example

Thisexampleshowshowtochangeconsolesessiontimeoutto15min,telnetsessiontimeoutto20minandsshsessiontimeoutto25min.

Switch(config)#

line console

147


exec-timeout15


exit

Switch(config)#

line telnet


exec-timeout20


exit

Switch(config)#

line ssh


exec-timeout25


exit

148

Thisexampleshowshowshowlineinformation.

Switch#

show line

Console


HistoryCount:128

PasswordRetry:3


Telnet

TelnetServer:disabled


HistoryCount:128

PasswordRetry:3


SSH

SSHServer:disabled


HistoryCount:128

PasswordRetry:3

149


150

Password-Thresh

Syntax

password-thresh<0-120>

Parameter

<0-120>Specifypasswordfailretrynumber.0meansnolimit.

Default

Defaultpasswordfailretrynumberis3.

Mode

LineConfiguration

Usage

Use “password-thresh”commandtospecify thepasswordfail retrynumber forCLI runningonconsole, telnetorsshservice.Whenuserinputpasswordtologinandauthenticatefailed,thefailretrynumberwillincreaseone.Afterfailretrynumberexceedconfiguredone,theCLIwillblockloginfortheperiodofsilenttimewhichconfiguredbythecommand“silent-time”.

Example

Thisexampleshowshowtochangetheconsolefailretrynumberto4,thetelnetfailretrynumberto5andthesshfailretrynumberto6.

151

Switch(config)#

line console


password-thresh4


exit

Switch(config)#

line telnet


password-thresh5


exit

Switch(config)#

line ssh


password-thresh6


exit

152


Switch#

show line

Console


HistoryCount:128

PasswordRetry:4


Telnet



HistoryCount:128

PasswordRetry:5


SSH

SSHServer:disabled


HistoryCount:128

PasswordRetry:6

153


154

Silent-Time

Syntax

silent-time<0-65535>

Parameter

<0-65535>Specifysilenttimewithunitseconds.0meansdonotsilent.

Default

Defaultsilenttimeis0.

Mode

LineConfiguration

Usage

Use“silenttime”commandtospecifythesilenttimeforCLIrunningonconsole,telnetorsshservice.Whenuserinputpasswordtologinandauthenticatefailed,thefailretrynumberwillincreaseone.Afterfailretrynumberexceedconfiguredone,theCLIwillblockloginfortheperiodofsilenttimewhichconfiguredbythecommand“silent-time”.

Example

Thisexampleshowshowtochangetheconsolesilenttimeto10,thetelnetsilenttimeto15,andthesshsilenttimeto20.

Switch(config)#

line console

155


silent-time10


exit

Switch(config)#

line telnet


silent-time15


exit

Switch(config)#

line ssh


silent-time20


exit


Switch#

show line

156

Console


HistoryCount:128

PasswordRetry:3


Telnet



HistoryCount:128

PasswordRetry:3


SSH

SSHServer:disabled


HistoryCount:128

PasswordRetry:3


157

History

Syntax

history<1-256>

no history

Parameter

<1-256>SpecifymaximumCLIhistoryentrynumber.

Default

Defaultmaximumhistoryentrynumberis128.

Mode

LineConfiguration

Usage

Usethe“history”commandtospecifythemaximumcommandsofhistorynumbersfortheCLIrunningontheconsole,telnet,orsshservice.Everycommandinputbytheuserwillrecordinthehistorybuffer.Ifallhistorycommandsexceedtheconfiguredhistorynumber,oldercommandswillbedeletedfromthebuffer.Usethe“nohistory”todisablethehistoryfeature.Usethe“showhistory”toshowallhistorycommands.

Example

Thisexampleshowshowtochangeconsolehistorynumberto100,telnethistorynumberto150andsshhistorynumberto200.

158

Switch(config)#

line console


history100


exit

Switch(config)#

line telnet


history150


exit

Switch(config)#

line ssh


history200


exit

159


Switch#

show line

Console


HistoryCount:100

PasswordRetry:3


Telnet



HistoryCount:150

PasswordRetry:3


SSH

SSHServer:disabled


HistoryCount:200

PasswordRetry:3

160


Switch#

show history

MaximunHistoryCount:100

1. enable

2.configure

3. line console

4.exit

5.showhistory

6.line

7.exit

8. show history

9.configure

10.line

11. line console

12. exit

13. line console

14.history100

15.exit

161

16.showhistory

17.exit

18. show history

162

Clear Service

Syntax

clear (telnet | ssh)

Parameter

telnet Clear all telnet sessions.ssh Clear all ssh sessions

Default


Mode

Privileged EXEC

Usage

Use“clearservice”commandtokillallexistingsessionsfortheselectservice.

Example

Thisexampleshowshowtoenablethetelnetserviceandshowthecurrenttelnetservicestatus.

Switch#

clear telnet

163

SSL

Syntax

ssl

Parameter

Default


Mode

GlobalConfiguration

Usage

Use“ssl”commandtogeneratesecuritycertificatefilessuchasRSA,DSA.

Example

Thisexampleshowshowtogeneratecertificatefiles.

Switch(config)#

ssl

164

Thisexampleshowshowtoshowthecertificatefilelists.

Switch#

showflash

FileNameFileSizeModified

startup-config11912000-01-0100:00:23

rsa19742000-01-0100:00:18

rsa216752000-01-0100:00:18

dsa26682000-01-0100:00:18

ssl_cert9932000-01-0100:00:18

image0(active)43724012012-09-2401:57:29

image1(backup)0

165

Ping

Syntax

pingHOSTNAME[count<1-999999999>]

Parameter

HOSTNAME SpecifyIPv4/IPv6addressordomainnametoping.count <1- 999999999> Specifyhowmanytimestoping.

Default


Mode

Privileged EXEC

Usage

Use“ping”commandtodonetworkpingdiagnostic.

Example

Thisexampleshowshowtopingremotehost192.168.1.111.

Switch#

ping192.168.1.111

PING192.168.1.111(192.168.1.111):56databytes

64bytesfrom192.168.1.111:icmp_seq=0ttl=128time=10.0mstime=10.0ms

166

64bytesfrom192.168.1.111:icmp_seq=1ttl=128time=0.0ms



192.168.1.111pingstatistics

4packetstransmitted,4packetsreceived,0%packetloss

round-tripmin/avg/max=0.0/2.5/10.0ms

167

Traceroute

Syntax

tracerouteA.B.C.D[max_hop<2-255>]

Parameter

A.B.C.D SpecifyIPv4totrace.max_hop <2-255> Specifymaximumhoptotrace.

Default

.Nodefaultvalueforthiscommand.

Mode

User EXEC

Privileged EXEC

Usage

Use“traceroute”commandtodonetworktraceroutediagnostic.

Example

Thisexampleshowshowtotraceroutehost192.168.1.111.

Switch#

traceroute192.168.1.111

168

tracerouteto192.168.1.111(192.168.1.111),30hops

max,40bytepackets

1192.168.1.111(192.168.1.111)0ms10ms0ms

169

Clear ARP

Syntax

cleararp[A.B.C.D]

showarp

Parameter

A.B.C.DSpecifyspecificarpentrytoclear.

Default


Mode

User EXEC

Privileged EXEC

Usage

Usethe“cleararp”commandtoclearallorspecificonearpentry.Usethe“showarp”commandtoshowallarpentries.

Example

Thisexampleshowshowtoshowarpentries.

Switch#

showarp

170

AddressHWtypeHWaddressFlags

MaskIface

192.168.1.111ether00:0E:2E:F1:4B:3CCeth0

Thisexampleshowshowtoclearallarpentries.

Switch(config)#

cleararp

171

Show Version

Syntax

show version

Parameter

None

Default


Mode

User EXEC

Privileged EXEC

Usage

Use“showversion”commandtoshowloaderandfirmwareversionandbuilddate.

Example

Thisexampleshowshowtoshowsystemversion.

Switch#

show version


172




173

Show Info

Syntax

show info

Parameter

None

Default


Mode

User EXEC

Privileged EXEC

Usage

Use“showinfo”commandtoshowsystemsummaryinformation.

Example

Thisexampleshowshowtoshowsystemversion.

Switch#

show info

SystemName:Switch

174










SystemObjectID:1.3.6.1.4.1.27282.3.2.10


175

Show History

Syntax

show history

Parameter

None

Default


Mode

User EXEC

Privileged EXEC

GlobalConfiguration

Usage

Use“showhistory”toshowcommandsweinputbefore.

Example

Thisexampleshowshowshowhistorycommands.

Switch#

show history

176

MaximunHistoryCount:100

1. enable

2.configure

3. line console

4.exit

5.showhistory

6.line

7.exit

8. show history

9.configure

10.line

11. line console

12. exit

13. line console

14.history100

15.exit

16.showhistory

17.exit

18. show history

177

Show Username

Syntax

showusername

Parameter

None

Default


Mode

Privileged EXEC

Usage

Use“showusername”commandshowalluseraccountsinlocaldatabase.

Example

Thisexampleshowshowtoshowexistinguseraccounts.

Switch#

showusername

Priv|Type|UserName|

Password

178

01|secret||

dnXencJRwflV6

15|secret|admin|

FzjrGO6vfbERY

15|secret|test|

7p57T9yMkViSUS

179

Show IP

Syntax

showip

Parameter

None

Default


Mode

User EXEC

Privileged EXEC

Usage

Use“showip”commandtoshowsystemIPv4address,netmaskanddefaultgateway.

Example


Switch#

showip

IPAddress:192.168.1.200

180



181

Show IP DHCP

Syntax

showipdhcp

Parameter

None

Default


Mode

User EXEC

Privileged EXEC

Usage

Use“showipdhcp”commandtoshowIPv4dhcpclientenablestate.

Example

Thisexampleshowshowtoshowcurrentdhcpclientstateoftheswitch.

Switch#

showipdhcp

DHCPStatus:enabled

182

Show IPv6

Syntax

showipv6

Parameter

None

Default


Mode

User EXEC

Privileged EXEC

Usage

Usethe“showipv6”commandtoshowthesystemIPv6address,netmask,defaultgatewayandautoconfigstate.

Example


Switch#

showipv6


183

IPv6DHCPDUID:




IPv6staticAddress:

fe80::20e:2eff:fef1:4b3c/128


IPv6inuseAddress:



184

Show IPv6 DHCP

Syntax

showipv6dhcp

Parameter

Default


Mode

User EXEC

Privileged EXEC

Usage

Use“showipv6dhcp”commandtoshowsystemIPv6dhcpclientenablestate.

Example

Thisexampleshowshowtoshowcurrentdhcpv6clientstateoftheswitch.

Switch#

showipv6dhcp

DHCPv6Status:enabled

185

Show Line

Syntax

showline[(console|telnet|ssh)]

Parameter

console Select console line to show.telnet Select telnet line to show.ssh Select ssh line to show.

Default


Mode

Privileged EXEC

Usage

Use“showline”commandtoshowalllineconfigurationsincludingsessiontimeout,historycount,passwordretrynumberandsilenttime.Fortelnetandssh,italsoshowstheserviceenable/disablestate.

Example

Thisexampleshowshowshowalllines’information.

Switch#

show line

186

Console


HistoryCount:128

PasswordRetry:3


Telnet



HistoryCount:128

PasswordRetry:3


SSH

SSHServer:disabled


HistoryCount:128

PasswordRetry:3


187

Chapter 5Cable Diagnostics

188

Show Cable-Diag Interfaces

Syntax

logging

no logging

Parameter

N/A

Default

logging

Mode

GlobalConfiguration

Usage

Displaytheestimatedlengthofcoppercableattachedtotheports.

showcable-diaginterfaceall

Displaytheestimatedlengthofcoppercablesattachedtoallports.

showcable-diaginterface

Disabletheestimatedlengthofcoppercableattachedtoportfa1.

189

Example

Switch(config)#

showcable-diaginterfacesfa1

Port|Length[meters]

fa1|5.55

190

Chapter 6DHCP Snooping

191

IP DHCP Snooping

Syntax

ipdhcpsnooping

noipdhcpsnooping

Parameter

None

Default

DHCPsnoopingisdisabled

Mode

GlobalConfiguration

Usage

UsetheipdhcpsnoopingcommandtoenableDHCPSnoopingfunction.Usethenoformofthiscommandtodisable.

Example

TheexampleshowshowtoenableDHCPSnoopingonVLAN1.Youcanverifysettingsbythefollowingshowipdhcpsnoopingcommand.

switch(config)#

ipdhcpsnooping

192

switch(config)#

ipdhcpsnoopingvlan1

switch(config)#

showipdhcpsnooping

DHCPSnooping:enabled

EnableonfollowingVlans:1

circuit-iddefaultformat:vlan-port

remote-id::00:11:22:33:44:55(SwitchMacinByteOrder)

193

IP DHCP Snooping VLAN

Syntax

ipdhcpsnoopingvlanVLAN-LIST

Parameter

VLAN-LISTSpecifyVLANIDorarangeofVLANstoenableordisabledynamicArpinspection

Default

DefaultisdisabledonallVLANs

Mode

GlobalConfiguration

Usage

UsetheiparpinspectionvlancommandtoenableVLANsonDHCPSnoopingfunction.UsethenoformofthiscommandtodisableVLANsonDHCPSnoopingfunction

Example

TheexampleshowshowtoenableVLAN1-100onDHCPSnooping,andthendisableVLAN30-40onDHCPSnooping.Youcanverifysettingsbythefollowingshowipdhcpsnoopingcommand.

switch(config)#

vlan1-100

194

switch(config)#

exit

switch(config)#

ipdhcpsnooping

switch(config)#

ipdhcpsnoopingvlan1-100

switch(config)#

showipdhcpsnooping


EnableonfollowingVlans:1-100



switch(config)#

noipdhcpsnoopingvlan30-40

switch(config)#

showipdhcpsnooping


EnableonfollowingVlans:1-29,41-100


195


196

IP DHCP Snooping Trust

Syntax

ipdhcpsnoopingtrust

noipdhcpsnoopingtrust

Parameter

None

Default

DHCPsnoopingtrustisdisabled

Mode


Usage

Usetheipdhcpsnoopingtrustcommandtosettrustedinterface.TheswitchdoesnotcheckDHCPpacketsthatarereceivedonthetrustedinterface;itsimplyforwardsit.Usethenoformofthiscommandtosetuntrustedinterface.

Example

Theexampleshowshowtosetinterfacegi1totrust.Youcanverifysettingsbythefollowingshowipdhcpsnoopinginterface command.

switch(config)#

interface gi1

198

IP DHCP Snooping Verify

Syntax

ipdhcpsnoopingverifymac-address

[no]ipdhcpsnoopingverifymac-address

Parameter

None

Default

DHCPsnoopingverifymac-addressisdisabled.

Mode


Usage

UsetheipdhcpsnoopingverifycommandtoverifyMACaddressfunctiononinterface.The“mac-address”dropDHCPpacketsthatchaddrandethernet-source-macisnotmatch.

Example

Theexampleshowshowtosetinterfacegi1tovalidate“mac-address”.Youcanverifysettingsbythefollowingshowipdhcpsnoopinginterfacecommand.

switch(config)#

interface gi1

200

IP DHCP Snooping Rate LimitSyntax

ipdhcpsnoopingrate-limit<1-50>

[no]ipdhcpsnoopingrate-limit

Parameter

<1-50>Set1to50PPSofDHCPpacketratelimitation

Default

Defaultisun-limitedofDHCPpacket

Mode


Usage

Usetheipdhcpsnoopingrate-limitcommandtosetratelimitationoninterface.TheswitchdropDHCPpacketsafterreceivesmorethanconfiguredrateofpacketspersecond.Usethenoformofthiscommandtoreturntodefaultsettings.

Example

Theexampleshowshowtosetratelimitto30ppsoninterfacegi1.Youcanverifysettingsbythefollowingshowipdhcpsnoopinginterfacecommand.

switch(config)#

interface gi1

202

Clear IP DHCP Snooping Statistics

Syntax

clearipdhcpsnoopinginterfacesIF_PORTSstatistics

Parameter

IF_PORTSspecifiesportstoclearstatistics

Default

Nodefaultisdefined

Mode

GlobalConfiguration

Usage

Usetheclearipdhcpsnoopinginterfacesstatisticscommandtoclearstatisticsthatarerecordedoninterface.

Example

Theexample showshow to clear statisticson interfacegi1.You canverify settingsby the following show ipdhcpsnoopinginterfacestatisticscommand.

switch#

clearipdhcpsnoopinginterfacesgi1statistics

switch#

showipdhcpsnoopinginterfacesgi1statistics

203

Interfaces|Forwarded|ChaddrCheckDropped|UntrustPortDropped|

UntrustPortWithOption82Dropped|InvalidDrop

gi1|0|0|0|0|0

204

Show IP DHCP Snooping

Syntax

showipdhcpsnooping

Parameter

None

Default

Nodefaultisdefined

Mode

GlobalConfiguration

Usage

UsetheshowipdhcpsnoopingcommandtoshowthesettingsoftheDHCPSnoopingfeature.

Example

TheexampleshowshowtoshowsettingsofDHCPSnooping

switch(config)#

showipdhcpsnooping


EnableonfollowingVlans:1

205



206

IP Show IP DHCP Snooping Interface

Syntax

showipdhcpsnoopinginterfacesIF_PORTS

showipdhcpsnoopinginterfacesIF_PORTSstatistics

Parameter

IF_PORTSspecifiesportstoshowstatistics

Default

Nodefaultisdefined

Mode

GlobalConfiguration

Usage

Usetheshowipdhcpsnoopinginterfacescommandtoshowsettingsorstatisticsofinterface.

Example

Theexampleshowshowtoshowsettingsofinterfacegi1.

switch#

showipdhcpsnoopinginterfacegi1

208

Show IP DHCP Snooping Binding

Syntax

showipdhcpsnoopingbinding

Parameter

None

Default

Nodefaultisdefined

Mode

GlobalConfiguration

Usage

UsetheshowipdhcpsnoopingbindingcommandtoshowbindingentriesthatarelearnedbyDHCPSnooping.

Example

TheexampleshowshowtoshowbindingentriesthatlearnedbyDHCPSnooping.

switch#

showipdhcpsnoopingbinding

BindTable:MaximunBindingEntryNumber192

Port|VID|MACAddress|IP|Type|LeaseTime

209

fa1|1|48:5B:39:C7:12:62|192.168.1.100(255.255.255.255)|DHCPSnooping|86400

210

IP DHCP Snooping Option

Syntax

ipdhcpsnoopingoption

noipdhcpsnoopingoption

Parameter

None

Default

DHCPsnoopingoption82isdisabled

Mode


Usage

Usetheipdhcpsnoopingoptioncommandtoenabletheinsertoption82contentintothepacket.Usethenoformofthiscommand to disable it.

Example

Theexampleshowshowtoenableoption82insertion.Youcanverifysettingsbythefollowingshowipdhcpsnoopinginterface command.

switch(config)#

interface gi1

212

IP DHCP Snooping Option Action

Syntax

ipdhcpsnoopingoptionaction(drop|keep|replace)

noipdhcpsnoopingoptionaction

Parameter

Drop Droppacketswithoption82thatarereceivedfromuntrustedport.Keep Keeporiginaloption82contentinpacket.Replace Replaceoption82contentbyswitchsettingopDroppacketswithoption82thatare receivedfromun

trustedport.

Default

DHCPsnoopingoption82isdrop

Mode


Usage

Usetheipdhcpsnoopingoptionactioncommandtosettheactionwhenitreceivespacketswiththeoption82content.Usethenoformofthiscommandtorestoretothedefaultsettings.

213

Example

Theexampleshowshowtosetactiontoreplaceoption82content.Youcanverifysettingsbythefollowingshowrunning-configcommand.

switch(config)#

interface gi1

switch(config)#

ipdhcpsnoopingoptionactionreplace

214

IP DHCP Snooping Option Circuit-ID

Syntax

ipdhcpsnooping[vlan<1-4094>]optioncircuit-idSTRING

noipdhcpsnooping[vlan<1-4094>]optioncircuit-id

Parameter

Vlan <1-4094> VLANIDtosetuserdefinedcircuit-idstringSTRING Circuit-idstring,1to63ASCIIcharacters,nospaces.

Default

Defaultcircuit-idisportid+vlanidinbyteformat

Mode


Usage

Usetheipdhcpsnoopingoptioncircuit-idcommandtosettheuser-definedcircuit-idstring.TheCircuit-idisperportperVLANsetting.IfaVLANisnotfoundtouseauser-definedcircuit-id,thenitwilluseitperportcircuit-idstring.Usethenoformofthiscommandtodefaultsetting.

Example

Theexampleshowshowtosetauser-definedcircuit-idstringoninterfacegi1andVLAN1.Youcanverifysettingsbythefollowingshowrunning-configcommand.

215

switch(config)#

interface gi1

switch(config)#

ipdhcpsnoopingvlan1optioncircuit-idtest

216

IP DHCP Snooping Option Remote-ID

Syntax

ipdhcpsnoopingoptionremote-idSTRING

noipdhcpsnoopingoptionremote-id

Parameter

STRINGRemote-idstring,1to63ASCIIcharacters,nospaces.

Default

Defaultremote-idistheswitchMACaddressinbyteorder.

Mode

GlobalConfiguration

Usage

Usetheipdhcpsnoopingoptionremote-idcommandtosettheuser-definedremote-idstring.Remote-idisaglobalanduniquestring.Usethenoformofthiscommandtosetthedefaultsettings.

Example

Theexampleshowshowtosetauser-definedremote-idstringonswitch.Youcanverifysettingsbythefollowingshowipdhcpsnoopingoptionremote-id.

switch(config)#

ipdhcpsnoopingoptionremote-idtest_remote

217

switch(config)#

showipdhcpsnoopingoptionremote-id

RemoteID:test_remote

218

Show IP DHCP Snooping Option

Syntax


Parameter

None

Default

Nodefaultisdefined

Mode

GlobalConfiguration

Usage

Usetheshowipdhcpsnoopingoptionremote-idcommandtoshowremote-idstring.

Example

Theexampleshowshowtoshowremote-idstring.

switch(config)#


RemoteID:test_remote

219

IP DHCP Snooping Database

Syntax

ipdhcpsnoopingdatabaseflash

ipdhcpsnoopingdatabasetftp(A.B.C.D|HOSTNAME)NAME

noipdhcpsnoopingdatabase

Parameter

(A.B.C.D|HOSTNAME) SpecifytheIPaddressorhostnameofremoteTFTPserverNAME Inputnameofbackupfile

Default

DHCPsnoopingdatabaseisdisabled

Mode

GlobalConfiguration

Usage

UsetheipdhcpsnoopingdatabasecommandtoenabletheDHCPSnoopingdatabaseagent.The“flash”meansthatitwillwriteabackupfiletotheswitchlocaldrive.The“tftp”meansthatitwillwriteabackupfiletotheremoteTFTPserver.Use the no form of this command to disable it.

Example

TheexampleshowshowtoenableDHCPSnoopingdatabaseagentandwritebackupfiletoremoteTFTPserverwithfilename“backup_file”.Youcanverifysettingsbythefollowingshowipdhcpsnoopingdatabasecommand.

220

switch(config)#

ipdhcpsnoopingdatabasetftp192.168.1.50backup_file

switch(config)#

showipdhcpsnoopingdatabase

Type:tftp:192.168.1.50

FileName:backup_file

WritedelayTimer:300seconds

AbortTimer:300seconds

AgentRunning:Running

DelayTimerExpiry:300seconds

AbortTimerExpiry:299

LastSuccededTime:None

LastFailedTime:None

LastFailedReason:Nofailurerecorded.

TotalAttempts:1

SuccessfulTransfers:0FailedTransfers:0

SuccessfulReads:0FailedReads:0

SuccessfulWrites:0FailedWrites:0

221

IP DHCP Snooping Database Write-Delay

Syntax

ipdhcpsnoopingdatabasewrite-delay<15-86400>

Parameter

<15-86400>specifiesthesecondsofthetimeout.Specifythedurationforwhichthetransfershouldbedelayedafterthe binding database changes.

Default

DHCPsnoopingdatabasewrite-delayis300seconds

Mode

GlobalConfiguration

Usage

Usetheipdhcpsnoopingdatabasewrite-delaycommandtomodifythewrite-delaytimer.Usethenoformofthiscommandtosetthedefaultsettings.

Example

Theexampleshowshowtosetwrite-delaytimerto60seconds.Youcanverifysettingsbythefollowingshowipdhcpsnoopingdatabasecommand.

switch(config)#

ipdhcpsnoopingdatabasewrite-delay60

222

switch(config)#


Type:tftp:192.168.1.50








LastFailedTime:None


TotalAttempts:1




223

switch(config)#


Type:tftp:192.168.1.50








LastFailedTime:None


TotalAttempts:1




224

IP DHCP Snooping Database Timeout

Syntax

ipdhcpsnoopingdatabasetimeout<0-86400>

Parameter

<15-86400>specifiesthesecondsoftimeout、Specify(inseconds)howlongtowaitforthedatabasetransferprocesstofinishbeforestoppingtheprocess.Use0todefineaninfiniteduration,whichmeanstocontinuetryingthetransferindefinitely

Default

DHCPsnoopingdatabasetimeoutis300seconds

Mode

GlobalConfiguration

Usage

Usetheipdhcpsnoopingdatabasetimeoutcommandtomodifythetimeouttimer.Usethenoformofthiscommandtosetthedefaultsettings.

Example

Theexampleshowshowtosettimeouttimerto60seconds.Youcanverifysettingsbythefollowingshowipdhcpsnoopingdatabasecommand.

switch(config)#

ipdhcpsnoopingdatabasetimeout60

225

switch(config)#


Type:tftp:192.168.1.50








LastFailedTime:None


TotalAttempts:1




226

Clear IP DHCP Snooping Database Statistics

Syntax

clearipdhcpsnoopingdatabasestatistics

Parameter

None

Default

Nodefaultisdefined.

Mode

GlobalConfiguration

Usage

UsetheclearipdhcpsnoopingdatabasestatisticscommandtoclearstatisticsoftheDHCPSnoopingdatabase.

Example

TheexampleshowshowtoclearstatisticsofDHCPSnoopingagent.Youcanverifysettingsbythefollowingshowipdhcpsnoopingdatabasecommand.

switch(config)#

clearipdhcpsnoopingdatabasestatistics

switch(config)#


227

Type:tftp:192.168.1.50








LastFailedTime:None


TotalAttempts:0




228

Renew IP DHCP Snooping Database

Syntax

renewipdhcpsnoopingdatabase

Parameter

None

Default

Nodefaultisdefined

Mode

GlobalConfiguration

Usage

UsetherenewipdhcpsnoopingdatabasecommandtorenewtheDHCPSnoopingdatabasefromabackupfile.

Example

TheexampleshowshowtorenewtheDHCPSnoopingdatabase.Youcanverifysettingsbythefollowingshowipdhcpsnoopingdatabaseandshowipdhcpsnoopingbindingcommands.

switch(config)#


Type:tftp:192.168.1.50


229







LastFailedTime:None


TotalAttempts:1




switch#showipdhcpsnoopingbinding



fa1|1|48:5B:39:C7:12:62|192.168.1.100(255.255.255.255)|DHCPSnooping|86400

230

Show IP DHCP Snooping Database

Syntax


Parameter

None

Default

Nodefaultisdefined

Mode

GlobalConfiguration

Usage

UsetheshowipdhcpsnoopingdatabasecommandtoshowsettingsofDHCPSnoopingagent.

Example

TheexampleshowshowtoshowsettingsofDHCPSnoopingagent.

switch(config)#


Type:tftp:192.168.1.50


231







LastFailedTime:None


TotalAttempts:1




232

Chapter 7DOS

234

Parameter

syn-fin Enable/Disablesyn-finprotection.

xma Enable/Disablexmaprotection.null-scan Enable/Disablenull-scanprotection.sport-less1024 Enable/Disablesport-less1024protection.icmp-frag-pkts Enable/Disableicmp-grag-pktsprotection.pod Enable/Disablepodprotection.tcp-blat Enable/Disabletcp-blatprotection.

udp-blat Enable/Disableudp-blatprotection.land Enable/Disablelandprotection.da-eq-sa Enable/Disableda-eq-saprotection.smurf <0-31>Specifysmurflength.tcp-hdr-min

<0-255>

Specifytcp-hdr-minlength.

icmp-ping-max

<0-65535>

Specifyicmp-ping-maxsize.

ipv6-min-frag <0-65535> Specifyipv6-min-fraglength.

Default

DefaultenablestateofallDoStypesaredisabled.

Defaultsmurflengthis24.

Defaulttcp-hdr-minlengthis20.

Defaulticmp-ping-maxsizeis512.

235

Default

DefaultenablestateofallDoStypesaredisabled.

Defaultsmurflengthis24.

Defaulttcp-hdr-minlengthis20.

Defaulticmp-ping-maxsizeis512.

Defaultipv6-min-fraglengthis1280

Mode

GlobalConfiguration

Usage

DoSisusingtoprotectmaliciousattackfromotherdevices.ThiscommandcanconfigureDUTtoenable/disablefollowingtypesofattacks.

syn-fin:ATCPpacketwiththeSYNandFINflagsset.

xma:TCPsequencenumberiszero,andtheFIN/URG/PSHflagsareset.

null-scan:TCPsequencenumberiszero,andallcontrolflagsarezeroes.

sport-less1024:TCPSYNpacketswithsourceportlessthan1024.

icmp-frag-pkts:FragmentedICMPpackets.

Pod:Pingpacketsthatlengtharelargerthan65535bytes.

tcp-blat:BoththesourceandthedestinationTCPportarethesame.

udp-blat:BoththesourceandthedestinationUDPportarethesame.

236

land:BoththesourceandthedestinationIPv4/IPv6addressesarethesame.

da-eq-sa:BoththesourceandthedestinationMACaddressesarethesame.

smurf:ICMPechorequestpacketthatdestinationIPv4addressisbroadcastaddress.

tcp-hdr-min:TCPpacketthatheaderlengthislessthantheconfiguredvalue.

icmp-ping-max:PINGpacketwiththelength.

ipv6-min-frag:IPv6fragmentedpackets(notincludingthelastone)thatpayloadlengthlessthan1240bytes.

Example

Thisexampleshowshowtoenablesyn-finandsmurfwithlength30oninterfacefa1.

Switch(config)#

interface fa1

Switch(config-if)#

dossyn-fin

Switch(config-if)#

dossmurf30

Thisexampleshowshowtoshowcurrentdosstateoninterfacefa1

Switch#

show dos interfaces fa1

Port|Type|State(Length)

fa1 |

238

Show DoS

Syntax

showdosinterfacesIF_PORTS

Parameter

IF_PORTSEnable/Disablesyn-finprotection

Default


Mode

Privileged EXEC

Usage

Use“showdos”commandtoshowdosconfigurationonselectedports.

Example

Thisexampleshowshowtoshowcurrentdosstateoninterfacefa1.

Thisexampleshowshowtoshowcurrentdosstateoninterfacefa1

Switch#

show dos interfaces fa1

Port|Type|State(Length)

240

Chapter 8Dynamic ARP Inspection

241

IP ARP Inspection

Syntax

iparpinspection

noiparpinspection

Parameter

None

Default

DynamicArpinspectionisdisabled

Mode

GlobalConfiguration

Usage

UsetheiparpinspectioncommandtoenableDynamicArpInspectionfunction.Usethenoformofthiscommandtodisable.

Example

TheexampleshowshowtoenableDynamicArpInspectiononVLAN1.Youcanverifysettingsbythefollowingshowiparpinspectioncommand.

switch(config)#

iparpinspection

242

switch(config)#

iparpinspectionvlan1

switch(config)#

showiparpinspection

DynamicARPInspection:enabled

EnableonVlans:1

243

IP ARP Inspection VLAN

Syntax

iparpinspectionvlanVLAN-LIST

noiparpinspectionvlanVLAN-LIST

Parameter

VLAN-LISTSpecifyVLANIDorarangeofVLANstoenableordisabledynamic

Arpinspection

Default

Default is disabled on all VLANs

Mode

GlobalConfiguration

Usage

UsetheiparpinspectionvlancommandtoenableVLANsonDynamicArpInspectionfunction.UsethenoformofthiscommandtodisableVLANsontheDynamicArpInspectionfunction.

Example

TheexampleshowshowtoenableVLAN1-100ontheDynamicArpInspection,andthendisableVLAN30-40ontheDynamicArpInspection.Youcanverifysettingsbythefollowingshowiparpinspectioncommand.

244

switch(config)#

vlan1-100

switch(config)#

exit

switch(config)#

iparpinspection

switch(config)#

iparpinspectionvlan1-100

switch(config)#

showiparpinspection


EnableonVlans:1-100

switch(config)#

noiparpinspectionvlan30-40

switch(config)#

showiparpinspection


EnableonVlans:1-29,41-100

245

IP ARP Inspection Trust

Syntax

iparpinspectiontrust

noiparpinspectiontrust

Parameter

None

Default

DynamicArpinspectiontrustisdisabled

Mode


Usage

Usetheiparpinspectiontrustcommandtosettrustedinterface.TheswitchdoesnotcheckARPpacketsthatarereceivedonthetrustedinterface;itsimplyforwardsit.Usethenoformofthiscommandtosetuntrustedinterface

Example

Theexampleshowshowtosetinterfacegi1totrust.Youcanverifysettingsbythefollowingshowiparpinspectioninterface command.

switch(config)#

interface gi1

247

IP ARP Inspection Validate

Syntax

iparpinspectionvalidatesrc-mac

iparpinspectionvalidatedst-mac

iparpinspectionvalidateip[allow-zeros]

noiparpinspectionvalidatesrc-mac

noiparpinspectionvalidatedst-mac

noiparpinspectionvalidateip[allow-zeros]

Parameter

None

Default

Defaultisdisabledofallvalidation

Mode


Usage

Usetheiparpinspectionvalidatecommandtoenablevalidatefunctiononinterface.The“src-mac”dropARPrequestsandreplypacketsthatarp-sender-macandethernetsource-macisnotmatch.The“dst-mac”dropARPreplypacketsthatarp-target-macandethernet-dst-macisnotmatch.The“ip”dropARPrequestandreplypacketsthatsender-ipisinvalid

248

suchasbroadcastmulticastallzeroIPaddressanddropARPreplypacketsthattarget-ipisinvalid.The“allow-zeros”meanswon’tdropallzeroIPaddress.Usethenoformofthiscommandtodisablevalidation.

Example

Theexampleshowshowtosetinterfacegi1tovalidate“src-mac”“dst-mac”and“ipallowzeros”.Youcanverifysettingsbythefollowingshowiparpinspectioninterfacecommand.

switch(config)#

interface gi1

switch(config-if)#

iparpinspectionvalidatesrc-mac

switch(config-if)#

iparpinspectionvalidatedst-ma

switch(config-if)#

iparpinspectionvalidateipallow-zeros

switch(config)#


Interfaces|TrustState|Rate(pps)|SMACCheck|DMACCheck|IPCheck/AllowZero|

gi1|Untrusted|30|disabled|disabled|disabled/disabled

249

IP ARP Inspection Rate Limit

Syntax

iparpinspectionrate-limit<1-50>

[no]iparpinspectionrate-limit

Parameter

<1-50>Set1to50PPSofDHCPpacketratelimitation

Default

Defaultisun-limitedofARPpacket

Mode


Usage

Usetheiparpinspectionrate-limitcommandtosetratelimitationoninterface.TheswitchdropARPpacketsafterreceivesmorethanconfiguredrateofpacketspersecond.Usethenoformofthiscommandtoreturntodefaultsettings.

Example

Theexampleshowshowtosetratelimitto30ppsoninterfacegi1.Youcanverifysettingsbythefollowingshowiparpinspectioninterfacecommand.

251

Clear IP ARP Inspection Statistics

Syntax

cleariparpinspectioninterfacesIF_PORTSstatistics

Parameter

IF_PORTSspecifiesportstoclearstatistics

Default

Nodefaultisdefined

Mode

GlobalConfiguration

Usage

Usethecleariparpinspectioninterfacesstatisticscommandtoclearstatisticsthatarerecordedoninterface.

Example

Theexampleshowshowtoclearstatisticsoninterfacegi1.Youcanverifysettingsbythefollowingshowiparpinspectioninterfacestatisticscommand.

switch#

cleariparpinspectioninterfacesgi1statistics

switch#

showiparpinspectioninterfacesgi1statistics

252

Port|Forward|SourceMACFailures|DestMACFailures|

SIPValidationFailures|DIPValidationFailures|IP-MACMismatchFailures

gi1|0|0|0|0|0|0

253

Show IP ARP Inspection

Syntax

showipdhcpsnooping

Parameter

None

Default

Nodefaultisdefined

Mode

GlobalConfiguration

Usage

UsetheshowiparpinspectioncommandtoshowsettingsofDynamicArpInspection

Example

TheexampleshowshowtoshowsettingsofDynamicArpInspection

switch(config)#

showiparpinspection


EnableonVlans:1

254

Show IP ARP Inspection Interface

Syntax

showiparpinspectioninterfacesIF_PORTS

showiparpinspectioninterfacesIF_PORTSstatistics

Parameter

IF_PORTSspecifiesportstoshowstatistics

Default

Nodefaultisdefined

Mode

GlobalConfiguration

Usage

Usetheshowiparpinspectioninterfacescommandtoshowsettingsorstatisticsofinterface.

Example

Theexampleshowshowtoshowsettingsofinterfacegi1.

switch#

showiparpinspectioninterfacegi1

256

Chapter 9IGMP Snooping

257

IP IGMP Snooping

Syntax

ipigmpsnooping

noipigmpsnooping

Parameter

None

Default

ipigmpsnooping

Mode

GlobalConfiguration

Usage

“noipigmpsnooping”willclearallipigmpsnoopingdynamicgroupanddynamicrouterport,andmakethestaticipigmpgroupinvalid.Thendonotlearningthedynamicgroupandrouterportbyigmpmessage.Theconfigurecanuse“showipigmpsnooping”.

Example

Thefollowingexamplespecifiesthatsetipigmpsnoopingtest.

Switch(config)#

ipigmpsnooping

258

Switch#

showipigmpsnooping

IGMP Snooping Status

Snooping:Enabled

ReportSuppression:Enabled

OperationVersion:v2

ForwardMethod:mac

UnknownMulticastAction:Flood

Switch(config)#

noipigmpsnooping

Switch#

showipigmpsnooping

259

IP IGMP Snooping Report-Suppression

Syntax

[no]ipigmpsnoopingreport-suppression

Parameter

none

Default

ipigmpsnoopingreport-suppression

Mode

GlobalConfiguration

Usage

“no ip igmpsnoopingreport-suppression”willdisablethe igmpv1/v2 igmpreportsuppressionfunction.The receivereportwillfthenorwardtothevlanrouterports.Theconfigurationcanuse“showipigmpsnooping”.

Example

Thefollowingexamplespecifiesthedisableipigmpsnoopingreport-suppressiontest.

Switch(config)#

noipigmpsnoopingreport-suppression

Switch#

showipigmpsnooping

260


Snooping:Enabled

ReportSuppression:Disabled

OperationVersion:v2

ForwardMethod:mac


261

IP IGMP Snooping VersionSyntax

ipigmpsnoopingversion(2|3)

Parameter

(2|3)Ipigmpsnoopingrunningversion2or3

Default

ipigmpsnoopingversion2

Mode

GlobalConfiguration

Usage

“ipigmpsnoopingversion3”willremoveallipv4groupentrieswhentheforwardmethodissrc-dst-ip.Whentheforwardmethodismac,itwillremovethedynamicgroupentry.Thesameisfromv3changetov2.Forthis,allquerierversionswillupdatetoversion2.Theconfigurationcanuse“showipigmpsnooping”.

Example

Thefollowingexamplespecifiesthatsetipigmpsnoopingversion3test.

Switch(config)#


Switch#

showipigmpsnooping

262

IP IGMP Snooping Unknown-Multicast Action

Syntax

ipigmpsnoopingunknown-multicastaction(drop|flood|router-port)

Parameter

(drop|flood|routerport)Unknownmulticastactionfordrop|flood|router-port

Default

ipigmpsnoopingunknown-multicastactionflood

Mode

GlobalConfiguration

Usage

Whenigmpsnoopingandmldsnoopingaredisabled,itcan’tsetanactiontodroporrouter-port.Whendisablingigmpsnooping&mldsnooping,itsetsunknownmulticastactionflood.Whentheactionisrouter-porttofloodordrop,itwilldeletetheunknownmulticastgroupentry.Ifthelookupmodeissrc-dst-ip,whenchanged,theunknownactionwilldeleteallthedynamicgroupd.Theconfigurationcanuse“showipigmpsnooping”.

Example

Thefollowingexamplespecifiesthatsetipigmpunknownmulticastactionrouter-porttest.

Switch(config)#

ipigmpsnooping

263

Switch(config)#

ipigmpsnoopingunknown-multicastactionrouter-port

Switch#

showipigmpsnooping


Snooping:Enabled


OperationVersion:v2

ForwardMethod:mac

UnknownMulticastAction:RouterPort

Switch#

showipigmpsnooping

Switch(config)#

noipigmpsnooping


Snooping:Disabled


OperationVersion:v2

ForwardMethod:mac

264


265

IP IGMP Snooping Forward-Method

Syntax

ipigmpsnoopingforward-method(mac|src-dst-ip)

Parameter

(mac|src-dst-ip)MulticastlookupmethodisDMACORDIP+SIP

Default

ipigmpsnoopingforward-methodmac

Mode

GlobalConfiguration

Usage

Whenchangingthelookupmethod,itwillremoveallgroups.Theconfigurationcanuse“showipigmpsnooping”.

Example

Thefollowingexamplespecifiesthatsetipigmplookupmethodissrc-dst-iptest.

Switch(config)#

ipigmpforward-methodsrc-dst-ip

Switch#

showipigmpsnooping

266


Snooping:Disabled


OperationVersion:v2

ForwardMethod:src-dst-ip

267

IP IGMP Snooping Querier

Syntax

ipigmpsnoopingvlan<VLAN-LIST>querier

noipigmpsnooping[vlan<VLAN-LIST>]querier

ipigmpsnoopingvlan<VLAN-LIST>querierversion(2|3)

Parameter

VLAN-LIST specifiesVLANIDlisttoset(2|3) Queryversion2or3

Default

noipigmpsnoopingquerier

Mode

GlobalConfiguration

Usage

Whenenablingipigmpvlanquerier,therewillbeaprocessrouterselection.Theselectionwillsendgeneralandspecificqueries.Theconfigurationcanuse“showipigmpsnoopingquerier”.

Example

270

IP IGMP Snooping VLANSyntax

ipigmpsnoopingvlanVLAN-LIST

noipigmpsnoopingvlanVLAN-LIST

Parameter

VLAN-LISTspecifiesVLANIDlisttoset

Default

noipigmpsnoopingvlan1-4094

Mode

GlobalConfiguration

Usage

“Noipigmpsnoopingvlan1”willclearvlansforallipigmpsnoopingdynamicgroupsanddynamicrouterports,andmakethestaticipigmpgroupinvaliddependingonwhichvlanIDisvlan1.Thenthereisnolearningofthedynamicgroupandrouterportbyigmpmessagesforvlan1.Theconfigurationcanuseshowipigmpsnoopingvlan1.

Example

Thefollowingexamplespecifiesthatsetipigmpsnoopingvlantest.Thetestmustenableipigmpsnoopingfirst.

Switch(config)#

ipigmpsnooping

Switch(config)#

271

IGMPSnoopingqueryinterval:admin125secoper125sec

IGMPSnoopingquerymaxresponse:admin10secoper10sec

IGMPSnoopinglastmemberquerycounter:admin2oper2

IGMPSnoopinglastmemberqueryinterval:admin1secoper1sec

IGMPSnoopinglastimmediateleave:disabled

IGMPSnoopingmrouterportlearnbypim-dvmrp:enabled

Switch(config)#

noipigmpsnoopingvlan1

Switch#

showipigmpsnoopingvlan1

IGMPSnoopingisglobalyenabled

IGMPSnoopingVLAN1admin:disabled

IGMPSnoopingoperationmode:disabled

IGMPSnoopingrobustness:admin2oper2






272


273

IP IGMP Snooping VLAN Parameters

Syntax

ipigmpsnoopingvlan<VLAN-LIST>last-member-query-count<1-7>

noipigmpsnoopingvlan<VLAN-LIST>last-member-query-count

ipigmpsnoopingvlan<VLAN-LIST>last-member-query-interval<1-60>

noipigmpsnoopingvlan<VLAN-LIST>last-member-query-interval

[no]ipigmpsnoopingvlan<VLAN-LIST>mrouterlearnpim-dvmrp

[no]ipigmpsnoopingvlan<VLAN-LIST>fastleave

ipigmpsnoopingvlan<VLAN-LIST>query-interval<30-18000>

noipigmpsnoopingvlan<VLAN-LIST>query-interval

ipigmpsnoopingvlan<VLAN-LIST>response-time<5-20>

noipigmpsnoopingvlan<VLAN-LIST>response-time

ipigmpsnoopingvlan<VLAN-LIST>robustness-variable<1-7>

noipigmpsnoopingvlan<VLAN-LIST>robustness-variable

274

Parameter

VLAN-LIST specifiesVLANIDlisttosetlast-member-query-count <1-7>

specifieslastmemberquerycounttoset.Defaultis2

last-member-queryinterval <1-60>

specifieslastmemberqueryintervaltoset.Defaultis1

query-interval <30-

18000>

specifiesqueryintervaltoset.Defaultis125

response-time <5- 20> specifiesaresponsetimetoset.defaultis10robustness-variable<1-7>

specifiesarobustnessvaluetoset,defaultis2

Default

noipigmpsnoopingvlan1-4094last-member-query-count

noipigmpsnoopingvlan1-4094last-member-query-interval

ipigmpsnoopingvlan1-4094mrouterlearnpim-dvmrp

noipigmpsnoopingvlan1-4094fastleave

noipigmpsnoopingvlan1-4094query-interval

noipigmpsnoopingvlan1-4094response-time

noipigmpsnoopingvlan1-4094robustness-variable

Mode

GlobalConfiguration

275

Usage

“no ip igmpsnoopingvlan1 (last-member-query-count | last-member-queryinterval | query-interval | response-time |robustness-variable)”willsetthevlanparameterstodefault.Theclisettingswillchangetheipigmpvlanparameterstotheadminsettings.Theconfigurationcanuseshowipigmpsnoopingvlan1.

Example

Thefollowingexamplespecifiesthatsetipigmpsnoopingvlanparameterstest.

Switch(config)#

ipigmpsnoopingvlan1fastleave

Switch(config)#

ipigmpsnoopingvlan1last-member-query-count5

Switch(config)#

ipigmpsnoopingvlan1last-member-query-interval3

Switch(config)#

ipigmpsnoopingvlan1query-interval100

Switch(config)#

ipigmpsnoopingvlan1response-time12

Switch(config)#

ipigmpsnoopingvlan1robustness-variable4

276

Switch#

showipigmpsnoopingvlan1

IGMPSnoopingisglobalyenabled

IGMPSnoopingVLAN1admin:enabled

IGMPSnoopingoperationmode:enabled






IGMPSnoopinglastimmediateleave:enabled


277

IP IGMP Snooping Static Port

Syntax

[no]ipigmpsnoopingvlan<VLAN-LIST>static-portIF_PORTS

[no]ipigmpsnoopingvlan<VLAN-LIST>forbidden-portIF_PORTS

Parameter

VLAN-LIST specifiesVLANIDlisttosetIF_PORTS specifiesaportlisttosetorremove

Default

Nonestatic/forbiddenports

Mode

GlobalConfiguration

Usage

‘ipigmpsnoopingvlan1static-portfa1-2’willaddstaticportfa1-2forvlan1.Theallknownvlan1ipv4groupwilladdthestaticports.“ipigmpsnoopingvlan1forbidden-portfa3-4”willaddforbiddenportfa3-4.forvlan1.Theallknownvlan1ipv4groupwillremovetheforbiddenports.

Theconfigurationcanuse“showipigmpsnoopingforward-all”.

Example

Thefollowingexamplespecifiesthatsetipigmpsnoopingstatic/forbiddenporttest.

278

Switch(config)#

ipigmpsnoopingvlan1static-portfa1-2

Switch(config)#

ipigmpsnoopingvlan1forbidden-portfa3-4

Switch#

showipigmpsnoopingforward-allvlan1

IGMPSnoopingVLAN:1

IGMPSnoopingstaticport:fa1-2

IGMPSnoopingforbiddenport:fa3-4

279

IP IGMP Snooping Static Router Port

Syntax

[no]ipigmpsnoopingvlan<VLAN-LIST>static-router-portIF_PORTS

[no]ipigmpsnoopingvlan<VLAN-LIST>forbidden-router-portIF_PORTS

Parameter


Default

Nonestatic/forbiddenrouterports

Mode

GlobalConfiguration

Usage

“ipigmpsnoopingvlan1static-router-portfa1-2”willaddstatictherouterportfa1-2forvlan1.“ipigmpsnoopingvlan1forbidden-router-portfa2”willaddtheforbiddenrouterportfa2forvlan1.Thiswillalsoremovefa2fromstatictherouterport.Theforbiddenrouterportreceivequerywillnotforward.Theconfigurationcanuse‘showipigmpsnoopingrouter’.

Example

Thefollowingexamplespecifiesthatsetipigmpsnoopingstatic/forbiddentest.

280

Switch(config)#

ipigmpsnoopingvlan1static-router-portfa1-2

Switch(config)#

ipigmpsnoopingvlan1forbidden-router-portfa2

Switch#

showipigmpsnoopingrouter

Dynamic Router Table

VID|Port|ExpiryTime(Sec)

TotalEntry0

Static Router Table

StaticRouterTable

VID|PortMask

1 | fa1

Total Entry 1

Forbidden Router TableVID|PortMask1 | fa2Total Entry 1

281

IP IGMP Snooping Static Group

Syntax

[no]ipigmpsnoopingvlan<VLAN-LIST>static-group<ip-addr>interfaceIF_PORT

[no]ipigmpsnoopingvlan<VLAN-LIST>group<ip-addr>

showipigmpsnoopinggroups[(dynamic|static)]

clearipigmpsnoopinggroups[(dynamic|static)]

Parameter

VLAN-LIST specifiesVLANIDlisttosetip-addr specifiesmulticastgroupipv4address

IF_PORT specifiesportidtosetorremove

Default

None

Mode

GlobalConfiguration

Usage

‘ipigmpsnoopingvlan1static-group224.1.1.1interfacefa1’willaddstaticgroup.Thestaticgroupwillnotlearnfromotherdynamicports.Ifthedynamicgroupexists,thenthestaticgroupwilloverlapwiththedynamicgroup.Ifyouremovethelastmemberofstaticgroup,thestaticgroupwillbedeleted.Ifthestaticgroupwantstovalidateitself,youmustenableigmpsnoopingvlanandipigmpsnooping.Theconfigurationcanuse“showipigmpsnoopinggroup[(dynamic|

282

static)]”todisplay.Youcanalsouse“noipigmpsnoopingvlan1group224.1.1.1”todeletethestaticgroup.Inaddition,youcanuseclearipigmpsnoopinggroupstodeletethestaticgroup.

Example

Thefollowingexamplespecifiesthatsetipigmpsnoopingstaticgrouptest.

Switch(config)#

ipigmpsnoopingvlan1static-group224.1.1.1interface

fa1

Switch(config)#

ipigmpsnoopingvlan1static-group224.1.1.1interface

fa2

Switch#

showipigmpsnoopinggroups

VLAN|GourpIPAddress|Type|Life(Sec)|Port

1|224.1.1.1|Static|--|fa1-2

TotalNumberofEntry=1

Switch#

clearipigmpsnoopinggroupsstatic

Switch# s

howipigmpsnoopinggroups

283



284

IP IGMP Profile

Syntax

ipigmpprofile<1-128>

profilerangeip<ip-addr>[ip-addr]action(permit|deny)

showipigmpprofile[<1-128>]

Parameter

<1-128> specifiesprofileID

<ip-addr> Startipv4multicastaddress[ip-addr] Endipv4multicastaddress(permit | deny) Permit:AllowMulticastaddressrangeipaddresslearning

Deny:DonotallowMulticastaddressrangeipaddresslearning

Default

None

Mode

ipigmpprofile<1-128>:GlobalConfiguration

profilerangeip<ip-addr>[ip-addr]action(permit|deny):

igmpprofileconfigmode

285

Usage

Usethe‘ipigmpprofile1’entryfortheigmpprofileconfigmode.Use‘profilerangeip224.1.1.1224.1.1.8actionpermit’toconfiguretheprofileentry.Theprofileentryisusedbytheportfilter.Theconfigurationcanuse‘showipigmpprofile[<1-128>]’todisplay.

Example

Thefollowingexamplespecifiesthatsetipigmpprofiletest:

Switch(config)#

ipigmpprofile1

Switch(config-igmp-profile)#

profilerangeip224.1.1.1224.1.1.8actionpermit


showipigmpprofile

IPigmpprofileindex:1

IPigmpprofileaction:permit

Rangelowip:224.1.1.1

Rangehighip:224.1.1.8


exit

286

Switch(config)#

ipigmpprofile10


profilerangeip224.1.1.5224.1.1.10action

deny


showipigmpprofile

IPigmpprofileindex:

10

IPigmpprofileaction:

deny

Rangelowip:

224.1.1.5

Rangehighip:

224.1.1.10


exit

Switch(config)#

exit

287

Switch#

showipigmpprofile

IPigmpprofileindex:

1


permit

Rangelowip:

224.1.1.1

Rangehighip:

224.1.1.8

IPigmpprofileindex:

10


deny

Rangelowip:

224.1.1.5

Rangehighip:

224.1.1.10

288

IP IGMP FilterSyntax

ipigmpfilter<1-128>

[no]ipigmpfilter

Showipigmpfilter[interfacesIF_PORTS]

Parameter

<1-128> SpecifiesprofileID

[interfaces IF_PORTS] SpecifiesinterfacestodisplayDefault

None

Mode

Interface mode

Usage

Aftercreatingtheipigmpprofileentry,youcanuse‘ipigmpfilter1’tobindaprofileforaport.Whentheportbindsaprofile,thentheportlearninggroupwillupdate.Ifthegroupisnotmatchedtotheprofileruleitwillremovetheportfromthegroup.Staticgroupsareexcluded.Theconfigurationcanuse‘showipigmpfilter’todisplay.

Example

Thefollowingexamplespecifiesthatsetipigmpfiltertest.

Theconfiguremustcreateipigmpprofilefirstly.

289

Switch(config)#

ipigmpprofile1


profilerangeip224.1.1.1224.1.1.8actionpermit


exit

Switch(config)#

interface fa1

Switch(config-if)#

ipigmpfilter1

Switch(config-if)#

exit

Switch(config)#

exit

Switch#

showipigmpfilter

PortID|ProfileID

fa1:1

fa2:None

290

fa3:None

291

IP IGMP Max-Groups

Syntax

ipigmpmax-groups<0-512>

noipigmpmax-groups

ipigmpmax-groupsaction(deny|replace)

Showipigmpmax-group[interfacesIF_PORTS]

Showipigmpmax-groupaction[interfacesIF_PORTS]

Parameter

<1-128> SpecifiesprofileID

(deny | replace) Deny:Currentportigmpgrouparrivedmax-groups,don’taddgroup.

Replace:Currentportigmpgrouparrivedmax-groups,removeportformrandgroup,andaddporttogroup.

Default

noipigmpmax-groups

ipigmpmax-groupsactiondeny

Mode

Interface mode

292

Usage

Use‘ipigmpmax-groups10’tolimitportlearning.Themaxgroupnumberis10.Whentheporthaslearnedmorethan10groups,thentherestofthegroupswillberemovesfromtheportformthegroup.Staticgroupsareexcluded.Theconfigurationcanuse‘showipigmpmax-group&showipigmpmax-groupaction’todisplay.

Example

Thefollowingexamplespecifiesthatsetipigmpmax-groupsandactionisreplacetest.

Switch(config)#

interface fa1

Switch(config-if)#

ipigmpmax-groups10

Switch(config-if)#

ipigmpmax-groupsactionreplace

Switch(config-if)#

exit

Switch(config)#

exit

Switch#

showipigmpmax-group

PortID|MaxGroup

293

fa1:10

fa2:1024

fa3:1024

--More--

Switch#

showipigmpmax-groupaction

PortID|Max-groupsAction

fa1:replace

fa2:deny

fa3:deny

fa4:deny

fa5:deny

fa6:deny

--More--

294

Clear IP IGMP Snooping Groups

Syntax

clearipigmpsnoopinggroups[(dynamic|static)]

Parameter

none Clearipigmpgroupsincludedynamicandstatic

(dynamic | static) Ipigmpgrouptypeisdynamicorstatic

Default

Clearallipigmpgroups

Mode

privilegedmode

Usage

Thiscommandwillcleartheipigmpgroupsfordynamicorstaticoralloftype.Theconfigurationcanuse‘showipigmpsnoopinggroups’tocheck.

Example

Switch#

clearipigmpsnoopinggroupsstatic

Switch#


295

Switch#

clearipigmpsnoopinggroups

Switch#


296

Clear IP IGMP Snooping Statistics

Syntax

clearipigmpsnoopingstatistics

Parameter

none

Default

none

Mode

privilegedmode

Usage

Thiscommandwillcleartheigmpstatistics.Theconfigurationcanuseshowipigmpsnooping.

Example

Thefollowingexamplespecifiesthatclearipigmpsnoopingstatisticstest.

Switch#

clearipigmpsnoopingstatistics

Switch#

showipigmpsnooping

297

Show IP IGMP Snooping Counters

Syntax

showipigmpsnoopinggroupscounters

Parameter

none

Default

none

Mode

privilegedmode

Usage

Thiscommandwilldisplaytheipigmpgroupcounterincludestaticgroup.

Example

Thefollowingexamplespecifiesthatdisplayipigmpsnoopinggroupcountertest.

Switch#

showipigmpsnoopingcounters

Totalipigmpsnoopinggroupnumber:0

298

Show IP IGMP Snooping Groups

Syntax

showipigmpsnoopinggroups[(dynamic|static)]

Parameter

none Showipigmpgroupsincludedynamicandstatic](dynamic | static) DisplayIpigmpgrouptypeisdynamicorstatic

Default

displayallipigmpgroups

Mode

privilegedmode

Usage

Thiscommandwilldisplaytheipigmpgroupsfordynamicorstaticoralloftype.

Example

Thefollowingexamplespecifiesthatshowipigmpsnoopinggroupstest.

Switch#


299

Switch#

showipigmpsnoopinggroupsdynamic

Switch#

showipigmpsnoopinggroupsstatic

300

Show IP IGMP Snooping Router

Syntax

showipigmpsnoopingrouter[(dynamic|forbidden|static)]

Parameter

none Showipigmprouterincludedynamicandstaticandforbidden(dynamic | forbidden | static) DisplayIpigmprouterinfofordifferenttype

Default

displayallrouterinfo

Mode

privilegedmode

Usage

Thiscommandwilldisplaytheipigmprouterinfo.

Example

Thefollowingexamplespecifiesthatshowipigmpsnoopingroutertest.

Switch#

showipigmpsnoopingrouter

301

Switch#

showipigmpsnoopingrouterdynamic

Switch#

showipigmpsnoopingrotuerstatic

Switch#

showipigmpsnoopingrotuerforbidden

302

Show IP IGMP Snooping Querier

Syntax


Parameter

noneShowallvlanipigmpquerierinfo.

Default

none

Mode

privilegedmode

Usage

Thiscommandwilldisplayallofthestaticvlanipigmpquerierinfo.

Example

Thefollowingexamplespecifiesthatshowipigmpsnoopingqueriertest.

Switch#



1|Disabled|Non-Querier|No|------Total Entry 1

303

Show IP IGMP Snooping

Syntax

showipigmpsnooping

Parameter

noneShowipigmpsnoopingglobalinfo.

Default

none

Mode

privilegedmode

Usage

Thiscommandwilldisplayipigmpsnoopingglobalinfo.

Example

Thefollowingexamplespecifiesthatshowipigmpsnoopingtest.

Switch#

showipigmpsnooping


Snooping:Enabled

304

GeneralQueryRx:0

GeneralQueryTx:0

GSQueryRx:0

GSQueryTx:0

ReportRx:0

ReportTx:0

Packet Statistics

TotalRx:0

ValidRx:0

InvalidRx:0

OtherRx:0

GeneralQueryRx:0

GeneralQueryTx:0

GSQueryRx:0

GSQueryTx:0

ReportRx:0

ReportTx:0

LeaveRx:0

LeaveTx:0

305

Show IP IGMP Snooping VLAN

Syntax

showipigmpsnoopingvlan[VLAN-LIST]

Parameter

none Showallipigmpsnoopingvlaninfo

[VLAN-LIST] Showspecifiesvlanipigmpsnoopinginfo

Default

Showallipigmpsnoopingvlaninfo

Mode

privilegedmode

Usage

Thiscommandwilldisplayipigmpsnoopingvlaninfo.

Example

Thefollowingexamplespecifiesthatshowipigmpsnoopingvlantest.

Switch# showipigmpsnoopingvlanIGMPSnoopingisglobalyenabled

306

IGMPSnoopingVLAN1admin:disabled

IGMPSnoopingoperationmode:disabled








307

Show IP IGMP Snooping Forward-All

Syntax

showipigmpsnoopingforward-all[vlanVLAN-LIST]

Parameter

noneShowallipigmpsnoopingvlanforward-allinfo

[vlanVLAN-LIST]Showspecifiesvlanofipigmpforwardinfo.

Default

Showallvlanipigmpforwardallinfo

Mode

privilegedmode

Usage

Thiscommandwilldisplayipigmpsnoopingforwardallinfo.

Example

Thefollowingexamplespecifiesthatshowipigmpsnoopingforward-alltest.

Switch#

showipigmpsnoopingforward-all

IGMPSnoopingVLAN:1

308

IGMPSnoopingstaticport:None

IGMPSnoopingforbiddenport:None

309

Show IP IGMP Snooping Profile

Syntax

showipigmpprofile[<1-128>]

Parameter

noneShowallipigmpsnoopingprofileinfo

[<1-128>]Showspecifiesindexprofileinfo

Default

Showallipigmpprofileinfo

Mode

privilegedmode

Usage

Thiscommandwilldisplayipigmpprofileinfo.

Example

Thefollowingexamplespecifiesthatshowipigmpprofiletest.

Switch#

showipigmpprofile


310

IPigmpprofileaction:permit




IPigmpprofileaction:deny



311

Show IP IGMP Snooping Port Filter

Syntax

showipigmpfilter[interfacesIF_PORTS]

Parameter

none Showallportfilter[interfaces IF_PORTS] Showspecifiesportsfilter

Default

Showallportsipigmpfilter

Mode

privilegedmode

Usage

Thiscommandwilldisplayipigmpportfilterinfo.

Example

Thefollowingexamplespecifiesthatshowipigmpfiltertest.

Switch#

showipigmpfilter

PortID|ProfileID

312

fa1:1

fa2:None

fa3:None

fa4:None

fa5:None

--More--

313

Show IP IGMP Snooping Port Max-Group

Syntax

showipigmpmax-group[interfacesIF_PORTS]

Parameter

none Showallportmax-group[interfaces IF_PORTS] Showspecifiesportsmax-group

Default

Showallportsipigmpmax-group

Mode

privilegedmode

Usage

Thiscommandwilldisplayipigmpportmax-group.

Example

Thefollowingexamplespecifiesthatshowipigmpmax-grouptest.

Switch(config)#

interface fa1

Switch(config-if)#ipigmpmax-groups50

314

Switch(config-if)#

ipigmpmax-groups50

Switch(config-if)#

exit

Switch(config)#

exit

Switch#

showipigmpmax-group

PortID|MaxGroup

fa1:50

fa2:1024

fa3:1024

fa4:1024

fa5:1024

315

Show IP IGMP Snooping Port Max-Group ActionSyntax

showipigmpmax-groupaction[interfacesIF_PORTS]

Parameter

none Showallportmax-groupaction[interfaces IF_PORTS] Showspecifiesportsmax-groupaction

Default

Showallportsipigmpmax-groupaction

Mode

privilegedmode

Usage

Thiscommandwilldisplayipigmpportmax-groupaction.

Example

Thefollowingexamplespecifiesthatshowipigmpmax-groupactiontest.

Switch(config)#

interface fa1

Switch(config-if)#

ipigmpmax-groupsactionreplace

316

Switch(config-if)#

exit

Switch(config)#

exit

Switch#

showipigmpmax-groupaction


fa1:replace

fa2:deny

fa3:deny

fa4:deny

fa5:deny

317

Chapter 10IP Source Guard

318

IP Source Verify

Syntax

ipsourceverify

ipsourceverifymac-and-ip

noipsourceverify

Parameter

None

Default

IPSourceGuardisdisabled

Mode


Usage

UsetheipsourceverifycommandtoenableIPSourceGuardfunction.DefaultIPSourceGuardfiltersourceIPaddress.The“mac-and-ip”filtersnotonlysourceIPaddressbutalsosourceIPaddress.Usethenoformofthiscommandtodisable.

319

Example

TheexampleshowshowtoenableIPSourceGuardwithsourceIPaddressfilteringoninterfacegi1.

Switch(config)#interfacegi1

switch(config-if)#

ipsourceverify

TheexampleshowshowtoenableIPSourceGuardwithsourceIPandMACaddressfilteringoninterfacegi2.Youcanverifysettingsbythefollowingshowipsourceinterfacescommand.

Switch(config)#

interface gi2

switch(config-if)#

ipsourceverifymac-and-ip

switch(config-if)#

doshowipsourceinterfacesgi1-2

Port|Status|MaxEntry|CurrentEntry

gi1|VerifyMAC+IP|NoLimit|0

gi2|disabled|NoLimit|0

320

IP Source Binding

Syntax

ipsourcebindingA:B:C:D:E:Fvlan<1-4094>A.B.C.DinterfaceIF_PORT

noipsourcebindingA:B:C:D:E:Fvlan<1-4094>A.B.C.DinterfaceIF_PORT

Parameter

A:B:C:D:E:F SpecifyaMACaddressofabindingentry

VLAN <1-4094> SpecifyaVLANIDofabindingentryA.B.C.D SpecifyIPaddressandMASKofabindingentry.

IF_PORT Specifyinterfaceofabindingentry.

Default

Defaultisnobindingentry.

Mode

GlobalConfiguration

Usage

UsetheipsourcebindingcommandtocreateastaticIPsourcebindingentryhasanIPaddress,itsassociatedMACaddressAVLANIDAinterface.Usethenoformofthiscommandtodeletestaticentry.

321

Example

TheexampleshowshowtoaddastaticIPsourcebindingentry.Youcanverifysettingsbythefollowingshowipsourcebinding command.

Switch(config)#

ipsourcebinding00:11:22:33:44:55vlan1192.168.1.55interfacefa1

switch(config)#

doshowipsourcebinding



fa1|1|00:11:22:33:44:55|192.168.1.55(255.255.255.255)|Static|NA

322

Show IP Source Interface

Syntax

showipsourceinterfacesIF_PORTS

Parameter

IF_PORTSspecifiesportstoshow

Default

Nodefaultisdefined

Mode

GlobalConfiguration

Usage

UsetheshowipsourceinterfacecommandtoshowsettingsofIPSourceGuardofinterface

Example

TheexampleshowshowtoshowsettingsofIPSourceGuardofinterfacegi1

switch#

showipsourceinterfacesgi1

Port|Status|MaxEntry|CurrentEntry

gi1|VerifyMAC+IP|NoLimit|0

323

Show IP Source Binding

Syntax

showipsourcebinding[(dynamic|static)]

Parameter

dynamic ShowentriesthataddedbyDHCPsnoopinglearnstatic Showentriesthataddedbyuser

Default

Nodefaultisdefined

Mode

GlobalConfiguration

Usage

UsetheshowipsourcebindingcommandtoshowbindingentriesofIPSourceGuard.

Example

TheexampleshowshowtoshowstaticbindingentriesofIPSourceGuard.

switch#

showipsourcebinding


324


fa1|1|00:11:22:33:44:55|192.168.1.55(255.255.255.255)|Static|NA

325

Chapter 11Link Aggregation

326

Lag Load-balance

Syntax

lagload-balance(src-dst-mac|src-dst-mac-ip)

Parameter

src-dst-mac

SpecifyalgorithmtobalancetrafficbyusingsourceanddestinationMACaddressforallpackets.

src-dst-mac-ip

SpecifyalgorithmtobalancetrafficbyusingsourceanddestinationIPaddressforIPpacketsandusingsourceanddestinationMACaddressfornon-IPpackets.

Default

Defaultloadbalancealgorithmissrc-dst-mac

Mode

GlobalConfiguration

Usage

Linkaggregationgroupportshouldtransmitpacketsspreadtoallportstobalancetrafficloading.Therearetwoalgorithmsupportedandthiscommandallowyoutoselectthealgorithm.

327

Example

Thisexampleshowshowtochangeloadbalancealgorithmtosrc-dst-mac-ip.Switch(config)# lagload-balancesrc-dst-mac-ip

Thisexampleshowshowtoshowcurrentloadbalancealgorithm.Switch# show lagLoadBalancing:src-dst-mac-ip.

GroupID|Type|Ports

1|---------|2|---------|3|---------|4|---------|5|---------|6|---------|7|---------|8|---------|

328

LACP System-Priority

Syntax

lacpsystem-priority<1-65535>

nolacpsystem-priority

Parameter

<1-65535>Specifysystempriorityvalue

Default

Defaultsystempriorityis1.

Mode

GlobalConfiguration

Usage

LACPsystempriorityisusedfortwoconnectedDUTtoselectthemasterswitch.Alowersystempriorityvaluehasahigherpriority.AndtheDUTwithahigherprioritycandecidewhichportsareabletojointheLAG.Use“nolacpsystem-priority”torestoretothedefaultpriorityvalue.Theonlywaytoshowthisconfigurationisusingthe“showrunning-config”command.

Example

Thisexampleshowshowtoconfigurelacpsystempriorityto1000.

Switch(config)#

329

LACP Port-Priority

Syntax

lacpport-priority<1-65535>

Parameter

<1-65535>Specifyportpriorityvalue

Default

Defaultportpriorityis1.

Mode


Usage

LACPportpriorityisusedfortwoconnectedDUTtoselectaggregationports.Alowerportpriorityvaluehasahigherpriority.AndtheportwiththehigherprioritywillbeselectedintoLAGfirst.Theonlywaytoshowthisconfigurationisusingthe“showrunning-config”command.

Example

Thisexampleshowshowtoconfigureinterfacefa1lacpportpriorityto100.

Switch(config)#

interface fa1

330

Switch(config-if)#

lacpport-priority100

331

LACP Timeout

Syntax

lacptimeout(long|short)

Parameter

longSendLACPpacketevery30seconds.

shortSendLACPpacketevery1second.

Default

DefaultLACPtimeoutislong.

Mode


Usage

LACPneedtosendLACPpackettopartnerswitchtocheckthe linkstatus.Thiscommandconfiguresthe intervalofsendingLACPpackets.Theonlywaytoshowthisconfigurationisusingthe“showrunning-config”command.

Example

Thisexampleshowshowtoconfigureinterfacefa1lacptimeouttoshort.

Switch(config)#interfacefa1

332

Switch(config-if)#

lacptimeoutshort

333

LAG

Syntax

lag<1-8>mode(static|active|passive)

no lag

Parameter

<1-8> SpecifytheLAGidfortheinterfacestatic SpecifytheLAGtobestaticmodeandjointheinterfaceintothisLAG.active SpecifytheLAGtobedynamicmodeandjointheinterfaceintothisLAGwithLACPactiveport.passive SpecifytheLAGtobedynamicmodeandjointheinterfaceintothisLAGwithLACPpassiveport.

Default

ThereisnoLAGindefault

Mode


Usage

Linkaggregationgroupfunctionallowsyoutoaggregatemultiplephysicalportsintoonelogicporttoincreasebandwidth.ThiscommandmakesnormalportjoinintothespecificLAGlogicportwithstaticordynamicmode.Anduse“nolag”toleavetheLAGlogicport.

334

Example

ThisexampleshowshowtocreateadynamicLAGandjoinfa1-fa3tothisLAG.

Switch(config)#

interfacerangefa1-3

Switch(config-if)#

lag 1 mode active

ThisexampleshowshowtoshowcurrentLAGstatus.

Switch#

show lag

LoadBalancing:src-dst-mac-ip.

GroupID|Type|Ports

1|LACP|Inactive:fa1-32|------|3|------|4|------|5|------|6|------|7|------|8|------|

335

Show Lag

Syntax

show lag

Parameter

None

Default

Nodefaultvaluesforthiscommand.

Mode

Privileged EXEC

Usage

Use“showlag”commandtoshowcurrentLAGloadbalancealgorithmandmembersactive/inactivestatus.

Example

ThisexampleshowshowtoshowcurrentLAGstatus.

Switch#

show lag

LoadBalancing:src-dst-mac-ip.

336

GroupID|Type|Ports

1|LACP|Inactive:fa1-32|------|3|------|4|------|5|------|6|------|7|------|8|------|

337

Chapter 12LLDP

338

LLDP

Syntax

lldp

nolldp

Default

lldp

Mode

GlobalConfiguration

Usage

The“lldp”commandgloballyenablestheLLDPRX/TXability.The“nolldprun”commanddisablestheLLDPRX/TXabilityandthebehaviorwhenreceivingaLLDPPDUwouldthenbedecidedbythe“lldplldpdu”command.TheLLDPenablingstatusisdisplayedbythe“showlldp”command.

Example

ThefollowingexamplesetsLLDPenable/disable.


showlldp

339


lldp

State:Enabled

Timer:30Seconds

Holdmultiplier:4

Reinitdelay:2Seconds

Txdelay:2Seconds

LLDPpackethandling:Flooding


nolldpSwitch121212(config)# showlldp

State:Disabled

Timer:30Seconds

Holdmultiplier:4


Txdelay:2Seconds


340

LLDP Tx-Interval

Syntax

lldptx-interval<5-32768>

Parameter

<5-32768>SpecifytheLLDPPDUTXintervalinunitofsecond.

Default

lldptx-interval30

Mode

GlobalConfiguration

Usage

ThiscommandgloballyconfigurestheLLDPTXinterval.Itshouldbenoticedthatboth“lldptx-interval”and“lldptx-delay”affectstheLLDPPDUTXtime.ThelargervalueofthetwoconfigurationsdecidestheTXinterval.Theconfigurationcouldbeshownbythe“showlldp”command.

Example

ThisexamplesetsLLDPTXintervalto10seconds.


lldptx-interval10

341


showlldp

State:Disabled

Timer:10Seconds

Holdmultiplier:4


Txdelay:2Seconds


342

LLDP Reinit-Delay

Syntax

lldpreinit-delay<1-10>

Parameter

<1-10>SpecifytheLLDPre-initialdelaytimeinunitofsecond.

Default

lldp reinit-delay 2

Mode

GlobalConfiguration

Usage

ThiscommandgloballyconfigurestheLLDPre-initialdelay.ThisdelayavoidstheLLDPfromgeneratingtoomanyPDUsiftheportisupanddownfrequently.Thedelaystartstocountdownwhentheportlinksdown.TheportwouldnotgenerateaLLDPPDUuntilthedelaycountstozero.Theconfigurationcouldbeshownbythe“showlldp”command.

Example

ThisexamplesetsLLDPre-initialdelayto5seconds.


lldpreinit-delay5

343


showlldp

State:Disabled

Timer:10Seconds

Holdmultiplier:4


Txdelay:2Seconds


344

LLDP Holdtime-Multiplier

Syntax

lldpholdtime-multiplier<2-10>

Parameter

<2-10>SpecifytheLLDPholdtimemultiplier.

Default

lldpholdtime-multiplier4

Mode

GlobalConfiguration

Usage

ThiscommandgloballyconfigurestheLLDPPDUholdmultiplierthatdecidesthetime-to-live(TTL)valuesentinLLDPadvertisements:TTL=(txinterval*holdtime-multiplier).Theconfigurationcouldbeshownbythe“showlldp”command.

Example

ThisexamplesetsLLDPholdtimemultiplierto3.


lldpholdtime-multiplier3

345


showlldp

State:Disabled

Timer:10Seconds

Holdmultiplier:3


Txdelay:2Seconds


346

LLDP Tx-Delay

Syntax

lldptx-delay<1-8192>

Parameter

<1-8192>SpecifytheLLDPtxdelayinunitofseconds.

Default

lldp tx-delay 2

Mode

GlobalConfiguration

Usage

ThiscommandgloballyconfiguresthedelayinsecondsbetweensuccessiveLLDPframetransmissions.ThedelaystartstocountinanycasethataLLDPPDUissentby,suchasaLLDPPDUadvertiseroutine,LLDPPDUcontentchange,portlinkup,etc.Theconfigurationcouldbeshownbythe“showlldp”command.

Example

ThisexamplesetsLLDPPDUTXdelayto10.


lldptx-delay10

347


showlldp

State:Disabled

Timer:10Seconds

Holdmultiplier:4


Txdelay:10Seconds


348

LLDP TLV-Select

Syntax

lldptlv-selectTLV[TLV][TLV][TLV][TLV][TLV][TLV][TLV]

nolldptlv-select

Parameter

TLVSpecifytheselectedoptionalTLV.AvailableoptionalTLVsare:sys-name(systemname),sys-desc(systemdescription),sys-cap(systemcapability),mac-phy(802.3MAC-PHY),lag(802.3linkaggregation),maxframe-size(802.3maxframesize),andmanagementaddr(managementaddress).

Default

nolldptlv-select

Mode

PortConfiguration

Usage

ThiscommandperportconfigurestheselectedTLVattachinginPDU.The“nolldptlv-select”commandwouldremoveallselectedTLVs.Theconfigurationcouldbeshownbythe“showlldp”command.

Example

Thisexampleselectsthesystemname,systemdescription,systemcapability,802.3MAC-PHY,802.3linkaggregation,802.3maxframesize,andmanagementaddressTLVsforinterfacesfa1andfa3.

349


interfacerangefa1,3

Switch121212(config-if-range)#

lldptlv-selectport-descsys-namesys-descsys-capmac-phylagmax-frame-sizemanagement-addr


exit


showlldpinterfacesfa1,3

State:Disabled

Timer:10Seconds

Holdmultiplier:3


Txdelay:2Seconds


Port|State|OptionalTLVs|Address

fa1|RX,TX|PD,SN,SD,SC|192.168.1.254


PortID:fa1

350

802.3optionalTLVs:802.3-mac-phy,802.3-lag,802.3-max-frame-size,

management-addr

802.1optionalTLVs

PVID:Enabled

PortID:fa3


management-addr

802.1optionalTLVs

PVID:Enabled

351

LLDP TLV-Select PVIDSyntax

lldptlv-selectpvid(disable|enable)

Parameter

(disable|enable)SpecifiestheLLDP802.1PVIDTLVattachenablestatus.

Default

lldptlv-selectpvidenable

Mode

PortConfiguration

Usage

Thiscommandperportconfiguresthe802.1PVIDTLVattachenablestatus.Theconfigurationcouldbeshownbythe“showlldp”command.

Example

Thisexamplesetstheportgi1PVIDTLVattachstatustodisabledandtheportgi2toenabled.


interface gi1


lldptlv-selectpviddisable

352


exit


interface gi2




exit


showlldpinterfacesgi1,gi2

State:Disabled

Timer:10Seconds

Holdmultiplier:3


Txdelay:2Seconds


353


gi1|RX,TX||192.168.1.254

gi2|RX,TX||192.168.1.254

PortID:gi1

802.3optionalTLVs:

802.1optionalTLVs

PVID:Disabled

PortID:gi2

802.3optionalTLVs:

802.1optionalTLVs

PVID:Enabled

354

LLDP TLV-Select VLAN-Name

Syntax

lldptlv-selectvlan-name(add|remove)VLAN-LIST

Parameter

(add|remove) SpecifiestoaddorremoveVLANlistforLLDP802.1VLAN-NAMETLV.VLAN-LIST SpecifyVLANlist.TheconfiguredportsshouldbememberofallthespecifiedVLANsortheVLAN-

LIST is not valid.

Default

IndefaultnoVLANisadded

Mode

PortConfiguration

Usage

ThecommandsperportconfigurationtoaddorremovetheVLANlistfor802.1VLAN-NAMETLV.Theconfigurationcouldbeshownbythe“showlldp”command

Example

ThisexampleaddsVLAN1,100,4000toVLAN-NAMETLVforportfa10.

355


vlan100

Switch121212(config-vlan)#

exit


vlan4000

Switch121212(config-vlan)#

exit


interfacefa10


switchporttrunkallowedvlanaddall




exit


showlldpinterfacesgi1,gi2

State:Disabled

356

Timer:10Seconds

Holdmultiplier:3


Txdelay:2Seconds



gi1|RX,TX||192.168.1.254

gi2|RX,TX||192.168.1.254

PortID:gi1

802.3optionalTLVs:

802.1optionalTLVs

PVID:Disabled

PortID:gi2

802.3optionalTLVs:

802.1optionalTLVs

PVID:Enabled

357

LLDP LLDPDU

Syntax

lldplldpdu(filtering|flooding|bridging)

Parameter

(filtering|flooding|bridging)SpecifiesthatwhenLLDPisgloballydisabled,receivedLLDPpacketsarefiltered(dropped),flooded(forwardedtoallinterfaces)orbridged(floodedtoVLANmemberports).

Default

lldplldpduflooding

Mode

GlobalConfiguration

Usage

ThiscommandgloballyconfigurestheLLDPPDUhandlingbehaviorwhenLLDPisgloballydisabled.ItshouldbenotedthatifLLDPisgloballyenabledandtheperportLLDPRXstatusisconfiguredtodisabled,thereceivedLLDPPDUwouldbedroppedinsteadoftakingthegloballydisabledbehavior.Theconfigurationcouldbeshownbythe“showlldp”command.

358

Example

ThisexamplesetsLLDPdisableactiontobridging.


lldplldpdubridging


showlldp

State:Enabled

Timer:30Seconds

Holdmultiplier:4


Txdelay:2Seconds

LLDPpackethandling:Bridging

359

LLDP Rx LLDP Tx

Syntax

lldprx

nolldprx

lldptx

nolldptx

Default

lldprx

lldptx

Mode

PortConfiguration

Usage

ThecommandsperportconfigurestheLLDPPDURXandTXability.Theconfigurationcouldbeshownbythe“showlldp”command.

Example

Thisexamplesetsportfa1toenableLLDPRXandTX,portfa2todisableRXbutenableTX,portfa3toenableRXbutdisableTX,portfa4todisableRXandTX.

360


interface fa1

Switch121212(config-if)#

lldprx


lldptx


exit


interface fa2


nolldprx


lldptx


exit


interface fa3

361


lldprx


nolldptx


exit


interfacefa4


nolldprx


nolldptx


exit


showlldpinterfacesfa1-4

State:Enabled

Timer:30Seconds

362

Holdmultiplier:4


Txdelay:2Seconds

LLDPpackethandling:Bridging


fa1|RX,TX||192.168.1.254

fa2|TX||192.168.1.254

fa3|RX||192.168.1.254

fa4|Disable||192.168.1.254

363

LLDP Med

Syntax

lldpmed

nolldpmed

Default

lldpmed

Mode

PortConfiguration

Usage

ThecommandsperportconfigurestheLLDPMEDenablestatus.IfLLDPMEDisenabled,theLLDPMEDcapabilityTLVandotherselectedMEDTLVwouldbeattached.Theconfigurationcouldbeshownbythe“showlldpmed”command.

Example

Thisexamplesetsportsfa1-4toenableLLDPMEDandportsfa5-8todisableLLDPMED.


interfacerangefa1-4


lldpmed

364


exit


interfacerangefa5-8


nolldpmed


exit


showlldpinterfacesfa1-8med

Port|Capabilities|NetworkPolicy|Location|Inventory|POE

fa1|Yes|Yes|No|No|No




fa5|No|Yes|No|No|No

fa6|No|Yes|No|No|No

fa7|No|Yes|No|No|No

365

fa8|No|Yes|No|No|No

366

LLDP Med TLV-Select

Syntax

lldpmedtlv-selectMEDTLV[MEDTLV][MEDTLV][MEDTLV]

nolldpmedtlv-select

Parameter

MEDTLVMEDoptionalTLV.AvailableoptionalTLVsare:network-policy,location,poe-pse,inventory.

Default

lldpmedtlv-selectnetwork-policy

Mode

PortConfiguration

Usage

ThecommandsperportconfigurestheLLDPMEDTLVselection.The“nolldpmedtlv-select”commandwouldremoveallselectedMEDTLVsoverthededicatedports.ItshouldbenotedthatevenifnoMEDTLVisselected,theMEDcapabilityTLVwouldbeattachedifaLLDPMEDisenable.Theconfigurationcouldbeshownbythe“showlldpmed”command.

Example

Thisexamplesetsportsfa1-2toselecttheLLDPMEDnetworkpolicy,location,POE-PSE,inventoryTLVs,andsetsportsfa3-4todeselectallLLDPMEDTLVs.

367


interfacerangefa1-2


lldpmedtlv-selectnetwork-policylocationpoe-pseinventory


exit


interfacerangefa3-4


nolldpmedtlv-select


exit


showlldpinterfacesfa1-4med


fa1|Yes|Yes|Yes|Yes|Yes


fa3|Yes|No|No|No|No

368

fa4|Yes|No|No|No|No

369

LLDP Med Fast-Start-Repeat-Count

Syntax

lldpmedfast-start-repeat-count<1-10>

Parameter

<1-10>LLDPPDUfaststartTXrepeatcounts.

Default

lldpmedfast-start-repeat-count3

Mode

GlobalConfiguration

Usage

ThecommandsgloballyconfigurestheLLDPPDUfaststartTXrepeatcount.Whentheportlinksareup,itwillsendaLLDPPDUimmediatelytonotifythelinkpartner.ThenumberofLLDPPDUssentwhenitlinksupdependsonthefast-start-repeat-countconfiguration.TheLLDPPDUfast-starttransmitsinintervalsofonesecond.ThefaststartbehaviorworksnomatterwhethertheLLDPMEDisenabledornot.Theconfigurationcouldbeshownbythe“showlldpmed”command.

Example

Thisexamplesetsfaststartrepeatcountto10.



370


showlldpmed

FastStartRepeatCount:10

lldpmednetwork-policyvoice:auto

372

Usage

ThecommandgloballyconfigurestheLLDPMEDnetworkpolicytable.The“lldpmednetwork-policy”commandcreatesanetworkpolicyentrythatcanbeboundtoports.IftheLLDPMEDnetworkpolicyvoiceautomodeisenabled,the“voice”typenetworkpolicycannotbecreatedsinceitisinautomode.The“nolldpmednetwork-policy”commandclearsthenetworkpolicyentryofthespecifiedindex.Anetworkpolicycanbeclearedonlywhenitisnotboundtoanyport.Thenetworkpolicytableconfigurationcouldbeshownbythe“showlldpmed”command.

Example

Thisexamplecreates2networkpolicies.


lldpmednetwork-policy1appvoice-signalingvlan2

vlan-typetagpriority3dscp4


lldpmednetwork-policy32appvideo-conferencing

vlan5vlan-typetagpriority1dscp63


showlldpmed



373

Network policy 1

Applicationtype:VoiceSignaling

VLANID:2tagged

Layer2priority:3

DSCP:4

Network policy 32

Applicationtype:Conferencing

VLANID:5tagged

Layer2priority:1

DSCP:63

374

LLDP Med Network-Policy Add|Remove

Syntax

lldpmednetwork-policy(add|remove)<1-32>

Parameter

(add | remove) Addorremovenetworkpolicybindingforports.<1-32> Specifythenetworkpolicyindex

Default


Mode

PortConfiguration

Usage

Thecommandperportconfiguresthenetworkpolicybindingforportinterface.Theboundnetworkpolicyofoneportshouldbeconfiguredwithdifferenttypes.IfanetworkpolicyTLVisselectedoveraport,theboundnetworkpolicieswouldbeattachedinLLDPMEDPDU.Theconfigurationofnetworkpolicybindingcouldbeshownbythe“showlldpmed”command.

375

Example

Thisexamplebindsnetworkpolicyforinterfacefa1andfa2.


showlldpmed



Network policy 1


VLANID:2tagged

Layer2priority:3

DSCP:4

Network policy 32


VLANID:5tagged

Layer2priority:1

DSCP:63


interfacerangefa1,2

376


lldpmednetwork-policyadd1,32


showlldpinterfacesfa1,2med




PortID:fa1

Networkpolicies:1,32

PortID:fa2


377

LLDP Med Network-Policy Auto

Syntax

lldpmednetwork-policyauto

nolldpmednetwork-policyauto

Default


Mode

GlobalConfiguration

Usage

Thecommandgloballyconfiguresthenetworkpolicyvoiceautomodeenablingstatus.Invoiceautomode,ifanetwork-policyTLVisselected,avoicetypenetworkpolicywouldbeattachedtoaPDUforwhichthecontentscomefromvoiceVLANconfiguration.ThisworksforavoiceVLANmoduletoexchangevoiceVLANinformationwithalinkpartner.Ifthevoiceautomodeisenabled,ausercannotmanuallycreateavoicetypenetworkpolicy;ifavoicetypenetworkpolicyiscreated,thevoiceautomodecannotbeenabled.Theconfigurationofnetworkpolicyautomodecouldbeshownbythe“showlldp med” command.

378

Example

Thisexamplesetsthenetworkpolicyautomodetoenabledandthentodisabled.




showlldpmed




nolldpmednetwork-policyauto


showlldpmed


lldpmednetwork-policyvoice:manual

379

LLDP Med Location

Syntax

lldpmedlocation(coordination|civic-address|ecs-elin)ADDR

nolldpmedlocation(coordination|civic-address|ecs-elin)

Parameter

(coordination | civic-address | ecselin) Locationtypetobeconfigured.“ecs-elin”isabbreviationofemergencycallservice–emergencylocationidentifiernumber

ADDR Specifythelocationdata.Inputformatishexadecimalvalueswithoutcolon(forexample:1234AB).Forcoordinationlocationtype,thelengthofADDRis16bytes.Forcivic-address,thelengthis6to160bytes.Forecs-elin,thelengthis10to25bytes.

Default

Indefaultalllocationsarecleared

Mode

PortConfiguration

Usage

ThecommandperportconfigurestheLLDPMEDlocationdata.The“nolldpmedlocation”commandclearsthelocationdata.The“coordinate”,“civicaddress”,“ecs-elin”locationsareindependent,soatmostthreelocationTLVscouldbesentiftheirdataarenotempty.Theconfigurationofthelocationcouldbeshownbythe“showlldpinterfacePORTmed”command.

380

Example

Thisexamplesetsthelocationdataforinterfacefa1.


interface fa1


lldpmedlocationcoordinate112233445566778899AABBCCDDEEFF00


lldpmedlocationcivic-address112233445566


lldpmedlocationecs-elin112233445566778899AA


showlldpinterfacesfa1med



PortID:fa1


Location:

Coordinates:112233445566778899AABBCCDDEEFF00

381

Civic-address:112233445566

Ecs-elin:112233445566778899AA

382

Show LLDP

Syntax

showlldp

showlldpinterfaceIF_NMLPORTS

Parameter

IF_NMLPORTSSpecifytheportstodisplayinformation

Default

Thiscommandhasnodefaultvalue.

Mode

Privileged,GlobalConfiguration

Usage

The“showlldp”and“showlldpinterface”commanddisplaysLLDPglobalinformationincludingtheLLDPenablingstatus,LLDPPDUTXinterval,holdtimemultiplier,re-initialdelay,TXdelay,andLLDPpackethandlingwhenaLLDPisdisabled.Theperport informationdisplayedincludestheportLLDPRX/TXenablingstatusandtheselectedTLVtoTXandIPaddress.TheabbreviationsintheoptionalTLVsare:portdescription(PD),systemname(SN),systemdescription(SD),andsystemcapability(SC).

383

Example

Thisexampledisplayslldpinformationofportfa1andgi1

Switch121212#

showlldpinterfacesfa1,gi1

State:Disabled

Timer:30Seconds

Holdmultiplier:4


Txdelay:2Seconds




gi1|RX,TX||192.168.1.254

PortID:fa1


management-addr

802.1optionalTLVs

PVID:Enabled

384

PortID:gi1

802.3optionalTLVs:

802.1optionalTLVs

PVID:Enabled

385

Show LLDP Local-Device

Syntax

showlldplocal-device

showlldpinterfacesIF_NMLPORTSlocal-device

Parameter


Default

Thereisnodefaultconfigurationforthiscommand.

Mode


Usage

ThecommandsshowthelocalconfigurationofLLDPPDU.Bythecommands,ausercanviewthecontentsofLLDP/LLDP-MEDTLVsthatwouldbeattachedinLLDPPDU.

386

Example

Thisexampledisplaythelocaldeviceinformation.


showlldplocal-device

LLDPLocalDeviceInformation:

ChassisType:MacAddress

ChassisID:00:12:12:12:12:12

SystemName:Switch121212

SystemDescription:

SystemCapabilitiesSupport:Bridge

SystemCapabilitiesEnable:Bridge

ManagementAddress:192.168.1.254(IPv4)


showlldpinterfacesfa1local-device

DeviceID:00:12:12:12:12:12

PortID:fa1


Capabilities:Bridge

387

Systemdescription:

Portdescription:

Managementaddress:192.168.1.254

TimeToLive:120

802.3MAC/PHYConfigur/Status

Auto-negotiationsupport:Supported

Auto-negotiationstatus:Enabled

Auto-negotiationAdvertisedCapabilities:10BASE-Thalfduplex,10BASET

fullduplex,100BASE-TXhalfduplex,100BASE-TXfullduplex

OperationalMAUtype:Otherorunknown

802.3LinkAggregation

Aggregationcapability:Capableofbeingaggregated

Aggregationstatus:Notcurrentlyinaggregation

AggregationportID:0

802.3MaximumFrameSize:1522

802.1PVID:1

LLDP-MEDcapabilities:Capabilities,NetworkPolicy,Location,Extended

PSE,Inventory

388

LLDP-MEDDevicetype:NetworkConnectivity

LLDP-MEDNetworkpolicy


Flags:UnknownPolicy

VLANID:2

Layer2priority:3

DSCP:4



Flags:UnknownPolicy

VLANID:5

Layer2priority:1

DSCP:63

Hardwarerevision:1123

Firmwarerevision:2.5.0-beta.32801

Softwarerevision:2.5.0-beta.32801

Serialnumber:abc

ManufacturerName:

389

Modelname:

AssetID:

LLDP-MEDLocation

Coordinates:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00

Civic-address:11:22:33:44:55:66

Ecs-elin:11:22:33:44:55:66:77:88:99:AA

390

Show LLDP Neighbor

Syntax

showlldpneighbor

showlldpinterfacesIF_NMLPORTSneighbor

Parameter


Default

Thereisnodefaultconfigurationforthiscommand

Mode


Usage

WhenaLLDPPDUisreceivedonLLDPRXenabledports,thesystemwouldstorethePDUinformationinadatabaseuntilthetimetoliveofthePDUcountsdowntozero.ThecommanddisplaysthereceivedneighborLLDPPDUinformation.

Example

Thisexampledisplaytheneighborinformation.


showlldpneighbor

392

fullduplex,100BASE-TXhalfduplex,100BASE-TXfullduplex

OperationalMAUtype:100BASE-TXfullduplexmode

802.3LinkAggregation

Aggregationcapability:Capableofbeingaggregated

Aggregationstatus:Notcurrentlyinaggregation

AggregationportID:0

802.3MaximumFrameSize:1522

802.1PVID:1

LLDP-MEDcapabilities:Capabilities,NetworkPolicy,Location,Extended

PSE,Inventory

LLDP-MEDDevicetype:NetworkConnectivity



Flags:UnknownPolicy

VLANID:2

Layer2priority:3

DSCP:4


393

]Applicationtype:Conferencing

Flags:UnknownPolicy

VLANID:5

Layer2priority:1

DSCP:63

LLDP-MEDPoweroverEthernet

DeviceType:PowerSourcingEntity

PowerSource:PrimaryPowerSource

Powerpriority:Low

Powervalue:13.0Watts

Hardwarerevision:1123

Firmwarerevision:2.5.0-beta.32801

Softwarerevision:2.5.0-beta.32801

Serialnumber:abc

ManufacturerName:

Modelname:

AssetID:

LLDP-MEDLocation

394

Coordinates:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF:00

Civic-address:11:22:33:44:55:66

Ecs-elin:11:22:33:44:55:66:77:88:99:AA

395

Show LLDP Med

Syntax

showlldpmed

showlldpinterfacesIF_NMLPORTSmed

Parameter


Default


Mode


Usage

ThecommandsdisplaystheLLDPMEDconfigurationinformation

Example

ThisexampledisplaytheLLDPMEDinformation.


showlldpmed

396


lldpmednetwork-policyvoice:manual

Network policy 1


VLANID:2tagged

Layer2priority:3

DSCP:4

Network policy 32


VLANID:5tagged

Layer2priority:1

DSCP:63




fa3|Yes|No|No|No|No

fa4|Yes|No|No|No|No

fa5|No|Yes|No|No|No

397

fa6|No|Yes|No|No|No

fa7|No|Yes|No|No|No

fa8|No|Yes|No|No|No

















398

gi1|Yes|Yes|No|No|No





showlldpinterfacesfa1med



PortID:fa1


Location:

Coordinates:112233445566778899AABBCCDDEEFF00

Civic-address:112233445566

Ecs-elin:112233445566778899AA


399

Show LLDP Statistics

Syntax

showlldpstatistics

showlldpinterfacesIF_NMLPORTSstatistics

Parameter


Default


Mode


Usage

ThecommanddisplaystheLLDPRX/TXstatistics.

Example

ThisexampledisplaytheLLDPstatistics.

witch121212(config)#

showlldpstatistics

400

LLDPGlobalStatistics:

Insertions:3

Deletions:0

Drops:0

AgeOuts:1

|TXFrames|RXFrames|RXTLVs|RXAgeouts

Port | Total | Total | Discarded | Errors | Discarded | Unrecognized |

Total

fa1|50|0|0|0|0|0|0

fa2|0|0|0|0|0|0|0

fa3|0|50|0|0|0|0|1

fa4|0|0|0|0|0|0|0

fa5|0|0|0|0|0|0|0

fa6|0|0|0|0|0|0|0

fa7|0|0|0|0|0|0|0

fa8|0|0|0|0|0|0|0

fa9|0|0|0|0|0|0|0

fa10|0|0|0|0|0|0|0

401

fa11|3377|10129|0|0|0|0|0

fa12|0|0|0|0|0|0|0

fa13|0|0|0|0|0|0|0

fa14|0|0|0|0|0|0|0

fa15|0|0|0|0|0|0|0

fa16|0|0|0|0|0|0|0

fa17|0|0|0|0|0|0|0

fa18|0|0|0|0|0|0|0

fa19|0|0|0|0|0|0|0

fa20|0|0|0|0|0|0|0

fa21|0|0|0|0|0|0|0

fa22|0|0|0|0|0|0|0

fa23|0|0|0|0|0|0|0

fa24|0|0|0|0|0|0|0

gi1|3377|0|0|0|0|0|0

gi2|3377|0|0|0|0|0|0

gi3|0|0|0|0|0|0|0

gi4|0|0|0|0|0|0|0

403

Show LLDP TLV-Overloading

Syntax

showlldpinterfacesIF_NMLPORTStlvs-overloading

Parameter


Default

Thereisnodefaultconfigurationforthiscommand.

Mode


Usage

TheLLDPPDUiscomposedbyTLVsandaselectednumberTLVsmaycomposealargePDUthatthesystemcannothandle.ThemaximumPDUlengthistotakethesmallerjumboframesizeminus30bytes(30byteskeptforaheader)or1488bytes.ThecommanddisplaysthelengthofLLDPTLVsandifaTLVoverloadsthePDUlengththentheTLVswithastatusmarked“overload”wouldnotbetransmitted.

Example

ThisexampledisplaytheLLDPTLVsoverloadingstatusofportfa1.


showlldpinterfacesfa1tlvs-overloading

404

fa1:

TLVsGroup|Bytes|Status

Mandatory | 21 | Transmitted

LLDP-MEDCapabilities|9|Transmitted

LLDP-MEDLocation|53|Transmitted

LLDP-MEDNetworkPolicies|20|Transmitted

LLDP-MEDPOE|9|Transmitted

802.3|30|Transmitted

Optional|38|Transmitted

LLDP-MEDInventory|97|Transmitted

802.1|8|Transmitted

Total:285bytes

Left:1203bytes

405

Chapter 13Logging

406

Logging

Syntax

logging

no logging

Parameter

None

Default

logging

Mode

GlobalConfiguration

Usage

Enable/Disable the logging service.

Logging

Enabletheloggingservice.Itistheglobaloptionfortheloggingservice.Thestatusoftheloggingserviceisavailablefrom the command “show logging”.

No logging

Disabletheloggingservice.Whentheloggingserviceisdisabled,allmessageswillstoploggingtothesystem.

407

Show logging

Displaythegloballoggingstatus.Itwillshowtheloggingconfigurationofthe

system,includingthegloballoggingstatus,andthelistsofloggingservices.

Example

Switch(config)#

show logging

Switch(config)#

no logging

Switch(config)#

show logging

Logging service is disabled

TARGET|STATUS|Server(PORT)|FACILITY|LOGLEVEL

buffered|enabled|||emerg,alert,crit,error,warning,notice,info

Switch(config)#

logging

Switch(config)#

show logging

Logging service is enabled

408



409

Logging Flash|Buffered

Syntax

logging(flash|buffered)[severity<0-7>]

nologging(flash|buffered)

Parameter

flash Specifyloggingtoflash.buffer SpecifyloggingtoRAM.

severity Specifytheminimumseveritymaskofloggingmessage.

Default

loggingbuffered

nologgingflash

Parameter:

severity6:(emerg,alert,crit,error,warning,notice,info)

Mode

GlobalConfiguration

410

Usage

Enable/DisablethelocalcapabilitytologmessagestoRAM/flashwiththeminimumseverity.Theminimumseverityvalueis“6”,includingmessagesofseverityemergency,alert,critical,error,warning,notice,andinfo.

Logging flash

Enablesthecapabilitytologmessagetoflash.Thedefaultminimumseverityis6.Whentheserviceisenabled,messageswillstarttobeloggedtotheflash.Allloggingmessageswillbesavedwhenthesystemshutsdown.Onlywhenthelocalloggingcapabilityofflashisenabledwillthestatusofloggingtheflashservicewillbeshownbythecommand“showlogging”.

Logging buffered

Enablesthecapabilityto logmessagestoRAM.Thedefaultminimumseverity is6.Whentheservice isenabled,themessageswillstarttobeloggedtoRAM.Allloggingmessagewillbelostwhenthesystemshutsdown.

No logging flash

Disablesthecapabilitytologmessagestoflash.Oncetheloggingcapabilityofflashisdisabled,thestatusofloggingtheflashservicewillberemovedfromtheservicelistshownbythecommand“showlogging”.

No logging buffered

DisablesthecapabilitytologmessagestoRAM.

Show logging

Displaystheloggingstatus.Itwillshowtheloggingconfigurationofthesystem,includingthegloballoggingstatusandthelistsofloggingservices.Whenthelocalloggingcapabilityisenabled,thestatusofthelocallogging(flashorbuffered)willbeshownbythecommand“showlogging”;Otherwise,theloggingentrywillberemovedfromtheservicelist.

411

Example

Switch(config)#

show logging




Switch(config)#

nologgingbuffer

Switch(config)#

show logging



Switch(config)#

loggingbuffered

Switch(config)#

loggingflashseverity5

Switc(config)h#

show logging

412




flash|enabled|||emerg,alert,crit,error,warning,notice

413

Logging Host

Syntax

logginghost<ip-addr>[port<0-65535>][severity<0-7>][facility(local0|local1|local2|local3|local4|local5|local6|local7)]

nologging<ip-addr>

Parameter

ip-addr SpecifytheIPaddressofremoteloggingserver.port Specifytheportnumberofremoteloggingserver.

severity Specifytheminimumseveritymaskofloggingmessage.facility Specifythefacilityofloggingmessages.

Default

N/A

Parameter:

port514:

severity6:(emerg,alert,crit,error,warning,notice,info)

facility:Local7

Mode

GlobalConfiguration

414

Usage

Enable/Disablethecapabilitytologmessagetotheremotesyslogserver.

Logging host 192.168.1.100

Enablesthecapabilityto logmessagestotheremoteserver.Thedefaultvaluesoftheparameterport is“514”.Theseverityis“6”(emerg,alert,crit,error,warning,notice,info),andthefacilityis“local7”.Allloggingmessageswillbesenttotheremoteserver.Onlywhentheremoteloggingcapabilityisenabledwillthestatusofremoteloggingservicewillbeshownbythecommand“showlogging”.Whenanexistingentryissettwice,theoldsettingwillbereplacedandmodifiedwith the new one.

No logging host 192.168.1.100

Disablesthecapabilitytologmessagestotheremoteserver.Whentheremoteloggingserviceisdisabled,thelogwillnotbesenttotheremotesyslogserver,andthestatusofremoteloggingentrywillberemovedfromservicelistshownby the command “show command”.

Show logging

Displaystheloggingstatus.Itwillshowtheloggingconfigurationofthesystem,includingthegloballoggingstatusandthelistsofloggingservices.Whentheremoteloggingcapabilityisenabled,thestatusofremoteloggingwillbeshownbythecommand“showlogging”.Otherwise,theremoteloggingentrywillberemovedfromtheservicelist.

Example

Switch(config)#

logginghost192.168.1.100

Switch(config)#

logginghost192.168.1.100port2048severity

415

3 facility local1

Switch(config)#s

how logging





host|enabled|192.168.1.100(2048)|local1|emerg,alert,crit,error

Switch(config)#

nologginghost192.168.1.100

Switch(config)#

show logging





416

Show Logging

Syntax

show logging

Parameter

None

Default

None

Mode


Usage

show logging

Shows the logging configuration.The information includes theglobal logging service status, and the list of loggingservice.Statusofthegloballoggingservicecanbedeterminedbythecommand“logging/nologging”.Thelistofloggingservices shows all the active logging services.

Example

Switch(config)#

show logging


417



418

Show Logging Flash|BufferedSyntax

showlogging(flash|buffered)

Parameter

FlashSpecifyshowingthemessagesloggedtoflash.

BufferedSpecifyshowingthemessagesloggedtoRAM.

Default

None

Mode


Usage

Showsthemessagesloggedtoflash/RAM.

Show logging flash

Showsthemessagesloggedtotheflash.Whenthecapabilityoftheserviceisenabled,itwillshowallmessagesloggedtoflash.Allmessageswillbeloggedinaninversechronologicalorder.

Show logging buffered

ShowsthemessagesloggedtoRAM.Whenthecapabilityoftheserviceisenabled,itwillshowallmessagesloggedtoRAM.Logswillbelostafterasystemshutdown.Allmessageswillbeloggedinaninversechronologicalorder.

420

Clear Logging Flash|BufferedSyntax

clearlogging(flash|buffered)

Parameter

flash Specifyclearingthemessagesloggedtoflash.Buffered SpecifyclearingthemessagesloggedtoRAM.

Default

None

Mode


Usage

Clearthemessageloggedtoflash/RAM.

Clear logging flash

Clearthemessagesloggedtoflash.

Clear logging buffered

Clear the messages logged to RAM.

421

Example

Switch#

showloggingbuffered



1|Jan0108:00:57|STP|info|Port1STPportstateissettoForwarding

2|Jan0108:00:42|STP|info|Port1STPportstateissettoLearning

3|Jan0108:00:30|AAA|info|User‘’enterprivilegedmodefromconsolewithlevel‘15’success

4|Jan0108:00:28|AAA|info|User‘’isauthorizedwithprivilegelevel1

5|Jan0108:00:28|AAA|info|User‘’loginfromconsolesuccess

6|Jan0108:00:24|System|info|Sysinfovariable‘resetdefault’issettovalue‘0’

7|Jan0108:00:23|System|notice|SystemStartup!

Switch#

clearloggingbuffered

Switch#

showloggingbuffered



422

Chapter 14MAC Address Table

423

Clear MAC Address-Table

Syntax

clearmacaddress-tabledynamic[interfacesIF_PORTS][vlan<1-4094>]

Parameter

IF_PORTSDeletealldynamicaddressesonthespecifiedinterface.

<1-4094>DeletealldynamicaddressesonthespecifiedVLAN

Default

None

Mode

Privileged EXEC

Usage

Usetheclearmacaddress-tablePrivilegedEXECcommandtodeleteadynamicmacentryonaspecifiedinterfaceorVLAN,oralldynamicmacentriesinamacaddresstable.Youcanverifyyoursettingsbyenteringtheshowmacaddress-table dynamic Privileged EXEC command.

425

MAC Address-Table Aging-Time

Syntax

macaddress-tableaging-time<10-630>

Parameter

<10-630>Specifyagingtimevalueofsecond.

Default

Defaultagingouttimeis300s.

Mode

GlobalConfiguration

Usage

UsetheMACaddress-tableaging-timeGlobalconfigurationcommandtosettheagingtimeoftheaddresstable.YoucanverifyyoursettingsbyenteringtheshowMACaddress-tableagingtimePrivilegedEXECcommand.

Example

Thefollowingexampleshowshowtoconfigurethedynamicmacentryagingouttime.

Switch(config)#

macaddress-tableaging-time100

426

Switch#

showmacaddress-tableaging-time

MacAddressTableagingtime:100sec

427

MAC Address-Table Static

Syntax

macaddress-tablestaticA:B:C:D:E:Fvlan<1-4094>interfacesIF_PORTS

nomacaddress-tablestaticA:B:C:D:E:Fvlan<1-4094>

Parameter

A:B:C:D:E:F Destination MAC address (unicast or multicast) to add to the address table. Packets with thisdestinationaddressreceivedinthespecifiedVLANareforwardedtothespecifiedinterface.

<1-4094> SpecifytheVLANforwhichthepacketwiththespecifiedMACaddressisreceived. IF_PORTS Interfacetowhichthereceivedpacket isforwarded.Valid interfaces includephysicalportsand

portchannels.

Default

Nostaticaddressesareconfigured.

Mode

GlobalConfiguration

Usage

Usethemacaddress-tablestaticglobalconfigurationcommandtoaddstaticaddressestotheMACaddresstable.Usethenoformofthiscommandtoremovestaticentriesfromthetable.Youcanverifyyoursettingsbyenteringtheshowmacaddress-tablestaticPrivilegedEXECcommand.

428

Example

ThefollowingexampleshowshowtoaddstaticaddressestotheMACaddresstable.

Switch(config)#

macaddress-tablestatic0:1:2:3:4:5vlan1interfacesfa5

Switch(config)#

macaddress-tablestatic1:6:7:9:a:bvlan100interfacesfa1,fa5,gi1

Switch#

showmacaddress-tablestatic


1|00:01:02:03:04:05|Static|fa5

100|01:06:07:09:0A:0B|Static|fa1,fa5,gi1


429

MAC Address-Table Drop

Syntax

macaddress-tablestaticA:B:C:D:E:Fvlan<1-4094>drop

nomacaddress-tablestaticA:B:C:D:E:Fvlan<1-4094>

Parameter

A:B:C:D:E:F UnicastsourceordestinationMACaddress.PacketswiththisMACaddressaredropped.<1-4094> SpecifytheVLANforwhichthepacketwiththespecifiedMACaddressisreceived.

Default

UnicastMACaddressfilteringisdisabled.TheswitchdoesnotdroptrafficforspecificsourceordestinationMACaddresses.

Mode

GlobalConfiguration

Usage

Usethemacaddress-tablestaticdropglobal configurationcommandtoenableunicastMACaddressfilteringand toconfiguretheswitchtodroptrafficwithaspecificsourceordestinationMACaddress.Usethenoformofthiscommandtoreturntothedefaultsettings.Youcanverifyyoursettingsbyenteringtheshowmacaddress-tablestaticPrivilegedEXEC command.

431

Show MAC Address-Table

Syntax

showmacaddress-table[(static|dynamic)][interfacesIF_PORTS][vlan<1-4094>]

showmacaddress-tableA:B:C:D:E:F[vlan<1-4094>]

Parameter

static DisplaysonlydynamicMACaddresstableentries.dynamic DisplaysonlystaticMACaddresstableentries.

IF_PORTS Displaysentries fora specific interface ID.The interface ID canbeoneof the following types:Ethernetportorportchannel.

<1-4094> DisplaysentriesforaspecificVLAN. A:B:C:D:E:F DisplaysentriesforaspecificMACaddress.

Default

None

Mode

Privileged EXEC

Usage

Usetheshowmacaddress-tablecommandinEXECmodetoviewentriesintheMACaddresstable.

432

Example

ThefollowingexampledisplayallMACaddressentriesinmacaddresstable

Switch#

showmacaddress-table


1|DE:AD:BE:EF:01:02|Management|CPU

1|00:00:E3:00:00:12|Dynamic|fa11

1|00:01:02:03:04:05|Static|fa5

1|00:14:78:3B:1E:E6|Dynamic|gi1

100|01:06:07:09:0A:0B|Static|fa1,fa5,gi1

20|0A:0B:0C:0D:0E:0F|Static|All


ThefollowingexampledisplaysaddresstableentriescontainingthespecifiedMACaddress.

switch#

showmacaddress-table0:1:2:3:4:5

1|00:01:02:03:04:05|Static|fa5


433

Show MAC Address-Table Counters

Syntax

showmacaddress-tablecounters

Parameter

None

Default

None

Mode

Privileged EXEC

Usage

Usetheshowmacaddress-tablecounterscommandinEXECmodetodisplaythenumberofaddressespresentinaMACaddress-table.

Example

Thefollowingexampleshowshowtodisplaytotalthemacentrycounters.

switch#

showmacaddress-tablecounters


434

Show MAC Address-Table Aging-Time

Syntax


Parameter

None

Default

None

Mode

Privileged EXEC

Usage

Usetheshowmacaddress-tableaging-timecommandinEXECmodetodisplaytheagingtimefordynamicmacentries.

Example

ThefollowingexampleshowshowtodisplaytheagingtimeofdynamicMACaddressentries.

Switch#


MacAddressTableagingtime:300sec

435

Chapter 15Mirror

436

Mirror Session

Syntax

mirrorsession<1-4>sourceinterfacesIF_PORTS(both|rx|tx)

nomirrorsession<1-4>sourceinterfacesIF_PORTS(both|rx|tx)

mirrorsession<1-4>sourcevlan<1-4094>

nomirrorsession<1-4>sourcevlan

mirrorsession<1-4>destinationinterfaceIF_NMLPORT[allow-ingress]

nomirrorsession<1-4>destinationinterfaceIF_NMLPORT

nomirrorsession(<1-4>|all)

Parameter

<1-4> Specifythemirrorsessiontoconfigure

IF_PORTS Specifythesourceinterface,Validinterfacesincludephysicalportsandportchannels.both,rx,tx Specifythetrafficdirectiontomirror.<1-4094> SpecifythemirroredVLANIDIF_NMLPORT SpecifytheSPANdestination.Adestinationmustbeaphysicalportallow-ingress Enableingresstrafficforwarding.

Default

Nomonitorsessionsareconfigured.

437

Mode

GlobalConfiguration

Usage

UsethemonitorsessionglobalconfigurationcommandtostartanewSwitchedPortAnalyzer(SPAN)sourceordestinationsession.UsethenoformofthiscommandtoremovetheSPANsessionortoremovesourceordestinationinterfacesorfiltersfromtheSPANsessionYoucanverifyyoursettingsbyenteringtheshowmirrorPrivilegedEXECcommand.

Example

ThefollowingexampleshowshowtocreatealocalSPANsession1tomonitorbothsentandreceivedtrafficonthesourceportfa1.

Switch(config)#

mirrorsession1sourceinterfacefa2-5both

Switch(config)#

mirror session 1 destination interface fa1

Switch(config)#

show mirror session 1

Session1Configuration

SourceRXPort:fa2-5

SourceTXPort:fa2-5

Destinationport:fa1

438

IngressState:disabled

Switch(config)#

mirrorsession2sourcevlan100

Switch(config)#

mirrorsession2destinationinterfacegi1allow-ingress

Switch(config)#

show mirror session 2

Session2Configuration

MirroredVLAN:100

Destinationport:gi1

IngressState:enable

439

Show Mirror

Syntax

showmirror[session<1-4>]

Parameter

<1-4>Specifythemirrorsessiontodisplay

Default

None

Mode

Privileged EXEC

Usage

UsetheshowmirrorcommandinEXECmodetodisplaymirrorsessionconfiguration.

Example

Thisfollowingexampleshowshowtodisplaymirrorsessionconfigurations.

Switch(config)#

show mirror

440

Session 1 Configuration

SourceRXPort:fa2-5

SourceTXPort:fa2-5

Destinationport:fa1

IngressState:disabled


Mirroredsource:NotConfig

Destinationport:NotConfig







441

Chapter 16MLD Snooping

442

IPV6 MLD Snooping

Syntax

ipv6mldsnooping

noipv6mldsnooping

showipv6mldsnooping

Parameter

None

Default

noipv6mldsnooping

Mode

GlobalConfiguration

Usage

‘noipv6mldsnooping’willclearallipv6mldsnoopingdynamicgroupsanddynamicrouterports,whichmakesthestaticipv6mldgroupinvalid.Theythenwillnotlearnthedynamicgroupandrouterportbyamldmessage.Theconfigurationcanusethe‘showipv6mldsnooping’command.

443

Example

Thefollowingexamplespecifiesthesetipv6mldsnoopingtest.

Switch(config)#

ipv6mldsnooping

Switch#

showipv6mldsnooping

MLD Snooping Status

Snooping:Enabled


OperationVersion:v1

ForwardMethod:mac


Switch(config)#

noipv6mldsnooping

Switch#

showipv6mldsnooping

444

MLD Snooping Status

Snooping:Disabled


OperationVersion:v1

ForwardMethod:mac


445

IPv6 MLD Snooping Report-Suppression

Syntax

ipv6mldsnoopingreport-suppression

noipv6mldsnoopingreport-suppression

Parameter

none

Default

ipv6mldsnoopingreport-suppression

Mode

GlobalConfiguration

Usage

‘noipv6mldsnoopingreport-suppression’willdisablethemldv1igmpreportsuppressionfunction.Sowhenyoureceiveareport,itwillforwardtothevlanrouterports.Theconfigurationcanuse‘showipv6mldsnooping’.

446

Example

Thefollowingexamplespecifiesthedisableipv6mldsnoopingreportsuppressiontest.

Switch(config)#

noipv6mldsnoopingreport-suppression

Switch#

showipv6mldsnooping

MLD Snooping Status

Snooping:Enabled


OperationVersion:v1

ForwardMethod:mac


447

IPv6 MLD Snooping Version

Syntax

ipv6mldsnoopingversion(1|2)

Parameter

(1|2)Ipv6mldsnoopingrunningversion1or2

Default

Ipv6mldsnoopingversion2

Mode

GlobalConfiguration

Usage

Whentheipv6mldsnoopingversionis1,theversion2packetisnotprocessed.Theconfigurationcanuse‘showipv6mldsnooping’.

Example

Thefollowingexamplespecifiesthesetipv6mldsnoopingversion2test.

Switch(config)#

ipv6mldsnoopingversion2

448

Switch#

showipv6mldsnooping

MLD Snooping Status

Snooping:Enabled


OperationVersion:v2

ForwardMethod:mac


449

IPv6 MLD Snooping VLAN

Syntax

ipv6mldsnoopingvlanVLAN-LIST

noipv6mldsnoopingvlanVLAN-LIST

showipv6mldsnoopingvlan[VLAN-LIST]

Parameter

VLAN-LISTspecifiesVLANIDlisttoset

Default

noipv6mldsnoopingvlan1-4094

Mode

GlobalConfiguration

Usage

‘noipv6mldsnoopingvlan1’willclearthevlanforallipv6mldsnoopingdynamicgroupsanddynamicrouterportswhichmakesthestaticipv6mldgroupinvalid.TheswitchvlanIDisvlan1.Theythendonotlearnthedynamicgroupandrouterportbyamldmessageforvlan1.Theconfigurationcanuse‘showipv6mldsnoopingvlan1’.

450

Example

Thefollowingexamplespecifiesthatsetipv6mldsnoopingvlantest.

testmustbeenableipv6mldsnoopingfirstly.

Switch(config)#

ipv6mldsnooping

Switch(config)#

ipv6mldsnoopingvlan1

Switch#

showipv6mldsnoopingvlan1

MLDSnoopingisglobalyenabled

MLDSnoopingVLAN1admin:enabled

MLDSnoopingopermode:enabled

MLDSnoopingrobustness:admin2oper2

MLDSnoopingqueryinterval:admin125secoper125sec

MLDSnoopingquerymaxresponse:admin10secoper10sec

MLDSnoopinglastmemberquerycounter:admin2oper2

MLDSnoopinglastmemberqueryinterval:admin1secoper1sec

MLDSnoopinglastimmediateleave:disabled

451

MLDSnoopingmrouterportlearnbypim-dvmrp:enabled

Switch(config)#

noipv6mldsnoopingvlan1

Switch#



MLDSnoopingVLAN1admin:disabled

MLDSnoopingopermode:disabled








452

IPv6 MLD Snooping VLAN Parameters

Syntax

ipv6mldsnoopingvlan<VLAN-LIST>last-member-query-count<1-7>

noipv6mldsnoopingvlan<VLAN-LIST>last-member-query-count

ipv6mldsnoopingvlan<VLAN-LIST>last-member-query-interval<1-60>

noipv6mldsnoopingvlan<VLAN-LIST>last-member-query-interval

[no]ipv6mldsnoopingvlan<VLAN-LIST>mrouterlearnpim-dvmrp

[no]ipv6mldsnoopingvlan<VLAN-LIST>fastleave

ipv6mldsnoopingvlan<VLAN-LIST>query-interval<30-18000>

noipv6mldsnoopingvlan<VLAN-LIST>query-interval

ipv6mldsnoopingvlan<VLAN-LIST>response-time<5-20>

noipv6mldsnoopingvlan<VLAN-LIST>response-time

ipv6mldsnoopingvlan<VLAN-LIST>robustness-variable<1-7>

noipv6mldsnoopingvlan<VLAN-LIST>robustness-variable

453

Parameter

VLAN-LIST SpecifiesVLANIDlisttosetlast-member-query count <1-7> specifieslastmemberquerycounttoset.Defaultis2last-member-query interval <1-60> pecifieslastmemberqueryintervaltoset.Defaultis1

query-interval <30-18000> specifiesqueryintervaltoset.Defaultis125response-time <5-20> specifiesaresponsetimetoset.defaultis10robustness-variable <1-7> specifiesarobustnessvaluetoset,defaultis2

Default

noipv6mldsnoopingvlan1-4094last-member-query-count

noipv6mldsnoopingvlan1-4094last-member-query-interval

ipv6mldsnoopingvlan1-4094mrouterlearnpim-dvmrp

noipv6mldsnoopingvlan1-4094fastleave

noipv6mldsnoopingvlan1-4094query-interval

noipv6mldsnoopingvlan1-4094response-time

noipv6mldsnoopingvlan1-4094robustness-variable

Mode

GlobalConfiguration

454

Usage

‘no ipv6mldsnoopingvlan1(last-member-query-count | last-member-queryinterval |query-interval | response-time|robustness-variable)’willsetthevlanparameterstodefault.Theclisettingwillchangetheipv6mldvlanparametersadminsettings.Theconfigurecanuse‘showipv6mldsnoopingvlan1’.

Example

Thefollowingexamplespecifiesthatsetipv6mldsnoopingvlanparameterstest.

Switch(config)#

ipv6mldsnoopingvlan1fastleave

Switch(config)#

ipv6mldsnoopingvlan1last-member-query-count5

Switch(config)#

ipv6mldsnoopingvlan1last-member-query-interval3

Switch(config)#

ipv6mldsnoopingvlan1query-interval100

Switch(config)#

ipv6mldsnoopingvlan1response-time12

Switch(config)#

ipv6mldsnoopingvlan1robustness-variable4

455

Switch#










MLDSnoopinglastimmediateleave:enabled


456

IPv6 MLD Snooping Static Port

Syntax

[no]ipv6mldsnoopingvlan<VLAN-LIST>static-portIF_PORTS

[no]ipv6mldsnoopingvlan<VLAN-LIST>forbidden-portIF_PORTS

Parameter


Default

Nonestatic/forbiddenports

Mode

GlobalConfiguration

Usage

‘ipv6mldsnoopingvlan1static-portfa1-2’willaddthestaticportfa1-2forvlan1.Theallknownvlan1ipv6groupwilladdthestaticports.‘ipv6mldsnoopingvlan1forbidden-portfa3-4’willaddtheforbiddenportsfa3-4forvlan1.Theallknownvlan1ipv6groupwillremovetheforbiddenports.Theconfigurationcanuse‘showipv6mldsnoopingforward-all’.

457

Example

Thefollowingexamplespecifiesthesetipv6mldsnoopingstatic/forbiddenporttest.

Switch(config)#

ipv6mldsnoopingvlan1static-portfa1-2

Switch(config)#

ipv6mldsnoopingvlan1forbidden-portfa3-4

Switch#

showipv6mldsnoopingforward-allvlan1

MLDSnoopingVLAN:1

MLDSnoopingstaticport:fa1-2

MLDSnoopingforbiddenport:fa3-4

458

IPv6 MLD Snooping VLAN Static Router Port

Syntax

[no]ipv6mldsnoopingvlan<VLAN-LIST>static-router-portIF_PORTS

[no]ipv6mldsnoopingvlan<VLAN-LIST>forbidden-router-portIF_PORTS

Parameter


Default

Nonestatic/forbiddenrouterports

Mode

GlobalConfiguration

Usage

‘ipv6mldsnoopingvlan1static-router-portfa1-2’willaddthestaticrouterportsfa1-2forvlan1.‘ipv6mldsnoopingvlan1forbidden-router-portfa2’willaddtheforbiddenroutertoportfa2forvlan1.Thiswillalsoremovefa2fromthestaticrouterport.therefor,theforbiddenrouterportreceivequerywillnotforward.Theconfigurationcanuseshowipv6mldsnoopingrouter.

459

Example

Thefollowingexamplespecifiesthatsetipv6mldsnoopingstatic/forbiddentest.

Switch(config)#

ipv6mldsnoopingvlan1static-router-portfa1-2

Switch(config)#

ipv6mldsnoopingvlan1forbidden-router-portfa2

Switch#

showipv6mldsnoopingrouter

Dynamic Router Table

VID|Port|ExpiryTime(Sec)

TotalEntry0

Static Router Table

VID|PortMask

1 | fa1

Total Entry 1

Forbidden Router Table

VID|PortMask

1 | fa2

Total Entry 1

460

IPv6 MLD Snooping Static Group

Syntax

[no]ipv6mldsnoopingvlan<VLAN-LIST>static-group<ip-addr>interfaceIF_PORT

[no]ipv6mldsnoopingvlan<VLAN-LIST>group<ip-addr>

showipv6mldsnoopinggroups[(dynamic|static)]

clearipv6mldsnoopinggroups[(dynamic|static)]

Parameter

VLAN-LIST specifiesVLANIDlisttosetip-addr specifiesmulticastgroupipv4addressIF_PORTS specifiesaportlisttosetorremove

Default

None

Mode

GlobalConfiguration

461

Usage

‘ipv6mldsnoopingvlan1static-groupff12::1interfacefa1’willbeaddedtothestaticgroup.Thestaticgroupwillnotlearnfromotherdynamicports.Ifthedynamicgroupexists,thenthestaticgroupwilloverlapwiththedynamicgroup.Ifyouremovethelastmemberofstaticgroup,thestaticgroupwillbedeleted.Inorderforthestaticgrouptobevalid,itmustletthemldsnoopingvlanbeenabledandtheipv6mldsnoopingbeenabled.Theconfigurationcanuse‘showipv6mldsnoopinggroup[(dynamic|static)]’todisplayit.Itcanuse‘noipv6mldsnoopingvlan1groupff12::1’todeletethestaticgroup.Itcanalsoclearipv6mldsnoopinggroupstodeletethestaticgroup.

Example

Thefollowingexamplespecifiesthatsetipv6mldsnoopingstaticgrouptest.

Switch(config)#

ipv6mldsnoopingvlan1static-groupff12::1interfacefa1

Switch(config)#

ipv6mldsnoopingvlan1static-groupff12::1interfacefa2

Switch#

showipv6mldsnoopinggroups


1|ff12::1|Static|--|fa1-2


Switch#


462

Switch#




463

IPv6 MLD ProfileSyntax

ipv6mldprofile<1-128>

profilerangeipv6<ipv6-addr>[ipv6-addr]action(permit|deny)

showipv6mldprofile[<1-128>]

Parameter

<1-128> specifiesprofileID <ipv6-addr> Startipv6multicastaddress[ipv6-addr] Endipv6multicastaddress

(permit | deny) Permit:allowMulticastaddressrangeipv6addresslearning

deny:donotallowMulticastaddressrangeipv6addresslearning

Default

None

Mode

ipv6mldprofile<1-128>

GlobalConfiguration

profilerangeipv6<ipv6-addr>[ipv6-addr]action(permit|deny)

mldprofileconfigmode

464

Usage

Use ‘ipv6mldprofile1’entrytothemldprofileconfigmode.Use ‘profilerange ipv6ff12::1ff12::8actionpermit’ toconfiguretheprofileentry.Theprofileentryisusedbytheportfilter.Theconfigurationcanuse‘showipv6mldprofile[<1-128>]’todisplay

Example

Thefollowingexamplespecifiesthatsetipv6mldprofiletest.

Switch(config)#

ipv6mldprofile1

Switch(config-mld-profile)#

profilerangeipv6ff13::1ff13::10action

permit


showipv6mldprofile

IPv6mldprofileindex:1

IPv6mldprofileaction:permit

Rangelowip:ff13::1

Rangehighip:ff13::10


exit

465

Switch(config)#

ipv6mldprofile5


profilerangeipv6ff12::1ff12::12actiondeny


showipv6mldprofile


IPv6mldprofileaction:deny

Rangelowip:ff12::1



exit

Switch(config)#

exit

Switch#

showipv6mldprofile


IPv6mldprofileaction:permit

466

Rangelowip:ff13::1



IPv6mldprofileaction:deny

Rangelowip:ff12::1


467

IPv6 MLD Filter

Syntax

ipv6mldfilter<1-128>

[no]ipv6mldfilter

Showipv6mldfilter[interfacesIF_PORTS]

Parameter

<1-128> specifiesprofileID[interfaces

IF_PORTS]

Specifiesinterfacestodisplay

Default

None

Mode

Interface mode

Usage

Thefollowingexamplespecifiesthatsetipv6mldfiltertest.Theconfiguremustcreateipv6mldprofilefirstly.

Switch(config)#

ipv6mldprofile1

468


profilerangeipv6ff13::1ff13::10action

permit


exit

Switch(config)#

interface fa1

Switch(config-if)#

ipv6mldfilter1

Switch(config-if)#

exit

Switch(config)#

exit

Switch#

showipv6mldfilter

PortID|ProfileID

fa1:1

fa2:None

469

fa3:None

fa4:None

fa5:None

470

IPv6 MLD Max-Groups

Syntax

ipv6mldmax-groups<0-512>

noipv6mldmax-groups

ipv6mldmax-groupsaction(deny|replace)

Showipv6mldmax-group[interfacesIF_PORTS]

Showipv6mldmax-groupaction[interfacesIF_PORTS]

Parameter

<1-128> specifiesprofileID(deny | replace) Deny:currentportipv4grouparrivedmax-groups,don’taddgroup.

Replace:currentportipv6grouparrivedmax-groups,removeportformrandgroup,andaddporttogroup.

Default

noipv6mldmax-groups

ipv6mldmax-groupsactiondeny

Mode

Interface mode

471

Usage

use‘ipv6mldmax-groups10’tolimitportlearning.Themaxgroupnumberis10.Whentheporthaslearnedmorethan10groups,thentheextragroupswillberemovedfromtheportformgroup.staticgroupsareexcluded.Theconfigurationcanuse‘showipv6mldmax-group&showipv6mldmaxgroupaction’todisplay.

Example

Thefollowingexamplespecifiesthatsetipv6mldmax-groupsandactionis

replacetest.

Switch(config)#

interface fa1

Switch(config-if)#

ipv6mldmax-groups10

Switch(config-if)#

ipv6mldmax-groupsactionreplace

Switch(config-if)#

exit

Switch(config)#

exit

Switch#

showipv6mldmax-group

472

PortID|MaxGroup

fa1:10

fa2:1024

fa3:1024

fa4:1024

fa5:1024

Switch#

showipv6mldmax-groupaction


fa1:replace

fa2:deny

fa3:deny

fa4:deny

fa5:deny

473

Clear IPv6 MLD Snooping Groups

Syntax

clearipv6mldsnoopinggroups[(dynamic|static)]

Parameter

none Clearipv6mldgroupsincludedynamicandstatic(dynamic | static) ipv6mldgrouptypeisdynamicorstatic

Default

Clearallipv6mldgroups

Mode

privilegedmode

Usage

Thiscommandwillcleartheipv6mldgroupsfordynamicorstaticorofalltypes.Theconfigurationcanuse‘showipv6mldsnoopinggroups’tocheck.

Example

Thefollowingexamplespecifiesthatclearipv6mldsnoopinggroupstest.

Switch#

clearipv6mldsnoopinggroupsstatic

474

Switch#


Switch#

clearipv6mldsnoopinggroups

Switch#


475

Clear IPv6 MLD Snooping Statistics

Syntax

clearipv6mldsnoopingstatistics

Parameter

None

Default

None

Mode

Privileged mode

Usage

Thiscommandwillclearthemldstatistics.Theconfigurationcanuseshowipv6mldsnooping.

Example

Thefollowingexamplespecifiestheclearipv6mldsnoopingstatisticstest.

Switch#

learipv6mldsnoopingstatistics

Switch#

showipv6mldsnooping

476

Show IPv6 MLD Snooping Counters

Syntax

showipv6mldsnoopinggroupscounters

Parameter

None

Default

None

Mode

Privileged mode

Usage

Thiscommandwilldisplaytheipv6mldgroupcounter,whichincludesthestaticgroup.

Example

Thefollowingexamplespecifiesthedisplayipv6mldsnoopinggroupcountertest.

Switch#

showipv6mldsnoopingcounters

477

Show IPv6 MLD Snooping Groups

Syntax

showipv6mldsnoopinggroups[(dynamic|static)]

Parameter

none Showipv6mldgroupsincludedynamicandstatic(dynamic | static) Displayipv6mldgrouptypeisdynamicorstatic

Default

displayallipv6mldgroups

Mode

privilegedmode

Usage

Thiscommandwilldisplaytheipv6mldgroupsfordynamicorstaticoralloftype.

Example

Thefollowingexamplespecifiesthatshowipv6mldsnoopinggroupstest.

Switch#


478

Switch#

showipv6mldsnoopinggroupsdynamic

Switch#

showipv6mldsnoopinggroupsstatic

479

Show IPv6 MLD Snooping Router

Syntax

show ipv6 mld snooping router [(dynamic | forbidden |static )]

Parameter

none Showipv6mldrouterincludedynamicandstaticandforbidden(dynamic | static) Displayipv6mldrouterinfofordifferenttype

Default

displayallrouterinfo

Mode

privilegedmode

Usage

Thiscommandwilldisplaytheipv6mldrouterinfo.

Example

Thefollowingexamplespecifiesthatshowipv6mldsnoopingroutertest.

Switch#

showipv6mldsnoopingrouter

480

Switch#showipv6mldsnoopingrouterstatic

Switch#showipv6mldsnoopingrouterforbidden

481

Show IPv6 MLD Snooping

Syntax

showipv6mldsnooping

Parameter

noneShowipv6mldsnoopingglobalinfo.

Default

None

Mode

Privileged mode

Usage

Thiscommandwilldisplaytheipv6mldsnoopingglobalinfo.

Example

Thefollowingexamplespecifiesthatshowipv6mldsnoopingtest.

Switch#

showipv6mldsnooping

482

MLD Snooping Status

Snooping:Disabled


OperationVersion:v1

ForwardMethod:mac


Packet Statistics

TotalRx:0

ValidRx:0

InvalidRx:0

OtherRx:0

GeneralQueryRx:0

GeneralQueryTx:0

GSQueryRx:0

GSQueryTx:0

GSSQueryRx:0

GSSQueryTx:0

ReportRx:0

483

Show IPv6 MLD Snooping VLAN

Syntax

showipv6mldsnoopingvlan[VLAN-LIST]

Parameter

none Showallipv6mldsnoopingvlaninfo[VLAN-LIST] Showspecifiesvlanipv6mldsnoopinginfo

Default

Showallipv6mldsnoopingvlaninfo.

Mode

Privileged mode

Usage

Thiscommandwilldisplaytheipv6mldsnoopingvlaninfo.

Example

Thefollowingexamplespecifiestheshowipv6mldsnoopingvlantest.

Switch#

showipv6mldsnoopingvlan

484

MLDSnoopingisglobalydisabled










485

Show IPv6 MLD Snooping Forward-All

Syntax

showipv6mldsnoopingforward-all[vlanVLAN-LIST]

Parameter

none Showallipv6mldsnoopingvlanforward-allinfo[vlan VLAN-LIST] Showspecifiesvlanofipv6mldforwardinfo.

Default

Showallvlanipv6mldforwardallinfo.

Mode

Privileged mode

Usage

Thiscommandwilldisplayipv6mldsnoopingforwardallinfo.

Example

Thefollowingexamplespecifiesthatshowipv6mldsnoopingforward-alltest.

486

Switch#

showipv6mldsnoopingforward-all

MLDSnoopingVLAN:1

MLDSnoopingstaticport:None

MLDSnoopingforbiddenport:None

487

Show IPv6 MLD Profile

Syntax

showipv6mldprofile[<1-128>]

Parameter

none Showallipv6mldsnoopingprofileinfo.[<1-128>] Showspecifiesindexprofileinfo.

Default

Showallipv6mldprofileinfo.

Mode

Privileged mode

Usage

Thiscommandwilldisplaytheipv6mldprofileinfo.

Example

Thefollowingexamplespecifiestheshowipv6mldprofiletest.

Switch#

showipv6mldprofile


488


489

Show IPv6 MLD Port Filter

Syntax

showipv6mldfilter[interfacesIF_PORTS]

Parameter

none Showallportfilter[interfaces IF_PORTS] Showspecifiesportsfilter

Default

Showallportsipv6mldfilter.

Mode

Privileged mode

Usage

Thiscommandwilldisplayipv6mldportfilterinfo.

Example

Thefollowingexamplespecifiestheshowipv6mldfiltertest.

Switch#

showipv6mldfilter

490

PortID|ProfileID

fa1:1

fa2:None

fa3:None

fa4:None

fa5:None

491

Show IPv6 MLD Max-Group

Syntax

showipv6mldmax-group[interfacesIF_PORTS]

Parameter

none Showallportmax-group[interfaces IF_PORTS] Showspecifiesportsmax-group

Default

Showallportsipv6mldmax-group.

Mode

Privileged mode

Usage

Thiscommandwilldisplaytheipv6mldportmax-group.

Example

Thefollowingexamplespecifiestheshowipv6mldmax-grouptest.

Switch(config)#

interface fa1

492

Switch(config-if)#

ipv6mldmax-groups50

Switch(config-if)#

exit

Switch(config)#

exit

Switch#

showipv6mldmax-group

PortID|MaxGroup

fa1:50

fa2:1024

fa3:1024

fa4:1024

fa5:1024

493

Show IPv6 MLD Port Max-Group Action

Syntax

showipv6mldmax-groupaction[interfacesIF_PORTS]

Parameter

none Showallportmax-groupaction[interfaces IF_PORTS] Showspecifiesportsmax-groupaction

Default

Showallportsipv6mldmax-groupaction.

Mode

Privileged mode

Usage

Thiscommandwilldisplaytheipv6mldportmax-groupaction.

Example

Thefollowingexamplespecifiesthatshowipv6mldmax-groupactiontest.

Switch(config)#

interface fa1

494

Switch(config-if)#

ipv6mldmax-groupsactionreplace

Switch(config-if)#

exit

Switch(config)#

exit

Switch#

showipv6mldmax-groupaction


fa1:replace

fa2:deny

fa3:deny

fa4:deny

fa5:deny

495

Chapter 17Port Security

496

Port Security

Syntax

port-security

noport-security

Parameter

None

Default

Defaultisdisabled.

Mode

GlobalConfiguration

Usage

The“port-security”commandenablestheportsecurityfunctionalityontheport.Usethenoformofthiscommandtodisable it.

Example

Thefollowingexampleshowshowtoenableportsecurityonport1andsetthelearninglimitnumberto10.

switch(config)#

interface fa1

498

Port-Security Address-Limit

Syntax

port-securityaddress-limit<1-256>action(forward|discard|shutdown)

nodot1xport-controladdress-limit.

Parameter

<1-256> Thelearning-limitnumber.ItspecifieshowmanyMACaddressesthisportcanlearn.forward ForwardthispacketwhoseSMACisnewtosystemandexceedthelearning-limitnumber.

discard DiscardthispacketwhoseSMACisnewtosystemandexceedthelearning-limitnumber.shutdown ShutdownthisportwhenreceivesapacketwhoseSMACisnewtosystemandexceedthelearning

limitnumber.

Default

Theaddress-limitdefaultis10andtheactionis“discard”.

Mode


Usage

Usethe“port-securityaddress-limit”commandtosetthelearning-limitnumberandtheviolationaction.Usethenoformofthiscommandtorestorethedefaultsettings.

499

Example

Thefollowingexampleshowshowtoenableportsecurityonport1andsetthelearninglimitnumberto10.

switch(config)#

interface fa1

switch(config-if)#

port-securityaddress-limit10actiondiscard

switch(config-if)#

port-security

switch(config)#




500

Show Port-Security Interface

Syntax

showport-securityinterfaceIF_PORTS

Parameter

IF_PORTSSelectporttoshowport-securityconfigurations.

Default


Mode

Privileged EXEC

Usage

Use“showport-securityinterfaces”commandtoshowport-securityinformationofthespecifiedport.

Example

Thisexampleshowshowtoshowport-securityconfigurationsoninterfacefa1.

Switch#




501

Chapter 18Port Error Disable

502

Errdisable Recovery Cause

Syntax

errdisablerecoverycause(all|acl|broadcast-flood|bpduguard|psecure-violation|unicast-flood|unknown-multicast-flood|selfloop)

noerrdisablerecoverycause(all|acl|broadcast-flood|bpduguard|psecure-violation|unicast-flood|unknown-multicast-flood|selfloop)

Parameter

all Enable/Disabletoautorecoveryforporterrordisabledbyallreasons.acl Enable/DisabletoautorecoveryforporterrordisabledbyACLshutdownportreason.broadcast-flood Enable/Disable to auto recovery for port error disabled by storm control broadcast flood

reason.bpduguard Enable/DisabletoautorecoveryforporterrordisabledbySTPBPDUGuardreason.psecure-violation Enable/Disabletoautorecoveryforporterrordisabledbyviolateportsecurityrulereason.unicast-flood Enable/Disabletoautorecoveryforporterrordisabledbystormcontrolunicastfloodreason.unknown-multicast- flood

Enable/Disabletoautorecoveryforporterrordisabledbystormcontrolunknownmulticastfloodreason.

selfloop Enable/Disabletoautorecoveryforporterrordisabledbyselfloopdetectreason.

Default

Defaultautorecoverstateforallreasonsaredisabled.

503

Mode

GlobalConfiguration

Usage

Theportwill bedisabledby invalidactionsdetectedbyvariousprotocols.Theadministrator canenable theseerrordisabledportsmanuallybythe“noshutdown”commandinInterfaceMode,orjustturnontheautorecoverymechanismbythiscommandtoautoenabletheerrordisabledportafteranautorecoveryinterval.

Example

Thisexampleshowshowtoenableautorecoverywithreasonbpduguardandbroadcast-flood.

Switch(config)#

errdisablerecoverycausebpduguard

Switch(config)#

errdisablerecoverycausebroadcastflood

Thisexampleshowshowtoshowcurrentautorecoverystateofeachreasonandporterrordisabledstatus.

Switch#

show errdisable recovery

ErrDisableReason|TimerStatus

bpduguard|enabled

selfloop|disabled

broadcast-flood|enabled

505

Errdisable Recovery Interval

Syntax

errdisablerecoveryinterval<0-86400>

Parameter

<0-86400>Specifytheautorecoveryintervalwithunitsecond.

Default

Defaultautorecoveryintervalis300second.

Mode

GlobalConfiguration

Usage

Theportwillbedisabledbyinvalidactionsdetectedbyvariousprotocols.Theautorecoverymechanismwillenabletheseerrordisabledportsafterawhile.Thiscommandconfigureshowlongtheportwillbeenabledafteranerrordisablesit.

Example

Thisexampleshowshowtoconfiguretheautorecoveryintervalto600seconds.

Switch(config)#

errdisablerecoveryinterval600

506

Thisexampleshowshowtoshowcurrentautorecoveryinterval

Switch#



bpduguard|enabled

selfloop|disabled




acl | disabled





507

Show Errdisable Recovery

Syntax


Parameter

None

Default


Mode

Privileged EXEC

Usage

Usethe“showerrdisablerecovery”commandtoshoweacherrordisablestate,errordisablerecoveryinterval,andcurrenterrordisabledportstatus.

Example

Thisexampleshowshowtoshowcurrentautorecoveryinterval

Switch#


508


bpduguard|enabled

selfloop|disabled




acl | disabled





509

Chapter 19Port

510

Description

Syntax

descriptionWORD<1-32>

nodescription

Parameter

WORD<1-32>Specifiyportdescriptionstring.

Default

Defaultportdescriptionisempty.

Mode


Usage

Usethe“description”commandtogivetheportanametoidentifyiteasily.Ifthedescriptionincludesaspacecharacter,pleaseusedoublequotes.Usethenoformtorestoredescriptionstotheemptystring.

Example

Thisexampleshowshowtomodifyportdescriptions.

Switch(config)#

interface fa1

511

Switch(config-if)#

descriptionuserport

Switch(config-if)#

exit

Switch(config)#

interface fa2

Switch(config-if)#

description“uplinkport”

Thisexampleshowshowtoshowcurrentportdescriptiononinterfacefa1andfa2

Switch#

showinterfacesfa1-2status

PortNameStatusVlanDuplex

SpeedType

fa1userportnotconnect1auto

autoCopper

fa2uplinkportnotconnect1auto

autoCopper

512

Speed

Syntax

speed(10|100|1000)

speedauto[(10|100|1000|10/100)]

Parameter

10 Specifyportspeedtoforce10Mbits/sorautowith10Mbits/sability.100 Specifyportspeedtoforce100Mbits/sorautowith100Mbits/sability.1000 Specifyportspeedtoforce1000Mbits/sorautowith1000Mbits/sability.

10/100 Specifyportspeedtoautowith10Mbits/sand100Mbits/s

Default

Defaultportspeedisautowithallavailableabilities.

Mode


Usage

Usethe“speed”commandtochangeportspeedconfiguration.Thespeedisonlyabletoconfiguretothephysicalmaximumspeed.Forexample,infastEthernetport,speed1000isnotavailable.

513

Example

Thisexampleshowshowtomodifyportspeedconfiguration.

Switch(config)#

interface fa1

Switch(config-if)#

speed100

Switch(config-if)#

exit

Switch(config)#

interface fa2

Switch(config-if)#

speedauto10/100

Thisexampleshowshowtoshowcurrentspeedconfiguration

Switch#

showrunning-configinterfacesfa1-2

interface fa1

speed100

interface fa2

514

speedauto10/100

Thisexampleshowshowtoshowcurrentinterfacelinkspeed

Switch#



SpeedType

fa1connected1a-full

a-100MCopper

fa2connected1a-full

a-100MCopper

515

Duplex

Syntax

duplex(auto|full|half)

Parameter

autoSpecifyportduplextoautonegotiation.

fullSpecifyportduplextoforcefullduplex.

halfSpecifyportduplextoforcehalfduplex.

Default

Defaultportduplexisauto.

Mode


Usage

Use“duplex”commandtochangeportduplexconfiguration.

516

Example

Thisexampleshowshowtomodifyportduplexconfiguration.

Switch(config)#

interface fa1

Switch(config-if)#

duplexfull

Switch(config-if)#

exit

Switch(config)#

interface fa2

Switch(config-if)#

duplexhalf

Thisexampleshowshowtoshowcurrentspeedconfiguration

Switch#

showrunning-configinterfacesfa1-2

interface fa1

duplexfull

interface fa2

517

duplexhalf

Thisexampleshowshowtoshowcurrentinterfacelinkspeed

Switch#



SpeedType

fa1connected1full

a-100MCopper

fa2 connected 1 half

a-100MCopper

518

Flow-Control

Syntax

flow-control(off|on)

noflow-control

Parameter

Off Disableportflowcontrol.On Enableportflowcontrol.

Default

Defaultportflowcontrolisoff.

Mode


Usage

Usethe“flow-control”commandtochangeportflowcontrolconfigurations.Usenoformtorestoreflowcontroltodefault(off)configurations.

Example

Thisexampleshowshowtomodifytheportduplexconfiguration.

Switch(config)#

interface fa1

519

Switch(config-if)#

flow-controlon

Thisexampleshowshowtoshowcurrentflowcontrolconfiguration

Switch#

show interfaces fa1

HardwareisFastEthernet

Full-duplex,Auto-speed,mediatypeisCopper

flow-controlison

0packetsinput,0bytes,0throttles

Received0broadcasts(0multicasts)

0runts,0giants,0throttles

0inputerrors,0CRC,0frame,0overrun,0ignored

0multicast,0pauseinput

0inputpacketswithdribbleconditiondetected

379packetsoutput,31981bytes,0underrun

0outputerrors,0collisions,0interfaceresets

0babbles,0latecollision,0deferred

0PAUSEoutput

520

Shutdown

Syntax

shutdown

noshutdown

Parameter

None

Default

Defaultportadminstateisnoshutdown.

Mode


Usage

Usethe“shutdown”commandtodisabletheportanduse“noshutdown”toenabletheport.Ifportisdisabledforsomereason,usethe“noshutdown”commandtorecovertheportmanually.

Example

Thisexampleshowshowtomodifyportduplexconfiguration.

Switch(config)#

interface fa1

521

Switch(config-if)#

shutdown

Thisexampleshowshowtoshowcurrentadminstateconfiguration

Switch#

showrunning-configinterfacesfa1

interface fa1

shutdown

Thisexampleshowshowtoshowcurrentlinkstatus


SpeedType

fa1disable1full

autoCopper

522

Jumbo-Frame

Syntax

jumbo-frame<64-9216>

Parameter

<64-9216>Specifythemaximumframesize.

Default

Defaultmaximumframesizeis1522.

Mode


Usage

Usethe“jumbo-frame”commandtomodifythemaximumframesize.Theonlywaytoshowthisconfigurationisbyusingthe“showrunning-config”command.

Example

Thisexampleshowshowtomodifymaximumtheframesizeonfa1to9216bytes.

Switch(config)#

interface fa1

523

Switch(config-if)#

jumbo-frame9216

Thisexampleshowshowtoshowcurrentjumbo-frmaesize

Switch#

showrunning-configinterfacefa1

interface fa1

jumbo-frame9216

524

Protected

Syntax

protected

noprotected

Parameter

<64-9216>Specifythemaximumframesize.

Default

Defaultprotectedstateisnoprotected.

Mode


Usage

Usethe“protected”commandtomaketheportprotected.Aprotectedport isonlyallowedtocommunicatewithanunprotectedport.Inotherwords,aprotectedportisnotallowedtocommunicatewithanotherprotectedport.Usethenoformtomakeaportunprotected.

525

Example

Thisexampleshowshowtoconfigureportfa1andfa2tobeprotectedport.

Switch(config)#

interfacerangefa1-2

Switch(config-if-range)#

protected

Thisexampleshowshowtoshowcurrentprotectedportstate.

Switch#

showinterfacesfa1-2protected

Port | Protected State

fa1 |enabled

fa2 |enabled

526

EEE

Syntax

eee

no eee

Parameter

None

Default

Defaulteeestateisdisabled.

Mode


Usage

Usethe“eee”commandtomakeaportenabledfortheenergyefficientEthernetfeatureanduse“noeee”commandtodisableit.Theonlywaytoshowthisconfigurationisusing“showrunning-config”command.

Example

Thisexampleshowshowtoconfigureportfa1andfa2tobeprotectedport.

Switch(config)#

interface fa1

527

Switch(config-if)#

eee

Thisexampleshowshowtoshowcurrentjumbo-frmaesize

Switch#

showrunning-configinterfacefa1

interface fa1

eee

528

Clear Interface

Syntax

clearinterfacesIF_PORTScounters

Parameter

IF_PORTSSpecifiyporttoclearcounters.

Default


Mode

Privileged EXEC

Usage

Usethe“clearinterface”commandtoclearcountersonspecificports.

Example

Thisexampleshowshowtoclearcountersonportfa1.

Switch(config)#

clearinterfacesfa1counters

529

Thisexampleshowshowtoshowcurrentcounters

Switch#

show interfaces fa1


Auto-duplex,Auto-speed,mediatypeisCopper

flow-controlisoff










0PAUSEoutput

530

Show Interface

Syntax

showinterfacesIF_PORTS

showinterfacesIF_PORTSstatus

showinterfacesIF_PORTSpotected

Parameter

IF_PORTSSpecifiyporttoshow.

Default


Mode

Privileged EXEC

Usage

Use“showinterface”commandtoshowportcounters,parametersandstatus.

Example

Thisexampleshowshowtoshowcurrentcounters

Switch#

show interfaces fa1

531


Auto-duplex,Auto-speed,mediatypeisCopper

flow-controlisoff










0PAUSEoutput

Thisexampleshowshowtoshowcurrentprotectedportstate.

Switch#

showinterfacesfa1-2protected

532

Port | Protected State

fa1 |enabled

fa2 |enabled

Thisexampleshowshowtoshowcurrentportstatus

Switch#



SpeedType

fa1connected1full

a-100MCopper

533

Chapter 20QoS

534

QoS

Syntax

qos[(advanced|basic)]

noqos

Parameter

Advanced SpecifythedevicetoqosadvancedmodeBasic Specifythedevicetoqosbasicmode

Default

Defaultqosmodeisdisabled.

Mode

GlobalConfiguration

Usage

QoShavsthefollowing3modes;usethiscommandtoswitchbetweenthem.

Disable:QoSfunctionisdisabledandallpacketswillgothroughlowestpriority

queue.Itmeansfirstinwillbefirstout,noQoSisguarantee.

Basic:Accordingtobasictrusttypetoassignqueueforpackets,andpacketswithhigherpriorityareabletosendfirst.

535

Advanced: UseACLtoclassifypacketstoachieveflow-basedQoSanddodifferentkindofactionsfordifferenttypeofpackets.

Example

Thisexampleshowshowtochangeqostobasicmode.

Switch(config)#

qosbasic

Switch(config)#

qos

Thisexampleshowshowtochangeqostoadvancedmode.

Switch(config)#

qosadvanced

Thisexampleshowshowtochangeqostodisabledmode.

Switch(config)#

noqos

Thisexampleshowshowtocheckcurrentqosmode.

Switch#

showqos

QoSMode:basic

Basictrust:cos

536

QoS Trust (1)

Syntax

qostrust(cos|cos-dscp|dscp|precedence)

Parameter

cos SpecifythedevicetotrustCoScos-dscp SpecifythedevicetotrustDSCPforIPpackets,andtrustCoSfornon-IPpackets.

dscp SpecifythedevicetotrustDSCPprecedence SpecifythedevicetotrustIPPrecedence

Default

Defaultqosbasicmodetrusttypeiscos

Mode

GlobalConfiguration

Usage

InQoSbasicmode,thereare4trusttypesfordevicetojudgetheappropriatequeueofthepackets.Thiscommandisabletoswitchbetweenthesetrusttypes.

CoS:IEEE802.1pdefined3bitspriorityvalueinvlantag.Trustthisvalueinpacketsandassignqueueaccordingtocos-queuemap.

537

DSCP: IETFRFC2474defined6bitspriorityvalueinIPpacket(highest6bitsinToSfield).Trustthisvalueinpacketsandassignqueueaccordingtodscp-queuemap.

IP Precedence:Thehighest3bitspriorityvalue in IPpacketToSfield.Trustthisvalue inpacketsandassignqueueaccordingtoprecedence-queuemap.

CoS-DSCP: TrustDSCPforIPpacketsandassignqueueaccordingtodscp-queuemap.TrustCoSfornon-IPpacketsandassignqueueaccordingtocos-queuemap.

Example

Thisexampleshowshowtochangeqosbasicmodetrusttypes.

Switch(config)#

qostrustcos

Switch(config)#

qostrustcos-dscp

Switch(config)#

qostrustdscp

Switch(config)#

qostrustprecedence

Thisexampleshowshowtocheckcurrentqostrusttype.

Switch#

showqos

538

QoSMode:basic

Basictrust:cos

539

QoS Map

Syntax

qosmap(cos-queue|dscp-queue|precedence-queue)SEQUENCEto<1-8>

qosmap(queue-cos|queue-precedence)SEQUENCEto<0-7>

qosmapqueue-dscpSEQUENCEto<0-63>

Parameter

cos-queue ConfigureorshowCoStoqueuemapdscp-queue ConfigureorshowDSCPtoqueuemapprecedence-queue ConfigureorshowIPPrecedencetoqueuemap.

queue-cos ConfigureorshowqueuetoCoSmapqueue-dscp ConfigureorshowqueuetoDSCPmapqueue-precedence ConfigureorshowqueuetoIPPrecedencemapSEQUENCE Specifythecos,dscp,precedenceorqueuewithoneormultiplevalues.<1-8> Specifythqueueid

<0-7> Specifythecosorprecedencevalues

<0-63> Specifythedscpvalues

540

Default

Thedefaultvaluesofcos-queueareshowinginthefollowingtable.

CoS Queue ID0 21 12 33 44 55 66 77 8

Thedefaultvaluesofdscp-queueareshowinginthefollowingtable.

DSCP Queue ID0~7 28~15 116~23 324~31 432~39 540~47 648~55 756~63 8

541

Thedefaultvaluesofipprecedenceareshowinginthefollowingtable.

IP Precedence Queue ID0 11 22 33 44 55 66 77 8

Thedefaultvaluesofqueue-cosareshowinginthefollowingtable.

Queue ID CoS1 13 24 35 46 57 68 7

542

Thedefaultvaluesofqueue-dscpareshowinginthefollowingtable.

Queue ID DSCP1 02 83 164 245 326 407 488 56

Thedefaultvaluesofqueue-precedenceareshowinginthefollowingtable.

Queue ID DSCP1 02 13 24 35 46 57 68 7

Mode

GlobalConfiguration

543

Usage

Accordingtodifferenttrusttypes,packetswillbeassignedtodifferentqueuesbasedonthespecificqosmap.Forexample,ifthetrusttypeistrustcos,thedevicewillgetthecosvalueinapacketandreferencethecos-queuemappingtoassignthecorrectqueue.Thequeuetocos,dscporprecedencemapsareusedbyaremarkingfeature.Iftheportremarkingfeatureisenabled,theremarkingfunctionwillreferencethese3tablestoremarkpackets.

Example

Thisexampleshowshowtomapcos6and7toqueue1.

Switch(config)#qosmapcos-queue67to1

Switch(config)#showqosmapcos-queue

CoStoQueuemappings

COS01234567

Queue21345611

Thisexampleshowshowtomapqueue4and5tocos7.

Switch(config)#

qosmapqueue-cos45to7

Switch(config)#

showqosmapqueue-cos

QueuetoCoSmappings

Queue12345678

544

QueuetoCoSmappings

Queue12345678

CoS10277567

545

QoS Queue

Syntax

qosqueuestrict-priority-num<0-8>

qosqueueweightSEQUENCE

showqosqueueing

Parameter

strict-prioritynum <0-8> SpecifythestrictpriorityqueuenumberweightSEQUENCE Specifythenon-strictpriorityqueueweightvalue.Thevalidqueueweightvalueisfrom

1to127.

Default

Defaultstrictpriorityqueuenumberis8,itmeansallqueuesarestrictpriorityqueue.

Thedefaultqueueweightforeachqueueisshowninfollowingtable.

546

Queue ID Queue Weight1 12 23 34 45 56 97 138 15

Mode

GlobalConfiguration

Usage

Thedevicesupporttotal8queuesforQoSqueueing.Itisabletosetthequeuetobestrictpriorityqueueorweightedqueuetopreventstarvation.Thequeuewithhigheridvaluehashigherpriority.First,youneedtodecidehowmanystrictpriorityqueueyouneed.Thestrictpriorityqueuewillalwaysoccupythehigherpriorityqueue.Forexample,ifyouspecifythestrictprioritynumbertobe2,thenthequeue7and8willbethestrictpriorityqueuesandtheothersareweightedqueues.Afteryousetupthenumberofstrictpriorityqueue,youneedtosetuptheweightfortheweightedqueuesbyusing“qosqueueweight”command.Andthebandwidthwillsharedbytheweightyouconfiguredbetweentheseweightedqueues.

Example

Thisexampleshowshowtosetupdevicewith3strictpriorityqueuesandgiveotherweightedqueueswithweight5,10,15,20,or25.

547

Switch(config)#

qosqueuestrict-priority-num3

Switch(config)#

qosqueueweight510152025

Switch#

showqosqueueing

qid-weightsEf-Priority

1-5dis-N/A

2-10dis-N/A

3-15dis-N/A

4-20dis-N/A

5-25dis-N/A

6-N/Aena-6

7-N/Aena-7

8-N/Aena-8

548

QoS CoS

Syntax

qoscos<0-7>

Parameter

cos<0-7>SpecifytheCoSvaluefortheinterface.

Default

DefaultCoSvalueforinterfaceis0.

Mode


Usage

Sometimes,thereisnoqosinformationinthepackets,suchasCoS,DSCP,IPPrecedence.Butyoucangivethepriorityforpacketsbyconfiguringtheinterfacedefaultcosvalue.Ifthereisnoqosinformationinthepackets,thedevicewillusethisdefaultcosvalueandfindthecos-queuemaptogetthefinaldestinationqueue.Usethe“qoscos”commandtoassignaportdefaultcosvalue.

Example

Thisexampleshowshowtoconfiguredefaultcosvalue7oninterfacefa1.

Switch(config)#

interface fa1

550

QoS Trust (2)

Syntax

qostrust

noqostrust

Parameter

None

Default

Defaultinterfaceqostruststateisenabled.

Mode


Usage

AftertheQoSfunctionisenabledinbasicmode,thedevicealsosupportsaperinterfaceenable/disableqosfunction.Ifthetruststateontheinterfaceisenabled,allingresspacketsofthisinterfacewillremapaccordingtothetrusttypeandtheqosmaps.Otherwise,allingresspacketswillbeassignedtoqueue1.Use“qostrust”toenablethetruststateontheinterfaceanduse“noqostrust”todisablethetruststateontheinterface.

552

QoS Remark

Syntax

qosremark(cos|dscp|precedence)

noqosremark(cos|dscp|precedence)

Parameter

cos Enable/Disablecosremarking.dscp Enable/Disabledscpremarking.precedence Enable/Disableprecedenceremarking.

Default

DefaultCoSremarkingisdisabled.

DefaultDSCPremarkingisdisabled.

DefaultIPPrecedenceremarkingisdisabled.

Mode


Usage

theQoSremarkingfeatureallowsyoutochangepriorityinformationinpacketsbasedonanegressqueue.Forexample,ifyouwantallpacketsegressfrominterfacefa1queue1toremarkthecosvaluetobe5fornexttierofdevice,youcanenablethecosremarkingfeatureonfa1andconfigurethequeue-cosmapforqueue1maptocos5.Usethe“qosremark”commandtoenableremarkingfeatureonspecifictype.Anduse“noqowremark”commandtodisableit.

553

Example

Thisexampleshowshowtoenableremarkingfeaturesoninterfacefa1.

Switch(config)#

interface fa1

Switch(config-if)#

qosremarkcos

Switch(config-if)#

qosremarkdscp

Switch(config-if)#

qosremarkprecedence

Switch(config-if)#

end

Switch#



fa1|0|enabled|enabled|enabled|enabled

554

Show QoS

Syntax

showqos

Parameter

None

Default


Mode

Privileged EXEC

Usage

Use“showqos”commandtoshowqoemodeandtrusttype.

Example

Thisexampleshowshowtocheckcurrentqosmode.

Switch#

showqos

QoSMode:basic

Basictrust:cos

555

Show QoS Map

Syntax

showqosmap[(cos-queue|dscp-queue|precedence-queue|queue-cos|

queue-dscp|queue-precedence)]

Parameter

cos-queue ShowCoStoqueuemap.dscp-queue ShowDSCPtoqueuemap.

precedence-queue ShowIPPrecedencetoqueuemap.queue-cos ShowqueuetoCoSmap.queue-dscp ShowqueuetoDSCPmap.queue-precedence ShowqueuetoIPPrecedencemap.

Default


Mode

Privileged EXEC

Usage

Use“showqosmap”commandtoshowallkindsofmappingforqosremappingandremarkingfeatures.

Example

556

Example

Thisexampleshowshowtoshowallqosmaps.

Switch(config)#

showqosmap

CoStoQueuemappings

COS01234567

Queue21345678

DSCPtoQueuemappings

d1:d20123456789

0:1111111122

1:2222223333

2:3333444444

3:4455555555

4:6666666677

5:7777778888

6:8888

IPPrecedencetoQueuemappings

IPPrecedence01234567

557

Queue12345678

QueuetoCoSmappings

Queue12345678

CoS10234567

QueuetoDSCPmappings

Queue12345678

DSCP08162432404856

558

Show QoS Interface

Syntax

showqosinterfaceIF_PORTS

Parameter

IF_PORTSSelectporttoshowqosconfigurations.

Default


Mode

Privileged EXEC

Usage

Usethe“showqosinterfaces”commandtoshowportdefaultcos,remarkingstate,andremarkingtypestateinformations.

Example

Thisexampleshowshowtoshowqosconfigurationsoninterfacefa1.

Switch#



fa1|7|enabled|disabled|disabled|disabled|

559

Chapter 21Rate Limit

560

Rate Limit

Syntax

rate-limitingress<0-1000000>

norate-limitingress

rate-limitegress<0-1000000>[<128-56319>]

rate-limitegressqueue<1-8><0-1000000>[<1024-56319>]

norate-limitegress[<1-8>]

Parameter

Cir Specifythemaximumnumberofkilobitspersecondofingresstrafficonaport.Therangeis100–maxportspeed.

Cbs Specifythemaximumpermittedexcessburstsize(CBS)inbytes

<1-8> Specifytheegressshaperqueuenumber

Default

Rate limiting is disabled.

Mode

Interfaceconfiguration

561

Usage

Usetherate-limitingressInterfaceConfigurationmodecommandtolimittheincomingtrafficrateonaport.UsethenoformofthiscommandtodisabletheratelimitUsetherate-limitegressInterfaceConfigurationmodecommandtoconfiguretheegressportorqueueshaper.Usethenoformofthiscommandtodisabletheshaper.Youcanverifyyoursettingsbyenteringtheshowrunning-configinterfacesPrivilegedEXECcommand.

Example

Thefollowingexampleshowshowtoconfigureingressportratelimitandegressport&queueshaper.

Switch(config)#

interfacesfa7

Switch(config-if)#

rate-limitingress128

Switch(config-if)#

rate-limitegress2048

Switch(config-if)#

rate-limitegressqueue15121024

Switch#

showrunning-configinterfacesfa7interfacefa7

rate-limitingress128

rate-limitegress2048165

562

rate-limitegressqueue15121024

563

VLAN Rate Limit

Syntax

rate-limitingress<0-1000000><9216-1000000>vlan<1-4094>

norate-limitvlan<1-4094>

Parameter

<0-1000000> Specifytheaveragetrafficrate(CIR)in16Kbps<9216-1000000> Specifythemaximumburstsize(CBS)in128bytes<1-4094>

Default

Novlanratelimitareconfigured

Mode

GlobalConfigurationorInterfaceConfiguration

Usage

Usetherate-limitingressvlanglobalconfigurationcommandorInterfaceConfigurationtoaddPerVLANRateLimitorPerVLANPerPortRateLimitSettings.Usethenoformofthiscommandtodeletethevlanratelimitsetting.Youcanverifyyoursettingsbyenteringtheshowrate-limitvlanPrivilegedEXECcommand.

564

Example

Switch(config)#

rate-limitinput2569216vlan2

Switch(config)#

interface fa1

Switch(config-if)#

rate-limitinput10249216vlan4

Switch(config)#

showrate-limitvlan

VLAN|Port|rate-limit[Kbps]|Burst[Bytes]

2|ALL|256|9216

4|fa1|1024|9216

565

Show Rate Limit VLAN

Syntax

showrate-limitvlan[<1-4094>]

Parameter

<1-4094>Specifytherate-limitVLANtodisplay

Default

None

Mode

Privileged EXEC

Usage

Usetheshowrate-limitvlancommandinEXECmodetodisplayVLANRateLimitsettings.

Example

ThisexampleshowshowtodisplayVLANRateLimitsetting

Switch(config)#

showrate-limitvlan

VLAN|Port|rate-limit[Kbps]|Burst[Bytes]

2|ALL|256|9216

566

4|fa1|1024|9216

567

Chapter 22RMON

568

RMON Event

Syntax

rmonevent<1-65535>[log][trapCOMMUNITY][description

DESCRIPTION][ownerNAME]

normonevent<1-65535>

Parameter

<1-65535> Specifyeventindextocreateormodify.[log] (Optional)Specifytoshowsyslog.

[trap COMMUNITY] (Optional)SpecifySNMPcommunitytoshowSNMP

trap.[description

DESCRIPTION]

(Optional)Specifydescriptionofevent

[owner NAME] (Optional)Specifyownerofevent.

Default

Nodefaultisdefined.

Mode

GlobalConfiguration

569

Usage

UsethermonalarmcommandtoaddormodifyaRMONalarmentry.Usethenoformofthiscommandtodeleteit.

Example

TheexampleshowshowtoaddaRMONevententrywithlogandtrapactionandthenmodifyitactiontologonly.Youcan verify settings by the following show rmon event command.

switch(config)#

rmonevent1logtrappublicdescriptiontestowneradmin

switch(config)#

show rmon event 1

RmonEventIndex:1

RmonEventType:LogandTrap

RmonEventCommunity:public

RmonEventDescription:test

RmonEventLastSent:

RmonEventOwner:admin

switch(config)#

rmonevent1logdescriptiontestowneradmin

switch(config)#

show rmon event 1

570

RmonEventIndex:1

RmonEventType:Log



RmonEventLastSent:


571

RMON Alarm

Syntax

rmonalarm<1-65535>interfaceIF_PORT(drop-events|octets|pkts|broadcast-pkts|multicastpkts|crc-align-errors|undersize-pkts|oversize-pkts|fragments|jabbers|collisions|pkts64octets|pkts65to127octets|pkts128to255octets|pkts256to511octets|pkts512to1023octets|pkts1024to1518octets)<1-2147483647>(absolute|delta)rising<0-2147483647><0-65535>falling<0-2147483647><0-65535>startup(rising|rising-falling|falling)[ownerNAME]normonalarm<1-65535>

Parameter

<1-65535> Specifyalarmindextocreateormodify IF_PORT Specifytheinterfacetosample(variable) Specifyamibobjecttosample

<1-2147483647> SpecifythetimeinsecondsthatthealarmmonitorstheMIBvariable.(absolute|delta) Specifyabsolutetocomparesamplecounterabsolutely.Specifydeltatocomparedeltacounter

betweensamples<0-2147483647> Specifyanumberwhichthealarmtriggerrisingevent<0-65535> Specifyeventindexwhentherisingthresholdexceeds.<0-2147483647> Specifyanumberwhichthealarmtriggerfallingevent

<0-65535> Specifyeventindexwhenthefallingthresholdexceeds.

(rising|risingfalling|

falling)

Specifyonlytohowrisingorfallingstartupevent.Orshoweitherrisingorfallingstartupevent.

[owner NAME] (Optional)Specifyownerofalarm.

572

Default

Nodefaultisdefined.

Mode

GlobalConfiguration

Usage

UsethermoneventcommandtoaddormodifyaRMONevententry.Beforeyouaddanalarmentry,atleastoneevententrymustbeadded.Usethenoformofthiscommandtodeleteit.

Example

TheexampleshowshowtoaddaRMONalarmentrythatsampleinterfacefa1packetsdeltacountevery300seconds.ATriggereventofindex1occursifitisoverrisingathresholdof10000,oratriggereventindexof2iflitisowerthanthefallingthreshold.Youcanverifysettingsbythefollowingshowrmonalarmcommand.

switch(config)#

rmon event 1 log

switch(config)#

rmon event 2 log

switch(config)#

show rmon event all

RmonEventIndex:1

RmonEventType:Log

573

RmonEventCommunity:

RmonEventDescription:

RmonEventLastSent:

RmonEventOwner:

RmonEventIndex:2

RmonEventType:Log

RmonEventCommunity:

RmonEventDescription:

RmonEventLastSent:

RmonEventOwner:

Switch(config)#

rmonalarm1interfacefa1pkts300deltarising100001falling1001startuprising-fallingowneradmin

RmonAlarmIndex:1

RmonAlarmSampleInterval:300

RmonAlarmSampleInterface:fa1

RmonAlarmSampleVariable:Pkts

RmonAlarmSampleType:delta

RmonAlarmType:RisingorFalling

574

RmonAlarmRisingThreshold:10000

RmonAlarmRisingEvent:1

RmonAlarmFallingThreshold:100

RmonAlarmFallingEvent:1

RmonAlarmOwner:admin

575

RMON History

Syntax

rmonhistory<1-65535>interfaceIF_PORT[buckets<1-65535>]

[interval<1-3600>][ownerNAME]

normonhistory<1-65535>

Parameter

<1-65535> Specifyhistoryindextocreateormodify. IF_PORT Specifytheinterfacetosample[bucket <1-65535>] (Optional)Specifythemaximumnumberofbuckets.

[interval <>1-3600] (Optional)Specifytimeintervalforeachsample[owner NAME] (Optional)Specifyownerofhistory

Default

Nodefaultisdefined.

Mode

GlobalConfiguration

Usage

UsethermonhistorycommandtoaddormodifyaRMONhistoryentry.Usethenoformofthiscommandtodeleteit.

576

Example

TheexampleshowshowtoaddaRMONhistoryentrythatmonitorsinterfacefa1every60secondsandthenmodifyittomonitorevery30seconds.Youcanverifysettingsbythefollowingshowrmonhistorycommand.

switch(config)#

rmonhistory1interfacefa1interval60owneradmin

switch(config)#

show rmon history 1

RmonHistoryIndex:1

RmonCollectionInterface:fa1

RmonHistoryBucket:50

RmonhistoryInterval:60

RmonHistoryOwner:admin

switch(config)#


switch(config)#

show rmon history 1

RmonHistoryIndex:1



577



578

Clear RMON Interfaces Statistics

Syntax

clearrmoninterfacesIF_PORTSstatistics

Parameter

IF_PORTSspecifiesportstoclear

Default

Nodefaultisdefined

Mode

GlobalConfiguration

Usage

UsetheclearrmoninterfacesstatisticscommandtoclearRMONetherStatstatisticsthosearerecordedoninterface.

Example

TheexampleshowshowtoclearRMONetherStatstatisticsoninterfacegi1.Youcanverifysettingsbythefollowingshow rmon interface statistics command.

switch#

clear rmon interfaces gi1 statistics

579

switch#

show rmon interfaces gi1 statistics

Port gi1

etherStatsDropEvents:0

etherStatsOctets:0

etherStatsPkts:0

etherStatsBroadcastPkts:0

etherStatsMulticastPkts:0

etherStatsCRCAlignErrors:0

etherStatsUnderSizePkts:0

etherStatsOverSizePkts:0

etherStatsFragments:0

etherStatsJabbers:0

etherStatsCollisions:0

etherStatsPkts64Octets:0

etherStatsPkts65to127Octets:0



580



581

Show RMON Interfaces Statistics

Syntax

showrmoninterfacesIF_PORTSstatistics

Parameter

IF_PORTSspecifiesportstoshow

Default

Nodefaultisdefined

Mode

GlobalConfiguration

Usage

UsetheshowrmoninterfacesstatisticscommandtoshowRMONetherStatstatisticsoftheinterface.

Example

TheexampleshowshowtoshowRMONetherStatstatisticsofinterfacegi1.

switch(config)#

show rmon interfaces gi1 statistics

Port gi1

etherStatsDropEvents:0

582

etherStatsOctets:81882

etherStatsPkts:578

etherStatsBroadcastPkts:10

etherStatsMulticastPkts:0

etherStatsCRCAlignErrors:0

etherStatsUnderSizePkts:0

etherStatsOverSizePkts:0

etherStatsFragments:0

etherStatsJabbers:0

etherStatsCollisions:0

etherStatsPkts64Octets:355






583

Show RMON Event

Syntax

showrmonevent(<1-65535>|all)

Parameter

<1-65535>specifieseventindextoshow

all Show all existed event

Default

Nodefaultisdefined

Mode

GlobalConfiguration

Usage

UsetheshowrmoneventcommandtoshowanexistingRMONevententry.

Example

Theexampleshowshowtoshowarmonevententry.

switch(config)#

rmonevent1logtrappublicdescriptiontestowneradmin

584

switch(config)#

show rmon event 1

RmonEventIndex:1

RmonEventType:LogandTrap



RmonEventLastSent:


585

Show RMON Event Log

Syntax

showrmonevent<1-65535>log

Parameter

<1-65535>specifieseventindextoshoweventlog

Default

Nodefaultisdefined

Mode

GlobalConfiguration

Usage

UsetheshowrmoneventlogcommandtoshowalogtriggeredbyaRMONalarm.

Example

Theexampleshowshowtoshowarmoneventlog.

switch(config)#

show rmon event 1 log

Index:1

AlarmIndex:1

586

Action:StartupFalling

Time:(32918334)3days,19:26:23.34

Description:fa1.Pkts=0<=100

587

Show RMON Alarm

Syntax

showrmonalarm(<1-65535>|all)

Parameter

<1-65535> specifiesalarmindextoshow

all Show all existed alarm

Default

Nodefaultisdefined

Mode

GlobalConfiguration

Usage

UsetheshowrmonalarmcommandtoshowexistingRMONalarmentries.

Example

Theexampleshowshowtoshowanrmonalarmentry.

Switch(config)#

rmonalarm1interfacefa1pkts300deltarising100001

falling1001startuprising-fallingowneradmin

588

RmonAlarmIndex:1

RmonAlarmSampleInterval:300

RmonAlarmSampleInterface:fa1

RmonAlarmSampleVariable:Pkts

RmonAlarmSampleType:delta

RmonAlarmType:RisingorFalling

RmonAlarmRisingThreshold:10000

RmonAlarmRisingEvent:1

RmonAlarmFallingThreshold:100

RmonAlarmFallingEvent:1

RmonAlarmOwner:admin

589

Show RMON History

Syntax

showrmonhistory(<1-65535>|all)

Parameter

<1-65535> specifieshistoryindextoshow

All Show all existed history

Default

Nodefaultisdefined

Mode

GlobalConfiguration

Usage

UsetheshowrmonhistorycommandtoshowexistingRMONhistoryentries.

Example

TheexampleshowshowtoshowanRMONhistoryentry.

switch(config)#


590

switch(config)#

show rmon history 1

RmonHistoryIndex:1





591

Show RMON History Statistics

Syntax

showrmonhistory<1-65535>statistic

Parameter

<1-65535>specifieshistoryindextoshowhistorystatistic

Default

Nodefaultisdefined

Mode

GlobalConfiguration

Usage

UsetheshowrmonhistorystatisticcommandtoshowstatisticsthatarerecordedbyRMONhistory.

Example

TheexampleshowshowtoshowRMONhistorystatistics.

switch(config)#

show rmon history 1 statistics

592

SampleIndex:2

IntervalStart:(32940466)3days,19:30:04.66

DropEvents:0

Octets:117226

Pkts:763

BroadcastPkts:9

MulticastPkts:0

CRCAlignErrors:0

UnderSizePkts:0

OverSizePkts:0

Fragments:0

Jabbers:0

Collisions:0

Utilization:1

SampleIndex:1

IntervalStart:(32939462)3days,19:29:54.62

DropEvents:0

Octets:220

Pkts:3

593

BroadcastPkts:1

MulticastPkts:0

CRCAlignErrors:0

UnderSizePkts:0

OverSizePkts:0

Fragments:0

Jabbers:0

Collisions:0

Utilization:0

594

Chapter 23SNMP

595

SNMP

Syntax

snmp

nosnmp

Parameter

None

Default

nosnmp

Mode

GlobalConfiguration

Usage

‘nosnmp’willdisablesnmp.‘snmp’willenablesnmp.Theconfigurationcanuseshowsnmp.

Example

Thefollowingexamplespecifiesthesetglobalsnmptest.

Switch(config)#

snmp

596

Switch#

showsnmp

SNMPisenabled.

597

SNMP Trap

Syntax

[no]snmptrap(auth|linkUpDown|warm-start|cold-start|port-security)

Parameter

None

Default

snmptrapauth

snmptraplinkUpDown

snmptrapwarm-start

snmptrapcold-start

snmptrapport-security

Mode

GlobalConfiguration

Usage

‘nosnmptrapauth’snmpwillnotsendauthfailuretrap.‘nosnmptraplinkUpDown’snmpwillnotsendlinkupandlinkdowntrap.‘nosnmptrapwarm-startsnmpwillnotsendwarmstarttrap.‘nosnmptrapcold-start’snmpwillnotsendcoldstarttrap.‘nosnmptrapport-security’snmpwillnotsendport-securitytrap.Theconfigurationcanuseshowsnmptrap.

598

Example

Thefollowingexamplespecifiesthesettrapauthdisabletest.

Switch(config)#

nosnmpauth

Switch#

showsnmptrap

SNMPauthfailedtrap:Disable

SNMPlinkUpDowntrap:Enable

SNMPwarm-starttrap:Enable

SNMPcold-starttrap:Enable

SNMPportsecuritytrap:Enable

599

SNMP View

Syntax

snmpviewNAMEsubtreeOIDoid-mask(all|MASK)viewtype

(included|excluded)

nosnmpviewNAMEsubtree(all|OID)

Parameter

Name ViewNameOID ViewsubtreeOID

(all | MASK) ViewsubtreeOIDmask.All:allmaskbitis‘1’(include | exclude) Viewsubtreeisaccessedornotallowedaccess.(all | OID) DeletetheViewnameallsubtreeOIDorspecifiesOID

Default

DefaultViewis“all”andthesubtreeis1.Thetypeisincluded.

Mode

GlobalConfiguration

Usage

Thedefaultviewcan’tdeleteandbecreatedbytheuser.TheminviewissysUpTime.Theconfigurationcanuse‘showsnmpview’tocheckit.

600

Example

ThefollowingexamplespecifiesthesetviewsystemViewtest.

Switch(config)#

snmpviewsystemViewsubtree1.3.6.1.2.1.1oid-maskallviewtypeincluded

Switch#

showsnmpview

ViewNameSubtreeOIDOIDMaskViewType

all.1allincluded

systemView.1.3.6.1.2.1.1allincluded

601

SNMP Access Group

Syntax

snmpgroupNAMEversion(1|2c|3)(noauth|auth|priv)read-view

NAMEwrite-viewNAME[notify-viewNAME]

nosnmpgroupNAMEsecurity-modeversion(1|2c|3)

Parameter

Group Name Accessgroupname1 | 2c | 3 Accessmodelforsnmpv1/v2/v3

noauth | auth | priv Noauthforsnmpv1/v2

Authandprivgroupforsnmpv3Read-view NameAccessgroupspecifiesreadviewWrite-view NameAccessgroupspecifieswriteviewNotify-view NameAccessgroupspecifiesnotifyview

Default

None

Mode

GlobalConfiguration

602

Usage

Thegroupversion1and2careonlyforsnmpcommunityuse.Version3isonlyforsnmpuseruse.Whenthegroupversionis1or2c,Youcanonlyusenoauth.Theread/write/notifyviewmustexisttoproceed.Theconfigurationcanuse‘showsnmpgroup’tocheck.

Example

Thefollowingexamplespecifiesthatsetsnmpgrouptest.

Switch(config)#

snmpgroupgroup11noauthread-viewallwrite-viw“”

Switch(config)#

snmpgroupgroup22cnoauthread-viewallwrite-viewall

Switch(config)#

snmpgroupgroup33authread-viewallwrite-viewall

Switch#

showsnmpgroup

GroupNameModelLevelReadViewWriteViewNotifyView

group1v1noauthall------

group2v2cnoauthallall---

group3v3authallall---

603

SNMP Community

Syntax

snmpcommunityNAME[groupNAME][viewNAME](ro|rw)

nosnmpcommunityNAME

Parameter

Community Name Snmpv1/v2communityname[group Name] Snmpcommunityspecifiesaccessgroupname[view Name] Snmpcommunityspecifiesview

(ro | rw) Snmpcommunityreadorreadwriteattribute

Default

None

Mode

GlobalConfiguration

Usage

Thecommunitycan’tspecifygroupandviewatthesametime.Thecommunityspecifiesthegroupwhichmustexistandmustmatchthesecuritymodel.Thecommunityspecifiestheviewwhichmustexistaswell.Itwillgeneratethenoexistv1orv2accessgroupforthecommunity.Theconfigurationcanuse‘showsnmpcommunity’tocheck.

604

Example

Thefollowingexamplespecifiesthatconfiguredcommunitytest.

Switch(config)#

snmpcommunitpublicro

Switch(config)#

snmpcommunitprivaterw

Switch(config)#

snmpcommunittest1viewall

Switch#

showsnmpcomunity

CommnunityNameGroupNameViewAccess

publicpublic_groupallro

privateprivate_groupallrw

test1test1_groupallrw

605

SNMP User

Syntax

snmpuserUSERNAMEGROUPNAME[auth(md5|sha)

AUTHPASSWD]

snmpuserUSERNAMEGROUPNAMEauth(md5|sha)

AUTHPASSWDprivPRIVPASSWD

nosnmpuserNAME

Parameter

USERNAME SnmpusernameGROUPNAME Snmpuserspecifiesgroup.

[auth (md5 | sha)] SnmpuserauthprotocolAUTHPASSWD SnmpuserauthpasswordPRIVPASSWD Snmpuserprivpassword

Default

None

Mode

GlobalConfiguration

606

Usage

Thegroupversionmustbev3andthesecuritylevelmustmatchthesnmpuserconfiguration.TheAUTHPASSWDandPRIVPASSWDminlengthis8.Theconfigurationcanuse‘showsnmpuser’tocheck.

Example

Thefollowingexamplespecifiesthesetauthsnmpusertest.

Switch(config)#


Switch(config)#

snmpuseruser1group3authmd512345678

Switch#showsnmpuser

Username:user1

Password:********

PrivilegeMode:rw

AccessGroupName:group3

AuthenticationProtocol:md5

EncryptionProtocol:none

AccessSecLevel:auth

607

SNMP EngineID

Syntax

snmpengineid(default|ENGINEID)

snmpengineidremote(A.B.C.D|X:X::X:X)ENGINEID

nosnmpengineidremote(A.B.C.D|X:X::X:X)

Parameter

(default |ENGINEID) DefaultisMACaddress.ENGINEIDis10~64hexcharacters(A.B.C.D|X:X::X:X) Hostipv4/ipv6address

Default

Snmpengineiddefault

Mode

GlobalConfiguration

Usage

ThedefaultengineidisDUTMACaddress.Theconfigurationcanuse‘showsnmpengineid’.

608

Example

Thefollowingexamplespecifiesthatsetremoteengineidtest.

Switch(config)#

snmpengineidremote192.168.1.100112233445566

Switch#

showsnmpengineid

LocalSNMPV3Engineid:DEADBEEF0114

IPaddressRemoteSNMPengineID

192.168.1.100112233445566

610

Usage

Thiscommandcan’tconfigureversion1inform.Whenusingtraps,thiscommandcan’tconfiguretheudp-portandretries.ThehostuseerNAMEwhichisasnmpcommunityoruserNAMEmustexist.ThehostuserhostsecuritylevelmustmatchthesnmpusersecuritylevelTheconfigurationcanuse‘showsnmphost’tocheck

Example

Thefollowingexamplespecifiesthedisplaygvrperrorstatisticsandstatisticstest.

Switch(config)#

snmpcommunitypublicro

Switch(config)#

snmpcommunityprivaterw

Switch(config)#


Switch(config)#

snmpuseruser1group3authmd512345678

Switch(config)#

snmphost192.168.1.100version2cpublic

Switch(config)#

snmphost192.168.1.100informsversion2cprivate

611

Switch(config)#

snmphost192.168.1.100version3authuser1

Switch#

showsnmphost

ServerCommunityNameNotificationVersionNotification

TypeUDPPortRetriesTimeout

192.168.1.100publicv2ctrap

192.168.1.100privatev2cinform200310

192.168.1.100user1v3trap

612

Show SNMP

Syntax

showsnmp

Parameter

None

Default

None

Mode

Privileged mode

Usage

Thiscommandwillshowthesnmpstatus.

Example

Thefollowingexamplespecifiesthatshowsnmptest.

Switch#

showsnmp

613

Show SNMP Trap

Syntax

showsnmptrap

Parameter

None

Default

None

Mode

Privileged mode

Usage

Thiscommandwilldisplaythesnmptrapclassauth/linkupdown/cold-start/warmstart/port-security/status.

Example

Thefollowingexamplespecifiesthedisplaysnmptraptest.

Switch#

showsnmptrap

614

Show SNMP View

Syntax

showsnmpview

Parameter

None

Default

None

Mode

Privileged mode

Usage

Thiscommandwilldisplaythesnmpviewentry.

Example

Thefollowingexamplespecifiesthedisplaysnmpviewtest.

Switch#

showsnmpview

615

Show SNMP Group

Syntax

showsnmpgroup

Parameter

None

Default

None

Mode

Privileged mode

Usage

Thiscommandwilldisplaythesnmpgroup.

Example

Thefollowingexamplespecifiesthedisplaysnmpgrouptest.

Switch#

showsnmpgroup

616

Show SNMP Community

Syntax

showsnmpcommunity

Parameter

None

Default

None

Mode

Privileged mode

Usage

Thiscommandwilldisplaythesnmpcommunityentry.

Example

Thefollowingexamplespecifiesthedisplaysnmpcommunitytest.

Switch#

showsnmpcommunity

617

Show SNMP Host

Syntax

showsnmphost

Parameter

None

Default

None

Mode

Privileged mode

Usage

Thiscommandwilldisplaythesnmphostentry.

Example

Thefollowingexamplespecifiesthatdisplaysnmphosttest.

Switch#

showsnmphost

618

Show SNMP User

Syntax

showsnmpuser

Parameter

None

Default

None

Mode

Privileged mode

Usage

Thiscommandwilldisplaythesnmpuserentry.

Example

Thefollowingexamplespecifiesthatdisplaysnmpusertest.

Switch#

showsnmpuser

619

Show SNMP EngineIDSyntax

show snmp engineid

Parameter

None

Default

None

Mode

Privileged mode

Usage

Thiscommandwilldisplaythesnmplocal/remoteengineid.

Example

Thefollowingexamplespecifiesthedisplaysnmplocal/remoteengineidtest.

Switch#

showsnmpengineid

620

Chapter 24Storm Control

621

Storm-Control Unit

Syntax

storm-controlunit(bps|pps)

Parameter

bps Stormcontrolratecalculatesbyoctet-basedpps Stormcontrolratecalculatesbypacket-based

Default

Defaultstormcontrolunitisbps.

Mode

GlobalConfiguration

Usage

TheStormControlmechanismwilltrytocalculateifingresspacketsexceedtheconfiguredrateornotandenactthecorrespondingaction.Thiscommandallowsyoutochangetheunitofthecalculatingmethod.

Example

ThisexampleshowshowtoconfiguretheStormControlrateunitaspps.

Switch(config)#

storm-controlunitpps

622

Thisexampleshowshowtoshowthestormcontrolglobalconfiguration.

Switch#

showstorm-control

StormcontrolpreambleandIFG:Excluded

Stormcontrolunit:pps

623

Storm-Control IFG

Syntax

storm-controlifg(include|exclude)

Parameter

include Includepreamble&IFG(20bytes)whencountingressstormcontrolrate.exclude Excludepreamble&IFG(20bytes)whencountingressstormcontrolrate

Default

Defaultstormcontrolinterframegapisexcluded.

Mode

GlobalConfiguration

Usage

TheStormControlmechanismwill try to calculate if ingress packets exceed the configured rate or not and do thecorrespondingaction.Thiscommandallowsyoutodecidetoinclude/excludethepreambleandinterframegapintothecalculation.

Example

ThisexampleshowshowtoconfiguretheStormControlrateunitaspps.

Switch(config)#

storm-controlifginclude

624

ThisexampleshowshowtoshowStormControlglobalconfiguration.

Switch#

showstorm-control

StormcontrolpreambleandIFG:Included


625

Storm-Control

Syntax

storm-control

nostorm-control

storm-control (broadcast | unknown-unicast | unknown-multicast) no storm-control (broadcast | unknown-unicast |unknown-multicast)

storm-control(broadcast|unknown-unicast|unknown-multicast)level<0-1000000>

nostorm-control(broadcast|unknown-unicast|unknown-multicast)level

Parameter

broadcast Selectbroadcaststormcontroltypeunknown-unicast Selectunknownunicaststormcontroltype

unknownmulticast Selectunknownmulticaststormcontroltype

level <0-1000000> Specifythestormcontrolrateforselectedtype

Default

Defaultbroadcaststormcontrolisdisabled.

Defaultunknownmulticaststormcontrolisdisabled

Defaultunknownunicaststormcontrolisdisabled

Defaultbroadcaststormcontrolrateis10000.

626

Defaultunknownmulticaststormcontrolrateis10000.

Defaultunknownunicaststormcontrolrateis10000.

Mode


Usage

TheStormControlfunctionisabletoenable/disableoneachsingleport.Usethe“stormcontrol”commandtoenablethestormcontrolfeatureontheselectedports.Usethe“nostormcontrol”commandtodisabletheStormControlfeature.Noteveryportisabletoenable/disableoneachport.EachStormControltypeisalsoabletoenable/disableoneachsingleport.Usethe“storm-control(broadcast|unknown-unicast|unknown-multicast)”commandtoenablethestormcontroltypeyouneedandusenoformtodisableit.Eachcontroltypeisallowedtohaveadifferentstormcontrolrate.Usethe“stormcontrol (broadcast |unknown-unicast |unknown-multicast) level”commandtoconfigure itandusenoformtorestoretoitsdefaultvalue.

Example

ThisexampleshowshowtoenableStormControloninterfacefa1.

Switch(config)#

interface fa1

Switch(config-if)#

storm-control

ThisexampleshowshowtoenablebroadcastStormControlandconfigurethebroadcaststormcontrolrateto200.

628

Storm-Control Action

Syntax

storm-controlaction(drop|shutdown)

nostorm-controlaction

Parameter

drop Stormcontrolratecalculatesbyoctet-based

shutdown

Default

Defaultstormcontrolactionisdrop.

Mode


Usage

ThestormcontrolmechanismallowsyoutodroppacketswhichexceedtheStormControlrateorjustshutdowntheport.Usenoformtorestoretodefaultactions.

630

Show Storm-Control

Syntax

showstorm-control

showstorm-controlinterfaceIF_PORTS

Parameter

IF_PORTSSpecifyporttoshow.

Default


Mode

Privileged EXEC

Usage

Usethe“showstorm-control”commandtoshowallStormControlrelatedconfigurationsincludingglobalconfigurationand per port configurations. Use the “show storm-control interface” command to show selected port Storm Controlconfigurations.

Example

Thisexampleshowshowtoshowstormcontrolglobalconfiguration.

Switch#

showstorm-control

631

StormcontrolpreambleandIFG:Excluded


Thisexampleshowshowtoshowcurrentstormcontrolconfigurationoninterfacefa1.

Switch#


Port|State|Broadcast|Unkown-Multicast|Unknown-Unicast|Action

||pps|pps|pps

fa1enable200Off(10000)Off(10000)

Shutdown

632

Chapter 25Spanning Tree

633

Spanning-Tree

Syntax

spanning-tree

nospanning-tree

Default

spanning-tree

Mode

GlobalConfiguration

Usage

EnablesorDisablestheSpanning-TreeProtocol.Usethe`spanning-tree`commandtoenableSTPor`nospanning-tree`command to disable STP.

Example

ThefollowingexamplesetstheSTPstatustoenabled/disabled.

Switch285500#

configure


spanning-tree

634


exit

Switch285500#

showspanning-tree

SpanningtreeenabledmodeSTP

Defaultportcostmethod:long

RootIDPriority32768

Address00:05:83:28:55:00

This switch is the root

HelloTime2secMaxAge20secForwardDelay15sec

Numberoftopologychanges1lastchangeoccurred01:49:43ago

Times:hold0,topologychange0,notification0

hello2,maxage20,forwarddelay15

Interfaces

NameStatePrio.NbrCostStsRolePortFast

Type

fa1enabled128.1200000FrwDesgNoP2P

(STP)

635

Spanning-Tree BPDU

Syntax

spanning-treebpdu(filtering|flooding)

Parameter

(filtering|flooding)SpecifytheforwardingactionofBPDUtofilteringorflooding.

Default

spanning-treebpduflooding

Mode

GlobalConfiguration

Usage

ConfiguretheBPDUforwardingactionwhenSTPisdisabled.

Example

ThisexamplesetstheBPDUforwardingactiontofiltering.

Switch285500#

configure


nospanning-tree

636


spanning-treebpdufiltering


exit

Switch285500#

showspanning-tree

Spanningtreedisabled(BPDUfiltering)modeSTP


Switch285500#

637

Spanning-Tree Mode

Syntax

spanning-treemode(stp|rstp|mstp)

Parameter

stp SpecifythemodetoSpanningTreeProtocol.rstp SpecifythemodetoRapidSpanningTreeProtocol.mstp SpecifythemodetoMultipleSpanningTreeProtocol

Default

spanning-treemodestp

Mode

GlobalConfiguration

Usage

Configuretheforce-versionoftheSpanning-TreeProtocol.Theconfigurationcouldbeshownbythe“showspanning-tree” command.

Example

ThisexamplesetsSTPmodetoRSTP(RapidSpanningTreeProtocol).

Switch285500#

configure

638


spanning-treemoderstp


exit

Switch285500#

showspanning-tree

SpanningtreeenabledmodeRSTP


RootIDPriority32768

Address00:05:83:28:55:00






Interfaces


Type

639

fa1enabled128.1200000DscdDesgNoP2P

(RSTP)

Switch285500#

640

Spanning-Tree Priority

Syntax

spanning-treepriority<0-61440>

Parameter

<0-61440>Specifythebridgepriority,itmustmultiplesof4096.

Default

spanning-treepriority32768

Mode

GlobalConfiguration

Usage

Thiscommandconfiguresthebridgepriority.Theconfigurationcouldbeshownbythe“showspanning-tree”command.

Example

Thisexamplesetsthebridgepriorityto16384.

Switch285500#

configure


spanning-treepriority16384

641


exit

Switch285500#

showspanning-tree



RootIDPriority16384

Address00:05:83:28:55:00






Interfaces

NameStatePrio.NbrCostStsRolePortFastType


(RSTP)

Switch285500#

642

Spanning-Tree Hello-Time

Syntax

spanning-treehello-time<1-10>

Parameter

<1-10>Specifythehello-timeinterval(second).

Default

spanning-treehello-time2

Mode

GlobalConfiguration

Usage

This commandconfigures theBPDUhello-time interval (in second).Theconfiguration couldbeshownby the “showspanning-tree”command.

Example

ThisexamplesetstheBPDUhello-timeto5sec.

Switch285500#

configure

643


spanning-treehello-time5


exit

Switch285500#

showspanning-tree



RootIDPriority16384

Address00:05:83:28:55:00






Interfaces


Type

644


(RSTP)

Switch285500#

645

Spanning-Tree Max-Hops

Syntax

spanning-treemax-hops<1-40>

Parameter

<1-40>Specifythemax-hopsvalue.

Default

spanning-treemax-hops20

Mode

GlobalConfiguration

Usage

ThiscommandconfiguresthemaximumhopsvalueforMSTP.Theconfigurationcouldbeshownby“showspanning-tree”command.

Example

Thisexamplesetsthemax-hopsto15.

Switch285500#

configure

646


spanning-treemax-hops15


exit

Switch285500#

showspanning-tree

SpanningtreeenabledmodeMSTP


Gathering information

######MST0VlansMapped:1-4094

CSTRootIDPriority16384

Address00:05:83:28:55:00

This switch is root for CST and IST master


Maxhops15


fa1enabled128.1200000FrwDesgNoP2PIntr

Switch285500#

647

Spanning-Tree Forward-Delay

Syntax

spanning-treeforward-delay<4-30>

Parameter

<4-30>Specifytheforward-delayinterval(second).

Default

spanning-treeforward-delay15

Mode

GlobalConfiguration

Usage

ThiscommandconfigurestheBPDUforward-delayinterval(inseconds).Theconfigurationcouldbeshownbythe“showspanning-tree”command.

Example

ThisexamplesetstheBPDUforward-delayto30sec.

Switch285500#

configure

648


spanning-treeforward-delay30


exit

Switch285500#

showspanning-tree



RootIDPriority16384

Address00:05:83:28:55:00






Interfaces



649

(STP)

Switch285500#

650

Spanning-Tree Maximum-Age

Syntax

spanning-treemaximum-age<6-40>

Parameter

<6-40>Specifythemaximum-agetime(second).

Default

spanning-treemaximum-age20

Mode

GlobalConfiguration

Usage

ThiscommandconfigurestheBPDUmaximum-ageinterval(inseconds).Theconfigurationcouldbeshownbythe“showspanning-tree”command.

Example

ThisexamplesetstheBPDUmaximum-ageto10sec.

Switch285500#

configure

651


spanning-treemaximum-age10


exit

Switch285500#

showspanning-tree



RootIDPriority16384

Address00:05:83:28:55:00






Interfaces



652

(STP)

Switch285500#

653

Spanning-Tree TX-Hold-Count

Syntax

spanning-treetx-hold-count<1-10>

Parameter

<1-10>Specifythetx-hold-countvalue.

Default

spanning-treetx-hold-count6

Mode

GlobalConfiguration

Usage

ThiscommandconfigurestheBPDUtx-hold-count.

Example

ThisexamplesetstheBPDUhello-timeto5sec.

Switch285500#

configure


spanning-treetx-hold-count10

654


exit

655

Spanning-Tree Pathcost Method

Syntax

spanning-treepathcostmethod(long|short)

Parameter

longSpecifythetypeofpathcostvalueto32bits(long).

shortSpecifythetypeofpathcostvalueto16bits(short).

Default

spanning-treepathcostmethodlong

Mode

GlobalConfiguration

Usage

ThiscommandconfigurestheBPDUpathcostvaluetypeto16bits(short)or32bits(long).Theconfigurationcouldbeshownbythe“showspanning-tree”command.

Example

Thisexamplesetsthetypeofpathcostvaluetoshort.

Switch285500#

configure

656


spanning-treepathcostmethodshort


exit

Switch285500#

showspanning-tree


Defaultportcostmethod:short

RootIDPriority32768

Address00:05:83:28:55:00






Interfaces



657

(STP)

Switch285500#

658

Spanning-Tree Port-Priority

Syntax

spanning-treeport-priority<0-240>

Parameter

<0-240>SpecifytheSTPportpriority.Itmustmultiplesof16.

Default

spanning-treeport-priority128

Mode

PortConfiguration

Usage

ThiscommandperportconfigurestheSTPportpriority.Theconfigurationcouldbeshownbythe“showspanning-treeinterface” command.

Example

Thisexamplesetsportfa1STPportpriorityto64.

Switch285500#

configure

659


interface fa1


spanning-treeport-priority64


exit


exit

Switch285500#

showspanning-treeinterfacesfa1

Port fa1 enabled

State:forwardingRole:designated

Portid:64.1Portcost:200000

Type:P2P(STP)PortFast:No

DesignatedbridgePriority:32768Address:00:05:83:28:55:00

Designatedportid:64.1Designatedpathcost:0

BPDUFilter:DisabledBPDUguard:Disabled

BPDU:sent1794,received0

660

Switch285500#

661

Spanning-Tree Cost

Syntax

spanning-treecost<0-200000000>

Parameter

<0-200000000>SpecifytheSTPportcost.Inshortpathcostmethod,therangeisfrom0to65535.(0=Auto)

Default

spanning-treecost0

Mode

PortConfiguration

Usage

ThiscommandperportconfigurestheSTPportcost.Theconfigurationcouldbeshownbythe“showspanning-treeinterface” command.

Example

Thisexamplesetsportfa1STPportcostto100.

Switch285500#

configure

662


interface fa1


spanning-treecost100


exit


exit

Switch285500#


Port fa1 enabled

State:forwardingRole:

designated



DesignatedbridgePriority:32768Address:

00:05:83:28:55:00

Designatedportid:128.1Designatedpath

663

cost:0

BPDUFilter:DisabledBPDUguard:

Disabled


Switch285500#

664

Spanning-Tree Edge

Syntax

spanning-treeedge

nospanning-treeedge

Default

nospanning-treeedge

Mode

PortConfiguration

Usage

ThiscommandperportconfigurestheSTPedgeportfunction.Theconfigurationcouldbeshownbythe“showspanning-tree interface” command.

Example

Thisexamplesetsportfa1STPedgeporttoenable.

Switch285500#

configure


interface fa1

665


spanning-treeedge


exit


exit

Switch285500#


Port fa1 enabled


designated

Portid:128.1Portcost:

200000

Type:P2P(STP)PortFast:Yes


00:05:83:28:55:00


cost:0

666

Disabled


Switch285500#

667

Spanning-Tree BPDU-Filter

Syntax

spanning-treebpdu-filter

nospanning-treebpdu-filter

Default

nospanning-treebpdu-filter

Mode

PortConfiguration

Usage

ThiscommandperportconfigurestheSTPBPDUFilterstatus.Theconfigurationcouldbeshownbythe“showspanning-tree interface” command.

Example

Thisexamplesetsportfa1STPBPDUFilterstatustobeenabled.

Switch285500#

configure


interface fa1

668


spanning-treebpdu-filter


exit


exit

Switch285500#


Port fa1 enabled


designated



DesignatedbridgePriority:32768Address:00:05:83:28:55:00


cost:0

BPDUFilter:EnabledBPDUguard:

Disabled

669


Switch285500#

670

Spanning-Tree BPDU-Guard

Syntax

spanning-treebpdu-guard

nospanning-treebpdu-guard

Default

nospanning-treebpdu-guard

Mode

PortConfiguration

Usage

ThiscommandperportconfigurestheSTPBPDUGuardstatus.Theconfigurationcouldbeshownbythe“showspanning-tree interface” command.

Example

Thisexamplesetsportfa1STPBPDUGuardstatustoenabled.

Switch285500#

configure


interface fa1

671


spanning-treebpdu-guard


exit


exit

Switch285500#


Port fa1 enabled


designated




00:05:83:28:55:00


cost:0


672

Enabled


Switch285500#

673

Spanning-Tree Link-Type

Syntax

(point-to-point|shared)SpecifytheSTPportlink-typetoPoint-to-PointorSharedmedium.

Default

no spanning-tree link-type

Mode

PortConfiguration

Usage

ThiscommandperportconfigurestheSTPport link-type.Theconfigurationcouldbeshownby“showspanning-treeinterface” command.

Example

Thisexamplesetsportfa1STPportlink-typetobeShared.

Switch285500#

configure


interface fa1

674


spanning-treelink-typeshared


exit


exit

Switch285500#


Port fa1 enabled


designated


Type:Shared(STP)PortFast:No


00:05:83:28:55:00


cost:0


675

Disabled


Switch285500#

676

Spanning-Tree MST Configuration

Syntax

spanning-treemstconfiguration

nameNAME

revision<0-65535>

instance<0-15>vlan[VLAN-LIST]

Parameter

NAME SpecifytheMSTPbridgenameofMSTConfigurationID.(Max.32chars)<0-65535> SpecifytheMSTPrevisionnumberofMSTConfigurationID.<0-15> SpecifytheMSTinstanceID.VLAN-LIST SpecifytheVLANlisttobemappedtothisspecifiedinstance.

Default

name(Switch’sMACaddress)

revision0

instance0vlanall

Mode

GlobalConfiguration

677

Usage

ThiscommandconfigurestheMSTPConfigurationID.Theconfigurationcouldbeshownbythe“showspanning-treemstconfiguration”command.

Example

ThisexamplesetsMSTPConfigurationID,nameto`Region1`,revisionto

`123`andVLAN100mappedtoinstance1.

Switch285500#

configure


spanning-treemstconfiguration

Switch285500(config-mst)#

name Region1


revision 123


instance1vlan100


exit

678


exit

Switch285500#

showspanning-treemstconfiguration

Name[Region1]

Revision123Instancesconfigured2

InstanceVlansmapped

01-99,101-4094

1100

Switch285500#

679

Spanning-Tree MST Priority

Syntax

spanning-treemst<0-15>priority<0-61440>

Parameter

<0-15>SpecifytheMSTinstanceIDtoconfigure.

<0-61440>Specifythebridgepriority,itmustmultiplesof4096.

Default

spanning-treemst0priority32768

Mode

GlobalConfiguration

Usage

ThiscommandconfigurestheMSTinstancepriority.Theconfigurationcouldbeshownbythe“showspanning-treemst”command.

Example

ThisexamplesetsthepriorityofMSTinstance1to4096.

Switch285500#

configure

680


spanning-treemodemstp


spanning-treemst1priority4096


exit

Switch285500#

showspanning-treemst1

MST Instance Information

InstanceType:MSTI(1)

BridgeIdentifier:4096/1/00:05:83:28:55:00

RegionalRootBridge:4096/1/00:05:83:28:55:00

InternalRootPathCost:0

RemainingHops:20

Topologychanges:2

LastTopologyChange:100

VLANsmapped:100

InterfaceRoleStsCostPrio.NbrType

681

fa1DesgFWD200000128.1P2PIntr

682

Spanning-Tree MST Cost

Syntax

spanning-treemst<0-15>cost<0-200000000>

Parameter

<0-15> SpecifytheMSTinstanceIDtoconfigure.

<0-200000000> SpecifytheSTPportcost.Inshortpathcostmethod,therangeisfrom0to65535.(0=Auto)

Default

spanning-treemst0cost0

Mode

PortConfiguration

Usage

ThiscommandconfigurestheMSTPportcostforthisMSTinstance.Theconfigurationcouldbeshownbythe“showspanning-treemstinterface”command.

Example

Thisexamplesetstheportfa1STPpathcostoftheMSTinstance1to100.

Switch285500#

configure

683


interface fa1




exit


exit

Switch285500#

showspanning-treemst1interfacesfa1

MST Port Information


PortIdentifier:128/1

InternalPath-Cost:100/100

RegionalRootBridge:4097/00:05:83:28:55:00

InternalRootCost:0

DesignatedBridge:4097/00:05:83:28:55:00

InternalPortPathCost:100

684

PortRole:Designated

PortState:Forwarding

Switch285500#

685

Spanning-Tree MST Port-Priority

Syntax

spanning-treemst<0-15>priority<0-240>

Parameter

<0-15> SpecifytheMSTinstanceIDtoconfigure.<0-240> SpecifytheSTPportpriority.Itmustmultiplesof16.

Default

spanning-treemst0port-priority128

Mode

PortConfiguration

Usage

This command configures theMSTport priority. The configuration couldbe shownby the “showspanning-treemstinterface” command.

Example

Thisexamplesetsportfa1MSTportpriorityofMSTinstance1to32.

Switch285500#

configure

686


interface fa1




exit


exit

Switch285500#

Switch285500#

Switch285500#

Switch285500#

configure


interface fa1


spanning-treemst1port-priority32

687


exit


exit

Switch285500#

showspanning-treemst1interfacesfa1

MST Port Information


PortIdentifier:32/1

InternalPath-Cost:0/200000

RegionalRootBridge:32769/00:05:83:28:55:00

InternalRootCost:0

DesignatedBridge:32769/00:05:83:28:55:00

InternalPortPathCost:200000

PortRole:Designated

PortState:Forwarding

Switch285500#

688

Chapter 26System File

689

Boot System

Syntax

bootsystem(image0|image1)

Parameter

image0 Bootfromflashimagepartition0

image1 Bootfromflashimagepartition1

Default

Defaultbootimageisimage0.

Mode

GlobalConfiguration

Usage

Dualimageallowsausertohaveabackupimageintheflashpartition.Usethe“bootsystem”commandtoselecttheactivefirmwareimageandanotherfirmwareimagewillbecomeanewbackup.

Example

Thisexampleshowshowtoselectimage1astheactiveimage.

Switch(config)#

boot system image1

690

Select“image1”Success

Thisexampleshowshowtoshowactiveimagepartition.

Switch#

showflash


startup-config11912000-01-0100:00:23

rsa19742000-01-0100:00:18

rsa216752000-01-0100:00:18

dsa26682000-01-0100:00:18

ssl_cert9932000-01-0100:00:18

image0(backup)43724012012-09-2401:57:29

image1(active)55559702012-06-1212:17:46

691

Save

Syntax

Save

Parameter

Default


Mode

Privileged EXEC

Usage

Usethe“save”commandtosavetherunningconfigurationtothestartupconfigurationfile.Thiscommandisequalto“copyrunning-configstartup-config”.

Example

Thisexampleshowshowtosaverunningconfigurationtothestartupconfiguration.

Switch#

save

Success

692

Thisexampleshowshowtoshowstartupconfiguration

Switch#

showstartup-config

!SystemDescription:

!SystemVersion:v2.5.0-beta.32811

!SystemName:

!SystemUpTime:0days,4hours,31mins,43secs

!

!

!

!

username“”privilegeusersecret“dnXencJRwflV6”

username“admin”secret“FzjrGO6vfbERY”

voice-vlanvpt0

voice-vlandscp0

694

Parameter

flash:// Specifythefilestoredinflashtooperation.Availablefilesare:

flash://startup-config

flash://backup-config

flash://rsa1

flash://rsa2

flash://dsa2

flash://image0

flash://image1

flash://ram.log

flash://flash.log

tftp:// Specifyremotetftpserverandremotefilename.The

formatis“tftp://192.168.1.111/remote_file_name”running-config Runningconfigurationfile

startup-config Startupconfigurationfilebackup-config Backupconfigurationfile

Default


Mode

Privileged EXEC

695

Usage

Therearemanytypesoffilesinsystem.Thesefilesareveryimportantfortheadministratortomanagetheswitch.Themostcommonfileoperationiscopy.Byusingthesecopycommands,youcanupgradeorbackupthefollowingtypeoffiles.

Firmware Image

Configuration Files

Syslog Files

Language Files

Security Certificate

Example

Thisexampleshowshowtocopyrunningconfigurationtostartupconfiguration.

Switch#

copyrunning-configstartupst-config

Thisexampleshowshowtobackuprunningconfigurationtoremotetftp

server192.168.111withfilenametest1.cfg.

Switch#

copyrunning-config

tftp://192.168.1.111/test1.cfg

Uploadingfile...PleaseWait...

696

UploadingDone

Thisexampleshowshowtoupgradestartupconfigurationfromremotetftp

server192.168.1.111withfilenametest2.cfg.

Switch#

copytftp://192.168.1.111/test2.cfgstartupconfig

Downloadingfile...PleaseWait...

Downloading Done

Upgradeconfigsuccess.Doyouwanttorebootnow?

(y/n)n

Thisexampleshowshowtobackupsecurityfiledsa2toremotetftpserver

192.168.1.111withfilenamedsa2.

Switch#

copyflash://dsa2tftp://192.168.1.111/dsa2

Uploadingfile...PleaseWait...

UploadingDone

697

Delete

Syntax

delete(startrup-config|backup-config|flash://)

deletesystem(image0|image1)

Parameter

flash:// Specifytheconfigurationfilestoredinflashtodelete.Availablefilesare:

flash://startup-config

flash://backup-config

startup-config Deletestartupconfigurationfilebackup-config Deletebackupconfigurationfile

image0 Deleteflashimage0.image1 Deleteflashimage1

Default


Mode

Privileged EXEC

698

Usage

Usethe“delete”commandtodeleteconfigurationfilesorusethe“deletesystem”commandtodeleteafirmwareimagestoredinflash.The“deletestartup-config”commandisusedtorestoretothefactorydefaultsettingsandisequaltothecommand“restore-defaults”.

Example

Thisexampleshowshowtodeletebackupconfigurationfile.

Switch#

deletebackup-config

Thisexampleshowshowtodeletebackupfirmwareimagefromflash.

Switch#

delete system image1

Thisexampleshowshowtoshowfilestatusinflash.

Switch#

showflash


startup-config11912000-01-0100:00:23

rsa19742000-01-0100:00:18

rsa216752000-01-0100:00:18

dsa26682000-01-0100:00:18

699

ssl_cert9932000-01-0100:00:18

image0(active)43724012012-09-2401:57:29

image1(backup)0

700

Restore-Defaults

Syntax

restore-defaults

Parameter

None

Default


Mode

Privileged EXEC

Usage

Usethe“restore-defaults”commandtorestorefactorydefaultsettingsofthesystem.Thecommandisequalto“deletestartup-config”,

Example

Thisexampleshowshowtorestorefactorydefaults.

Switch#

restore-defaults

RestoreDefaultSuccess.Doyouwanttorebootnow?(y/n)n

701

Show Config

Syntax

show(running-config|startrup-config|backup-config)

Parameter

running-configShowrunningconfigurationonterminal

startup-configShowstartupconfigurationonterminal

backup-configShowbackupconfigurationonterminal

Default


Mode

Privileged EXEC

Usage

Theconfigurationfileistextbased.Therefore,theconfigurationontheterminalcanbeshownandreadbythiscommand.

Example

Thisexampleshowshowtoshowthestartupconfiguration.

Switch#

showstartup-config

702

!SystemDescription:


!SystemName:switch


!

!

!

!



voice-vlanvpt0

voice-vlandscp0

Thisexampleshowshowtoshowrunningconfiguration

Switch#

showrunning-config

!SystemDescription:


!SystemName:

703


!

!

!

!



voice-vlanvpt0

voice-vlandscp0

704

Show Flash

Syntax

showflash

Parameter

None

Default


Mode

Privileged EXEC

Usage

Use“showflash”commandtoshowallfiles’statuswhichstoredinflash.

Example

Thisexampleshowshowtoshowallfilesstatusstoredinflash.

Switch#

showflash


startup-config11912000-01-0100:00:23

705

rsa19742000-01-0100:00:18

rsa216752000-01-0100:00:18

dsa26682000-01-0100:00:18

ssl_cert9932000-01-0100:00:18

image0(active)43724012012-09-2401:57:29

image1(backup)0

706

Chapter 27Time

707

Clock Set

Syntax

clocksetHH:MM:SS(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)<1-31><2000-2037>

Parameter

HH:MM:SSSpecifystatictimeofyear、month、day、hour、minute、second

(jan|feb|mar|apr

|may|jun|jul|aug|

sep|oct|nov|dec)<1-31>

<2000-2037>

Default

Nodefaultisdefined.

Mode

GlobalConfiguration

Usage

Usetheclocksetcommandtosetthestatictime.Thestatictimewon’tsavetoconfigurationfile.

708

Example

Theexampleshowshowtosetstatictimeofswitch.Youcanverifysettingsbythefollowingshowshowclockcommand.

switch#

clockset11:03:00sep212012

11:03:00DFL(UTC+8)Sep212012

switch#

showclock

11:03:21DFL(UTC+8)Sep212012

Notimesource

709

Clock Timezone

Syntax

clocktimezoneACRONYMHOUR-OFFSET[minutes<0-59>]

noclocktimezone

Parameter

ACRONYM SpecifyacronymnameoftimezoneHOUR-OFFSET SpecifyhouroffsetoftimezoneMinutes <1-59> Specifyminuteoffsetoftimezone

Default

DefaulttimezoneisUTC+8.

Mode

GlobalConfiguration

Usage

Usetheclocktimezonecommandtosetthetimezonesettings.Usethenoformofthiscommandtoapplythedefaultsettings.

710

Example

Theexampleshowshowtosettimezoneofswitchandthenrestoretodefaulttimezone.Youcanverifysettingsbythefollowingshowshowclockcommand.

switch(config)#

clocktimezonetest+5

switch(config)#

showclockdetail

10:13:27test(UTC+5)Sep212012

Notimesource

Timezone:

Acronym is test

OffsetisUTC+5

switch(config)#

noclocktimezone

switch(config)#

showclockdetail

13:14:50DFL(UTC+8)Sep212012

Notimesource

Timezone:

711

AcronymisDFL

OffsetisUTC+8

712

Clock Source

Syntax

clocksource(local|sntp)

Parameter

local SpecifytousestatictimeSntp Specifytousesntptime

Default

Defaultisusinglocaltime.

Mode

GlobalConfiguration

Usage

Usetheclocksourcecommandtosetthesourceoftime.“local”meansthatyouusethestaticsettingbytheusermanualset.The“sntp”meansthatyouusetheremoteSNTPserver.Usethenoformofthiscommandtoresettodefaultsettings.

Example

Theexampleshowshowtosetclocksourceofswitch.Youcanverifysettingsbythefollowingshowshowclockcommand.

switch(config)#

clocksourcesntp

713

switch(config)#

showclockdetail

08:32:12test(UTC+5)Sep212012

Notimesource

714

Clock Summer-Time

Syntax

clocksummer-timeACRONYMdate(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)<1-31>

<2000-2037>HH:MM(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)<1-31><2000-2037>HH:MM[<1-1440>]

clocksummer-timeACRONYMrecurring(usa|eu)[<1-1440>]

clocksummer-timeACRONYMrecurring(<1-5>|first|last)(sun|mon|tue|wed|thu|fri|sat)

(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)HH:MM(<1-5>|first|last)

(sun|mon|tue|wed|thu|fri|sat)(jan|feb|mar|apr|may|jun|jul|aug|sep|oct|nov|dec)HH:MM[<1-1440>]

noclocksummer-time

715

Parameter

ACRONYM Specifyacronymnameoftimezone(jan|feb|mar|apr|may|jun |jul|aug|sep|oct|nov|dec) <1-31> <2000-2037> HH:MM (jan|feb|mar|apr| may|jun|jul|aug|sep|oct|nov|dec) <1-31> <2000- 2037> HH:MM

Specifynon-recurringdaylightsavingtimeduration.

<1-1440> Specifyadjustoffsetofdaylightsavingtime

usa Using daylight saving time in the United States that starts on the second SundayofMarchandendsonthefirstSundayofNovember.

eu UsingdaylightsavingtimeintheEuropethatstartsonthelastSundayinMarchandendingonthelastSundayinOctober.

(<1-5>|first|last) (sun|mon| tue|wed|thu|fri|sat) (jan |feb|mar|apr|may|jun| jul|aug|sep|oct|nov|dec) HH:MM (<1-5>|first|last) (sun|mon|tue|wed|thu|fri|sat) (jan|feb|mar|apr|may| jun|jul|aug|sep|oct|nov|dec) HH:MM

Specifyecurringdaylightsavingtimeduration

Default

Nodefaultdaylightsavingtimeisdefined.

716

Mode

GlobalConfiguration

Usage

Usetheclocksummer-timecommandtosetdaylightsavingtimeforthesystemtime.The“usa”or“eu”settingsmeansthattheglobaldaylightsavingpolicywhich isdefinedby internationalorganizations is inuse. Inboththe“date”and“recurring”settings,thefirstpartofthecommandspecifieswhensummertimebeginsandthesecondpartspecifieswhenitends.Alltimesarerelativetothelocaltimezone.The“recurring”settingmeansthattimeisadjustedeveryyearwithinthemonth.Usethenoformofthiscommandtoapplythedefaultsettings.

Example

Theexampleshowshowtosetclocksourcefortheswitch.Youcanverifysettingsbythefollowingshowclockcommand.

switch(config)#

clocksourcesntp

switch(config)#

showclockdetail

08:32:12test(UTC+5)Sep212012

Notimesource

717

Show Clock

Syntax

showclock[detail]

Parameter

detailShowmoredetailinformationofclock

Default

Nodefaultisdefined

Mode

GlobalConfiguration

Usage

Usetheshowclockcommandtoshowtheclockontheswitch.The“detail”meansthatshowmoreinformationofclocksuchastimezoneanddaylightsavingtime.

Example

Theexampleshowshowtoshowclockofswitchanddetailinformation.


clocksourcesntp

718


clocksummer-timeDLSrecurringusa


sntphost192.168.1.100


showclock

14:34:43DLS(UTC+9)Sep252012

Timesourceissntp


showclockdetail

14:35:39DLS(UTC+9)Sep252012

Timesourceissntp

Timezone:

AcronymisDFL

OffsetisUTC+8

Summertime:

Acronym is DLS

Recurringeveryyear.

719

Beginsat2032:0

Endsat10112:0

Offsetis60minutes.

720

SNTP

Syntax

sntphostHOSTNAME[port<1-65535>]

nosntp

Parameter

HOSTNAME SpecifyipaddressorhostnameofsntpserverSntp Specifyserverportofsntpserver

Default

NodefaultSNTPserverdefined.

Mode

GlobalConfiguration

Usage

UsethesntpcommandtosetaremoteSNTPserver.Thedefaultserverportis123.Usethenoformofthiscommandtosetthedefaultsettings.

721

Example

TheexampleshowshowtosettheremoteSNTPserverofswitch.Youcanverifysettingsbythefollowingshowsntpcommand.

switch(config)#

clocksourcesntp

switch(config)#

sntphost192.168.1.100

switch(config)#

showsntp

SNTPisEnabled

SNTPServeraddress:192.168.1.100

SNTPServerport:123

722

Show SNTP

Syntax

showsntp

Parameter

None

Default

Nodefaultisdefined

Mode

GlobalConfiguration

Usage

UsetheshowsntpcommandtoremoteSNTPserverinformation.

Example

TheexampleshowshowtoshowtheremoteSNTPserver.


showsntp

SNTPisEnabled

SNTPServeraddress:192.168.1.100

723

SNTPServerport:123

724

Chapter 28VLAN

725

VLAN

Syntax

vlan

no vlan

Default

vlan 1

Mode

GlobalConfiguration

Usage

CreateorremoveaVLANentry.Usingthe`vlan`commandtoentertheVLANconfigurationmode.

Example

ThefollowingexamplecreatesandremovesaVLANentry(100).

SwitchEF0101#

configure

SwitchEF0101(config)#

vlan100

726

SwitchEF0101(config-vlan)#

exit


novlan100


exit

SwitchEF0101#

727

VLAN Name

Syntax

vlannameNAME

Parameter

NAMESpecifythenameoftheVLAN(Max.32chars).

Default

vlannameVLANxxxx

Mode

VLANConfiguration

Usage

ConfigurethenameofaVLANentry.

Example

ThisexamplesetstheVLANnameofVLAN100tobe`VLAN-onehundred`.

SwitchEF0101#

configure


vlan100

728


nameVLAN-one-hundred


exit


729

Switchport Mode

Syntax

switchportmode(access|hybrid|trunk[uplink]|tunnel)

Parameter

access SpecifytheVLANmodetoAccessport.

hybrid SpecifytheVLANmodetoHybridport.trunk SpecifytheVLANmodetoTrunkport.uplink SpecifytheUplinkpropertyonthisTrunkport.tunnel SpecifytheVLANmodetoDot1QTunnelport.

Default

Switchportmodetrunk

Mode

PortConfiguration

Usage

TheVLANmodeisusedtoconfiguretheportfordifferentportroles.

Access port

AcceptsonlyuntaggedframesandjoinanuntaggedVLAN.

730

Hybrid port

SupportsallfunctionsasdefinedinIEEE802.1Qspecifications.

Trunk port

AnuntaggedmemberofoneVLANatmost,itisataggedmemberofzeroormoreVLANs.Ifitisanuplinkport,itcanrecognizedoubletaggingonthisport.

Tunnel port

Port-basedQ-in-Qmode.Theconfigurationcouldbeshownbythe“showinterfaceswitchport”command.

Example

ThisexamplesetsVLANmodetoAccessport.


interface fa12

SwitchEF0101(config-if)#

switchportmodeaccess


exit


exit

731

SwitchEF0101#

showinterfacesswitchportfa12

Port:fa12

PortMode:Access

IngressFiltering:enabled

AcceptableFrameType:untagged-only

IngressUnTaggedVLAN(NATIVE):1

TrunkingVLANsEnabled:

Portismemberin:

VlanNameEgressrule

1defaultUntagged

ForbiddenVLANs:

VlanName

SwitchEF0101#

732

Switchport Hybrid PVID

Syntax

switchporthybridpvid<1-4094>

Parameter

<1-4094>Specifytheport-basedVLANIDontheHybridport.

Default

switchporthybridpvid1

Mode

PortConfiguration

Usage

Thiscommandconfiguresthehybridport’sPVID.Theconfigurationcouldbeshownbythe“showinterfaceswitchport”command.

Example

ThisexamplesetsPVIDto100.

SwitchEF0101#

configure

733


interfacefa10


switchportmodehybrid


switchporthybridpvid100


exit


exit

SwitchEF0101#


Port:fa10

PortMode:General


AcceptableFrameType:all



734

Portismemberin:

VlanNameEgressrule

1defaultUntagged

ForbiddenVLANs:

VlanName

SwitchEF0101#

735

Switchport Hybrid Ingress-Filtering Disable

Syntax

switchportbybridingress-filteringdisable

noswitchporthybridingress-filteringdisable

Default

noswitchporthybridingress-filteringdisable

Mode

PortConfiguration

Usage

Thiscommandperportconfigurestheingress-filteringstatus.Thisfilteringisusedtofiltertheframescomingfromthenon-memberingressport.Theconfigurationcouldbeshownbythe“showinterfaceswitchport”command.

Example

Thisexamplesetsingress-filteringtodisable.

SwitchEF0101#

configure


interfacefa10

736




switchporthybridingress-filteringdisable


exit


exit

SwitchEF0101#


Port:fa10

PortMode:General

IngressFiltering:disabled




Portismemberin:

VlanNameEgressrule

737

1defaultUntagged

ForbiddenVLANs:

VlanName

SwitchEF0101#

738

Switchport Hybrid Acceptable-Frame-Type

Syntax

switchporthybridacceptable-frame-type(all|tagged-only|untaggedonly)

Parameter

all Specifytoacceptallframes.tagged-only Specifytoonlyaccepttaggedframes.untagged-only Specifytoonlyacceptuntaggedframes.

Default

switchporthybridacceptable-frame-typeall

Mode

PortConfiguration

Usage

Thiscommandperportconfigurestheacceptable-frame-type.Theconfigurationcouldbeshownbythe“showinterfaceswitchport”command.

Example

Thisexamplesetsacceptable-frame-typetotagged-only.

SwitchEF0101#

configure

739


interfacefa10




switchporthybridacceptable-frame-typetaggedonly


exit


exit

SwitchEF0101#showinterfacesswitchportfa10

Port:fa10

PortMode:General


AcceptableFrameType:tagged-only



Portismemberin:

740

VlanNameEgressrule

1defaultUntagged

ForbiddenVLANs:

VlanName

SwitchEF0101#

741

Switchport Hybrid Allowed VLAN Add

Syntax

switchporthybridallowedvlanaddVLAN-LIST[(tagged|untagged)]

Parameter

VLAN-LIST SpecifiestheVLANlisttobeadded.( tagged | untagged ) Specifiesthemembertypetotaggedoruntagged.

Mode

PortConfiguration

Usage

ThiscommandperhybridportconfigurestheallowedVLANlist.Theconfigurationcouldbeshownbythe“showinterfaceswitchport”command.

Example

Thisexamplesetsportfa10VLANtojointheVLAN100asataggedmember.

SwitchEF0101#

configure


interfacefa10

SwitchEF0101(config-if)#switchporthybridallowedvlanadd100

742


switchporthybridallowedvlanadd100


exit


exit

SwitchEF0101#


Port:fa10

PortMode:General





Portismemberin:

VlanNameEgressrule

1defaultUntagged

100VLAN-one-hundredTagged

743

ForbiddenVLANs:

VlanName

SwitchEF0101#

744

Switchport Hybrid Allowed VLAN Remove

Syntax

switchporthybridallowedvlanremoveVLAN-LIST

Parameter

VLAN-LISTSpecifiestheVLANlisttoberemoved.

Mode

PortConfiguration

Usage

ThiscommandperhybridportconfigurestoremovetheallowedVLANlist.Theconfigurationcouldbeshownbythe“showinterfaceswitchport”command.

Example

Thisexamplesetsportfa10VLANtoleavetheVLAN100.

SwitchEF0101#

configure


interfacefa10

SwitchEF0101(config-if)#switchporthybridallowedvlanremove100

745


switchporthybridallowedvlanremove100


exit


exit

SwitchEF0101#


Port:fa10

PortMode:General





Portismemberin:

VlanNameEgressrule

1defaultUntagged

ForbiddenVLANs:

746

VlanName

SwitchEF0101#

747

Switchport Access VLAN

Syntax

switchportaccessvlan<1-4094>

Parameter

<1-4094>SpecifiestheaccessVLANID.

Mode

PortConfiguration

Usage

ThiscommandperAccessportconfiguresthenativeVLANID.Theconfigurationcouldbeshownbythe“showinterfaceswitchport”command.

Example

ThisexamplesetstheAccessportfa10nativeVLANIDto100.

SwitchEF0101#

configure


interfacefa10

748


switchportmodeaccess


switchportaccessvlan100


exit


exit

SwitchEF0101#


Port:fa10

PortMode:Access


AcceptableFrameType:untagged-only



Portismemberin:

VlanNameEgressrule

749

100VLAN-one-hundredUntagged

ForbiddenVLANs:

VlanName

SwitchEF0101#

750

Switchport Tunnel VLAN

Syntax

switchporttunnelvlan<1-4094>

Mode

PortConfiguration

Usage

ThecommandperTunnelportconfiguresthenativeVLAN.Theconfigurationcouldbeshownbythe“showinterfaceswitchport”command.

Example

ThisexamplesetsTunnelportfa10nativeVLANto100.

SwitchEF0101#

configure


interfacefa10


switchportmodetunnel

751


switchporttunnelvlan100


exit


exit

SwitchEF0101#


Port:fa10

PortMode:Dot1qtunnel





Portismemberin:

VlanNameEgressrule


ForbiddenVLANs:

752

VlanName

SwitchEF0101#

753

Switchport Trunk Native VLAN

Syntax

switchporttrunknativevlan<1-4094>

Mode

PortConfiguration

Usage

ThecommandperTrunkportconfiguresthenativeVLAN.Theconfigurationcouldbeshownbythe“showinterfaceswitchport”command.

Example

ThisexamplesetsTrunkportfa10nativeVLANto100.

SwitchEF0101#

configure


interfacefa10


switchportmodetrunk

754


switchporttrunknativevlan100


exit


exit

SwitchEF0101#


Port:fa10

PortMode:Trunk





Portismemberin:

VlanNameEgressrule


ForbiddenVLANs:

755

VlanName

SwitchEF0101#

756

Switchport Trunk Allowed VLAN

Syntax

switchporttrunkallowedvlan(add|remove)(VLAN-LIST|all)

Parameter

( add | remove ) SpecifytheactiontoaddorremovetheallowedVLANlist.( VLAN-LIST | all ) SpecifytheVLANlistorallVLANstobeaddedorremoved.

Mode

PortConfiguration

Usage

ThecommandperTrunkportconfigurestheallowedVLANlist.Theconfigurationcouldbeshownbythe“showinterfaceswitchport”command.

Example

ThisexamplesetsTrunkportfa10toaddtheallowedVLAN100.

SwitchEF0101#

configure


interfacefa10

757


switchporttrunkallowedvlanadd100


exit


exit

SwitchEF0101#


Port:fa10

PortMode:Trunk




TrunkingVLANsEnabled:100

Portismemberin:

VlanNameEgressrule

1defaultUntagged


758

ForbiddenVLANs:

VlanName

SwitchEF0101#

759

Switchport Default-VLAN Tagged

Syntax

switchportdefault-vlantagged

noswitchportdefault-vlantagged

Mode

PortConfiguration

Usage

ThecommandperportconfiguresthemembershipofthedefaultVLANtobetagged.Theconfigurationcouldbeshownbythe“showinterfaceswitchport”command.

Example

ThisexamplesetstheTrunkportfa10membershipwiththedefaultVLANtotagged.

SwitchEF0101#

configure


interfacefa10


witchportdefault-vlantagged

760


exit


exit

SwitchEF0101#


Port:fa10

PortMode:Trunk





Portismemberin:

VlanNameEgressrule

1defaultTagged


ForbiddenVLANs:

VlanName

761

SwitchEF0101#

762

Switchport Forbidden Default-VLAN

Syntax

switchportforbiddendefault-vlan

noswitchportforbiddendefault-vlan

Mode

PortConfiguration

Usage

ThecommandperportconfiguresthemembershipofthedefaultVLANtoforbidden.Theconfigurationcouldbeshownbythe“showinterfaceswitchport”command.

Example

ThisexamplesetsthemembershipofthedefaultVLANwithportfa10toforbidden.

SwitchEF0101#

configure


interfacefa10


switchportforbiddendefault-vlan

763


exit


exit

SwitchEF0101#


Port:fa10

PortMode:Trunk





Portismemberin:

VlanNameEgressrule


ForbiddenVLANs:

VlanName

1default

764

SwitchEF0101#

765

Switchport Forbidden VLAN

Syntax

switchportforbiddenvlan(add|remove)VLAN-LIST

Parameter

(add | remove) Addorremoveforbiddenmembership.VLAN-LIST SpecifytheVLANlist.

Mode

PortConfiguration

Usage

ThecommandperportconfiguresthemembershipofthespecfiedVLANstotheforbiddensetting.Theconfigurationcouldbeshownbythe“showinterfaceswitchport”command.

Example

ThisexamplesetsthemembershipoftheVLAN100withportfa10to

forbidden.

SwitchEF0101#

configure


interfacefa10

766


switchportforbiddenvlanadd100


exit


exit

SwitchEF0101#


Port:fa10

PortMode:Trunk





Portismemberin:

VlanNameEgressrule

1defaultUntagged

ForbiddenVLANs:

767

VlanName

100VLAN-one-hundred

SwitchEF0101#

768

Management-VLAN

Syntax

management-vlanvlan<1-4094>

nomanagement-vlan

Parameter

<1-4094>SpecifytheVLANIDofmanagement-vlan.

Default

Indefault,managementVLAN1iscreated

Mode

GlobalConfiguration

Usage

(1) Set<1-4094>asmanagementVLANid;suggesttocreatetheVLANandmaketheporttobememberofitfirstly.

(2)Whenusenocommand,restoremanagementvlantobedefaultVLAN.

(3)Ifwanttoseemanagementvlancreated,use“showmanagement-vlan”

769

Example

(1)Thefollowingexamplespecifiesthatmanagementvlan2iscreated

Switch(config)#

management-vlanvlan2

(2) Thefollowingexamplespecifiesthatmanagement-vlanisrestoredtobethedefaultVLAN.

Switch(config)#

nomanagement-vlan

770

Show Management-VLAN

Syntax

show management-vlan

Parameter

None

Default

None

Mode

Global/EnableConfiguration

Usage

Displayinformationaboutthemanagementvlan.

Example

Thefollowingexamplespecifiestheshowmanagementvlan.

Switch(config)#

showmanagement-vlan

771

MAC VLAN MAC

Syntax

vlanmac-vlanmacA:B:C:D:E:Fvlan<1-4094>

novlanmac-vlanmacA:B:C:D:E:F

Parameter

A:B:C:D:E:Fspecifiesmacaddresstoconfigure

<1-4094>SpecifiestheMACVLANIDtoconfigure.

Default

nomacvlanentriesareconfigured

Mode

GlobalConfiguration

Usage

Usethevlanmac-vlanmacGlobalConfigurationmodecommandtoaddamacvlanentrywithaspefiedmacaddress.Usethenoformofthiscommandtoremovethemacvlanentries.Youcanverifyyoursettingsbyenteringtheshowvlanmacvlan Privileged EXEC command.

772

Example

Thefollowingexampleshowshowtoaddamacvlanentry

Switch(config)#

vlanmac-vlanmac0:0:0:0:0:1vlan100

Switch(config)#

showvlanmac-vlan

MACAddress|VID

00:00:00:00:00:01|100

MACVLANTotalEntry:1

MACVLANMaximumEntry:128

773

MAC VLAN Enable

Syntax

vlanmac-vlan

novlanmac-vlan

Parameter

None

Default

MACVLANdisabledonallinterfaces

Mode


Usage

Usethevlanmac-vlanInterfaceConfigurationmodecommandtoenabletheMACVLANfunctiononspecifiedinterfaces.UsethenoformofthiscommandtodisabletheMACVLANfunction.Youcanverifyyoursettingsbyenteringtheshowvlanmac-vlaninterfacesIF_PORTSPrivilegedEXECcommand.

775

Show VLAN MAC-VLAN

Syntax

showvlanmac-vlan

Parameter

None

Default

None

Mode

Privileged EXEC

Usage

Usetheshowvlanmac-vlancommandinEXECmodetodisplayaspecificMACVLANentryorAllMACVLANentries.

Example

ThefollowingexampleshowshowtodisplayMACVLANentryconfigurations.

Switch(config)#

showvlanmac-vlan

MACAddress|VID

00:00:00:00:00:01|100

776

MACVLANTotalEntry:1

MACVLANMaximumEntry:128

777

Show MAC-VLAN Interfaces

Syntax

showvlanmac-vlaninterfacesIF_PORTS

Parameter

IF_PORTSSpecifyinterfacemacvlanstatustodisplay

Default

None

Mode

Privileged EXEC

Usage

Usetheshowvlanmac-vlaninterfacecommandinEXECmodetodisplayaspecificedinteraceortheallinterfacesMACVLANstatus.

Example

ThefollowingexampleshowshowtodisplaytheMACVLANinterfacessettings.

Switch#

showvlanmac-vlaninterfacesfa1-6

Port|status

779

Protocol-VLAN Group

Syntax

vlanprotocol-vlangroup<1-8>frame-type

(ethernet_ii|llc_other|snap_1042)protocol-valueVALUE

novlanprotocol-vlangroup<1-8>

Parameter

<1-8> Specifyprotocolvlangrouptoconfigure(ethernet_ii|llc_other|snap_1042) SpecifyprotocolbasedframetypeVALUE Specifyprotocolvaluetoconfigure

Default

noprotocolvlangroupareconfigured.

Mode

GlobalConfiguration

Usage

Usethevlanprotocol-vlangroupGlobalConfigurationmodecommandtoaddaprotocolvlangroupwithspecifiedprototypeandvalue.Usethenoformofthiscommandtoremovetheprotocolvlangroupsettings.Youcanverifyyoursettingsbyenteringtheshowvlanproto-vlanPrivilegedEXECcommand.

780

Example

Thefollowingexampleshowhowtoconfigureprotocolvlangroup:

Switch(config)#

vlanprotocol-vlangroup1frame-typeethernet_ii

protocol-value0x806

Switch(config)#

vlanprotocol-vlangroup2frame-typellc_otherprotocolvalue0x800

Switch#

showvlanprotocol-vlan

GroupID|Status|Type|value

1|Enabled|Ethernet|0x0806

2|Enabled|LLCother|0x0800

3|Disabled|--|--

4|Disabled|--|--

5|Disabled|--|--

6|Disabled|--|--

7|Disabled|--|--

8|Disabled|--|--

781

Protocol VLAN Binding

Syntax

vlanprotocol-vlangroup<1-8>vlan<1-4094>

novlanprotocol-vlangroup<1-8>

Parameter

<1-8>Specifyprotocolvlangrouptobinding

<1-4094>SpecifiestheProtoVLANIDtoconfigure.

Default

Indefaultallgrouparenotbindingtoanyinterface.

Mode


Usage

Usethevlanprotocol-vlanbindingInterfaceConfigurationmodecommandtobindaprotocolVLANGrouponspecifiedinterfaces.UsethenoformofthiscommandtocancelprotocolVLANGroupBinding.Youcanverifyyoursettingsbyenteringtheshowvlanprotocol-vlaninterfacesIF_PORTSPrivilegedEXECcommand.

782

Example

ThefollowingexampleshowshowtoconfigureProtocolVLANfunctiononspecifiedinterfaces..

Switch(config)#

interface fa1

Switch(config-if)#

vlanprotocol-vlangroup1vlan2

Switch(config-if)#

vlanprotocol-vlangroup2vlan3

Switch#

showvlanprotocol-vlaninterfacesfa1

Portfa1:

Group1

Status:Enabled

VLANID:2

Group2

Status:Enabled

VLANID:3

Group3

783

Group3

Status:Disabled

Group4

Status:Disabled

Group5

Status:Disabled

Group6

Status:Disabled

Group7

Status:Disabled

Group8

Status:Disabled

784

Show Protocol VLAN Group

Syntax

showvlanprotocol-vlan[group<1-8>]

Parameter

<1-8>Specifyprotocolvlangrouptodisplay

Default

None

Mode

Privileged EXEC

Usage

Usetheshowvlanproto-vlancommandinEXECmodetodisplaytheProtoVLANgroupconfiguration.

Example

ThefollowingexampleshowshowtodisplayaProtoVLANgroupconfiguration.

Switch#

showvlanprotocol-vlan

GroupID|Status|Type|value

1|Enabled|Ethernet|0x0806

785

2|Enabled|LLCother|0x0800

3|Disabled|--|--

4|Disabled|--|--

5|Disabled|--|--

6|Disabled|--|--

7|Disabled|--|--

8|Disabled|--|--

786

Show Protocol VLAN Interfaces

Syntax

showvlanprotocol-vlaninterfacesIF_PORTS

Parameter

IF_PORTSSpecifyinterfacesprotocolvlantodisplay

Default

None

Mode

Privileged EXEC

Usage

Usetheshowvlanmac-vlaninterfacecommandinEXECmodetodisplaytheProtocolVLANinterfacessettings.

Example

ThefollowingexampleshowshowtodisplaytheProtocolVLANinterfacessetting.

Switch#

showvlanprotocol-vlaninterfacesfa1

Portfa1:

Group1

787

Group1

Status:Enabled

VLANID:2

Group2

Status:Enabled

VLANID:3

Group3

Status:Disabled

Group4

Status:Disabled

Group5

Status:Disabled

Group6

Status:Disabled

Group7

Status:Disabled

Group8

Status:Disabled

788

Chapter 29Voice VLAN

789

Voice VLAN State

Syntax

voice-vlanmode(auto|oui)

novoice-vlan

Parameter

auto SpecifyAutovoicevlanisenabledOui Specifyvoicevlanenabledinouimode

Default

Autovoicevlanisenabled

Mode

GlobalConfiguration

Usage

UsethevoicevlanstateglobalconfigurationcommandtosetthetypeofvoiceVLANthatisfunctionalonthedeviceordisablevoiceVLANentirely.Usethenoformofthiscommandtodisablethevoicevlanfunction.YoucanverifyyoursettingsbyenteringtheshowvoicevlanPrivilegedEXECcommand.Tochangevoicevlanmodefromautotoouiorouitoauto,youmustfirstdisablethevoicevlanfunction.

790

Example

Thefollowingexampleshowshowtochangethevoicevlanstatefromautotoouimodeandviceversa.

Switch(config)#

novoice-vlan

Switch(config)#

voice-vlanmodeoui

Switch#showvoice-vlan

AdministrateVoiceVLANstate:oui-enabled

VoiceVLANID:100

VoiceVLANVPT:5

VoiceVLANDSCP:46

VoiceVLANAging:1440minutes

VoiceVLANCoS:6

VoiceVLAN1pRemark:disabled

791

Voice VLAN ID

Syntax

voice-vlanvlan<1-4094>

Parameter

<1-4094>SpecifythevoiceVLANID

Default

ThedefaultVoiceVLANIDisDFLTVLANID.

Mode

GlobalConfiguration

Usage

UsethevoicevlanidglobalconfigurationcommandtoconfiguretheVLANidentifierofthevoiceVLAN.Statically,youcanverifyyoursettingsbyenteringtheshowvoicevlanPrivilegedEXECcommand.

Example

ThefollowingexampleshowshowtosettheVoiceVLANID.Beforeproceeding,pleasemakesurethatVLANEXISTisenabled.

Switch(config)#

voice-vlanvlan128

792

Switch#

showvoice-vlan


VoiceVLANID:128

VoiceVLANVPT:5

VoiceVLANDSCP:46


VoiceVLANCoS:6


793

Voice VLAN VPT

Syntax

voice-vlan vpt <0-7>

Parameter

<0-7>SpecifythevptvaluetobeadvertisedbyLLDP

Default

Thedefaultvptvalueis5.

Mode

GlobalConfiguration

Usage

UsethevoicevlanvptglobalconfigurationcommandtoconfigurethevoiceVLANvptvalueYoucanverifyyoursettingsby entering the show voice vlan Privileged EXEC command.

Example

Thefollowingexampleshowhowtosetthevptvalue.

Switch(config)#

voice-vlanvpt3

794

Switch#

showvoice-vlan


VoiceVLANID:128

VoiceVLANVPT:3

VoiceVLANDSCP:46


VoiceVLANCoS:6


795

Voice VLAN DSCP

Syntax

voice-vlandscp<0-63>

Parameter

<0-63>specifyavalueofDSCPthatwillbeadvertisedbyLLDP

Default

Thedefaultdscpvalueis46.

Mode

GlobalConfiguration

Usage

Usethevoicevlandscpglobalconfigurationcommandtoconfigure thevoiceVLANdscpvalue.Youcanverifyyoursettings by entering the show voice vlan Privileged EXEC command.

Example

Thefollowingexampleshowhowtosetdscpvalue.

Switch(config)#

voice-vlandscp55

796

Switch#

showvoice-vlan


VoiceVLANID:128

VoiceVLANVPT:3

VoiceVLANDSCP:55


VoiceVLANCoS:6


797

Voice VLAN OUI Table

Syntax

voice-vlanoui-tableA:B:CDESCRIPTION

novoice-vlanoui-table[A:B:C]

Parameter

A:B:C SpecifyOUIMacaddresstoaddorremoveDESCRIPTION SpecifydescriptionofthespecifiedMACaddresstothevoiceVLANOUItable.

Default

Thedefaultsystemhas8ouiaddresses.

Mode

GlobalConfiguration

Usage

Usethevoicevlanoui-tableglobalconfigurationcommandtoaddanouimacaddresstotheOUITable.Usethenoformofthiscommandtoremoveallorcertainspecifiedouimacaddresses.YoucanverifyyoursettingsbyenteringtheshowvoicevlanmodeouiPrivilegedEXECcommand.

800

Voice VLAN CoSSyntax

voice-vlancos<0-7>[remark]

novoice-vlan

Parameter

<0-7> SpecifythevoiceVLANClassofServicevalueintelephoneouimode.

remark SpecifythattheL2userpriorityisremarkedwiththe

CoSvalue.

Default

Thedefaultcosvalueis6,remarkisdisabled.

Mode

GlobalConfiguration

Usage

UsethevoicevlancosglobalconfigurationcommandtoconfigurethevoiceVLANcosvalueand1premarkfunction.YoucanverifyyoursettingsbyenteringtheshowvoicevlanPrivilegedEXECcommand.

Example

Thefollowingexampleshowshowtosetcosvalueandenablethe1premarkfunction.

Switch(config)#

voice-vlancos7remark

801

Switch#

showvoice-vlan


VoiceVLANID:128

VoiceVLANVPT:3

VoiceVLANDSCP:55


VoiceVLANCoS:7

VoiceVLAN1pRemark:enable

802

Voice VLAN Aging-Time

Syntax

voice-vlanaing-time<30-1440>

Parameter

<30-1440>SpecifythevoiceVLANagingtimeoutintervalinminutes

Default

Thedefaultaging-timeoutvalueis1440minutes.

Mode

GlobalConfiguration

Usage

Usethevoicevlanaging-timeglobalconfigurationcommandtoconfigurethevoiceVLANagingtimeout.YoucanverifyyoursettingsbyenteringtheshowvoicevlanPrivilegedEXECcommand.

Example

Thefollowingexampleshowshowtosettheagingtime.

Switch(config)#

voice-vlanaging-time720

803

Switch#

showvoice-vlan


VoiceVLANID:128

VoiceVLANVPT:3

VoiceVLANDSCP:55


VoiceVLANCoS:7

VoiceVLAN1pRemark:enable

804

Voice VLAN CoS Mode

Syntax

voice-vlancos(src|all)

novoice-vlan

Parameter

src SpecifyQoSattributesareappliedtopacketswithOUIsinthesourceMACaddress.All SpecifyQoSattributesareappliedtopacketsthatareclassifiedtotheVoiceVLAN.

Default

ThedefaultallportinSrcmode.

Mode


Usage

UsethevoicevlancosmodeInterfaceconfigurationcommandtoconfiguretheOUIvoiceVLANcosmode.YoucanverifyyoursettingsbyenteringtheshowvoicevlanPrivilegedEXECcommand.

805

Example

ThefollowingexampleshowshowtoconfigurevoicepacketQoSattributesonaninterface.

Switch(config)#

interfacerangefa1-3

Switch(config-if)#

voice-vlancosall

Switch#

showvoice-vlanmodeouiinterfacesfa1-8


VoiceVLANCoS:7


OUI table

OUIMAC|Description

00:E0:BB|3COM

00:03:6B|Cisco

00:E0:75|Veritel

00:D0:1E|Pingtel

807

Voice VLAN Enable

Syntax

voice-vlanmode

novoice-vlan

Parameter

None

Default

Thedefaultallportadmin-stausisdisabled.

Mode


Usage

UsethevoicevlanenableInterfaceconfigurationcommandtoenabletheOUIvoiceVLANsettingsonaninterface.Usethenoformofthiscommandtodisablevoicevlanonaninterface.YoucanverifyyoursettingsbyenteringtheshowvoicevlanmodeouiPrivilegedEXECcommand.

Example

ThefollowingexampleshowshowtoenablethevoiceVLANfunctioninouimodeonaninterface.

Switch(config)#

interfacerangefa1-3

810

Show Voice VLAN

Syntax

showvoice-vlan

showvoice-vlanmodeauto

showvoice-vlanmodeoui[interfacesIF_PORTS]

Parameter

IF_PORTSSpecifiesintefacestodisplayvoiceVLANsettingsinouimode

Default

None

Mode

Privileged EXEC

Usage

UsetheshowvoicevlancommandinEXECmodetodisplaythevoiceVLANstatusforall interfacesorforaspecificinterfaceifthevoiceVLANtypeisanOUI.

811

Example

Thefollowingexampleshowshowtodisplaythevoicevlanautomodeandouimodesettings.

Switch#

showvoice-vlanmodeauto

VoiceVLANID:128

VoiceVLANVPT:3

VoiceVLANDSCP:55

switch#

showvoice-vlanmodeouiinterfacefa1-5


VoiceVLANCoS:7


OUI table

OUIMAC|Description

00:E0:BB|3COM

00:03:6B|Cisco

00:E0:75 | Veritel

Command Line Interface User Guide L2 Switch CLI M… · 9 User EXEC Mode Users with level 1...

Documents

Transcript of Command Line Interface User Guide L2 Switch CLI M… · 9 User EXEC Mode Users with level 1...