Page 1 Dell PowerConnect PCM6220, PCM6348, PCM8024, PCM8024-k CLI Reference Guide Regulatory Model: PCM6220, PCM6348, PCM8024, PCM8024-k...
Page 2 Other trademarks and trade names may be used in this publication to refer to either the entities claiming the marks and names or their products. Dell Inc. disclaims any proprietary interest in trademarks and trade names other than its own.
Page 3 Contents Command Groups ....Introduction ..... . . Command Groups .
Page 4 Layer 2 Commands ....AAA Commands ....Commands in this Chapter .
Page 5 show users login-history ....username ......username password encrypted .
Page 6: Table Of Contents
clear mac address-table ....mac address-table aging-time ... . . mac address-table multicast filtering ..mac address-table multicast forbidden address .
Page 7 show mac address-table vlan ....show ports security ....show ports security addresses .
Page 8 Data Center Bridging Commands ..clear priority-flow-control statistics ..datacenter-bridging ....priority-flow-control mode on .
Page 9 show dhcp lease ..... 12 DHCP Snooping Commands ..Commands in this Chapter .
Page 10 arp access-list ..... clear ip arp inspection statistics ... ip arp inspection filter .
Page 11 show logging email statistics ....clear logging email statistics ....security ......mail-server ip-address | hostname .
Page 12 show interfaces status ....show statistics ..... show statistics switchport .
Page 13 ethernet cfm mip level ....ping ethernet cfm ....traceroute ethernet cfm .
Page 14 18 IGMP Snooping Commands ..Commands in this Chapter ....ip igmp snooping (global) ....ip igmp snooping (interface) .
Page 15 ip igmp snooping querier query-interval ..ip igmp snooping querier timer expiry ..ip igmp snooping querier version ... . show ip igmp snooping querier .
Page 16 show hosts ..... . . show ip address-conflict ....show ip helper-address .
Page 17 show ipv6 mld snooping groups ... . . 23 IPv6 MLD Snooping Querier Commands ..... . . Commands in this Chapter .
Page 18 25 iSCSI Optimization Commands ..Commands in this Chapter ....iscsi aging time ....iscsi cos .
Page 19 clear lldp statistics ....lldp notification ..... lldp notification-interval .
Page 20 mvr immediate ..... mvr type ......mvr vlan group .
Page 21 Port Channels ..... . LAG Hashing ..... . . Enhanced LAG Hashing .
Page 22 31 Port Monitor Commands ... . Commands in this Chapter ....monitor session ....show monitor session .
Page 23 cos-queue min-bandwidth ....cos-queue random-detect ....cos-queue strict ..... diffserv .
Page 24 match srcip ..... . . match srcip6 ..... . match srcl4port .
Page 25 show service-policy ....traffic-shape ..... . . 33 RADIUS Commands .
Page 26 show aaa servers ....show radius statistics ....source-ip .
Page 27 spanning-tree guard ....spanning-tree loopguard ....spanning-tree max-age .
Page 28 show tacacs ..... . tacacs-server host ....tacacs-server key .
Page 29 show dvlan-tunnel interface ....show interfaces switchport ....show port protocol ....show vlan .
Page 30 vlan protocol group ....vlan protocol group add protocol ... vlan protocol group name .
Page 31 dot1x mac-auth-bypass ....dot1x max-req ..... . dot1x max-users .
Page 32 dot1x unauth-vlan ....show dot1x advanced ....radius-server attribute 4 .
Page 33 41 DHCP Server and Relay Agent Commands ..... . . Commands in this Chapter ....ip dhcp pool .
Page 34 next-server ..... . . option ......service dhcp .
Page 35 show ipv6 dhcp interface (Privileged EXEC) ..show ipv6 dhcp pool ....show ipv6 dhcp statistics ....43 DVMRP Commands .
Page 36 ip igmp ......ip igmp last-member-query-count ... ip igmp last-member-query-interval .
Page 37 show ip igmp-proxy interface ....show ip igmp-proxy groups ....show ip igmp-proxy groups detail .
Page 38 Static Reject Routes ....Default Routes ..... Commands in this Chapter .
Page 39 49 IPv6 PIM Commands ....ipv6 pim ......ipv6 pim sparse (Global config) .
Page 40 50 IPv6 Routing Commands ... . IPv6 Limitations & Restrictions ... . Commands in this Chapter ....clear ipv6 neighbors .
Page 41 ipv6 nd other-config-flag ....ipv6 nd prefix ..... . . ipv6 nd ra-interval .
Page 42 show ipv6 neighbors 1003 ....show ipv6 route 1004 ....show ipv6 route preferences 1005 .
Page 43 ip pim dense 1024 ..... . ip pim dr-priority 1025 ....ip pim hello-interval 1026 .
Page 44 show ip pim rp hash 1044 ....show ip pim rp mapping 1045 ....53 IPv6 Multicast Commands 1049 .
Page 45 54 OSPF Commands 1065 ....Route Preferences 1066 ....OSPF Equal Cost Multipath (ECMP) 1066 .
Page 46 area virtual-link hello-interval 1083 ... . area virtual-link retransmit-interval 1084 ..area virtual-link transmit-delay 1085 ... . auto-cost 1086 .
Page 47 ip ospf network 1102 ....ip ospf priority 1103 ..... ip ospf retransmit-interval 1103 .
Page 48 show ip ospf interface 1129 ....show ip ospf interface brief 1131 ....show ip ospf interface stats 1131 .
Page 49 area virtual-link 1154 ....area virtual-link dead-interval 1156 ... . area virtual-link hello-interval 1156 .
Page 50 ipv6 router ospf 1172 ..... maximum-paths 1173 ....1174 .
Page 51 show ipv6 ospf neighbor 1197 ....show ipv6 ospf range 1198 ....show ipv6 ospf stub table 1199 .
Page 52 default-metric 1215 ..... distance rip 1215 ..... . . distribute-list out 1216 .
Page 53 tunnel source 1233 ..... 59 Virtual Router Redundancy Protocol Commands 1235 ..... . Pingable VRRP Interface 1235 .
Page 54 show vrrp interface 1252 ....show vrrp interface brief 1254 ....show vrrp interface stats 1255 .
Page 55 captive-portal 1273 ..... enable 1274 ......http port 1275 .
Page 56 show captive-portal interface client status 1288 ..show captive-portal interface configuration status 1290 ....clear captive-portal users 1291 .
Page 57 macro global apply 1307 ....macro global trace 1308 ....macro global description 1309 .
Page 58 clock timezone hours-offset 1326 ....no clock timezone 1326 ....clock summer-time recurring 1327 .
Page 59 copy 1341 ......delete 1347 ......delete backup-config 1348 .
Page 60 dos-control tcpflag 1366 ....dos-control tcpfrag 1366 ....ip icmp echo-reply 1367 .
Page 61 management access-list 1382 ....permit (management) 1383 ....show management access-class 1385 .
Page 62 passwords strength minimum uppercase-letters 1396 . . . passwords strength minimum lowercase-letters 1397 . . . passwords strength minimum numeric-characters 1398 ....passwords strength minimum special-characters 1399 .
Page 63 73 RMON Commands 1413 ....Commands in this Chapter 1413 ....rmon alarm 1413 .
Page 64 debug auto-voip 1441 ....debug clear 1441 ..... . . debug console 1442 .
Page 65 debug ospfv3 1456 ..... . debug ping 1456 ..... . . debug rip 1457 .
Page 66 show snmp 1473 ..... . . show snmp engineID 1475 ....show snmp filters 1476 .
Page 67 crypto key generate dsa 1501 ....crypto key generate rsa 1502 ....crypto key pubkey-chain ssh 1503 .
Page 68 logging buffered 1522 ....logging console 1523 ....logging file 1524 .
Page 69 ip address none 1543 ....ip address {dhcp/bootp} 1543 ....login-banner 1544 .
Page 70 show supported cardtype 1566 ....show supported switchtype 1567 ....show switch 1569 .
Page 71 82 Terminal Length Commands 1599 ..terminal length 1599 ..... 83 Time Ranges Commands 1601 .
Page 72: List Of Commands
crypto certificate generate 1618 ....crypto certificate import 1619 ....crypto certificate request 1621 .
Page 73: Command Groups
Command Groups Introduction The Command Line Interface (CLI) is a network management application operated through an ASCII terminal without the use of a Graphic User Interface (GUI) driven software application. By directly entering commands, the user has greater configuration flexibility. The CLI is a basic command-line interpreter similar to the UNIX C shell.
Page 74: Command Groups
Command Groups The system commands can be broken down into three sets of functional groups, Layers 2, Layer 3, and Utility. Table 1-1. System Command Groups Command Group Description Layer 2 Commands Configures connection security including authorization and passwords. Configures and displays ACL information. Address Table Configures bridging address tables.
Page 75 (continued) Table 1-1. System Command Groups Command Group Description IPv6 MLD Snooping Configures IPv6 Snooping Querier and displays IPv6 Querier Snooping Querier information. Link Dependency Configures and displays link dependency information. LLDP Configures and displays LLDP information. Port Aggregator Provides server administrators the ability to map internal ports to external ports easily.
Page 76 (continued) Table 1-1. System Command Groups Command Group Description Loopback Interface Manages Loopback configurations. (IPv6) Multicast (Mcast) Manages Multicasting on the system. OSPF (IPv4) Manages shortest path operations. OSPFv3 (IPv6) Manages IPv6 shortest path operations. Router Discovery Manages router discovery operations. Protocol (IPv4) Routing Information Configures RIP activities.
Page 77: Commands
(continued) Table 1-1. System Command Groups Command Group Description RMON Can be configured through the CLI and displays RMON information. Serviceability Tracing Controls display of debug output to serial port or telnet console. sFlow Configures sFlow monitoring. SNMP Configures SNMP communities, traps and displays SNMP information.
Page 78 • IR — Interface Range • KC — Key Chain • KE — Key • L — Logging • LC — Line Configuration • LD — Link Dependency • MA — Management Access-level • MC — MST Configuration • MDC — Maintenance Domain Configuration •...
Page 79: Layer 2 Commands
• v6ACL — IPv6 Access List Configuration • v6CMC — IPv6 Class-Map Configuration • v6DP — IPv6 DHCP Pool Configuration Layer 2 Commands Command Description Mode aaa authentication dot1x Specifies an authentication method for 802.1x default clients. aaa authentication enable Defines authentication method lists for accessing higher privilege levels.
Page 80 Command Description Mode show authentication Shows information about authentication methods methods. show user accounts Displays information about the local user database. show users login-history Displays information about login histories of users. username Establishes a username-based authentication system. username password Transfers local user passwords between devices encrypted username unlock without having to know the passwords.
Page 81 Command Description Mode show service-acl interface Displays the status of LLPF rules configured on a particular port or on all the ports. show ip access-lists Displays an Access Control List (ACL) and all of the rules that are defined for the ACL. show mac access-list Displays a MAC access list and all of the rules that are defined for the ACL.
Page 82 Command Description Mode port security max Configures the maximum addresses that can be learned on the port while the port is in port security mode. show mac address-table Displays dynamically created entries in the bridge-forwarding database. show mac address-table Displays all entries in the bridge-forwarding UE or address database for the specified MAC address.
Page 83 For the meaning of each Mode abbreviation, see Mode Types on page 77. CDP Interoperability Command Description Mode clear isdp counters Clears the ISDP counters. clear isdp table Clears entries in the ISDP table. isdp advertise-v2 Enables the sending of ISDP version 2 packets from the device.
Page 84: Data Center Bridging
Data Center Bridging Command Description Mode clear priority-flow-control Clears all or interface Priority-Flow-Control statistics statistics. datacenter-bridging Enters the Data Center Bridging mode. priority-flow-control mode Enables Priority-Flow-Control (PFC) on an interface. priority-flow-control Enables the priority group for lossless behavior priority (PFC enabled). show interfaces datacenter- Displays the datacenter-bridging configuration, bridging...
Page 85: Dhcp Snooping
Command Description Mode renew dhcp Forces the DHCP client to immediately renew an IPv4 address lane. debug dhcp packet Displays debug information about DHCPv4 client activities and traces DHCP v4 packets to and from the local DHCPv4 client. show dhcp lease Displays IPv4 addresses leased from a DHCP server.
Page 86: Dynamic Arp Inspection
Command Description Mode show ip dhcp snooping Displays the DHCP snooping global and per port configuration. show ip dhcp snooping Displays the DHCP snooping binding entries. binding show ip dhcp snooping Displays the DHCP snooping configuration database related to the database persistence. show ip dhcp snooping Displays the DHCP Snooping status of the interfaces...
Page 87 Command Description Mode show arp access-list Displays the configured ARP ACLs with the rules. show ip arp inspection Displays the Dynamic ARP Inspection interfaces configuration. show ip arp inspection Displays the Dynamic ARP Inspection interfaces configuration on all the DAI enabled interfaces. show ip arp inspection vlan Displays the Dynamic ARP Inspection configuration on all the VLANs in the given VLAN range.
Page 88: Ethernet Configuration
Command Description Mode show logging email Displays information on how many emails are statistics sent, how many emails failed, when the last email was sent, how long it has been since the last email was sent, how long it has been since the email changed to disabled mode.
Page 89 Command Description Mode interface range Enters the interface configuration mode to execute a command on multiple ports at the IC, IR same time. Enables jumbo frames on an interface by adjusting the maximum size of a packet or maximum transmission unit (MTU). show interfaces advertise Displays information about auto negotiation advertisement.
Page 90: Ethernet Cfm
Ethernet CFM Command Description Mode ethernet cfm domain Enters into maintenance domain config mode for an existing domain. Use the optional level parameter to create a domain and enter into maintenance domain config mode. service Associates a VLAN with a maintenance domain. MDC ethernet cfm cc level Initiates sending continuity checks (CCMs) at the specified interval and level on a VLAN...
Page 91: Igmp Snooping
For the meaning of each Mode abbreviation, see Mode Types on page 77. GVRP Command Description Mode clear gvrp statistics Clears all the GVRP statistics information. garp timer Adjusts the GARP application join, leave, and leaveall GARP timer values. gvrp enable (global) Enables GVRP globally.
Page 92: Igmp Snooping Querier
Command Description Mode ip igmp snooping mrouter- Configures the mrouter-time-out. time-out show ip igmp snooping Displays Multicast groups learned by IGMP groups snooping. show ip igmp snooping Displays IGMP snooping configuration. interface show ip igmp snooping Displays information on dynamically learned mrouter Multicast router interfaces.
Page 93 Command Description Mode ip igmp snooping querier Sets the IGMP version of the query that the version snooping switch is going to send periodically. show igmp snooping Displays IGMP Snooping Querier information. PE querier For the meaning of each Mode abbreviation, see Mode Types on page 77. IP Addressing Command Description...
Page 94 Command Description Mode show arp switch Displays the entries in the ARP table. show hosts Displays the default domain name, a list of name server hosts, static and cached list of host names and addresses. show ip address-conflict Displays the status information corresponding UE or to the last detected address conflict.
Page 95: Ipv6 Mld Snooping Querier
Command Description Mode ipv6 mld snooping Sets the MLD Maximum Response time for an IC or maxresponse interface or VLAN. VLAN ipv6 mld snooping Sets the Multicast Router Present Expiration mcrtexpiretime time. ipv6 mld snooping (Global) Enables MLD Snooping on the system (Global Config Mode).
Page 96 IP Source Guard Command Description Mode ip verify source Enables filtering of IP packets matching the source IP address. ip verify source port- Enables filtering of IP packets matching the security source IP address and the source MAC address. ip verify binding Configures static bindings.
Page 97: Iscsi Optimization
iSCSI Optimization Link Dependency Command Description Mode iscsi aging time Sets aging time for iSCSI sessions. iscsi cos Sets the quality of service profile that will be applied to iSCSI flows. iscsi enable Enables Global Configuration mode command globally enables iSCSI awareness. iscsi target port Configures an iSCSI target port (optionally configures target port address and name).
Page 98: Multicast Vlan Registration
LLDP Command Description Mode clear lldp remote-data Deletes all data from the remote data table. clear lldp statistics Resets all LLDP statistics. lldp notification Enables remote data change notifications. lldp notification-interval Limits how frequently remote data change notifications are sent. lldp receive Enables the LLDP receive capability.
Page 99: Port Channel
Command Description Mode mvr querytime Sets the MVR query response time. mvr vlan Sets the MVR multicast VLAN. mvr immediate Enables MVR Immediate Leave mode. mvr type Sets the MVR port type. mvr vlan group Use to participate in the specific MVR group. IC show mvr Displays global MVR settings.
Page 100: Port Aggregator
Command Description Mode lacp system-priority Configures the system LACP priority. lacp timeout Assigns an administrative LACP timeout. no lacp Sets the LACP (Link Aggregation) mode to default for that Aggregator Group. port-channel min-links Sets the minimum number of links that must be up in order for the port channel interface to be declared up.
Page 101: Port Monitor
Command Description Mode show bridge address-table Shows the MAC address table for a particular aggregator group. speed Configures the speed of all member ports in the aggregator group/zone. For the meaning of each Mode abbreviation, see Mode Types. Port Monitor Command Description Mode...
Page 102 Command Description Mode conform-color Specifies for each outcome, the only possible PCMC actions are drop, setdscp-transmit, set-prec- transmit, or transmit. cos-queue min-bandwidth Specifies the minimum transmission GC or bandwidth for each interface queue. cos-queue random-detect Configures WRED queue management policy on an interface CoS queue.
Page 103 Command Description Mode match dstip6 Adds to the specified class definition a match v6CMC condition based on the destination IPv6 address of a packet. match dstl4port Adds to the specified class definition a match condition based on the destination layer 4 port of a packet using a single keyword, or a numeric notation.
Page 104 Command Description Mode match srcl4port Adds to the specified class definition a match condition based on the source layer 4 port of a packet using a single keyword, a numeric notation, or a numeric range notation. match vlan Adds to the specified class definition a match condition based on the value of the layer 2 VLAN Identifier field.
Page 105 Command Description Mode show diffserv service brief Displays all interfaces in the system to which a DiffServ policy has been attached. show interfaces cos-queue Displays the class-of-service queue configuration for the specified interface. show interfaces random- Displays the WRED policy on an interface. detect show policy-map Displays all configuration information for the...
Page 106 Command Description Mode msgauth Enables the message authenticator attribute to be used for the RADIUS Authenticating server being configured. name Assigns a name to a RADIUS server. primary Specifies that a configured server should be the primary server in the group of authentication servers which have the same server name.
Page 107: Spanning Tree
Command Description Mode timeout Sets the timeout value in seconds for the designated radius server. usage Specifies the usage type of the server. For the meaning of each Mode abbreviation, see Mode Types on page 77. Spanning Tree Command Description Mode clear spanning-tree Restarts the protocol migration process on all...
Page 108 Command Description Mode spanning-tree loopguard Enables loop guard on all ports. spanning-tree max-age Configures the spanning tree bridge maximum age. spanning-tree max-hops Sets the MSTP Max Hops parameter to a new value for the common and internal spanning tree. spanning-tree mode Configures the spanning tree protocol.
Page 109 TACACS+ Command Description Mode Specifies the authentication and encryption key for all TACACS communications between the device and the TACACS server. port Specifies a server port number. priority Specifies the order in which servers are used. show tacacs Displays TACACS+ server settings and statistics.
Page 110 Command Description Mode protocol vlan group all Adds all physical unit/slot/port interfaces to the groupid protocol-based VLAN identified by show dvlan-tunnel Displays all interfaces enabled for Double VLAN Tunneling. show dvlan-tunnel interface Displays detailed information about Double VLAN Tunneling for the specified interface. show interfaces switchport Displays switchport configuration.
Page 111 Command Description Mode vlan Creates a VLAN. VLAN vlan (Global Config) Configures a VLAN. vlan association mac Associates a MAC address to a VLAN. VLAN vlan association subnet Associates an IP subnet to a VLAN. VLAN vlan database Enters the VLAN database configuration mode. GC vlan makestatic Changes a dynamically created VLAN to a static VLAN...
Page 112 Command Description Mode dot1x max-users Sets the maximum number of clients supported on the port when MAC-based 802.1X authentication is enabled on the port. dot1x port-control Enables manual control of the authorization state of the port. dot1x re-authenticate Manually initiates a re-authentication of all 802.1x-enabled ports or a specified 802.1X enabled port.
Page 113: Layer 3 Commands
Command Description Mode show dot1x clients Displays detailed information about the users who have successfully authenticated on the system or on a specified port. show dot1x interface Shows the status of MAC Authentication Bypass. show dot1x statistics Displays 802.1X statistics for the specified interface.
Page 114 Command Description Mode arp purge Causes the specified IP address to be removed from the ARP cache. arp resptime Configures the ARP request response timeout. arp retries Configures the ARP count of maximum request for retries. arp timeout Configures the ARP entry age-out time. clear arp-cache Removes all ARP entries of type dynamic from the ARP cache.
Page 115 Command Description Mode default-router Sets the IPv4 address of one or more routers for the DHCP client to use. dns-server (IP DHCP Pool Sets the IPv4 DNS server address which is Config) provided to a DHCP client by the DHCP server. domain-name (IP DHCP Sets the DNS domain name which is provided Pool Config)
Page 116 Command Description Mode sntp Sets the IPv4 address of the NTP server to be used for time synchronization of the client. show ip dhcp binding Displays the configured DHCP bindings. show ip dhcp conflict Displays DHCP address conflicts for all relevant interfaces or a specified interface.
Page 117 Command Description Mode show ipv6 dhcp binding Displays the configured DHCP pool. show ipv6 dhcp interface Displays DHCPv6 information for all relevant interfaces or a specified interface. show ipv6 dhcp pool Displays the configured DHCP pool. show ipv6 dhcp statistics Displays the DHCPv6 server name and status.
Page 118 Command Description Mode show gmrp configuration Displays GMRP configuration. GC or For the meaning of each Mode abbreviation, see Mode Types on page 77. IGMP Command Description Mode ip igmp Sets the administrative mode of IGMP in the system to active. ip igmp last-member-query- Sets the number of Group-Specific Queries count...
Page 119: Igmp Proxy
Command Description Mode show ip igmp interface Displays the IGMP information for the specified interface. show ip igmp interface Displays the list of interfaces that have membership registered in the multicast group. show ip igmp interface stats Displays the IGMP statistical information for the interface.
Page 120 Command Description Mode bootpdhcprelay Configures the minimum wait time in seconds minwaittime for BootP/DHCP Relay on the system. clear ip helper statistics Resets (to 0) the statistics displayed in show ip helper statistics. ip dhcp relay information Enables DHCP Relay to check that the relay check agent information option in forwarded BOOTREPLY messages is valid.
Page 121 IP Routing Command Description Mode encapsulation Configures the link layer encapsulation type for the packet. ip address Configures an IP address on an interface. ip mtu Sets the IP Maximum Transmission Unit (MTU) on a routing interface. nables the forwarding of network-directed ip netdirbcast broadcasts.
Page 122: Ipv6 Multicast
IPv6 Multicast Command Description Mode ipv6 pimsm (Global Administratively enables PIMSM for IPv6 Config) multicast routing. ipv6 pimsm (VLAN Administratively enables PIM-SM multicast Interface Config) routing mode on a particular IPv6 router interface. ipv6 pimsm bsr-border Prevents bootstrap router (BSR) messages from being sent or received through an interface.
Page 123: Ipv6 Routing
Command Description Mode show ipv6 pimsm interface Displays interface config parameters. show ipv6 pimsm neighbor Displays IPv6 PIM neighbors learned on the routing interfaces. show ipv6 pimsm rphash Displays which rendezvous point (RP) is being selected for a specified group. show ipv6 pimsm rp Displays all group-to-RP mappings of which the mapping...
Page 124 Command Description Mode ipv6 mld last-member- Sets the last member query interval for the query-interval MLD interface, which is the value of the (VLAN) maximum response time parameter in the groupspecific queries sent out of this interface. ipv6 mld-proxy Enables MLD Proxy on the router. ipv6 mld-proxy reset- Resets the host interface status parameters of status...
Page 125 Command Description Mode ipv6 nd ra-lifetime Sets the value that is placed in the Router Lifetime field of the router advertisements sent from the interface. ipv6 nd reachable-time Sets the router advertisement time to consider a neighbor reachable after neighbor discovery confirmation.
Page 126 Command Description Mode show ipv6 mld traffic Displays MLD statistical information for the router. show ipv6 neighbors Displays information about IPv6 neighbors. show ipv6 route Displays the IPv6 routing table. show ipv6 route Shows the preference value associated with preference the type of route.
Page 127 Command Description Mode ip multicast Sets the administrative mode of the IP multicast forwarder in the router to active. ttlvalue ip multicast ttl-threshold Applies a to a routing interface. ip pim Administratively configures PIM mode for IP multicast routing on a VLAN interface. ip pim bsr-border Administratively disables bootstrap router (BSR) messages from being sent or received...
Page 128 Command Description Mode ip pim spt-threshold Sets the multicast traffic threshold rate for the last-hop router to switch to the shortest path on the router. show bridge multicast Displays statistical information about the address-table count entries in the multicast address table. show ip mcast Displays the system-wide multicast information.
Page 129 OSPF Command Description Mode area default-cost Configures the advertised default cost for the ROSPF stub area. area nssa Configures the specified area ID to function as an ROSPF NSSA. area nssa default-info- Configures the metric value and type for the ROSPF originate default route advertised into the NSSA.
Page 130 Command Description Mode area virtual-link Configures the retransmit interval for the OSPF ROSPF retransmit-interval virtual interface on the virtual interface identified by the area ID and neighbor ID. area virtual-link Configures the transmit delay for the OSPF ROSPF transmit-delay virtual interface on the virtual interface identified by the area ID and neighbor ID.
Page 131 Command Description Mode ip ospf hello-interval Sets the OSPF hello interval for the specified interface. ip ospf mtu-ignore Disables OSPF maximum transmission unit (MTU) mismatch detection. ip ospf network Configure OSPF to treat an interface as a point- to-point, rather than broadcast interface. ip ospf priority Sets the OSPF priority for the specified router interface.
Page 132 Command Description Mode router-id Sets a 4-digit dotted-decimal number uniquely ROSPF identifying the router OSPF ID. router ospf Enters Router OSPF mode. show ip ospf Displays information relevant to the OSPF router. show ip ospf abr Displays the internal OSPF routing table entries to Area Border Routers (ABR).
Page 133 Command Description Mode timers spf Configures the SPF delay and hold time. ROSPF For the meaning of each Mode abbreviation, see Mode Types on page 77. OSPFv3 Command Description Mode area default-cost Configures the monetary default cost for the stub ROSV3 area.
Page 134 Command Description Mode area virtual-link Configures the retransmit interval for the OSPF ROSV3 retransmit-interval virtual interface on the virtual interface identified areaid neighbor area virtual-link Configures the transmit delay for the OSPF ROSV3 transmit-delay virtual interface on the virtual interface identified areaid neighbor default-information...
Page 135 Command Description Mode ipv6 ospf transmit-delay Sets the OSPF Transmit Delay for the specified interface. ipv6 router ospf Enters Router OSPFv3 Configuration mode. maximum-paths Sets the number of paths that OSPF can report ROSV3 for a given destination. Enables OSPF graceful restart. ROSV3 nsf helper Allows OSPF to act as a helpful neighbor for a...
Page 136 Command Description Mode show ipv6 ospf database Displays the number of each type of LSA in the database-summary database and the total number of LSAs in the database. show ipv6 ospf interface Displays the information for the IFO object or virtual interface tables.
Page 137: Routing Information Protocol
Command Description Mode ip irdp minadvertinterval Configures the minimum time, in seconds, allowed between sending router advertisements from the interface. ip irdp multicast Sends router advertisements as IP multicast packets. ip irdp preference Configures the preference of the address as a default router address relative to other router addresses on the same subnet.
Page 138 Command Description Mode ip rip send version Configures the interface to allow RIP control packets of the specified version to be sent. redistribute Configures OSPF protocol to allow redistribution of routes from the specified source protocol/routers. router rip Enters Router RIP mode. show ip rip Displays information relevant to the RIP router.
Page 139 Virtual Router Redundancy Command Description Mode ip vrrp Enables the administrative mode of Virtual Router Redundancy Protocol (VRRP) for the router. vrrp accept-mode Enables the VRRP Master to accept ping packets sent to one of the virtual router’s IP addresses. vrrp authentication Sets the authentication details value for the virtual router configured on a specified...
Page 140: Utility Commands
Command Description Mode show vrrp interface Displays all configuration information and UE or VRRP router statistics of a virtual router configured on a specific interface. show vrrp interface brief Displays information about each virtual router configured on the switch. show vrrp interface stats Displays the statistical information about each virtual router configured on the switch.
Page 141: Captive Portal
Command Description Mode boot host retrycount Set the number of attempts to download a configuration. show auto-copy-sw Displays Stack Firmware Synchronization configuration status. show boot Displays the current status of the Auto Config process. For the meaning of each Mode abbreviation, see Mode Types on page 77. Captive Portal Command Description...
Page 142: Show Captive-Portal Interface Client Status
Command Description Mode name Configures the name for a captive portal configuration. protocol Configures the protocol mode for a captive portal configuration. redirect Enables the redirect mode for a captive portal configuration. redirect-url Configures the redirect URL for a captive portal configuration.
Page 143 Command Description Mode user name Modifies the user name for a local captive portal user. user password Creates a local user or changes the password for an existing user. user session-timeout Sets the session timeout value for a captive portal user. show captive-portal Displays the operational status of each captive configuration...
Page 144: Clock Timezone Hours-Offset
Command Description Mode show parser macro Displays information about defined macros. For the meaning of each Mode abbreviation, see Mode Types on page 77. Clock Command Description Mode show clock Displays the time and date of the system clock. PE show sntp configuration Displays the SNTP configuration.
Page 145: Command Line Configuration Scripting Commands
Command Line Configuration Scripting Command Description Mode script apply Applies commands in the script to the switch. script delete Deletes a specific script. script list Lists all scripts present in the switch. script show Displays the contents of a script file. script validate Validates a script file.
Page 146: Denial Of Service
Command Description Mode update bootcode Updates the bootcode on one or more switches. PE write Copies the running configuration image to the startup configuration. For the meaning of each Mode abbreviation, see Mode Types on page 77. Denial of Service Command Description Mode...
Page 147 Command Description Mode show dos-control Displays Denial of Service configuration information. For the meaning of each Mode abbreviation, see Mode Types on page 77. Line Command Description Mode exec-timeout Configures the interval that the system waits for user input. history Enables the command history function.
Page 148 Mode Command Description Mode configure terminal Gets to the configure line. This command is equivalent to the configure command. Executes commands available in Privileged EXEC mode from Global Configuration and except other modes. PE and For the meaning of each Mode abbreviation, see Mode Types on page 77. Password Management Command Description...
Page 149 Command Description Mode passwords strength Enforces a minimum number of special minimum special- characters that a password may contain. characters passwords strength Enforces a maximum number of consecutive maximum consecutive- characters that a password can contain. characters passwords strength Enforces a maximum repeated characters that a maximum repeated- password should contain.
Page 150: Debug Auto-Voip
RMON Command Description Mode rmon alarm Configures alarm conditions. rmon collection history Enables a Remote Monitoring (RMON) MIB history statistics group on an interface. rmon event Configures an RMON event. show rmon alarm Displays alarm configurations. show rmon alarms Displays the alarms summary table. show rmon collection Displays the requested group of statistics.
Page 151: Debug Clear
Command Description Mode debug clear Disables all debug traces. debug console Enables the display of debug trace output on the login session in which it is executed. debug dot1x Enables dot1x packet tracing. debug igmpsnooping Enables tracing of IGMP Snooping packets transmitted and/or received by the switch.
Page 152 Command Description Mode debug mldsnooping Traces MLD snooping packet reception and transmission. debug ospf Enables tracing of OSPF packets received and transmitted by the switch. debug ospfv3 Enables tracing of OSPFv3 packets received and transmitted by the switch. debug ping Enables tracing of ICMP echo requests and responses.
Page 153: Show Snmp
Command Description Mode show sflow polling Displays the sFlow polling instances created on the switch. show sflow sampling Displays the sFlow sampling instances created on the switch. For the meaning of each Mode abbreviation, see Mode Types on page 77. SNMP Command Description...
Page 154 Command Description Mode snmp-server user Configures a new SNMP Version 3 user. snmp-server view Creates or updates a Simple Network Management Protocol (SNMP) server view entry. snmp-server v3-host Specifies the recipient of Simple Network Management Protocol Version 3 (SNMPv3) notifications. For the meaning of each Mode abbreviation, see Mode Types on page 77.
Page 155: Logging Buffered
Syslog Command Description Mode clear logging Clears messages from the internal logging buffer. clear logging file Clears messages from the logging file. description Describes the syslog server. level Specifies the importance level of syslog messages. logging cli-command Enable CLI command logging. logging Logs messages to a syslog server.
Page 156: Banner Exec
Command Description Mode banner exec Sets the message that is displayed after a successful login. banner login Sets the message that is displayed just before the login prompt. banner motd Specifies message-of-the-day banner. banner motd Acknowledges message-of-the-day banner. acknowledge clear checkpoint Clears the statistics for the checkpointing statistics process.
Page 157: Show Supported Cardtype
Command Description Mode set description Associates a text description with a switch in the stack. slot Configures a slot in the system. show banner Displays banner information. show boot-version Displays the boot image version details. show checkpoint Displays the statistics for the checkpointing statistics process.
Page 158: Show System Power
Command Description Mode show system power Displays information about the system level UE or PE power consumption. show system Displays information about the system UE or PE temperature temperature and fan status. show tech-support Displays system and configuration information (for debugging/calls to technical support). show users Displays information about the active users.
Page 159: Terminal Length
Terminal Length Command Description Mode terminal length Sets the terminal length. For the meaning of each Mode abbreviation, see Mode Types on page 77. Time Ranges Command Description Mode time-range Creates a time range identified by name, consisting of one absolute time entry and/or one or more periodic time entries.
Page 160: Crypto Certificate Generate
Web Server Command Description Mode common-name Specifies the common-name for the device. country Specifies the country. crypto certificate generate Generates a HTTPS certificate. crypto certificate import Imports a certificate signed by the Certification Authority for HTTPS. crypto certificate request Generates and displays a certificate request for HTTPS.
Page 161 Command Groups...
Page 162 Command Groups...
Page 163: Using The Cli
Using the CLI Introduction This chapter describes the basics of entering and editing the Dell PowerConnect 70xx Series Command Line Interface (CLI) commands and defines the command hierarchy. It also explains how to activate the CLI and implement its major functions.
Page 164 Partial keyword lookup — A command is incomplete and the <?> key is • entered in place of a parameter. The matched parameters for this command are displayed. The following features and conventions are applicable to CLI command entry and editing: •...
Page 165 Table 2-1. History Buffer Keyword Source or Destination Up-arrow key Recalls commands in the history buffer, beginning with the most recent command. Repeats the key sequence to recall <Ctrl>+<P> successively older commands. Down-arrow key Returns to more recent commands in the history buffer after recalling commands with the up-arrow key.
Page 166 Short Form Commands The CLI supports the short forms of all commands. As long as it is possible to recognize the entered command unambiguously, the CLI accepts the short form of the command as if the user typed the full command. Keyboard Shortcuts The CLI has a range of keyboard shortcuts to assist in editing the CLI commands.
Page 167 Table 2-2. CLI Shortcuts Keyboard Key Description <Delete, Backspace> Delete previous character <Ctrl>+<A> Go to beginning of line <Ctrl>+<E> Go to end of line <Ctrl>+<F> Go forward one character <Ctrl>+<B> Go backward one character <Ctrl>+<D> Delete current character <Ctrl>+<U,X> Delete to beginning of line <Ctrl>+<K>...
Page 168 The range key word is used to identify the range of objects on which to • operate. • The range may be specified in the following manner: (#-#) — a range from a particular instance to another instance (inclusive). For example, 1/0/1-10 indicates that the operation applies to the gigabit Ethernet ports 1 to 10 on unit 1.
Page 169: Interface Naming Conventions
Command Scripting The CLI can be used as a programmable management interface. To facilitate this function, any characters entered after the <!> character are treated as a comment and ignored by the CLI. Also, the CLI allows the user to disable session timeouts.
Page 170 • <Interface Type> Unit#/Slot#/Port# — Identifies a specific interface by the interface type tag followed by the Unit# followed by a / symbol, then the Slot# followed by a / symbol, and then the Port#. For example, gi2/0/10 identifies the gigabit port 10 in slot 0 within the second unit on a non-blade switch.
Page 171 Port Channel Interfaces Port-channel (or LAG) interfaces are represented in the CLI by the variable port-channel-number ., which can can assume values from 1-48. When listed in command line output, port channel interfaces are preceded by the characters as shown in the preceding example: Loopback Interfaces loopback-id Loopback interfaces are represented in the CLI by the variable...
Page 172: Cli Command Modes
default Po1-48, Default Gi1/0/1-24 Example #3 CLI Command Modes Since the set of CLI commands is very large, the CLI is structured as a command-tree hierarchy, where related command sets are assigned to command modes for easier access. At each level, only the commands related to that level are available to the user and only those commands are shown in the context sensitive help for that level.
Page 173 When starting a session, the initial mode is the User EXEC mode. Only a limited subset of commands is available in this mode. This level is reserved for tasks that do not change the configuration. To enter the next level, the Privileged EXEC mode, a password is required.
Page 174 Global Configuration Mode Global Configuration commands apply to features that affect the system as a whole, rather than just a specific interface. The Privileged EXEC mode command configure is used to enter the Global Configuration mode. console(config)# The following are the Global Configuration modes: •...
Page 175 Management Access List — Contains commands to define management • access administration lists. The Global Configuration mode command management access-list is used to enter the Management Access List configuration mode. • Policy-map — Use the policy-map command to access the QoS policy map configuration mode to configure the QoS policy map.
Page 176 SSH Public Key-string — Contains commands to manually specify the • SSH Public-key of a remote SSH Client. The SSH Public-Key Chain Configuration mode command user-key command is used to enter the SSH Public-Key Configuration mode. • MAC Access-List — Configures conditions required to allow traffic based on MAC addresses.
Page 177 [# | >] — The # sign is used to indicate that the system is in the Privileged EXEC mode. The > symbol indicates that the system is in the User EXEC mode, which is a read-only mode in which the system does not allow configuration.
Page 178 Table 2-5. Navigating CLI Command Modes Command Mode Access Method Command Prompt Exit or Access Previous Mode User EXEC The user is logout console> automatically in User EXEC mode unless the user is defined as a privileged user. Privileged EXEC Use the enable Use the exit console# command to enter...
Page 179 Command Mode Access Method Command Prompt Exit or Access Previous Mode Policy-Class-Map From Global To exit to Global console(config-policy- classmap)# Configuration Configuration mode, use the mode, use the policy-map class exit command, command. or press <Ctrl>+<Z> to Privileged EXEC mode. Class-Map From Global To exit to Global...
Page 180 Command Mode Access Method Command Prompt Exit or Access Previous Mode SSH Public Key From the SSH To return to the console(config-pubkey-key)# String Public Key- Chain SSH Public key- mode, use the user- chain mode, use user name key < the exit >...
Page 181 Command Mode Access Method Command Prompt Exit or Access Previous Mode SNMP v3 Host From Global To exit to Global console(config-snmp)# Configuration Configuration Configuration mode, use the mode, use the snmp-server v3-host exit command, command. or press <Ctrl>+<Z> to Privileged EXEC mode.
Page 182 Command Mode Access Method Command Prompt Exit or Access Previous Mode Stack From Global To exit to Global console(config-stack)# Configuration Configuration mode, use the stack mode, use the exit command, command. or press <Ctrl>+<Z> to Privileged EXEC mode. Logging From Global To exit to Global console(config-logging)# Configuration...
Page 183 Command Mode Access Method Command Prompt Exit or Access Previous Mode Router OSPF From Global To exit to Global console(config-router)# Conf Configuration Configuration mode, use the mode, use the router ospf exit command, command. or press <Ctrl>+<Z> to Privileged EXEC mode Router RIP From Global To exit to Global...
Page 184 Command Mode Access Method Command Prompt Exit or Access Previous Mode Gigabit Ethernet From Global To exit to Global console (config-if- unit/slot/port Configuration Configuration mode, use the mode, use the interface exit command, gigabitethernet or press command. Or, use <Ctrl>+<Z> the abbreviation to Privileged interface gi.
Page 185: Starting The Cli
Command Mode Access Method Command Prompt Exit or Access Previous Mode tunnel- Tunnel From Global To exit to Global console(config-tunnel Configuration Configuration mode, use the mode, use the interface tunnel exit command, command. Or, use or press the abbreviation <Ctrl>+<Z> interface tu.
Page 186 Web, CLI and the remote Dell Network Manager. After initial setup, the user may enter to the system to set up more advanced configurations.
Page 187 If the user chooses not to use the wizard initially, the session defaults to the CLI mode with a warning to refer the documentation. During a subsequent login, the user may again elect not to run the setup wizard. Once the wizard has established configuration, however, the wizard is presented only if the user resets the switch to the factory default settings.
Page 188 Figure 2-1. Easy Setup Wizard Did the user Transfer to CLI mode previously save a startup configuration? Does the user want Transfer to CLI mode to use setup wizard? Request SNMP Is SNMP Management Community String & Required? Server IP Address Request user name, password Request IP Address, Network...
Page 189 A default gateway address is configured. The following example contains the sequence of prompts and responses associated with running an example Dell Easy Setup Wizard session, using the input values listed above. Note in this case a static IP address for the management interface is being set up.
Page 190 IP address and the "community string" or password that the particular management system uses to access the switch. The wizard automatically assigns the highest access level [Privilege Level 15] to this account. You can use Dell Using the CLI...
Page 191 Network Manager or other management interfaces to change this setting, and to add additional management system later. For more information on adding management systems, see the user documentation. To add a management station: Please enter the SNMP community string to be used. {public}: public<Enter>...
Page 192 Optionally you may request that the system automatically retrieve an IP address from the network via DHCP (this requires that you have a DHCP server running on the network). To setup an IP address: Please enter the IP address of the device (A.B.C.D) or enter "DHCP"...
Page 193: Using Cli Functions And Tools
Thank you for using the Dell Easy Setup Wizard. You will now enter CLI mode..console> Using CLI Functions and Tools The CLI has been designed to manage the switch’s configuration file system and to manage switch security. A number of resident tools exist to support these and other functions.
Page 194 Table 2-6. File System Commands Command Description file delete Deletes file. file description filedescr Adds a description to a file (up to 20 characters can be used). source destination copy Copies a file from source file to destination file. Copying Files The copy command not only provides a method for copying files within the file system, but also to and from remote servers.
Page 195 Special System Files The following special filenames are used to refer to special virtual system files, which are under control of the system and may not be removed or added. These file names are reserved and may not be used as user-defined files. When the user copies a local source file into one of these special files and the source file has an attached file description, it also is copied as the file description for the special file.
Page 196 • The CLI is accessible from remote telnet through the IP address for the switch. IP addresses are assigned separately for the service port and the in- band ports. • The CLI is accessible from a secure shell interface. • The CLI generates keys for SSH locally.
Page 197 When Radius is used, the field returns the access level for the user. Two vendor specific options are supported. These are CISCO-AV-Pairs(Shell:priv-lvl=x) and Dell Radius VSA (user-group=x). TACACS+ provides the appropriate level of access. The following rules and specifications apply: •...
Page 198 Syslogs The CLI uses syslog support to send logging messages to a remote syslog server. The user configures the switch to generate all logging messages to a remote log server. If no remote log server exists, then the CLI maintains a rolling log of at most the last 1000 critical system events.
Page 199 this case, the CLI suppresses repeated events from the same source and instead the CLI records one event within a period of time and includes that count as part of the log. Management ACL In addition to user access control, the system also manages access for in-band interfaces.
Page 200 • Operational code date • The board type • The CPU • Memory size To start the normal booting process, select item 1 in the Boot Menu. The following is a sample log for booting information. Boot Menu 3.2.0.1 CPU Card ID: 0x508541 /DskVol// - disk check in progress ...
Page 201 max # of simultaneously open files: file descriptors in use: # of different files in use: # of descriptors for deleted files: # of obsolete descriptors: current volume configuration: - volume label: NO LABEL ; (in boot sector: ) - volume Id: 0x1b19 - total number of sectors: 60,716...
Page 202 ------------------------ - allocation group size: 2 clusters - free space on volume: 10,852,352 bytes Boot Menu 3.2.0.1 Select an option. If no selection in 10 seconds then operational code will start. 1 - Start operational code. 2 - Start Boot Menu. Select (1, 2): Operational Code Date: Mon Jan 4 04:26:56 2010...
Page 203 Value obtained from file system volume descriptor pointer: 0x348ef70 The old setting was THU JAN 01 00:00:00 1970 Accepted system dates are greater than THU DEC 27 00:00:00 1990 /DskVol// - Volume is OK total # of clusters: 15,147 # of free clusters: 5,299 # of bad clusters: total free space:...
Page 204 # of obsolete descriptors: current volume configuration: - volume label: NO LABEL ; (in boot sector: - volume Id: 0x1b19 - total number of sectors: 60,716 - bytes per sector: - # of sectors per cluster: 4 - # of reserved sectors: - FAT entry size: FAT16 - # of sectors per FAT copy:...
Page 205 Timebase: 66.666666 MHz, MEM: 266.666664 MHz, PCI: 66.666666 MHz, CPU: 533.333328 MHz PCI unit 0: Dev 0xb314, Rev 0x01, Chip BCM56314_A0, Driver BCM56314_A0 SOC unit 0 attached to PCI device BCM56314_A0 Adding BCM transport pointers Configuring CPUTRANS TX Configuring CPUTRANS RX Instantiating /download as rawFs, device = 0x20001 Formatting /download for DOSFS...
Page 206 # of lost chains: total bytes in lost chains: (Unit 1 - Waiting to select management unit)> Welcome to Dell Easy Setup Wizard The Setup Wizard guides you through the initial switch configuration, and gets you up and running as quickly as possible. You...
Page 207 Would you like to run the setup wizard (you must answer this question within 60 seconds)? [Y/N] n Thank you for using Dell Easy Set up Wizard. You will now enter CLI mode. Applying Global configuration, please wait ... Applying Interface configuration, please wait ...
Page 208 Target Device........0x0050854 Size...........0x 91ced4 (9555668) Number of Components......3 Operational Code Size......0x790208 (7930376) Operational Code Offset......0x74 (116) Operational Code FLASH flag....1 Operational Code CRC......0x9EBE Operational Compression flag....2 (lzma) Boot Code Version......1 Boot Code Size.........0x100000 (1048576) Boot Code Offset.......0x79027c (7930492) Boot Code FLASH flag......0 Boot Code CRC........0x2C8B VPD - rel 3 ver 2 maint_lvl 0 build_num 1...
Page 209 File - Dell-Ent-esw-kinnick-pct.8541-V6R- CSxw-6IQHSr3v2m0b1.opr []There is no output from this option.[] This is the output from the update boot code option: Do you wish to update Boot Code? (y/n) y Validating image2..OK Extracting boot code from image...CRC valid Erasing Boot Flash..^^^^Done.
Page 210 Wrote 0x100000 bytes. Validating Flash..Passed Flash update completed.[][][][][]During the bootup sequence, if a user is connected using the serial interface, the system provides an escape key sequence to interrupt the bootup process and bring up a boot utility menu. The menu provides the users with the following: •...
Page 211 Options available - Start operational code - Change baud rate - Retrieve event log using XMODEM - Load new operational code using XMODEM - Display operational code vital product data - Run flash diagnostics - Update boot code - Delete backup image - Reset the system 10 - Restore configuration to factory defaults (delete config files)
Page 212 - Change baud rate - Retrieve event log using XMODEM - Load new operational code using XMODEM - Display operational code vital product data - Run flash diagnostics - Update boot code - Delete backup image - Reset the system 10 - Restore configuration to factory defaults (delete config files) 11 - Activate Backup Image...
Page 213 10 - Format file system 11 - File system test 12 - Comprehensive test (RAM, PCI, FLASH) 13 - Start vxWorks shell 14 - FRU utility menu - Return to main menu Select option (0-14): 14 FRU Utility Menu Options are: 1 - Download data through X-Modem and store into FRU 2 - Download data through X-Modem and store into FLASH 3 - Update FRU with data stored in FLASH...
Page 214 Monitoring Traps from CLI It is possible to connect to the CLI session and monitor the events or faults that are being sent as traps from the system. This feature is equivalent to the alarm-monitoring window in a typical network management system. The user enables events or monitor traps from the CLI by entering the command logging console.
Page 215: Layer 2 Commands
Layer 2 Commands The chapters that follow describe commands that conform to the OSI model data link layer (Layer 2). Layer 2 commands provide a logical organization for transmitting data bits on a particular medium. This layer defines the framing, addressing, and checksum functions for Ethernet packets.
Page 216 Layer 2 Commands...
Page 217: Aaa Commands
AAA Commands Management access to the switch is via telnet, HTTP, SSH, or the serial console (SNMP access is discussed in SNMP Commands). To ensure that only authorized users can access and change the configuration of the switch, users must be authenticated. Users can be authenticated based on: •...
Page 218: Commands In This Chapter
support the concept of timeout, subsequent entries in the list are never attempted. For example, the local authentication method implementation does not supply a time-out value. If a list contains the local method, followed by the radius authentication method, the radius method is not attempted. Once an APL is created, a reference to that APL can be stored in the access line configuration to determine how specific components should authenticate users.
Page 219 no aaa authentication dot1x default Parameter Description Parameter Description radius Uses the list of all authentication servers for authentication. Uses the internal authentication server. local Use the local authentication method. none Uses no authentication. Default Configuration No default authentication method is defined. Command Mode Global Configuration mode User Guidelines...
Page 220: Aaa Authentication Enable
aaa authentication enable Use the aaa authentication enable command in Global Configuration mode to set authentication for accessing higher privilege levels. To return to the default configuration, use the no form of this command. Syntax list-name method1 method2 aaa authentication enable {default | ...] list-name no aaa authentication enable {default |...
Page 221: Aaa Authentication Login
list-name method Create a list by entering the aaa authentication enable list-name command where is any character string used to name this list. The method argument identifies the list of methods that the authentication algorithm tries in the given sequence. The additional methods of authentication are used only if the previous method returns an error, not if it fails to authenticate the user.
Page 222 list-name — Character string used to name the list of authentication • methods activated when a user logs in. (Range: 1-15 characters) method1 [ method2 ...] — Specify at least one from the following table: • Keyword Source or destination enable Uses the enable password for authentication.
Page 223: Aaa Authorization Network Default Radius
Example The following example configures authentication login. console(config)# aaa authentication login default radius local enable none aaa authorization network default radius Use the aaa authorization network default radius command in Global Configuration mode to enable the switch to accept VLAN assignment by the RADIUS server.
Page 224: Aaa Ias-User Username
aaa ias-user username Use the aaa ias-user username command in Global Configuration mode to configure IAS users and their attributes. Username and password attributes are supported. The ias-user name is composed of up to 64 alphanumeric characters. This command also changes the mode to a user config mode. Use the no form of this command to remove the user from the internal user database.
Page 225: Enable Authentication
clear (IAS) Use the clear aaa ias-users command in Privileged EXEC mode to delete all IAS users. Syntax clear aaa ias-users Parameter Description This command does not require a parameter description. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command.
Page 226: Enable Password
list-name — Uses the indicated list created with the aaa authentication • enable command. (Range: 1-12 characters) Default Configuration Uses the default set with the command aaa authentication enable. Command Mode Line Configuration mode User Guidelines This command has no user guidelines. Example The following example specifies the default authentication method when accessing a higher privilege level console.
Page 227: Ip Http Authentication
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example defines password "xxxyyyzzz" to control access to user and privilege levels. console(config)# enable password xxxyyyzzz ip http authentication Use the ip http authentication command in Global Configuration mode to specify authentication methods for http server users.
Page 228: Ip Https Authentication
Command Mode Global Configuration mode User Guidelines The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify none as the final method in the command line.
Page 229: Login Authentication
Default Configuration The local user database is checked. This action has the same effect as the command ip https authentication local. Command Mode Global Configuration mode User Guidelines The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify none as the final method in the command line.
Page 230: Password (Aaa Ias User Configuration)
Command Mode Line Configuration mode User Guidelines This command has no user guidelines. Example The following example specifies the default authentication method for a console. console(config)# line console console(config-line)# login authentication default password (aaa IAS User Configuration) Use the password command in aaa IAS User Configuration mode to configure a password for a user.
Page 231: Password (Line Configuration)
User Guidelines This command has no user guidelines. Example console#configure console(config)#aaa ias-user username client-1 console(Config-IAS-User)#password client123 console(Config-IAS-User)#no password Example of a adding a MAB Client to the Internal user database: console#configure console(config)#aaa ias-user username 1f3ccb1157 console(Config-IAS-User)#password 1f3ccb1157 console(Config-IAS-User)#exit console(config)# password (Line Configuration) Use the password command in Line Configuration mode to specify a password on a line.
Page 232: Password (User Exec)
Default Configuration No password is specified. Command Mode Line Configuration mode User Guidelines This command has no user guidelines. Example The following example specifies a password "mcmxxyyy" on a line. console(config-line)# password mcmxxyyy password (User EXEC) Use the password command in User EXEC mode to allow a currently logged in user to change the password for only that user without having read/write privileges.
Page 233: Show Aaa Ias-Users
User Guidelines This command has no user guidelines. Example The following example shows the prompt sequence for executing the password command. console>password Enter old password:******** Enter new password:******** Confirm new password:******** show aaa ias-users Use the show aaa ias-users command in Privileged EXEC mode to display configured IAS users and their attributes.
Page 234: Show Authentication Methods
Example console#show aaa ias-users UserName ------------------- Client-1 Client-2 Following are the IAS configuration commands shown in the output of the show running-config command. Passwords shown in the command output are always encrypted. aaa ias-user username client-1 password a45c74fdf50a558a2b5cf05573cd633bac2c6c598d54497ad4c46 104918f2c encrypted exit show authentication methods Use the show authentication methods command in Privileged EXEC mode...
Page 235: Show Users Accounts
Example The following example displays the authentication configuration. console#show authentication methods Login Authentication Method Lists --------------------------------- defaultList local Enable Authentication Method Lists ---------------------------------- enableList local Line Login Method List Enable Method List ------- ----------------- ------------------ Console defaultList enableList Telnet defaultList enableList defaultList enableList...
Page 236: Default Configuration
Syntax show users accounts Parameter Description The following fields are displayed by this command. Parameter Description User Name Local user account’s user name. Privilege User’s access level (read only or read/write). Lockout Status Indicates whether the user account is locked out or not. Password Expiration Date Current password expiration date in date format.
Page 237: Show Users Login-History
admin False guest False brcm1 False console#show users accounts long User Name ------------ thisisaverylongusernameitisquitelong show users login-history Use the show users login-history command in Global Configuration mode to display information about the login history of users. Syntax show users login-history [long] name —...
Page 238: Username
console#show users login-history Login Time Username Protocol Location -------------------- --------- --------- ----------- Jan 19 2005 08:23:48 Serial Jan 19 2005 08:29:29 Robert HTTP 172.16.0.8 Jan 19 2005 08:42:31 John 172.16.0.1 Jan 19 2005 08:49:52 Betty Telnet 172.16.1.7 username Use the username command in Global Configuration mode to add a new user to the local user database.
Page 239: Username Password Encrypted
Parameter Description level The user level. Level 0 can be assigned by a level 15 user to another user to suspend that user’s access. Range: 0-15. Enter access level 1 for Read Access or 15 for Read/Write Access. encrypted Encrypted password entered, copied from another switch configuration.
Page 240 parameter must be a pre-existing local user. If the password strength feature is enabled, it checks for password strength and returns an appropriate error if it fails to meet the password strength criteria. Syntax name password level username password [level ] [encrypted] Parameter Description This command does not require a parameter description.
Page 241: Username Unlock
Message Type Message Description Reason behind the failure Exceeds Minimum Length of a Password. Password should be in the range of 8-64 characters in length. Set minimum password length to 0 by using the passwords min-length 0 command. Password should contain Minimum <number>...
Page 242 Syntax username username unlock Parameter Description This command does not require a parameter description. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. AAA Commands...
Page 243: Acl Commands
ACL Commands Access to a switch or router can be made more secure through the use of Access Control Lists (ACLs) to control the type of traffic allowed into or out of specific ports. An ACL consists of a series of rules, each of which describes the type of traffic to be processed and the actions to take for packets that meet the classification criteria.
Page 244: Access-List
classifier rule. The ACL logging feature allows these hardware hit counts to be collected on a per-rule basis and reported periodically to the network administrator using the system logging facility and an SNMP trap. The PowerConnect ACL permit/deny rule specification supports a log parameter that enables hardware hit count collection and reporting.
Page 245 containing this ACL rule is applied to an interface or bound to a VLAN, then the ACL rule is applied when the time-range with specified name becomes active. The ACL rule is removed when the time-range with specified name becomes inactive. list-name access-list {deny | permit} {every | {{icmp | igmp | ip | tcp |...
Page 246: Deny | Permit (Ip Acl)
Parameter Description queue- assign-queue Specifies the particular hardware queue for handling traffic that matches the rule. (Range: 0-6) interface mirror Allows the traffic matching this rule to be copied to the specified interface. interface redirect This parameter allows the traffic matching this rule to be forwarded to the specified unit/slot/port.
Page 247: Deny | Permit (Mac-Access-List-Configuration)
specified name does not exist, and the IP ACL containing this ACL rule is applied to an interface or bound to a VLAN, then the ACL rule is applied immediately. If a time range with the specified name exists, and the IP ACL containing this ACL rule is applied to an interface or bound to a VLAN, then the ACL rule is applied when the time-range with a specified name becomes active.
Page 248 Use this command in Mac-Access-List Configuration mode to create a new rule for the current MAC access list. Each rule is appended to the list of configured rules for the list. The command is enhanced to accept the optional time-range parameter. The time-range parameter allows imposing a time limitation on the MAC ACL time-range-name rule as defined by the parameter...
Page 249 Parameter Description 0x0600-0xFFFF Specify custom ethertype value (hexadecimal range 0x0600- 0xFFFF). vlan eq VLAN number. (Range 0-4095) Class of service. (Range 0-7) Specifies that this rule is to be logged. time-range-name Use the time-range parameter to impose a time limitation on time-range- the MAC ACL rule as defined by the parameter name...
Page 250: Ip Access-Group
Example The following example configures a MAC ACL to deny traffic from MAC address 0806.c200.0000. console(config)#mac access-list extended DELL123 console(config-mac-access-list)#deny 0806.c200.0000 ffff.ffff.ffff any ip access-group Use the ip access-group command in Global and Interface Configuration modes to apply an IP based ACL on an Ethernet interface or a group of name interfaces.
Page 251: Mac Access-Group
User Guidelines Global mode command configures the ACL on all the interfaces, whereas the interface mode command does so for the interface. Examples console(config)#ip access-group aclname in console(config)#no ip access-group aclname in console(config)#ip access-group aclname1 out console(config-if-1/0/1)#ip access-group aclname out console(config-if-1/0/1)#no ip access-group aclname mac access-group Use the mac access-group command in Global Configuration or Interface...
Page 252: Mac Access-List Extended
User Guidelines An optional sequence number may be specified to indicate the order of this access-list relative to the other access-lists already assigned to this interface and direction. A lower number indicates higher precedence order. If a sequence number already is in use for this interface and direction, the specified access-list replaces the currently attached access list using that sequence number.
Page 253: Mac Access-List Extended Rename
User Guidelines Use this command to create a mac access control list. The CLI mode is changed to Mac-Access-List Configuration when this command is successfully executed. Example The following example creates MAC ACL and enters MAC-Access-List- Configuration mode. console(config)#mac access-list extended LVL7DELL console(config-mac-access-list)# mac access-list extended rename Use the mac access-list extended rename command in Global Configuration...
Page 254: Service-Acl Input
console(config)#mac access-list extended rename DELL1 DELL2 service-acl input Use the service-acl input command in Interface Configuration mode to block Link Local Protocol Filtering (LLPF) protocol(s) on a given port. Use the no form of this command to unblock link-local protocol(s) on a given port. Syntax service-acl input {blockcdp | blockvtp | blockdtp | blockudld | blockpagp | blocksstp | blockall}...
Page 255: Show Service-Acl Interface
User Guidelines To specify multiple protocols, enter the protocol parameters together on the command line, separated by spaces. This command can only be entered once per interface if no intervening no service-acl input command has been entered. show service-acl interface This command displays the status of LLPF rules configured on a particular port or on all the ports.
Page 256: Show Ip Access-Lists
Block DTP........Enable Block UDLD........ Enable Block PAGP.........Enable Block SSTP........ Enable Block All......... Enable show ip access-lists Use the show ip access-lists command in Privileged EXEC mode to display an IP ACL and time-range parameters. Syntax accesslistnumber show ip access-lists [ Parameter Description Parameter Description...
Page 257: Show Mac Access-List
ACL Name Rules Interface(s) Vlan(s) ----------------------------------------------------- ACL40 ACL41 show mac access-list Use the show mac access-list command in Privileged EXEC mode to display a MAC access list and all of the rules that are defined for the MAC ACL. Use name the [ ] parameter to identify a specific MAC ACL to display.
Page 258 Fields Description MAC ACL Name The name of the MAC access list. Rules The number of user-configured rules defined for the MAC ACL. The implicit 'deny all' rule defined at the end of every MAC ACL is not included. Interfaces Displays the list of interfaces (unit/slot/port) to which the MAC ACL is attached in a given direction.
Page 259: Address Table Commands
Address Table Commands Static MAC Filtering allows the administrator to add a number of unicast or multicast MAC addresses directly to the forwarding database. This is typically a small number relative to the total size of the database. Associated with each static MAC address is a set of source ports, a set of destination ports and VLAN information.
Page 260: Clear Mac Address-Table
mac address-table aging- port security show mac address-table time dynamic mac address-table port security max show mac address-table multicast filtering interface mac address-table show mac address-table show mac address-table multicast forbidden multicast static address mac address-table show mac address-table show mac address-table multicast forbidden filtering vlan...
Page 261: Mac Address-Table Aging-Time
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example In this example, the mac address-table tables are cleared. console#clear mac address-table dynamic mac address-table aging-time Use the mac address-table aging-time command in Global Configuration mode to set the aging time of the address.
Page 262: Mac Address-Table Multicast Filtering
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example In this example the MAC Address Table aging time is set to 400. console(config)#mac address-table aging-time 400 mac address-table multicast filtering Use the mac address-table multicast filtering command in Global Configuration mode to enable filtering of Multicast addresses.
Page 263: Mac Address-Table Multicast Forbidden Address
If switches exist on the VLAN, and IGMP snooping is not enabled, use the mac address-table multicast forward-all command to enable forwarding all Multicast packets to the Multicast routers. Example In this example, bridge Multicast filtering is enabled. console(config)#mac address-table multicast filtering mac address-table multicast forbidden address Use the mac address-table multicast forbidden address command in Global Configuration mode to forbid adding a specific Multicast address to specific...
Page 264: Forward-Unregistered
Parameter Description interface-list Specify a comma separated list of interfaces, a range of interfaces, or a combination of both. Interfaces can be port- channel numbers or physical ports in unit/slot/port format. Default Configuration No forbidden addresses are defined. Command Mode Global Configuration mode User Guidelines Before defining forbidden ports, ensure that the Multicast group is registered.
Page 265: Mac Address-Table Multicast Forward-All
Parameter Description Parameter Description vlan-id vlan Valid VLAN ID (Range 1-4093). Default Configuration The default for this command is not forbidden. Command Mode Global configuration mode User Guidelines This command has no user guidelines. Example The following example forbids forwarding unregistered multicast addresses on VLAN8.
Page 266: Forward-Unregistered
Default Configuration Forward-unregistered. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example In this example, all VLAN1 Multicast packets are forwarded. console(config)#mac address-table multicast forward- all vlan 1 mac address-table multicast forward- unregistered Use the mac address-table multicast forward-unregistered command in Global Configuration mode to enable the forwarding of unregistered multicast addresses.
Page 267: Mac Address-Table Multicast Static
User Guidelines If routers exist on the VLAN, do not change the unregistered multicast drop addresses state to on the routers ports. NOTE: Do not use the mac address-table multicast forbidden forward-unregistered command with the mac address-table multicast forward-unregistered command on the same interface.
Page 268: Mac Address-Table Static
Parameter Description ip-multicast-address IP multicast address. interface- interface Specify a comma separated list of interfaces, a range of list interfaces, or a combination of both. Interfaces can be port- channel numbers or physical ports in unit/slot/port format. Default Configuration No Multicast addresses are defined. Command Mode Global Configuration mode User Guidelines...
Page 269: Port Security
Syntax mac-addr vlan-id mac address-table static vlan interface {gigabitethernet | interface-id port-channel | tengigabitethernet} mac-addr vlan-id no mac address-table static vlan [interface interface-id] {gigabitethernet | port-channel | tengigabitethernet} Syntax Description Parameter Description mac-address A valid MAC address in the format xxxx.xxxx.xxxx. vlan-id Valid VLAN ID (1-4093) interface-id...
Page 270: Port Security Max
Syntax port security [discard] no port security • discard — Discards frames with unlearned source addresses. This is the default if no option is indicated. Default Configuration Disabled No port security — Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines When port security is enabled on an interface, all dynamic entries learned up to that point are flushed, and new entries can be learned only to the limit set...
Page 271: Show Mac Address-Table Multicast
max-addr — The maximum number of addresses that can be learning on • the port. (Range: 0-600) Default Configuration The default value for this command is 100. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines This command has no user guidelines. Example The following example shows using this command in Ethernet Interface Configuration mode.
Page 272 Command Mode Privileged EXEC mode User Guidelines A MAC address can be displayed in IP format only if it is in the range 01:00:5e:00:00:00 through 01:00:5e:7f:ff:ff. Address Table Commands...
Page 273: Show Mac Address-Table Filtering
Example In this example, Multicast MAC address table information is displayed. console#show mac address-table multicast Vlan MAC Address Type Ports ----- ------------------- ------- ------------------ 0100.5E05.0505 Static Forbidden ports for multicast addresses: Vlan MAC Address Ports ---- ----------------------- --------------------------- 0100.5E05.0505 NOTE: A multicast MAC address maps to multiple IP addresses, as shown above.
Page 274: Show Mac Address-Table
User Guidelines This command has no user guidelines. Example In this example, the Multicast configuration for VLAN 1 is displayed. console#show mac address-table filtering 1 Filtering: Enabled VLAN: 1 Mode: Forward-Unregistered show mac address-table Use the show mac address-table command in User EXEC or Privileged EXEC mode to display all entries in the bridge-forwarding database.
Page 275: Show Mac Address-Table Address
Example In this example, all classes of entries in the mac address-table are displayed. console#show mac address-table Aging time is 300 Sec Vlan Mac Address Type Port ---- ---------------- ---------- ----------- 001E.C9AA.AE19 Management CPU Interface: 0/5/ 001E.C9AA.AC19 Dynamic Gi1/0/21 001E.C9AA.AE1B Management 001E.C9AA.AE1B Management Vl10 001E.C9AA.AE1B Management...
Page 276: Show Mac Address-Table Count
Parameter Description interface-id Display information for a specific interface. Valid interfaces include physical ports and port channels. vlan-id Display entries for the specific VLAN only. The range is 1 to 4093. Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC mode User Guidelines This command has no user guidelines.
Page 277: Show Mac Address-Table Dynamic
Parameter Description Parameter Description interface-id Specify an interface type; valid interfaces include physical ports and port channels. vlan-id Specify a valid VLAN, the range is 1 to 4093. Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC mode User Guidelines This command has no user guidelines.
Page 278 Syntax mac-address interface- show mac address-table dynamic [address ] [interface vlan-id ] [vlan Parameter Description Parameter Description mac-address A MAC address with the format xxxx.xxxx.xxxx. interface-id Display information for a specific interface. Valid interfaces include physical ports and port channels. vlan-id Display entries for the specific VLAN only.
Page 279: Show Mac Address-Table Interface
0001.02F1.0B33 Dynamic gi1/0/1 show mac address-table interface Use the show mac address-table command in User EXEC or Privileged EXEC mode to display all entries in the mac address-table. Syntax interface-id vlan-id show mac address-table interface [vlan Parameter Description Parameter Description interface-id Specify an interface type.Valid interfaces include physical ports and port channels.
Page 280: Show Mac Address-Table Static
---- -------------- ---- ------------- 0000.0001.0000 Dynamic gi1/0/1 0000.8420.5010 Dynamic gi1/0/1 0000.E26D.2C2A Dynamic gi1/0/1 0000.E89A.596E Dynamic gi1/0/1 0001.02F1.0B33 Dynamic gi1/0/1 show mac address-table static Use the show mac address-table static command in User EXEC or Privileged EXEC mode to display static entries in the bridge-forwarding database. Syntax mac-address interface-id...
Page 281: Show Mac Address-Table Vlan
Example In this example, all static entries in the bridge-forwarding database are displayed. console#show mac address-table static Vlan Mac Address Type Port ---- -------------- ----- ----- 0001.0001.0001 Static gi1/0/1 show mac address-table vlan Use the show mac address-table vlan command in User EXEC or Privileged EXEC mode to display all entries in the bridge-forwarding database for the specified VLAN.
Page 282: Show Ports Security
Example In this example, all classes of entries in the bridge-forwarding database are displayed. console#show mac address-table vlan 1 Mac Address Table ------------------------------------- Vlan Mac Address Type Ports ---- --------------- ------- ------- 0000.0001.0000 Dynamic gi1/0/1 0000.8420.5010 Dynamic gi1/0/1 0000.E26D.2C2A Dynamic gi1/0/1 0000.E89A.596E Dynamic gi1/0/1 0001.02F1.0B33...
Page 283: Show Ports Security Addresses
User Guidelines This command has no user guidelines. Example In this example, all classes of entries in the port-lock status are displayed. console#show ports security Port Status Action Maximum Trap Frequency ---- ------ ---------- --------- ------- ------- 1/0/1 Locked Discard Enable 1/0/2 Unlocked - 1/0/3...
Page 284 Syntax unit/slot/port show ports security addresses {gigabitethernet | port-channel port-channel-number | tengigabitethernet unit/slot/port } Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Examples The following example displays dynamic addresses for port channel number 1/0/1.
Page 285: Auto-Voip Commands
Auto-VoIP Commands Voice over Internet Protocol (VoIP) allows network users to make telephone calls using a computer network over a data network like the Internet. With the increased prominence of delay-sensitive applications (voice, video, and other multimedia applications) deployed in networks today, proper QoS configuration ensures high-quality application performance.
Page 286 Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode. User Guidelines There are no user guidelines for this command. Examples The following example shows command output when a port is specified: console#show switchport voice Interface Auto VoIP Mode Traffic Class ---------...
Page 287 Gi1/0/14 Disabled Gi1/0/15 Disabled Gi1/0/16 Disabled Gi1/0/17 Disabled Gi1/0/18 Disabled Gi1/0/19 Disabled Gi1/0/20 Disabled Gi1/0/21 Disabled Gi1/0/22 Disabled Gi1/0/23 Disabled Gi1/0/24 Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Po10 Disabled Po11 Disabled Po12 Disabled Po13 Disabled Po14 Disabled Po15 Disabled...
Page 288: Switchport Voice Detect Auto
--More-- or (q)uit The following example shows command output when a port is specified: console#show switchport voice gigabitethernet 1/0/1 Interface Auto VoIP Mode Traffic Class --------- -------------- ------------- Gi1/0/1 Disabled The command output provides the following information: • AutoVoIP Mode—The Auto VoIP mode on the interface. •...
Page 289 Command Mode Global Configuration mode Interface (gigabitethernet, port-channel, tengigabitethernet) Configuration mode User Guidelines This command has no user guidelines Example console(config)#interface gigabitethernet 1/0/1 console(config-if-Gi1/0/1)#switchport voice detect auto Auto-VoIP Commands...
Page 290 Auto-VoIP Commands...
Page 291: Cdp Interoperability Commands
CDP Interoperability Commands Industry Standard Discovery Protocol (ISDP) is a proprietary Layer 2 network protocol which inter-operates with Cisco network equipment and is used to share information between neighboring devices. PowerConnect switches participate in the ISDP protocol and are able to both discover and be discovered by devices that support the Cisco Discovery Protocol (CDP).
Page 292: Clear Isdp Table
User Guidelines There are no user guidelines for this command. Example console#clear isdp counters clear isdp table The clear isdp table command clears entries in the ISDP table. Syntax clear isdp table Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines...
Page 293: Isdp Enable
Default Configuration ISDP sends version 2 packets by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#isdp advertise-v2 isdp enable The isdp enable command enables ISDP on the switch. User the “no” form of this command to disable ISDP.
Page 294: Isdp Holdtime
Example The following example enables isdp on interface 1/0/1. console(config)#interface gigabitethernet 1/0/1 console(config-if-1/0/1)#isdp enable isdp holdtime The isdp holdtime command configures the hold time for ISDP packets that the switch transmits. The hold time specifies how long a receiving device should store information sent in the ISDP packet before discarding it.
Page 295: Isdp Timer
isdp timer The isdp timer command sets period of time between sending new ISDP packets. The range is given in seconds. Use the “no” form of this command to reset the timer to the default. Syntax time isdp timer no isdp timer Parameter Description Parameter Description...
Page 296: Show Isdp Entry
Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example console#show isdp Timer........ 30 Hold Time......180 Version 2 Advertisements..... Enabled Neighbors table last time changed..0 days 00:06:01 Device ID......
Page 297 Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example console#show isdp entry Switch Device ID Switch Address(es): IP Address: 172.20.1.18 IP Address: 172.20.1.18 Capability Router IGMP Platform...
Page 298: Show Isdp Interface
Compiled Wed 21-Mar-07 12:20 by tinhuang show isdp interface The show isdp interface command displays ISDP settings for the specified interface. Syntax unit/slot/port show isdp interface { all | gigabitethernet | tengigabitethernet unit/slot/port Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines...
Page 299: Show Isdp Neighbors
1/0/8 Enabled 1/0/9 Enabled 1/0/10 Enabled 1/0/11 Enabled 1/0/12 Enabled 1/0/13 Enabled 1/0/14 Enabled 1/0/15 Enabled 1/0/16 Enabled 1/0/17 Enabled 1/0/18 Enabled 1/0/19 Enabled 1/0/20 Enabled 1/0/21 Enabled 1/0/22 Enabled 1/0/23 Enabled 1/0/24 Enabled console#show isdp interface gigabitethernet 1/0/1 Interface Mode --------------- ----------...
Page 300 Syntax unit/slot/port show isdp neighbors {[ gigabitethernet | tengigabitethernet unit/slot/port | detail] } Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example console#show isdp neighbors Capability Codes: R - Router, T - Trans Bridge, B - Source Route, S - Switch, H - Host, I - IGMP, r - Repeater Device ID...
Page 301: Show Isdp Traffic
Interface 1/0/1 Port ID GigabitEthernet1/1 Holdtime Advertisement Version Entry last changed time 0 days 00:55:20 Version : Cisco IOS Software, Catalyst 4000 L3 Switch Software (cat4000-I9K91S-M), Version 12.2(25)EWA9, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Wed 21-Mar-07 12:20 by tinhuang show isdp traffic The show isdp traffic command displays ISDP statistics.
Page 302 ISDP Packets Transmitted....... 127 ISDPv1 Packets Received......0 ISDPv1 Packets Transmitted..... 0 ISDPv2 Packets Received......4253 ISDPv2 Packets Transmitted..... 4351 ISDP Bad Header........ 0 ISDP Checksum Error......0 ISDP Transmission Failure...... 0 ISDP Invalid Format......0 ISDP Table Full........ 392 ISDP Ip Address Table Full.....
Page 303: Data Center Bridging Commands
Data Center Bridging Commands NOTE: Data Center Bridging commands are only supported on the PCM8024-k switch. CLI commands and Dell OpenManage Switch Administrator pages are not available for other switch models. This chapter explains the following commands: clear priority-flow-control statistics...
Page 304: Datacenter-Bridging
Example #2 console#clear priority-flow-control statistics port- channel 1 Example #3 console#clear priority-flow-control statistics datacenter-bridging Use the datacenter-bridging command for an ethernet or port-channel interface in order to enter the DataCenterBridging mode. Priority-Flow- Control is configurable from within the DataCenterBridging mode. Syntax datacenter-bridging Default Configuration...
Page 305: Priority-Flow-Control Mode On
priority-flow-control mode on Use the priority-flow-control mode on command in Datacenter-Bridging mode to enable Priority-Flow-Control (PFC) on an interface. To disable Priority-Flow-Control, use the no form of the command. Syntax priority-flow-control mode on no priority-flow-control mode Default Configuration Priority-flow-control mode is disabled by default. Command Mode Datacenter-Bridging mode User Guidelines...
Page 306: Show Interfaces Datacenter-Bridging
Default Configuration The default behavior is drop. Command Mode Datacenter-Bridging mode User Guidelines This command has no effect on interfaces not enabled for PFC. Example The following example creates a priority group that pauses dot1p priority 5 on all interfaces. console#config console(config)#interface range ethernet all console(config-if)#datacenter-bridging...
Page 307 User Guidelines This command has no user guidelines. Example #1 console#show interfaces datacenter-bridging ethernet 1/xg1 Port Drop No-Drop Priorities Priorities State State ---- ---------- ---------- ----- ----- 1/xg1 1-4,7 Enabled Active Priority Received PFC frames -------- ------------------- Received PFC Frames:0 Transmit PFC Frames:0 Example #2 console#show interfaces datacenter-bridging port-...
Page 308 Port Drop No-Drop Priorities Priorities State State ---- ---------- ---------- ----- ----- 1,3-6 Enabled Active Priority Received PFC frames -------- ------------------- Received PFC Frames: 0 Transmit PFC Frames: 0 Example #3 console#show interfaces datacenter-bridging Port Drop No-Drop Priorities Priorities State State ---- ---------- ---------- -----...
Page 309 1/g48 1-4,7 Enabled Active 1-4,7 Enabled Active 1-4,7 Enabled Active ch48 1-4,7 Enabled Active Data Center Bridging Commands...
Page 310 Data Center Bridging Commands...
Page 311: Dhcp Layer 2 Relay Commands
DHCP Layer 2 Relay Commands In the majority of network configurations, DHCP clients and their associated servers do not reside on the same IP network or subnet. Therefore, some kind of third-party agent is required to transfer DHCP messages between clients and servers.
Page 312: Dhcp L2Relay (Interface Configuration)
Default Configuration DHCP L2 Relay is disabled by default. Command Mode Global Configuration. User Guidelines There are no user guidelines for this command. Example console(config)#dhcp l2relay dhcp l2relay (Interface Configuration) Use the dhcp l2relay command to enable DHCP L2 Relay for an interface. Use the "no"...
Page 313: Dhcp L2Relay Circuit-Id
dhcp l2relay circuit-id Use the dhcp l2relay circuit-id command to enable setting the DHCP Option 82 Circuit ID for a VLAN. When enabled, the interface number is added as the Circuit ID in DHCP option 82. Use the "no" form of this command to disable setting the DHCP Option 82 Circuit ID.
Page 314: Dhcp L2Relay Trust
Syntax remoteId vlan-range dhcp l2relay remote-id vlan remoteId vlan-range no dhcp l2relay remote-id vlan Parameter Description Parameter Description remoteId The string to be used as the remote ID in the Option 82 (Range: 1 - 128 characters). Default Configuration Setting the DHCP Option 82 Remote ID is disabled by default. Command Mode Global Configuration.
Page 315: Dhcp L2Relay Vlan
Configuration Mode Interface Configuration (Ethernet, Port-channel). User Guidelines There are no user guidelines for this command. Example console(config-if-1/0/1)#dhcp l2relay trust dhcp l2relay vlan Use the dhcp l2relay vlan command to enable the L2 DHCP Relay agent for a set of VLANs. All DHCP packets which arrive on interfaces in the configured VLAN are subject to L2 Relay processing.
Page 316 Example console(config)#dhcp l2relay vlan 10,340-345 DHCP Layer 2 Relay Commands...
Page 317: Dhcp Management Interface Commands
DHCP Management Interface Commands PowerConnect switches support an embedded DHCP client. Any IP interface can use DHCP to obtain an IP address. The DHCP client can run on multiple interfaces simultaneously. For IPv4, an IP interface can either use manually configured addresses or be enabled for DHCP .
Page 318: Release Dhcp
renew dhcp show dhcp lease release dhcp Use the release dhcp command in Privileged EXEC mode to force the DHCPv4 client to release a leased address. Syntax interface-id release dhcp Parameter Description Parameter Description interface-id Any valid VLAN interface. See Interface Naming Conventions for interface representation.
Page 319: Renew Dhcp
Example console#release dhcp vlan2 renew dhcp Use the renew dhcp command in Privileged EXEC mode to force the DHCP client to immediately renew an IPv4 address lease. Syntax interface-id renew dhcp { | out-of-band} Parameter Description Parameter Description interface-id Any valid routing interface. See Interface Naming Conventions for interface representation.
Page 320: Debug Dhcp Packet
Examples The first example is for routing interfaces. console#renew dhcp vlan 2 The second example is for out-of-band port. console#renew dhcp out-of-band debug dhcp packet Use the debug dhcp packet command in Privileged EXEC mode to display debug information about DHCPv4 client activities and to trace DHCPv4 packets to and from the local DHCPv4 client.
Page 321: Show Dhcp Lease
console#debug dhcp packet transmit The third example is for receive flow. console#debug dhcp packet receive show dhcp lease Use the show dhcp lease command in Privileged EXEC mode to display IPv4 addresses leased from a DHCP server. Syntax interface-id show dhcp lease [interface Parameter Description Parameter Description...
Page 322 Term Description DHCP Lease server The IPv4 address of the DHCP server that leased the address. State State of the DHCPv4 Client on this interface. DHCP transaction The transaction ID of the DHCPv4 Client. Lease The time (in seconds) that the IP address was leased by the server.
Page 323 Subnet mask: 255.255.255.0 DHCP Lease server: 10.1.20.3, state: 5 Bound DHCP transaction id: 0x7AD Lease: 86400 secs, Renewal: 43200 secs, Rebind: 75600 secs Retry count: 0 DHCP Management Interface Commands...
Page 324 DHCP Management Interface Commands...
Page 325: Dhcp Snooping Commands
DHCP Snooping Commands DHCP Snooping is a security feature that monitors DHCP messages between DHCP clients and DHCP server to filter harmful DHCP messages and build a bindings database of {MAC address, IP address, VLAN ID, interface} tuples that are considered authorized. The DHCP snooping application processes incoming DHCP messages.
Page 326: Clear Ip Dhcp Snooping Binding
clear ip dhcp snooping binding ip dhcp snooping trust clear ip dhcp snooping statistics ip dhcp snooping verify mac-address ip dhcp snooping show ip dhcp snooping ip dhcp snooping binding show ip dhcp snooping binding ip dhcp snooping database show ip dhcp snooping database ip dhcp snooping database write-delay show ip dhcp snooping interfaces ip dhcp snooping limit...
Page 327: Clear Ip Dhcp Snooping Statistics
clear ip dhcp snooping statistics Use the clear ip dhcp snooping statistics command to clear all DHCP Snooping statistics. Syntax clear ip dhcp snooping statistics Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC User Guidelines There are no user guidelines for this command.
Page 328: Ip Dhcp Snooping Binding
Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command. Example console(config)#ip dhcp snooping console(config-if-vlan1)#ip dhcp snooping ip dhcp snooping binding Use the ip dhcp snooping binding command to configure a static DHCP Snooping binding. Use the “no” form of this command to remove a static binding.
Page 329: Ip Dhcp Snooping Database
Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#ip dhcp snooping binding 00:00:00:00:00:01 vlan 10 10.131.12.134 interface 1/0/1 ip dhcp snooping database Use the ip dhcp snooping database command to configure the persistent storage location of the DHCP snooping database.
Page 330: Ip Dhcp Snooping Database Write-Delay
User Guidelines There are no user guidelines for this command. Example The following example configures the storage location of the snooping database as local. console(config)#ip dhcp snooping database local The following example configures the storage location of the snooping database as remote. console(config)#ip dhcp snooping database tftp://10.131.11.1/db.txt ip dhcp snooping database write-delay...
Page 331: Ip Dhcp Snooping Limit
User Guidelines There are no user guidelines for this command. Example console(config)#ip dhcp snooping database write-delay 500 ip dhcp snooping limit Use the ip dhcp snooping limit command to control the maximum rate of DHCP messages. Use the no form of this command to reset the limit to the default.
Page 332: Ip Dhcp Snooping Log-Invalid
ip dhcp snooping log-invalid Use the ip dhcp snooping log-invalid command to enable logging of DHCP messages filtered by the DHCP Snooping application. Use the “no” form of this command to disable logging. Syntax ip dhcp snooping log-invalid no ip dhcp snooping log-invalid Default Configuration Logging of filtered messages is disabled by default.
Page 333: Ip Dhcp Snooping Verify Mac-Address
Default Configuration Ports are untrusted by default. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines There are no user guidelines for this command. Example console(config-if-1/0/1)#ip dhcp snooping trust console(config-if-1/0/1)#no ip dhcp snooping trust ip dhcp snooping verify mac-address Use the ip dhcp snooping verify mac-address command to enable the verification of the source MAC address with the client MAC address in the received DHCP message.
Page 334: Show Ip Dhcp Snooping
Example console(config)#ip dhcp snooping verify mac-address show ip dhcp snooping Use the show ip dhcp snooping command to display the DHCP snooping global configuration. Syntax show ip dhcp snooping Syntax Description This command has no arguments or keywords. Default Configuration There is no default configuration for this command.
Page 335: Show Ip Dhcp Snooping Binding
--------- -------- ---------------- 1/0/1 1/0/2 1/0/3 1/0/4 1/0/6 show ip dhcp snooping binding Use the show ip dhcp snooping binding command to display the DHCP snooping binding entries. Syntax interface- show ip dhcp snooping binding [{ static | dynamic } ] [ interface vlan-id ] [ vlan static | dynamic—...
Page 336: Show Ip Dhcp Snooping Database
MAC Address IP Address VLAN Interface Lease time(Secs) ------------------ ------------ ---- --------- ------------- 00:02:B3:06:60:80 210.1.1.3 1/0/1 86400 00:0F:FE:00:13:04 210.1.1.4 1/0/1 86400 show ip dhcp snooping database Use the show ip dhcp snooping database command to display the DHCP snooping configuration related to the database persistence. Syntax show ip dhcp snooping database Syntax Description...
Page 337: Show Ip Dhcp Snooping Interfaces
show ip dhcp snooping interfaces Use the show ip dhcp snooping interfaces command to show the DHCP Snooping status of the interfaces. Syntax interface show ip dhcp snooping interfaces [ • interface—A valid physical interface. Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC User Guidelines...
Page 338: Show Ip Dhcp Snooping Statistics
1/0/15 show ip dhcp snooping statistics Use the show ip dhcp snooping statistics command to display the DHCP snooping filtration statistics. Syntax show ip dhcp snooping statistics Syntax Description This command has no arguments or keywords. Default Configuration There is no default configuration for this command. Command Mode User EXEC, Privileged EXEC User Guidelines...
Page 339 Interface MAC Verify Client Ifc DHCP Server Failures Mismatch Msgs Rec'd ----------- ---------- ---------- ----------- 1/0/2 1/0/3 1/0/4 1/0/5 1/0/6 1/0/7 1/0/8 1/0/9 1/0/10 1/0/11 1/0/12 1/0/13 1/0/14 1/0/15 1/0/16 1/0/17 1/0/18 1/0/19 1/0/20 DHCP Snooping Commands...
Page 340 DHCP Snooping Commands...
Page 341: Dynamic Arp Inspection Commands
Dynamic ARP Inspection Commands Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. The feature prevents a class of man-in-the-middle attacks, where an unfriendly station intercepts traffic for other stations by poisoning the ARP caches of its neighbors. The miscreant sends ARP requests or responses mapping another station IP address to its own MAC address.
Page 342: Clear Ip Arp Inspection Statistics
Default Configuration There are no ARP ACLs created by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#arp access-list tier1 clear ip arp inspection statistics Use the clear ip arp inspection statistics command in Privileged EXEC mode to reset the statistics for Dynamic Address Resolution Protocol (ARP) inspection on all VLANs.
Page 343: Ip Arp Inspection Filter
Example console#clear ip arp inspection statistics ip arp inspection filter Use the ip arp inspection filter command to configure the ARP ACL to be used for a single VLAN or a range of VLANs to filter invalid ARP packets. If the static keyword is given, packets that do not match a permit statement are dropped without consulting the DHCP snooping bindings.
Page 344: Ip Arp Inspection Trust
Configuring none for the limit means the interface is not rate limited for Dynamic ARP Inspection. Syntax seconds ip arp inspection limit { none | rate [ burst interval no ip arp inspection limit • none — To set no rate limit. pps —...
Page 345: Ip Arp Inspection Validate
no ip arp inspection trust Default Configuration Interfaces are configured as untrusted by default. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines There are no user guidelines for this command. Example console(config-if-1/0/3)#ip arp inspection trust ip arp inspection validate Use the ip arp inspection validate command to enable additional validation checks like source MAC address validation, destination MAC address validation or IP address validation on the received ARP packets.
Page 346: Ip Arp Inspection Vlan
Default Configuration There is no additional validation enabled by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example console(config)#ip arp inspection validate src-mac dst-mac ip console(config)#ip arp inspection validate src-mac ip console(config)#ip arp inspection validate dst-mac ip console(config)#ip arp inspection validate ip ip arp inspection vlan Use the ip arp inspection vlan command to enable Dynamic ARP Inspection...
Page 347: Permit Ip Host Mac Host
User Guidelines There are no user guidelines for this command. Example console(config)#ip arp inspection vlan 200-300 console(config)#ip arp inspection vlan 200-300 logging permit ip host mac host Use the permit ip host mac host command to configure a rule for a valid IP address and MAC address combination used in ARP packet validation.
Page 348: Show Arp Access-List
show arp access-list Use the show arp access-list command to display the configured ARP ACLs with the rules. Giving an ARP ACL name as the argument would display only the rules in that ARP ACL. Syntax acl-name show arp access-list [ acl-name —...
Page 349 Syntax interface-id vlan-range show ip arp inspection [interfaces [ ] | statistics [vlan vlan-range | vlan Parameter Description Parameter Description interfaces Display the Dynamic ARP Inspection configuration on all the interface-id DAI enabled interfaces. Giving an interface argument, it displays the values for that interface. statistics vlan vlan- Display the statistics of the ARP packets processed by Dynamic...
Page 350 DHCP Drops The number of packets dropped due to DHCP Snooping binding database match failure. ACL Drops The number of packets dropped due to ARP ACL rule match failure. DHCP Permits The number of packets permitted due to DHCP snooping binding database match.
Page 351: Show Ip Arp Inspection Vlan
(pps) (seconds) --------------- ----------- ---------- --------------- 1/0/1 Untrusted 1/0/2 Untrusted Following is an example of the show ip arp inspection statistics command. console#show ip arp inspection statistics VLAN Forwarded Dropped ---- --------- ------- console#show ip arp inspection statistics vlan 10,20 VLAN DHCP DHCP...
Page 352 Parameter Description Parameter Description vlan-range A valid VLAN range. Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines The following global parameters are displayed: Parameter Description Source Mac Validation If Source Mac validation of ARP frame is enabled. Destination Mac If Destination Mac validation of ARP Response frame is Validation...
Page 353 Source Mac Validation : Disabled Destination Mac Validation : Disabled IP Address Validation : Disabled Vlan Configuration Log Invalid ACL Name Static flag ---- ------------- ----------- --------- ---------- Enabled Enabled Enabled Disabled Enabled Enabled Disabled Dynamic ARP Inspection Commands...
Page 354 Dynamic ARP Inspection Commands...
Page 355: Email Alerting Commands
Email Alerting Commands Email Alerting is an extension of the logging system. The PowerConnect logging system allows the user to configure a variety of destinations for log messages. This feature adds email configuration capabilities, by which the log messages are sent to a configured SMTP server such that an operator may receive the log in an e-mail account of their choice.
Page 356: Logging Email
logging email show logging email statistics logging email urgent clear logging email statistics logging traps security logging email message-type to-addr mail-server ip-address | hostname logging email from-addr port (Mail Server Configuration Mode) logging email message-type subject username (Mail Server Configuration Mode) logging email logtime password (Mail Server Configuration...
Page 357 Parameter Description Parameter Description severity If you specify a severity level, log messages at or above the severity level are emailed. The severity level may either be specified by keyword or as an integer from 0 to 7. The accepted keywords, and the numeric severity level each represents, are as follows.
Page 358: Logging Email Urgent
logging email urgent Use the logging email urgent command in Global Configuration mode to set the lowest severity level at which log messages are emailed in an urgent manner. To revert the urgent severity level to its default value, use the no form of this command.
Page 359: Logging Traps
Command Mode Global Configuration mode User Guidelines Log messages at or above this severity level are considered urgent. By default, Emergency and Alert log messages are considered urgent. Urgent log messages are emailed immediately, one log message per email message, and do not wait for the log time to expire.
Page 360: Logging Email Message-Type To-Addr
Default Configuration The default severity level is info(6). Command Mode Global Configuration mode User Guidelines You can filter log messages that appear in the buffered log by severity level. You can specify the severity level of log messages that are emailed. You can use this command to specify the severity level at which SNMP traps are logged, and thus control whether traps appear in the buffered log or are emailed and, if they are emailed, whether traps are considered urgent or non-...
Page 361: Logging Email From-Addr
Command Mode Global Configuration User Guidelines This command removes the configured to-addr field of email. logging email from-addr Use the logging email from-addr command in Global Configuration mode to configure the From address of the email. Use the no form of this command to remove the email source address.
Page 362: Logging Email Logtime
Syntax message-type subject logging email message-type subject message-type no logging email message-type subject Parameter Description This command does not require a parameter description. Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines The user must enter the message-type parameter manually as tab and space bar completion do not work for this parameter.
Page 363: Logging Email Test Message-Type
Command Mode Global Configuration User Guidelines This command has no user guidelines. logging email test message-type Use the logging email test message-type command in Global Configuration mode to test whether or not an e-mail is being sent to an SMTP server. Syntax message-type message-body...
Page 364: Show Logging Email Statistics
show logging email statistics Use the show logging email statistics command in Privileged EXEC mode to show the statistics about the emails. The command displays information on how many emails are sent, how many emails failed, when the last email was sent, how long it has been since the last email was sent, how long it has been since the email changed to disabled mode.
Page 365: Security
Default Configuration This command has no default configuration. Command Mode Privileged EXEC User Guidelines This command has no user guidelines. security Use the security command in Mail Server Configuration mode to set the email alerting security protocol. This enables and disables the switch to use TLS authentication with the SMTP Server.
Page 366: Mail-Server Ip-Address | Hostname
mail-server ip-address hostname Use the mail-server ip-address | hostname command in Global Configuration mode to configure the SMTP server IP address and change the mode to Mail Server Configuration mode. The server address can be in the IPv4, IPv6, or DNS name format. Use the no form of this command to remove the configured SMTP server address.
Page 367: Port (Mail Server Configuration Mode)
port (Mail Server Configuration Mode) Use the port command in Mail Server Configuration mode to configure the TCP port to use for communication with the SMTP server. Port can be set to 465 or 25. Use the no form of the command to revert the SMTP port to the default port.
Page 368: Password (Mail Server Configuration Mode)
Parameter Description This command does not require a parameter description. Default Configuration The default value for username is admin. Command Mode Mail Server Configuration User Guidelines This command has no user guidelines. password (Mail Server Configuration Mode) Use the password command in Mail Server Configuration mode to configure the password required to authenticate to the email server.
Page 369: Show Mail-Server
show mail-server Use the show mail-server command in Privileged EXEC mode to display the configuration of all the mail servers or a particular mail server. Syntax ip-address hostname show mail-server { | all} Parameter Description This command does not require a parameter description. Default Configuration This command has no default configuration.
Page 370 SMTP server authentication details: Username: admin Mail server2 configuration: SMTP server IP Address: 10.131.1.31 SMTP server Port: SMTP server security protocol: SMTP server authentication details: Username: admin console#show mail-server ip-address 10.131.1.11 SMTP server IP Address: 10.131.1.11 SMTP server Port: SMTP server security protocol: SMTP server authentication details: Username: admin...
Page 371: Ethernet Configuration Commands
Ethernet Configuration Commands PowerConnect switches support a variety of configuration options to optimize network operations. Features such as flow-control and jumbo frames are supported along with a variety of commands to display traffic statistics as well as limit the effects of network loops or other network issues. Jumbo frame technology is employed in certain situations to reduce the task load on a server CPU and to transmit large amounts of data efficiently.
Page 372: Clear Counters
On a storm control enabled interface, if the ingress rate of that type of packet (L2 broadcast, multicast, or unicast) is greater than the configured threshold level (as a percentage of port speed or as an absolute packets-per-second rate), the switch forwarding-plane discards the excess traffic. The speed and duplex commands control interface link speeds and auto- negotiation.
Page 373: Description
Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example In the following example, the counters for port 1/0/1 are cleared. console#clear counters gigabitethernet 1/0/1 description Use the description command in Interface Configuration mode to add a description to an interface.
Page 374: Duplex
console(config)#interface gigabitethernet 1/0/5 console(config-if-1/0/5)# description RD_SW#3 duplex Use the duplex command in Interface Configuration mode to configure the duplex operation of a given Ethernet interface. To restore the default, use the no form of this command. Syntax duplex {auto | half | full} no duplex Parameter Description Parameter...
Page 375: Flowcontrol
Example The following example configures the duplex operation of gigabit Ethernet port 1/0/5 to force full duplex operation. console(config)# interface gigabitethernet 1/0/5 console(config-if)# duplex full flowcontrol Use the flowcontrol command in Global Configuration mode to configure the flow control. To disable flow control, use the no form of this command. Syntax flowcontrol no flowcontrol...
Page 376: Interface Range
NOTE: Additional forms of the interface command enable configuring VLANs, tunnels, the loopback interface, the out-of-band interface, and ranges of interfaces. See interface vlan, interface tunnel, interface loopback, and interface range. Syntax unit/slot/port port-channel-number interface {gigabitethernet | port-channel unit/slot/port | tengigabitethernet Default Configuration This command has no default configuration.
Page 377 Parameter Description port-range A list of valid ports to configure. Separate non-consecutive ports with a comma and no spaces; use a hyphen to designate a range of ports. For more detailed information, see Operating on Multiple Objects (Range). port-type Shows all interfaces of the specified type. Default Configuration This command has no default configuration.
Page 378 console(config)#interface range gi1/0/20-48 console(config)#interface range gi1/0/1,gi1/0/48 console(config)#interface range gi2/0/1-10,gi1/0/30 console(config)#interface range gi1/0/1-10,gi1/0/30-48 console(config)#interface range gi1/0/1,te1/1/1 console(config)#interface range gigabitEthernet 1/0/10,tengigabitEthernet1/1/2 Use the mtu command in Interface Configuration mode to enable jumbo frames on an interface by adjusting the maximum size of a packet. To return to the default setting, use the no form of this command.
Page 379: Show Interfaces Advertise
show interfaces advertise Use the show interfaces advertise command in Privileged EXEC mode to display information about auto-negotiation advertisement. Syntax unit/slot/port show interfaces advertise [{gigabitethernet unit/slot/port tengigabitethernet Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines.
Page 380: Show Interfaces Configuration
Admin Local Link ------ ------ ------ ------ ------ Advertisement yes show interfaces configuration Use the show interfaces configuration command in User EXEC mode to display the configuration for all configured interfaces. Syntax unit/slot/port show interfaces configuration [{gigabitethernet | port-channel port-channel-number | tengigabitethernet unit/slot/port }] Default Configuration This command has no default configuration.
Page 381: Field Description
1/0/6 Gigabit - Level Unknown Auto 1/0/7 Gigabit - Level Unknown Auto 1/0/8 Gigabit - Level Unknown Auto 1/0/9 Gigabit - Level Unknown Auto 1/0/10 Gigabit - Level Unknown Auto 1/0/11 Gigabit - Level Unknown Auto 1/0/12 Gigabit - Level Unknown Auto 1/0/13...
Page 382: Show Interfaces Counters
show interfaces counters Use the show interfaces counters command in User EXEC mode to display traffic seen by the interface. Use the command in either User EXEC mode or Privileged EXEC mode to display Priority Flow Control (PFC) traffic seen by the interface, including Received PFC Frames and Transmitted PFC Frames for a given ethernet or port-channel interface.
Page 383 2/0/1 3/0/1 8789 InOctets InUcastPkts ---- ---------- --------- 27889 OutOctets OutUcastPkts ---- ---------- --------- 23739 The following example displays counters for Ethernet port 1/0/1. console#show interfaces counters gigabitethernet 1/0/1 Port InOctets InUcastPkts ---- ---------- --------- 1/0/1 183892 1289 Port OutOctets OutUcastPkts ---- ----------...
Page 384 Deferred Transmissions: 0 Late Collisions: 0 Excessive Collisions: 0 Oversize Packets: 0 Internal MAC Rx Errors: 0 Received Pause Frames: 0 Transmitted Pause Frames: 0 The following table describes the fields shown in the display: Field Description InOctets Counted received octets. InUcastPkts Counted received Unicast packets.
Page 385: Show Interfaces Description
Field Description Late Collisions Counted times that a collision is detected later than one slot time into the transmission of a packet. Excessive Collisions Counted frames for which transmission fails due to excessive collisions. Oversize Packets Counted frames received that exceed the maximum permitted frame size.
Page 386: Show Interfaces Status
console>show interfaces description Port Description ---- ----------------------------------------------------- 1/0/1 Port that should be used for management only 2/0/1 2/0/2 Description ---- ----------- Output show interfaces status Use the show interfaces status command in User EXEC mode to display the status for all configured interfaces. Syntax unit/slot/port port-...
Page 387: Command Mode
Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines This command has no user guidelines. Example The following example displays the status for all configured interfaces. console#show interfaces status Port Type Duplex Speed Link Flow Control State Status...
Page 388 Gi1/0/22 Gigabit - Level Unknown Auto Down Inactive Gi1/0/23 Gigabit - Level Unknown Auto Down Inactive Gi1/0/24 Gigabit - Level Unknown Auto Down Inactive Type Link State ------------------------------ ----- Out-Of-Band Port Type Link State ---- ------------------------------ ----- Link Aggregate Down Link Aggregate Down Link Aggregate...
Page 389: Link State
Po28 Link Aggregate Down Po29 Link Aggregate Down Po30 Link Aggregate Down --More-- or (q)uit Po31 Link Aggregate Down Po32 Link Aggregate Down Po33 Link Aggregate Down Po34 Link Aggregate Down Po35 Link Aggregate Down Po36 Link Aggregate Down Po37 Link Aggregate Down Po38 Link Aggregate Down...
Page 390: Show Statistics
show statistics Use the show statistics command in Privileged EXEC mode to display detailed statistics for a specific port or for the entire switch. Syntax unit/slot/port show statistics {gigabitethernet |switchport | port-channel port-channel-number | tengigabitethernet unit/slot/port } Parameter Description Parameter Description unit/slot/port A valid interface.
Page 391 Packets Received 512-1023 Octets....4824 Packets Received 1024-1518 Octets....479543 Packets Received > 1522 Octets....0 Packets RX and TX 64 Octets....94516 Packets RX and TX 65-127 Octets....483312 Packets RX and TX 128-255 Octets....101329 Packets RX and TX 256-511 Octets....163696 Packets RX and TX 512-1023 Octets....
Page 392 Reserved Address Discards...... 0 Broadcast Storm Recovery....... 0 CFI Discards........0 Upstream Threshold......0 Total Packets Transmitted (Octets)..... 3604988 Packets Transmitted 64 Octets....45566 Packets Transmitted 65-127 Octets....886 Packets Transmitted 128-255 Octets..... 245 --More-- or (q)uit Packets Transmitted 256-511 Octets..... 25 Packets Transmitted 512-1023 Octets....
Page 393 GVRP PDUs Transmitted......0 GVRP Failed Registrations...... 0 BPDU: sent 44432, received 0 EAPOL Frames Transmitted....... 0 EAPOL Start Frames Received....0 Time Since Counters Last Cleared....1 day 0 hr 41 min 44 sec The following example shows statistics for the entire switch. console#show statistics gigabitethernet switchport Total Packets Received (Octets)....
Page 394 VLAN Deletes........0 Time Since Counters Last Cleared....1 day 0 hr 42 min 13 sec console# The following example shows statistics for the entire switch. console#show statistics switchport Total Packets Received (Octets)....0 Packets Received Without Error....0 Unicast Packets Received....... 0 Multicast Packets Received.....
Page 395: Show Statistics Switchport
VLAN Deletes........0 Time Since Counters Last Cleared... 0 day 18 hr 1 min 59 sec show statistics switchport Use the show statistics command in Privileged EXEC mode to display detailed statistics for a specific port or for the entire switch. Syntax interface-id show statistics {...
Page 396 Unicast Packets Received....... 0 Multicast Packets Received..... 0 Broadcast Packets Received..... 0 Receive Packets Discarded...... 0 Octets Transmitted......0 Packets Transmitted Without Errors..... 0 Unicast Packets Transmitted....0 Multicast Packets Transmitted....0 Broadcast Packets Transmitted....0 Transmit Packets Discarded..... 0 Most Address Entries Ever Used....
Page 397: Show Storm-Control
show storm-control Use the show storm-control command in Privileged EXEC mode to display the configuration of storm control. Syntax unit/slot/port show storm-control [all | {gigabitethernet unit/slot/port tengigabitethernet Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines.
Page 398: Shutdown
shutdown Use the shutdown command in Interface Configuration mode to disable an interface. To restart a disabled interface, use the no form of this command. Syntax shutdown no shutdown Default Configuration The interface is enabled. Command Mode Interface Configuration (Ethernet, Port-Channel, Tunnel, Loopback) mode User Guidelines This command has no user guidelines.
Page 399 no speed Parameter Description Parameter Description Configures the port to 10 Mbps operation. Configures the port to 100 Mbps operation. 1000 Configures the port to 1000 Mbps operation. 10000 Configures the port to 10 Gbps operation. auto The port automatically detects the speed it should run based on the port at the other end of the link.
Page 400: Storm-Control Broadcast
storm-control broadcast Use the storm-control broadcast command in Interface Configuration mode to enable broadcast storm recovery mode for a specific interface. If the mode is enabled, broadcast storm recovery is active, and if the rate of L2 broadcast traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.
Page 401: Storm-Control Unicast
When you use the no storm-control multicast command to "disable" storm- control after having set the level or rate to a non-default value, that value is still set but is not active until you re-enable storm-control. Syntax rate storm-control multicast [level | no storm-control multicast •...
Page 402: Switchport Protected
Syntax rate storm-control unicast [level | no storm-control unicast • level— The configured rate as a percentage of link-speed. rate — The configured rate in kilobits per second (kbps). (Range: 0-100) • Default Configuration The default value is 5. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines.
Page 403: Switchport Protected Name
groupid- -Identifies which group this port will be protected in. (Range: 0-2) • Default Configuration No protected switchports are defined. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example The following example configures Ethernet port 1/0/1 as a member of protected group 1.
Page 404: Show Switchport Protected
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example assigns the name "protected" to group 1. console(config-if-1/0/1)#switchport protected 1 name protected show switchport protected Use the show switchport protected command in Privileged EXEC mode to display the status of all the interfaces, including protected and unprotected interfaces.
Page 405 Name......... test Ethernet Configuration Commands...
Page 406 Ethernet Configuration Commands...
Page 407: Ethernet Cfm Commands
Ethernet CFM Commands Connectivity Fault Management (CFM) is the OAM Protocol provision for end-to-end service layer OAM in carrier Ethernet networks. CFM provides mechanisms to support the operator in performing connectivity checks, fault detection, fault verification and isolation, and fault notification per service in the network domain of interest.
Page 408: Ethernet Cfm Domain
ethernet cfm mep archive-hold-time show ethernet cfm statistics ethernet cfm mip level debug cfm ethernet cfm domain Use the ethernet cfm domain command in Global Configuration mode to enter into maintenance domain config mode for an existing domain. Use the optional level parameter to create a domain and enter into maintenance domain config mode.
Page 409: Service
User Guidelines Each domain must have a unique name and level, for example, one cannot create a domain qwerty at level 2 if domain qwerty already exists at level 1. Likewise, one cannot create a domain dvorak at level 2 if a domain of any name exists at level 2.
Page 410: Ethernet Cfm Cc Level
Command Mode Maintenance domain config mode User Guidelines This command has no user guidelines. Example console(config-cfm-mdomain)#service serv1 vlan 10 ethernet cfm cc level Use the ethernet cfm cc level command in Global Configuration mode to initiate sending continuity checks (CCMs) at the specified interval and level on a VLAN monitored by an existing domain.
Page 411: Ethernet Cfm Mep Level
Default Configuration CCMs are not sent by default. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example console(config)#ethernet cfm cc level 1 vlan 15 interval 10 ethernet cfm mep level Use the ethernet cfm mep level command in Interface Configuration mode to create a Maintenance End Point (MEP) on an interface at the specified level and direction.
Page 412: Ethernet Cfm Mep Enable
Command Mode Interface Configuration User Guidelines This command has no user guidelines. Example The following example creates a maintenance endpoint at level 1 with mpid 1010 on vlan 10. console(config-if-Gi1/0/3)#ethernet cfm mep level 1 direction up mpid 1010 vlan 10 ethernet cfm mep enable Use the ethernet cfm mep enable command in Interface Configuration mode to enable a MEP at the specified level and direction.
Page 413: Ethernet Cfm Mep Active
User Guidelines The maintenance domain must exist for it to be enabled. Example The following example enables a maintenance endpoint at level 1 with mpid 1010 on vlan 10. console(config-if-Gi1/0/3)#ethernet cfm mep enable level 1 vlan 10 mpid 1010 ethernet cfm mep active Use the ethernet cfm mep active command in Interface Configuration mode to activate a MEP at the specified level and direction.
Page 414: Ethernet Cfm Mep Archive-Hold-Time
ethernet cfm mep archive-hold-time Use the ethernet cfm mep archive-hold-time command in Interface Configuration mode to maintain internal information on a missing MEP. Use the no form of the command to return the interval to the default value. Syntax hold-time ethernet cfm mep archive-hold-time Parameter Description Parameter...
Page 415: Ping Ethernet Cfm
Syntax ethernet cfm mip level Parameter Description Parameter Description level Maintenance association level Default Configuration No MIPs are preconfigured. Command Mode Interface Configuration User Guidelines This command has no user guidelines. Example console(config-if-gi1/0/1)# ethernet cfm mip level <7> ping ethernet cfm Use the ping ethernet cfm command in Privileged EXEC mode to generate a loopback message (LBM) from the configured MEP .
Page 416: Traceroute Ethernet Cfm
Parameter Description mac-addr The destination MAC address for which the connectivity needs to be verified. Either MEP ID or the MAC address option can be used. remote-mpid The MEP ID for which connectivity is to be verified; i.e. the destination MEP ID. domain Name of the maintenance domain (an alphanumeric string of up to 43 characters in length).
Page 417 Syntax mac-addr 1-8191 traceroute ethernet cfm {mac | remote-mpid } {domain domain name vlan-id 1-8191 1-255 | level } vlan mpid [ttl Parameter Description Parameter Description level Maintenance association level mac-addr The destination MAC address for which the route needs to be traced.
Page 418: Show Ethernet Cfm Errors
show ethernet cfm errors Use the show ethernet cfm errors command in Privileged EXEC mode to display the cfm errors. Syntax domain-id show ethernet cfm errors {domain | level Parameter Description Parameter Description domain Name of the maintenance domain (an alphanumeric string of up to 43 characters in length).
Page 419: Show Ethernet Cfm Maintenance-Points Local
Syntax domain-id show ethernet cfm domain {brief | Parameter Description Parameter Description domain Name of the maintenance domain (an alphanumeric string of up to 43 characters in length). Default Configuration This command has no default configuration. Command Mode Privileged EXEC User Guidelines This command has no user guidelines.
Page 420: Show Ethernet Cfm Maintenance-Points Remote
Syntax interface- show ethernet cfm maintenance-points local {level | interface domain-name | domain Parameter Description Parameter Description domain Name of the maintenance domain (an alphanumeric string of up to 43 characters in length). level Maintenance association level interface-id Show all MPs associated with the interface. Default Configuration This command has no default configuration.
Page 421 Syntax domain- show ethernet cfm maintenance-points remote {level | domain name mac-address MEPId domain-name | detail [ mac | mep ] [domain vlan-id level ] [vlan Parameter Description Parameter Description domain Name of the maintenance domain (an alphanumeric string of up to 43 characters in length).
Page 422: Show Ethernet Cfm Statistics
show ethernet cfm statistics Use the show ethernet cfm maintenance-points remote command in Privileged EXEC mode to display the CFM statistics. Syntax domain-name show ethernet cfm statistics [domain | level Parameter Description Parameter Description domain-name Name of the maintenance domain (an alphanumeric string of up to 43 characters in length).
Page 423: Debug Cfm
Out-of-order Loopback Replies received: 0 Bad MSDU Loopback Replies received Loopback Replies transmitted Unexpected LTR's received ------------------------------------------------------------------ Statistics for 'Domain: domain1, Level: 1, Vlan: 11, MEP Id: 2' ------------------------------------------------------------------ Out-of-sequence CCM's received CCM's transmitted In-order Loopback Replies received Out-of-order Loopback Replies received: 5 Bad MSDU Loopback Replies received Loopback Replies transmitted Unexpected LTR's received...
Page 424 Parameter Description Parameter Description event CFM events CFM PDUs Continuity check messages Link trace messages Loopback messages Transmit only Receive only Everything Default Configuration This command has no default configuration. Command Mode Privileged EXEC User Guidelines This command has no user guidelines. Example Console# show ethernet cfm statistics ------------------------------------------------------------------...
Page 425 Unexpected LTR's received ------------------------------------------------------------------ Statistics for 'Domain: domain1, Level: 1, Vlan: 11, MEP Id: 2' ------------------------------------------------------------------ Out-of-sequence CCM's received CCM's transmitted In-order Loopback Replies received Out-of-order Loopback Replies received: 5 Bad MSDU Loopback Replies received Loopback Replies transmitted Unexpected LTR's received ------------------------------------------------------------------ Statistics for 'Domain: domain1, Level: 1, Vlan: 11, MEP Id: 3' ------------------------------------------------------------------...
Page 426 Ethernet CFM Commands...
Page 427: Gvrp Commands
GVRP Commands GARP VLAN Registration Protocol (GVRP) is used to propagate VLAN membership information throughout the network. GVRP is based on the Generic Attribute Registration Protocol (GARP), which defines a method of propagating a defined attribute (that is, VLAN membership) throughout the network.
Page 428: Garp Timer
Syntax unit/slot/port port- clear gvrp statistics [{gigabitethernet | port-channel channel-number | tengigabitethernet unit/slot/port }] Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example clears all the GVRP statistics information on port 1/0/8.
Page 429: Gvrp Enable (Global)
Default Configuration The default timer values are as follows: • Join timer — 20 centiseconds • Leave timer — 60 centiseconds • Leaveall timer — 1000 centiseconds Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines relationships The following for the various timer values must be maintained: •...
Page 430: Gvrp Enable (Interface)
Default Configuration GVRP is globally disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example globally enables GVRP on the device. console(config)#gvrp enable gvrp enable (interface) Use the gvrp enable command in Interface Configuration mode to enable GVRP on an interface.
Page 431: Gvrp Registration-Forbid
Membership in untagged VLAN would be propagated in a same way as a tagged VLAN. In such cases it is the administrator’s responsibility to set the PVID to be the untagged VLAN VID. Example The following example enables GVRP on gigabit ethernet 1/0/8. console(config)#interface gigabitethernet 1/0/8 console(config-if-1/0/8)#gvrp enable gvrp registration-forbid...
Page 432: Gvrp Vlan-Creation-Forbid
console(config-if-1/0/8)#gvrp registration-forbid gvrp vlan-creation-forbid Use the gvrp vlan-creation-forbid command in Interface Configuration mode to disable dynamic VLAN creation. To disable dynamic VLAN creation, use the no form of this command. Syntax gvrp vlan-creation-forbid no gvrp vlan-creation-forbid Default Configuration By default, dynamic VLAN creation is enabled. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode...
Page 433 Syntax unit/slot/port port- show gvrp configuration [{gigabitethernet | port-channel channel-number | tengigabitethernet unit/slot/port } ] Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example shows how to display GVRP configuration information: console# show gvrp configuration Global GVRP Mode: Disabled...
Page 434: Show Gvrp Error-Statistics
show gvrp error-statistics Use the show gvrp error-statistics command in User EXEC mode to display GVRP error statistics. Syntax unit/slot/port port- show gvrp error-statistics [{gigabitethernet | port-channel channel-number | tengigabitethernet unit/slot/port }] Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines...
Page 435: Show Gvrp Statistics
1/0/3 1/0/4 show gvrp statistics Use the show gvrp statistics command in User EXEC mode to display GVRP statistics. Syntax unit/slot/port port- show gvrp statistics [{gigabitethernet | port-channel channel-number | tengigabitethernet unit/slot/port }] Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines...
Page 436 1/0/1 1/0/2 1/0/3 1/0/4 1/0/5 1/0/6 1/0/7 1/0/8 GVRP Commands...
Page 437: Igmp Snooping Commands
IGMP Snooping Commands Snooping of Internet Group Management Protocol (IGMP) messages is a feature that allows PowerConnect switches to forward multicast traffic intelligently on the switch. Multicast IP traffic is traffic that is destined to a host group. Host groups are identified by class D IP addresses, which range from 224.0.0.0 to 239.255.255.255.
Page 438: Commands In This Chapter
interface within a specified length of time (multicast router present expiration time), that interface is removed from the list of interfaces with multicast routers attached. The multicast router present expiration time is configurable using management. The default value for the multicast router expiration time is zero, which indicates an infinite timeout (that is, no expiration).
Page 439: Ip Igmp Snooping (Interface)
User Guidelines IGMP snooping is enabled on static VLANs only and is not enabled on Private VLANs or their community VLANs. Example The following example globally enables IGMP snooping. console(config)# ip igmp snooping ip igmp snooping (interface) Use the ip igmp snooping command in Interface Configuration mode to enable Internet Group Management Protocol (IGMP) snooping on a specific interface.
Page 440: Ip Igmp Snooping Host-Time-Out
ip igmp snooping host-time-out Use the ip igmp snooping host-time-out command in Interface Configuration mode to configure the host-time-out. If an IGMP report for a Multicast group is not received for a host time-out period from a specific port, this port is deleted from the member list of that Multicast group. To reset to the default host time-out, use the no form of this command.
Page 441: Ip Igmp Snooping Mrouter-Time-Out
IGMP leave was received from a specific port, the current port is deleted from the member list of that Multicast group. To configure the default leave-time- out, use the no form of this command. Syntax time-out ip igmp snooping leave-time-out [ | immediate-leave] no ip igmp snooping leave-time-out time-out —...
Page 442: Show Ip Igmp Snooping
Syntax time-out ip igmp snooping mrouter-time-out no ip igmp snooping mrouter-time-out time-out — mrouter timeout in seconds for IGMP. (Range: 1–3600) • Default Configuration The default value is 300 seconds. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines This command has no user guidelines.
Page 443: Show Ip Igmp Snooping Groups
Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC User Guidelines This command has no user guidelines. show ip igmp snooping groups Use the show ip igmp snooping groups command in User EXEC mode to display the Multicast groups learned by IGMP snooping.
Page 444: Show Ip Igmp Snooping Interface
---- ----------- ------- 224-239.130 | 2.2.3 1/0/1, 2/0/2 224-239.130 | 2.2.8 1/0/9-1/0/11 IGMP Reporters that are forbidden statically: --------------------------------------------- Vlan IP Address Ports ---- ------------------ ------------------- 224-239.130 | 2.2.3 1/0/19 show ip igmp snooping interface Use the show ip igmp snooping interface command in Privileged EXEC mode to display the IGMP snooping configuration.
Page 445: Show Ip Igmp Snooping Mrouter
IGMP Snooping Admin Mode....Disabled Fast Leave Mode......Disabled Group Membership Interval....260 Max Response Time......10 Multicast Router Present Expiration Time..300 show ip igmp snooping mrouter Use the show ip igmp snooping mrouter command in Privileged EXEC mode to display information on dynamically learned Multicast router interfaces.
Page 446: Ip Igmp Snooping Fast-Leave
Syntax vlan-id ip igmp snooping no ip igmp snooping Default Configuration IGMP snooping is disabled on VLAN interfaces by default. Command Mode VLAN Configuration mode User Guidelines This command has no user guidelines. Example The following example enables IGMP snooping on VLAN 2. console#vlan database console(config-vlan)#ip igmp snooping 2 ip igmp snooping fast-leave...
Page 447: Ip Igmp Snooping Groupmembership-Interval
no ip igmp snooping fast-leave vlan id — Number assigned to the VLAN. • Default Configuration IGMP snooping fast-leave mode is disabled on VLANs by default. Command Mode VLAN Configuration mode User Guidelines This command has no user guidelines. Example The following example enables IGMP snooping fast-leave mode on VLAN 2.
Page 448: Ip Igmp Snooping Maxresponse
Default Configuration The default group membership interval time is 260 seconds. Command Mode VLAN Configuration mode User Guidelines This command has no user guidelines. Example The following example configures an IGMP snooping group membership interval of 520 seconds. console(config-vlan)#ip igmp snooping groupmembership-interval 2 520 ip igmp snooping maxresponse This command sets the IGMP Maximum Response time on a particular...
Page 449: Ip Igmp Snooping Mcrtrexpiretime
Command Mode VLAN Configuration mode User Guidelines When using IGMP Snooping Querier, this parameter should be less than the value for the IGMP Snooping Querier query interval. Example The following example sets the maximum response time to 60 seconds on VLAN 2.
Page 450 User Guidelines The mcrexpiretime should be less than the group membership interval. Example The following example sets the multicast router present expiration time on VLAN 2 to 60 seconds. console(config-vlan)#ip igmp mcrtexpiretime 2 60 IGMP Snooping Commands...
Page 451: Igmp Snooping Querier Commands
IGMP Snooping Querier Commands The IGMP/MLD Snooping Querier is an extension to the IGMP/MLD Snooping feature. IGMP/MLD Snooping Querier allows the switch to simulate an IGMP/MLD router in a Layer 2-only network, thus removing the need to have an IGMP/MLD Router to collect and refresh the multicast group membership information.
Page 452 source address when generating periodic queries. The no form of this command disables IGMP Snooping Querier on the system. Use the optional address parameter to set or reset the querier address. If a VLAN has IGMP Snooping Querier enabled, and IGMP Snooping is operationally disabled on it, IGMP Snooping Querier functionality is disabled on that VLAN.
Page 453: Ip Igmp Snooping Querier Election Participate
Example The following example enables IGMP snooping querier in VLAN Configuration mode. console(config-vlan)#ip igmp snooping querier 1 address 10.19.67.1 ip igmp snooping querier election participate This command enables the Snooping Querier to participate in the Querier Election process when it discovers the presence of another Querier in the VLAN.
Page 454: Ip Igmp Snooping Querier Query-Interval
console#vlan database console(config-vlan)#ip igmp snooping querier election participate ip igmp snooping querier query-interval This command sets the IGMP Querier Query Interval time, which is the amount of time in seconds that the switch waits before sending another periodic query. The no form of this command sets the IGMP Querier Query Interval time to its default value.
Page 455: Ip Igmp Snooping Querier Timer Expiry
ip igmp snooping querier timer expiry This command sets the IGMP Querier timer expiration period which is the time period that the switch remains in Non-Querier mode after it has discovered that there is a Multicast Querier in the network. The no form of this command sets the IGMP Querier timer expiration period to its default value.
Page 456: Show Ip Igmp Snooping Querier
Syntax version ip igmp snooping querier version no ip igmp snooping querier version version — IGMP version. (Range: 1–2) • Default Configuration The querier version default is 2. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example sets the IGMP version of the querier to 1.
Page 457 Parameter Description Admin Mode Indicates whether or not IGMP Snooping Querier is active on the switch. Admin Version Indicates the version of IGMP that will be used while sending out the queries. Source IP Address Shows the IP address that is used in the IPv4 header when sending out IGMP queries.
Page 458 Parameter Description Elected Querier Indicates the IP address of the Querier that has been designated as the Querier based on its source IP address. This field will be 0.0.0.0 when Querier Election Participate mode is disabled. When the optional argument detail is used, the command shows the global information and the information for all Querier enabled VLANs.
Page 459: Ip Addressing Commands
IP Addressing Commands Interfaces on the PowerConnect switches support a variety of capabilities to support management of the switch. In addition to performing switching and routing of network traffic, PowerConnect switches act as a host for management of the switch. Commands in this category allow the network operator to configure the local host address, utilize the embedded DHCP client to obtain an address, resolve names to addresses using DNS servers, and detect address conflicts on the local subnet.
Page 460: Clear Host
clear host Use the clear host command in Privileged EXEC mode to delete entries from the host name-to-address cache. Syntax name clear host { | *} name — Host name to be deleted from the host name-to-address cache. • (Range: 1-255 characters) •...
Page 461: Interface Out-Of-Band
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example console# console#configure console(config)#clear ip address-conflict-detect interface out-of-band Use the interface out-of-band command to bring up the OOB port configuration menu.
Page 462: Ip Address (Out-Of-Band)
console(config-if)# ip address (Out-of-Band) Use the ip address command in Interface Configuration mode to set an IP address for the service port. Use the no form of this command to return the ip address configuration to its default value. Syntax ip-address mask prefix-length...
Page 463: Ip Address-Conflict-Detect Run
User Guidelines When setting the netmask/prefix length on an IPv4 address, a space is required between the address and the mask or prefix length. Setting an IP address on the out-of-band port enables switch management over the service port. Example The following examples configure the service port with IP address 131.108.1.27 and subnet mask 255.255.255.0 and the same IP address with prefix length of 24 bits.
Page 464: Ip Address Dhcp (Interface Config)
User Guidelines This command has no user guidelines. Example console# console#configure console(config)#ip address-conflict-detect run ip address dhcp (Interface Config) Use the ip address dhcp command in Interface (VLAN) Configuration mode to enable the DHCPv4 client on an interface. Syntax ip address dhcp no ip address dhcp Parameter Description This command does not require a parameter description.
Page 465: Ip Default-Gateway
The command no ip address removes the interface’s primary address only • if configured through DHCP and sets the interface method to None. It does not remove a manually configured address. In addition to leasing an IP address and subnet mask, the DHCP client may learn the following parameters from a DHCP server: •...
Page 466: Ip Domain-Lookup
Default Configuration No default gateway is defined. Command Mode Global Configuration mode User Guidelines When the system does not have a more specific route to a packet’s destination, it sends the packet to the default gateway. The system installs a default IPv4 route with the gateway address as the next hop address.
Page 467: Ip Domain-Name
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enables the IP Domain Naming System (DNS)-based host name-to-address translation. console(config)#ip domain-lookup ip domain-name Use the ip domain-name command in Global Configuration mode to define a default domain name used to complete unqualified host names.
Page 468: Ip Host
Example The following example defines a default domain name of dell.com. console(config)#ip domain-name dell.com ip host Use the ip host command in Global Configuration mode to define static host name-to-address mapping in the host cache. To delete the name-to-address mapping, use the no form of this command.
Page 469: Ip Name-Server
ip name-server Use the ip name-server command in Global Configuration mode to define available IPv4 or IPv6 name servers. To delete a name server, use the no form of this command. Syntax server-address1 server-address2 … server-address8 ip name-server server-address1 … server-address8 no ip name-server [ server-address —...
Page 470 Syntax prefix/prefix-length ipv6 address { [eui64] | autoconfig | dhcp } no ipv6 address prefix —Consists of the bits of the address to be configured. • prefix-length —Designates how many of the high-order contiguous bits of • the address make up the prefix. •...
Page 471: Ipv6 Address Dhcp
Configure a default gateway on vlan 10 console(config)#no ipv6 address autoconfig console(config)#no ipv6 address 2003::6/64 console(config)#no ipv6 address 2001::/64 eui64 console(config)#no ipv6 address ipv6 address dhcp Use the ipv6 address dhcp command in Interface (VLAN) Configuration mode to enable the DHCPv6 client on an IPv6 interface. Syntax ipv6 address dhcp no ipv6 address dhcp...
Page 472: Ipv6 Enable
Use the no ipv6 address dhcp command to release a leased address and to disable DHCPv6 on an interface. The command no ipv6 address does not disable the DHCPv6 client on the interface. This command will fail if DHCPv6 server has been configured on the interface.
Page 473: Show Arp Switch
show arp switch Use the show arp switch command in Privileged EXEC mode to display the ARP cache entries learned on the management port. Syntax show arp switch Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines NOTE: This command only shows ARP entries used by the management interface.
Page 474: Show Ip Address-Conflict
• Host name. (Range: 1–255 characters). The command allows spaces in the host name when specified in double quotes. For example, console(config)#snmp-server host "host name" Default Configuration This command has no default configuration. Command Mode User EXEC mode User Guidelines This command has no user guidelines.
Page 475 Parameter Description This command does not require a parameter description. Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC mode User Guidelines This command has no user guidelines. The command provides the following information. Term Description Address Conflict Whether the switch has detected an address conflict on any IP...
Page 476: Show Ip Helper-Address
Address Conflict Detection Status..No Conflict Detected show ip helper-address Use the show ip helper-address command in Privileged EXEC mode to display IP helper addresses configuration. Syntax intf-address show ip helper-address [ intf-address — IP address of a routing interface. (Range: Any valid IP •...
Page 477: Ipv6 Access List Commands
IPv6 Access List Commands Access to a switch or router can be made more secure through the use of Access Control Lists (ACLs) to control the type of traffic allowed into or out of specific ports. An ACL consists of a series of rules, each of which describes the type of traffic to be processed and the actions to take for packets that meet the classification criteria.
Page 478: Deny | Permit} (Ipv6 Acl)
deny permit (IPv6 ACL) This command creates a new rule for the current IPv6 access list. Each rule is appended to the list of configured rules for the list. A rule may either deny or permit traffic according to the specified classification fields.
Page 479 Parameter Description every Allows all protocols. icmpv6 | ipv6 | tcp Protocol to match, specified as keywords icmp, igmp, ipv6, tcp, | udp | udp or as a standard protocol number from 1–255. protocolnumber any | sourceipv6 any matches any source IP address. Or, you can specify a source prefix/ IPv6 addressed expressed as a prefix/prefixlength.
Page 480: Ipv6 Access-List
Default Configuration This command has no default configuration. Command Mode IPv6-Access-List Configuration mode User Guidelines Users are permitted to add rules, but if a packet does not match any user- specified rules, the packet is dropped by the implicit “deny all” rule. The 'no' form of this command is not supported, since the rules within an IPv6 ACL cannot be deleted individually.
Page 481: Ipv6 Access-List Rename
Syntax name ipv6 access-list name no ipv6 access-list name — Alphanumeric string of 1 to 31 characters uniquely identifying • the IPv6 access list. Default Configuration There is no default configuration for this command. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command Example The following example creates an IPv6 ACL named "DELL_IP6"...
Page 482: Ipv6 Traffic-Filter
Default Configuration There is no default configuration for this command. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(Config)#ipv6 access-list rename DELL_IP6 DELL_IP6_NEW_NAME ipv6 traffic-filter The ipv6 traffic-filter command either attaches a specific IPv6 Access Control List (ACL) to an interface or associates it with a VLAN ID in a given direction.
Page 483: Show Ipv6 Access-Lists
seq-num — Order of access list relative to other access lists sequence • already assigned to this interface and direction. (Range: 1–4294967295) Default Configuration This command has no default configuration. Command Modes Global Configuration mode Interface Configuration (Ethernet, Port-channel, VLAN) mode User Guidelines This command specified in 'Interface Config' mode only affects a single interface, whereas the 'Global Config' mode setting is applied to all interfaces.
Page 484 Parameter Description Rule Status Status (Active/Inactive) of the IPv6 ACL rule. Default Configuration There is no default configuration for this command. Command Mode User EXEC, Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example The following example displays configuration information for the IPv6 ACLs. console#show ipv6 access-lists Current number of all ACLs: 1 Maximum number of all ACLs: 100...
Page 485 Action......... permit Protocol........255(ipv6) Source IP Address......2001:DB8::/32 The command output provides the following information: Field Description Rule Number The ordered rule number identifier defined within the IPv6 ACL. Action Displays the action associated with each rule. The possible values are Permit or Deny.
Page 486 IPv6 Access List Commands...
Page 487: Ipv6 Mld Snooping Commands
IPv6 MLD Snooping Commands In IPv6, Multicast Listener Discover (MLD) snooping performs functions similar to IGMP snooping in IPv4. With MLD snooping, IPv6 multicast data is selectively forwarded to a list of ports that want to receive the data, instead of being flooded to all ports in a VLAN.
Page 488: Ipv6 Mld Snooping Immediate-Leave
ipv6 mld snooping immediate-leave The ipv6 mld snooping immediate-leave command enables or disables MLD Snooping snooping immediate-leave admin mode on a selected interface or VLAN. Enabling fast-leave allows the switch to immediately remove the layer 2 LAN interface from its forwarding table entry upon receiving an MLD done message for that multicast group without first sending out MAC-based general queries to the interface.
Page 489: Ipv6 Mld Snooping Groupmembership-Interval
ipv6 mld snooping groupmembership-interval The ipv6 mld snooping groupmembership-interval command sets the MLD Group Membership Interval time on a VLAN or interface. The Group Membership Interval time is the amount of time in seconds that a switch waits for a report from a particular group on a particular interface before deleting the interface from the entry.
Page 490: Ipv6 Mld Snooping Mcrtexpiretime
interface because it did not receive a report for a particular group in that interface. This value must be less than the MLD Query Interval time value. The range is 1 to 3599 seconds. Syntax ipv6 mld snooping maxresponse [vlan-id] [seconds] no ipv6 mld snooping maxresponse [vlan-id] vlan_id —...
Page 491: Ipv6 Mld Snooping (Global)
vlan-id no ipv6 mld snooping mcrtexpiretime [ vlan_id — Specifies a VLAN ID value in VLAN Database mode. • seconds — multicast router present expiration time in seconds. (Range: • 1–3600) Default Configuration The default multicast router present expiration time is 300 seconds. Command Mode Interface Configuration mode.
Page 492: Ipv6 Mld Snooping (Interface)
User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 mld snooping ipv6 mld snooping (Interface) The ipv6 mld snooping (Interface) command enables MLD Snooping on an interface. If an interface has MLD Snooping enabled and it becomes a member of a port-channel (LAG), MLD Snooping functionality is disabled on that interface.
Page 493: Ipv6 Mld Snooping (Vlan)
Syntax ipv6 mld snooping no ipv6 mld snooping Default Configuration MLD Snooping is disabled. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode. User Guidelines There are no user guidelines for this command. Example console(config-if-4/0/1)#ipv6 mld snooping ipv6 mld snooping (VLAN) The ipv6 mld snooping (VLAN) command enables MLD Snooping on a particular VLAN and enables MLD snooping on all interfaces participating in a VLAN.
Page 494: Show Ipv6 Mld Snooping
User Guidelines There are no user guidelines for this command. Example console(config-vlan)#ipv6 mld snooping 1 show ipv6 mld snooping The show ipv6 mld snooping command displays MLD Snooping information. Configured information is displayed whether or not MLD Snooping is enabled. Syntax unit/slot/port show ipv6 mld snooping [interface {{gigabitethernet...
Page 495: Show Ipv6 Mld Snooping Groups
• VLANs Enabled for MLD Snooping — VLANs on which MLD Snooping is enabled. When you specify an interface or VLAN, the following information displays: • MLD Snooping Admin Mode — Indicates whether MLD Snooping is active on the interface or VLAN. •...
Page 496 Command Mode Privileged EXEC mode. User Guidelines To see the full Multicast address table (including static addresses) use the show bridge address-table command. Example console#show ipv6 mld snooping groups Vlan Ipv6 Address Type Ports ---- ----------------------- ------- --------------------------- 3333.0000.0003 Dynamic 1/0/1,1/0/3 3333.0000.0004 Dynamic...
Page 497 Vlan Ipv6 Address Ports ---- ----------------------- ------------------------------------ IPv6 MLD Snooping Commands...
Page 498 IPv6 MLD Snooping Commands...
Page 499: Ipv6 Mld Snooping Querier Commands
IPv6 MLD Snooping Querier Commands IGMP/MLD Snooping Querier is an extension of the IGMP/MLD Snooping feature. IGMP/MLD Snooping Querier allows the switch to simulate an IGMP/MLD router in a Layer 2-only network, thus removing the need to have an IGMP/MLD Router to collect the multicast group membership information.
Page 500: Ipv6 Mld Snooping Querier (Vlan Mode)
ipv6 mld snooping querier Use the ipv6 mld snooping querier command to enable MLD Snooping Querier on the system. Use the "no" form of this command to disable MLD Snooping Querier. Syntax ipv6 mld snooping querier no ipv6 mld snooping querier Default Configuration MLD Snooping Querier is disabled by default.
Page 501: Ipv6 Mld Snooping Querier Address
Command Mode VLAN Database mode User Guidelines There are no user guidelines for this command. Example console(config-vlan)#ipv6 mld snooping querier 10 ipv6 mld snooping querier address Use the ipv6 mld snooping querier address command to set the global MLD Snooping Querier address. Use the "no" form of this command to reset the global MLD Snooping Querier address to the default.
Page 502: Ipv6 Mld Snooping Querier Election Participate
ipv6 mld snooping querier election participate Use the ipv6 mld snooping querier election participate command to enable the Snooping Querier to participate in the Querier Election process when it discovers the presence of another Querier in the VLAN. When this mode is enabled, if the Snooping Querier finds that the other Querier's source address is higher than the Snooping Querier's address, it stops sending periodic queries.
Page 503: Ipv6 Mld Snooping Querier Timer Expiry
Syntax interval ipv6 mld snooping querier query-interval ipv6 mld snooping querier query-interval interval — Amount of time that the switch waits before sending another • general query. (Range: 1–1800 seconds) Default Configuration The default query interval is 60 seconds. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command...
Page 504: Show Ipv6 Mld Snooping Querier
Default Configuration The default timer expiration period is 60 seconds. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 mld snooping querier timer expiry 222 show ipv6 mld snooping querier Use the show ipv6 mld snooping querier command to display MLD Snooping Querier information.
Page 505 MLD Snooping Querier Indicates whether or not MLD Snooping Querier is Mode active on the switch. Querier Address Shows the IP Address which will be used in the IPv6 header while sending out MLD queries. MLD Version Indicates the version of MLD that will be used while sending out the queries.
Page 506 Last Querier Address Indicates the IP address of the most recent Querier from which a Query was received. MLD Version Indicates the version of MLD. IPv6 MLD Snooping Querier Commands...
Page 507: Ip Source Guard Commands
IP Source Guard Commands NOTE: IP Source Guard commands are supported by PCM8024. IP Source Guard (IPSG) is a security feature that filters IP packets based on source ID. The source ID may either be source IP address or a {source IP address, source MAC address} pair.
Page 508: Ip Verify Source Port-Security
Syntax ip verify source Default Configuration By default, IPSG is disabled on all interfaces. Command Mode Interface Configuration mode User Guidelines This command has no user guidelines. Example console(config-if-Gi1/0/1)#ip verify source ip verify source port-security Use the ip verify source port-security command in Interface Configuration mode to enable filtering of IP packets matching the source IP address and the source MAC address.
Page 509: Ip Verify Binding
Example console(config-if-1/0/1)#ip verify source port- security ip verify binding Use the ip verify binding command in Global Configuration mode to configure static bindings. Use the no form of the command to remove the IPSG entry. Syntax macaddr vlan ipaddr interface ip verify binding Default Configuration By default, there will not be any static bindings configured.
Page 510: Show Ip Verify Source Interface
Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example console#show ip verify interface gigabitethernet 1/0/1 show ip verify source interface Use the show ip verify source interface command in Privileged EXEC mode to display the bindings configured on a particular interface.
Page 511 Syntax show ip source binding Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example console#show ip source binding IP Source Guard Commands...
Page 512 IP Source Guard Commands...
Page 513: Iscsi Optimization Commands
NOTE: The iSCSI commands are only supported on the PCM6348, PCM8024, and PCM8024-k switches. The commands will have different capabilties depending on the switch. CLI commands and Dell OpenManage Switch Administrator pages are not available for other switch models. iSCSI Optimization provides a means of performing configuration specific to storage traffic and optionally giving traffic between iSCSI initiator and target systems special Quality of Service (QoS) treatment.
Page 514: Commands In This Chapter
QoS treatment is accomplished by monitoring traffic to detect packets used by iSCSI stations to establish iSCSI sessions and connections. Data from these exchanges is used to create classification rules that assign the traffic between the stations to a configured traffic class. Packets in the flow are queued and scheduled for egress on the destination port based on these rules.
Page 515: Iscsi Cos
User Guidelines Changing the aging time has the following behavior: • When aging time is increased, current sessions will be timed out according to the new value. • When aging time is decreased, any sessions that have been dormant for a time exceeding the new setting will be immediately deleted from the table.
Page 516 Parameter Description remark Mark the iSCSI frames with the configured DSCP when egressing the switch. Default Configuration By default, frames are not remarked. The default vpt setting for iSCSI is 5, which the default classofservice dot1p mapping assigns to queue 2. Command Mode Global Configuration mode.
Page 517: Iscsi Enable
Example The following example configures iSCSI packets to receive CoS treatment using DiffServ Code Point AF 41 and configures remarking of transmitted iSCSI packets. console(config)#iscsi cos dscp 10 remark iscsi enable The iscsi enable command globally enables iSCSI globally. To disable iSCSI awareness use the no form of this command.
Page 518: Iscsi Target Port
Example The following example iSCSI is globally enabled. console(config)#iscsi enable iscsi target port Use the iscsi target port command in Global Configuration mode to configure iSCSI port(s), target addresses and names. To delete iSCSI port(s) or target ports, use the no form of this command. Syntax tcp-port-1 tcp-port-2.…...
Page 519: Show Iscsi
Default Configuration iSCSI well-known ports 3260 and 860 are configured by default but can be removed as any other configured target. Command Mode Global Configuration mode. User Guidelines • When working with private iSCSI ports (not IANA assigned iSCSI ports 3260/860), it is recommended to specify the target IP address as well, so the switch will only snoop frames with which the TCP destination port is one of the configured TCP ports, AND their destination IP is the target's...
Page 520 Syntax show iscsi Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode. User Guidelines There are no user guidelines for this command. Example The following example displays the iSCSI configuration. console#show iscsi iSCSI enabled iSCSI CoS enabled iSCSI vpt is 5 Session aging time: 10 min...
Page 521: Show Iscsi Sessions
Index TCP Port IP Address IP Address Mask TCP Port Target IP Address Name show iscsi sessions Use the show iscsi sessions command in Privileged EXEC mode to display the iSCSI status. Syntax show iscsi sessions [detailed] • detailed — Displayed list has additional data when this option is used. Default Configuration If not specified, sessions are displayed in short mode (not detailed).
Page 522 ----------------------------------------------------- Target: iqn.103-1.com.storage-vendor:sn.43338. storage.tape:sys1.xyz Session 3: Initiator: iqn.1992-04.com.os-vendor.plan9:cdrom.12 Session 4: Initiator: iqn.1995-05.com.os-vendor.plan9:cdrom.10 Console# show iscsi sessions detailed Target: iqn.1993-11.com.disk- vendor:diskarrays.sn.45678 ----------------------------------------------------- Session 1: Initiator: iqn.1992-04.com.os vendor.plan9:cdrom.12.storage:sys1.xyz ----------------------------------------------------- Time started: 17-Jul-2008 10:04:50 Time for aging out: 10 min ISID: 11 Initiator Initiator Target Target IP address TCP port IP address IP port 172.16.1.3 49154 172.16.1.20 30001 172.16.1.4 49155 172.16.1.21 30001...
Page 523 ----------------------------------------------------- Initiator: iqn.1995-05.com.os-vendor.plan9:cdrom.10 Time started: 17-Aug-2008 21:04:50 Time for aging out: 2 min ISID: 22 Initiator Initiator Target Target IP address TCP port IP address IP port 172.16.1.30 49200 172.16.1.20 30001 172.16.1.30 49201 172.16.1.21 30001 iSCSI Optimization Commands...
Page 524 iSCSI Optimization Commands...
Page 525: Link Dependency Commands
Link Dependency Commands Link dependency allows the link status of a group of interfaces to be made dependent on the link status of other interfaces. The effect is that the link status of a group that depends on another interface either mirrors or inverts the link status of the depended-on interface.
Page 526: Link-Dependency Group
Default Configuration The default configuration for a group is down, i.e. the group members will mirror the depended-on link status by going down when all depended-on interfaces are down. Command Mode Link Dependency mode User Guidelines The action up command will cause the group members to be up when no depended-on interfaces are up.
Page 527: Add Gigabitethernet
Example console(config)#link-dependency group 1 console(config-linkDep-group-1)# add gigabitethernet Use this command to add member gigabit Ethernet port(s) to the dependency list. Syntax intf-list add gigabitethernet intf-list — List of Ethernet interfaces in unit/slot/port format. Separate • nonconsecutive ports with a comma and no spaces. Use a hyphen to designate the range of ports.
Page 528: Add Port-Channel
intf-list — List of Ethernet interfaces in unit/slot/port format. Separate • nonconsecutive ports with a comma and no spaces. Use a hyphen to designate the range of ports. (Range: Valid Ethernet interface list or range) Default Configuration This command has no default configuration. Command Mode Link Dependency mode User Guidelines...
Page 529: Depends-On
Command Mode Link Dependency mode User Guidelines No specific guidelines Example console(config-depend-1)#add port-channel 10-12 depends-on Use this command command to add the dependent Ethernet ports or port channels list. Use the no depends-on command to remove the dependent Ethernet ports or port-channels list. Syntax intf-list depends-on {gigabitethernet | port-channel | tengigabitethernet}...
Page 530: Show Link-Dependency
Examples console(config-linkDep-group-1)#depends-on gigabitethernet 1/0/10 console(config-linkDep-group-1)#depends-on port- channel 6 show link-dependency Use the show link-dependency command to show the link dependencies configured for a particular group. If no group is specified, then all the configured link-dependency groups are displayed. Syntax group GroupId show link-dependency [ GroupId —...
Page 531 The following command shows link dependencies for group 2 only. console#show link-dependency group 2 GroupId Member Ports Ports Depended On ------- ---------------------- ---------------------------------- 1/0/1-4 1/0/8-9 Link Dependency Commands...
Page 532 Link Dependency Commands...
Page 533: Lldp Commands
LLDP Commands The IEEE 802.1AB standard defines the Link Layer Discovery Protocol (LLDP). This protocol allows stations residing on an 802 LAN to advertise major capabilities, physical descriptions, and management information to physically adjacent devices, allowing a network management system (NMS) to access and display this information.
Page 534: Commands In This Chapter
The receive function accepts incoming LLDPDU frames and stores information about the remote stations. Both local and remote data may be displayed by the user interface and retrieved using SNMP as defined in the LLDP MIB definitions. The component maintains one remote entry per physical network connection.
Page 535: Clear Lldp Statistics
Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays how to clear the LLDP remote data. console#clear lldp remote-data clear lldp statistics Use the clear lldp statistics command in Privileged EXEC mode to reset all LLDP statistics.
Page 536: Lldp Notification
lldp notification Use the lldp notification command in Interface Configuration mode to enable remote data change notifications. To disable notifications, use the no form of this command. Syntax lldp notification no lldp notification Default Configuration By default, notifications are disabled on all supported interfaces. Command Mode Interface Configuration (Ethernet) mode User Guidelines...
Page 537: Lldp Receive
• interval — The smallest interval in seconds at which to send remote data change notifications. (Range: 5–3600 seconds) Default Configuration The default value is 5 seconds. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example displays how to set the interval value to 10 seconds.
Page 538: Lldp Timers
Example The following example displays how to enable the LLDP receive capability. console(config-if-1/0/3)#lldp receive lldp timers Use the lldp timers command in Global Configuration mode to set the timing parameters for local data transmission on ports enabled for LLDP . To return any or all parameters to factory default, use the no form of this command.
Page 539: Lldp Transmit
Examples The following example displays how to configure LLDP to transmit local information every 1000 seconds. console(config)#lldp timers interval 1000 The following example displays how to set the timing parameter at 1000 seconds with a hold multiplier of 8 and a 5 second delay before re- initialization.
Page 540: Lldp Transmit-Mgmt
lldp transmit-mgmt Use the lldp transmit-mgmt command in Interface Configuration mode to include transmission of the local system management address information in the LLDPDUs. To cancel inclusion of the management information, use the no form of this command. Syntax lldp transmit-mgmt no lldp transmit-mgmt Default Configuration By default, management address information is not included.
Page 541: Show Lldp
sys-name — Transmits the system name TLV • sys-desc — Transmits the system description TLV • • sys-cap — Transmits the system capabilities TLV • port desc — Transmits the port description TLV Default Configuration By default, no optional TLVs are included. Command Mode Interface Configuration (Ethernet) mode User Guidelines...
Page 542: Show Lldp Interface
User Guidelines This command has no user guidelines. Example The following example displays the current LLDP configuration summary. console# show lldp Global Configurations: Transmit Interval: 30 seconds Transmit TTL Value: 120 seconds Reinit Delay: 2 seconds Notification Interval: limited to every 5 seconds console#show lldp LLDP transmit and receive disabled on all interfaces show lldp interface...
Page 543: Show Lldp Local-Device
Examples This example show how the information is displayed when you use the command with the all parameter. console#show lldp interface all Interface Link Transmit Receive Notify TLVs Mgmt --------- ---- -------- -------- -------- ------- ---- 1/0/1 Enabled Enabled Enabled 0,1,2,3 1/0/2 Down Enabled...
Page 544 Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Examples These examples show advertised LLDP local data in two levels of detail. console#show lldp local-device all LLDP Local Device Summary Interface Port ID Port Description...
Page 545: Show Lldp Remote-Device
System Capabilities Enabled: bridge Management Address: Type: IPv4 Address: 192.168.17.25 — — — show lldp remote-device Use the lldp remote-device command in Privileged EXEC mode to display the current LLDP remote data. This command can display summary information or detail for each interface. Syntax interface interface...
Page 546: Show Lldp Statistics
Local Remote Interface Device ID Port ID TTL --------- ----------------- ----------------- ---------- 1/0/1 01:23:45:67:89:AB 01:23:45:67:89:AC 60 seconds 1/0/2 01:23:45:67:89:CD 01:23:45:67:89:CE 120 seconds 1/0/3 01:23:45:67:89:EF 01:23:45:67:89:FG 80 seconds console# show lldp remote-device detail 1/0/1 Ethernet1/0/1, Remote ID: 01:23:45:67:89:AB System Name: system-1 System Description: System Capabilities: Bridge Port ID: 01:23:45:67:89:AC...
Page 547: Traffic Statistics
User Guidelines This command has no user guidelines. Examples The following examples shows an example of the display of current LLDP traffic statistics. console#show lldp statistics all LLDP Device Statistics Last Update........0 days 22:58:29 Total Inserts........ 1 Total Deletes........ 0 Total Drops........
Page 548 Fields Description Total Drops Number of times a complete set of information advertised by a remote device could not be inserted due to insufficient resources. Total Ageouts Number of times any remote data entry has been deleted due to time-to-live (TTL) expiration. Transmit Total Total number of LLDP frames transmitted on the indicated port.
Page 549: Multicast Vlan Registration Commands
Multicast VLAN Registration Commands Multicast VLAN registration (MVR) is a method for consolidating multicast traffic from multiple VLANs onto a single VLAN. A typical usage scenario would be the distribution of a multicast group to a switch using a single VLAN where the switch has users in different VLANs subscribing to the multicast group.
Page 550: Commands In This Chapter
Commands in this Chapter This chapter explains the following commands: mvr type mvr group mvr vlan group mvr mode show mvr mvr querytime show mvr members mvr vlan show mvr interface mvr immediate show mvr traffic Use the mvr command in Global Config and Interface Config modes to enable MVR.
Page 551: Mvr Group
mvr group Use the mvr group command in Global Config mode to add an MVR membership group. Use the no form of the command to remove an MVR membership group. Syntax A.B.C.D count mvr group A.B.C.D count no mvr group Parameter Description Parameter Description...
Page 552: Mvr Mode
console(config)#mvr group 239.0.1.0 100 console(config)#mvr vlan 10 mvr mode Use the mvr mode command in Global Config mode to change the MVR mode type. Use the no form of the command to set the mode type to the default value. Syntax mvr mode {compatible | dynamic} no mvr mode...
Page 553 Syntax 1–100 mvr querytime no mvr querytime Parameter Description Parameter Description querytime The query time is a maximum time to wait for an IGMP membership report on a receiver port before removing the port from the multicast group. The query time only applies to receiver ports.
Page 554: Mvr Vlan
mvr vlan Use the mvr vlan command in Global Config mode to set the MVR multicast VLAN. Use the no form of the command to set the MVR multicast VLAN to the default value. Syntax 1–4094 mvr vlan no mvr vlan Parameter Description Parameter Description...
Page 555: Mvr Type
Syntax mvr immediate no mvr immediate Parameter Description This command does not require a parameter description. Default Configuration The default value is Disabled. Command Mode Interface Config User Guidelines Immediate leave should only be configured on ports with a single receiver. When immediate leave is enabled, a receiver port will leave a group on receipt of a leave message.
Page 556 Syntax mvr type { receiver | source } no mvr type Parameter Description Parameter Description receiver Configure the port as a receiver port. Receiver ports are ports over which multicast data will be sent but not received. source Configure the port as a source port. Source ports are ports over which multicast data is received or sent.
Page 557: Mvr Vlan Group
console(config-if-Gi1/0/1)#interface Gi1/0/24 console(config-if-Gi1/0/24)#switchport mode trunk console(config-if-Gi1/0/24)#switchport trunk native vlan 99 console(config-if-Gi1/0/24)#switchport trunk allowed vlan add 99 console(config-if-Gi1/0/24)#mvr console(config-if-Gi1/0/24)#mvr type source console(config-if-Gi1/0/24)#exit mvr vlan group Use the mvr vlan group command in Interface Config mode to participate in the specific MVR group. Use the no form of this command to remove the port participation from the specific MVR group.
Page 558: Show Mvr
User Guidelines This command statically configures a port to receive the specified multicast group on the specified VLAN. This command only applies to receiver ports in compatible mode. It also applies to source ports in dynamic mode. In dynamic mode, receiver ports can also join multicast groups using IGMP messages.
Page 559 Parameter Description MVR Max Multicast Groups The maximum number of multicast groups that is supported by MVR. MVR Current Multicast groups The current number of MVR groups allocated. MVR Query Response Time The current MVR query response time. MVR Mode The current MVR mode.
Page 560: Show Mvr Members
show mvr members Use the show mvr members command in Privileged EXEC mode to display the MVR membership groups allocated. Syntax A.B.C.D show mvr members [ Parameter Description The parameter is a valid multicast address in IPv4 dotted notation. The following table explains the output parameters.
Page 561: Show Mvr Interface
MVR Group IP Status Members ------------------ --------------- --------------------- 224.1.1.1 INACTIVE 1/0/1, 1/0/2, 1/0/3 console#show mvr members 224.1.1.1 MVR Group IP Status Members ------------------ --------------- --------------------- 224.1.1.1 INACTIVE 1/0/1, 1/0/2, 1/0/3 show mvr interface Use the show mvr interface command in Privileged EXEC mode to display the MVR enabled interfaces configuration.
Page 562 Parameter Description Immediate Leave The state of immediate mode. It can be enabled or disabled. Default Configuration This command has no default configuration. Command Mode Privileged EXEC User Guidelines The following table lists the completion messages. Message Type Message Description Successful Completion Message None Error Completion Message...
Page 563: Show Mvr Traffic
show mvr traffic Use the show mvr traffic command in Privileged EXEC mode to display global MVR statistics. Syntax show mvr traffic Parameter Description This command does not require a parameter description. Default Configuration This command has no default configuration. Command Mode Privileged EXEC User Guidelines...
Page 564 Parameter Description IGMP Report V1 Transmitted Number of transmitted IGMP Reports V1. IGMP Report V2 Transmitted Number of transmitted IGMP Reports V2. IGMP Leave Transmitted Number of transmitted IGMP Leaves. IGMP Packet Receive Failures Number of failures on receiving the IGMP packets.
Page 565: Port Aggregator Commands
Port Aggregator Commands This chapter explains the following commands: add ethernet negotiation duplex port-aggregator group minimum active uplinks show bridge address-table mtu disable speed add ethernet Use the add ethernet command to add member Ethernet ports to the Aggregator Group. To remove member Ethernet ports from the Aggregator Group/Zone, use the no form of this command.
Page 566: Duplex
Example console(config)#port-aggregator group 1 console(config-aggregator-1)#add ethernet 1/g1 console(config-aggregator-1)# duplex Use the duplex command in port aggregator configuration mode to configure the full/half duplex operation of all member ports in the aggregator group/zone. To restore the default, use the no form of this command. Syntax [half | full] duplex...
Page 567: Minimum Active Uplinks
minimum active uplinks Use the minimum active uplinks command to set the minimum number of uplinks to be active for the Group. For example, if the number of uplink ports in the group is 2 and the number of internal ports is 4. If the user sets the minimum active uplink ports to be 2, then both the uplink ports should be active;...
Page 568: Negotiation
Syntax mtu disable no mtu disable Default Configuration This command has no default configuration. Command Mode Port Aggregator mode User Guidelines This command has no user guidelines. Example console(config)#port-aggregator group 1 console(config-aggregator-1)#mtu disable console(config-aggregator-1)# negotiation Use the negotiation command in port aggregator mode to enable auto- negotiation of all member ports in the aggregator group/zone.
Page 569: Port-Aggregator Group
User Guidelines This command has no user guidelines. Example console(config)#port-aggregator group 1 console(config-aggregator-1)#negotiation console(config-aggregator-1)# port-aggregator group Use the port-aggregator group <GroupId> command to enter the Port Aggregator mode to configure aggregator group attributes. To remove all the attributes on the specified group, use the no form of this command. The no form of this command deletes all the member ports from the group and also sets other attributes (mtu/VLAN) to its default values for that group.
Page 570: Show Bridge Address-Table
show bridge address-table Use the show bridge address-table command to show the MAC address table [port-aggregator group <Group id> for a particular aggregator group. is an optional parameter in the command, and if not specified, it shows all the MAC entries in all the Groups. Syntax [port-aggregator group <...
Page 571: Speed
speed Use the speed command in port aggregator configuration mode to configure the speed of all member ports in the aggregator group/zone. To restore the default, use the no form of this command. Syntax [10 | 100 ] speed no speed 10 —...
Page 572 Port Aggregator Commands...
Page 573: Port Channel Commands
Port Channel Commands Care must be taken while enabling this type of configuration. If the Partner System is not 802.3AD compliant or the Link Aggregation Control protocol is not enabled, there may be network instability. Network instability occurs when one side assumes that the members in an aggregation are one single link, while the other side is oblivious to this aggregation and continues to treat the 'members' as individual links.
Page 574: Vlans And Lags
A LAG can be either static or dynamic not both. It cannot have some members participate in the protocol while other members not participate. Additionally, it is not possible to change a LAG from static to dynamic via the CLI. You must remove the member ports from the static LAG and then add them to the dynamic LAG.
Page 575: Lag Hashing
A LAG failure of one or more of the links does not stop traffic in any manner. Upon failure, the flows mapped to a link are dynamically reassigned to the remaining links of the LAG. Similarly when links are added to a LAG, the conversations may need to be shifted to a new link.
Page 576: Enhanced Lag Hashing
The hashing algorithm is configurable for each LAG. Typically, an administrator is able to choose from hash algorithms utilizing the following attributes of a packet to determine the outgoing port: • Source MAC, VLAN, EtherType, and incoming port associated with the packet.
Page 577: Manual Aggregation Of Lags
Manual Aggregation of LAGs PowerConnect switching supports the manual addition and deletion of links to aggregates. In the manual configuration of aggregates, the ports send their Actor Information (LACPDUs) to the partner system in order to find a suitable Partner to form an aggregation. When the Partner System neglects to respond using LACPDUs, the PowerConnect switching aggregates manually.
Page 578: Interface Port-Channel
on — Forces the port to join a channel without LACP. • auto — Forces the port to join a channel with LACP. • Default Configuration This command has no default configuration. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines.
Page 579: Interface Range Port-Channel
Example The following example enters the context of port-channel 1. console(config)# interface port-channel 1 console(config-if-po1)# interface range port-channel Use the interface range port-channel command in Global Configuration mode to execute a command on multiple port channels at the same time. Syntax port-channel-range interface range port-channel {...
Page 580: Hashing-Mode
hashing-mode Use the hashing-mode command to set the hashing algorithm on trunk ports. Use the no hashing-mode command to set the hashing algorithm on Trunk ports to the default (3). Syntax mode hashing-mode mode — Mode value in the range of 1 to 7. •...
Page 581: Lacp Auto
lacp auto Use the lacp auto command to set the LACP (Link Aggregation) mode to dynamic for that Aggregator Group. This means that when more than one uplink port is in the Group, those uplink ports will be enabled automatically with dynamic LACP .
Page 582: Lacp Port-Priority
Default Configuration This command has no default configuration. Command Mode Port Aggregator mode User Guidelines This command has no user guidelines. Example console(config)#port-aggregator group 2 console(config-aggregator-2)#lacp off console(config-aggregator-2)# lacp port-priority Use the lacp port-priority command in Interface Configuration mode to configure the priority value for physical ports.
Page 583: Lacp Static
Example The following example configures the priority value for port 1/0/8 to 247. console(config)#interface gigabitethernet 1/0/8 console(config-if-1/0/8)#lacp port-priority 247 lacp static Use the lacp static command to set the LACP (Link Aggregation) mode to static for that Aggregator Group. This means that when more than one uplink port is in the Group, those uplink ports will be enabled automatically with static LACP .
Page 584: Lacp Timeout
Syntax value lacp system-priority no lacp system-priority value — Port priority value. (Range: 1–65535) • Default Configuration The default system priority value is 1. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example configures the system priority to 120. console(config)#lacp system-priority 120 lacp timeout Use the lacp timeout command in Interface Configuration mode to assign an...
Page 585: No Lacp
Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example The following example assigns an administrative LACP timeout for port 1/0/8 to a long timeout value. console(config)#interface gigabitethernet 1/0/8 console(config-if-1/0/8)#lacp timeout long no lacp Use the no lacp command to set the LACP (Link Aggregation) mode to default for that Aggregator Group.
Page 586: Port-Channel Min-Links
port-channel min-links Use the port-channel min-links command in Interface Configuration (port- channel) mode to set the minimum number of links that must be up in order for the port channel interface to be declared up. Use the no form of the command to return the configuration to the default value (1).
Page 587: Show Lacp
Default Configuration This command has no default configuration. Command Mode Privileged EXEC User Guidelines No specific guidelines. Example console#show interfaces port-channel Channel Ports Hashing-mode ------- --------------------------------------- ------------ Active: 1/e1, 2/e2 Active: 2/e2, 2/e7 Inactive: 3/e1 Active: 3/e3, 3/e8 3 <default> No Configured Ports No Configured Ports No Configured Ports...
Page 588 Syntax unit/slot/port port-channel- show lacp {gigabitethernet | port-channel number | tengigabitethernet unit/slot/port [{parameters | statistics}] Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example shows how to display LACP Ethernet interface information.
Page 589: Show Statistics Port-Channel
distributing: FALSE expired: FALSE Partner system priority: system mac addr: 00:00:00:00:00:00 port Admin key: port Oper key: port Admin priority: port Oper priority: port Oper timeout: LONG LACP Activity: ASSIVE Aggregation: AGGREGATABLE synchronization: FALSE collecting: FALSE distributing: FALSE expired: FALSE Port 1/0/1 LACP Statistics: LACP PDUs sent: LACP PDUs received:...
Page 590 Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example shows statistics about port-channel 1. console#show statistics port-channel 1 Total Packets Received (Octets)....0 Packets Received > 1522 Octets....0 Packets RX and TX 64 Octets....
Page 591 Total Packets Received with MAC Errors..0 Jabbers Received....... 0 Fragments/Undersize Received....0 Alignment Errors....... 0 --More-- or (q)uit FCS Errors........0 Overruns........0 Total Received Packets Not Forwarded... 0 Local Traffic Frames......0 802.3x Pause Frames Received....0 Unacceptable Frame Type......0 Multicast Tree Viable Discards....
Page 592 Tx Oversized........0 Underrun Errors........ 0 Total Transmit Packets Discarded....0 Single Collision Frames......0 Multiple Collision Frames...... 0 Excessive Collision Frames..... 0 Port Membership Discards....... 0 802.3x Pause Frames Transmitted....0 GVRP PDUs received......0 GVRP PDUs Transmitted......0 GVRP Failed Registrations......
Page 593: Port Monitor Commands
Port Monitor Commands PowerConnect switches allow the user to monitor traffic with an external network analyzer. The external network analyzer can use any of the Ethernet ports as a probe port. The probe port transmits a mirror copy of the traffic being probed.
Page 594: Monitor Session
monitor session show monitor session monitor session Use the monitor session command in Global Configuration mode to configure a probe port and a monitored port for monitor session (port monitoring). Use the src-interface parameter to specify the interface to monitor. Use rx to monitor only ingress packets, or use tx to monitor only egress packets.
Page 595: Show Monitor Session
User Guidelines The source of a monitoring session must be configured before the destination can be configured. Example The following examples show a simple port level configuration that mirrors both transmitted and received packet from one port to another. console(config)#monitor session 1 source interface 1/0/8 console(config)#monitor session 1 destination interface 1/0/10...
Page 596 Session ID Admin Mode Probe Port Mirrored Port Type ---------- ---------- ---------- ------------- ----- Enable 1/0/10 1/0/8 Rx,Tx Port Monitor Commands...
Page 597: Qos Commands
QoS Commands Quality of Service (QoS) technologies are intended to provide guaranteed timely delivery of specific application data to a particular destination. In contrast, standard IP-based networks are designed to provide best effort data delivery service. Best effort service implies that the network delivers the data in a timely fashion, although there is no guarantee.
Page 598: Layer 2 Acls
A user configures an ACL permit rule to force its matching traffic stream to a specific egress interface, bypassing any forwarding decision normally performed by the device. The interface can be a physical port or a LAG. The redirect interface rule action is independent of, but compatible with, the assign queue rule action.
Page 599: Queue Mapping
– Untrusted Port Default Priority • Queue Configuration This enables PowerConnect switches to support a wide variety of delay sensitive video and audio multicast applications. CoS mapping tables, port default priority, and hardware queue parameters may be configured on LAG interfaces as well as physical port interfaces. Queue Mapping The priority of a packet arriving at an interface is used to steer the packet to the appropriate outbound CoS queue through a mapping table.
Page 600: Pcm6220 Limitations
process is also used for cases where a trusted port mapping is unable to be honored, such as when a nonIP packet arrives at a port configured to trust the IP precedence or IP DSCP value. PCM6220 Limitations The PCM6220 switch does not support out-bound service policies or ACLs. The following command syntax is not available: servicepolicyname out •...
Page 601: Assign-Queue
classofservice trust match dstip match vlan show diffserv service brief conform-color match dstip6 mirror show interfaces cos- queue cos-queue min- match dstl4port police-simple show interfaces bandwidth random-detect cos-queue random- match ethertype policy-map show policy-map detect cos-queue strict match ip6flowlbl redirect show policy-map interface diffserv...
Page 602: Class
This command causes the specified policy to create a reference to the class definition. The command mode is changed to Policy-Class-Map Configuration when this command is executed successfully. Example The following example shows how to specify the DiffServ class name of "DELL." console(config)#policy-map DELL1 console(config-classmap)#class DELL QoS Commands...
Page 603: Class-Map
Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example creates a class-map named "DELL" which requires all ACE’s to be matched. console(config)#class-map DELL console(config-cmap)# class-map rename Use the class-map rename command in Global Configuration mode to change the name of a DiffServ class.
Page 604: Classofservice Dot1P-Mapping
User Guidelines This command has no user guidelines. Example The following example displays how to change the name of a DiffServ class from "DELL" to "DELL1." console(config)#class-map rename DELL DELL1 console(config)# classofservice dot1p-mapping Use the classofservice dot1p-mapping command in Global Configuration mode to map an 802.1p priority to an internal traffic class.
Page 605: Classofservice Ip-Dscp-Mapping
Default Configuration This command has no default configuration. Command Mode Global Configuration or Interface Configuration (Ethernet, Port-channel) mode User Guidelines None Example The following example configures mapping for user priority 1 and traffic class console(config)#classofservice dot1p-mapping 1 2 classofservice ip-dscp-mapping Use the classofservice ip-dscp-mapping command in Global Configuration mode to map an IP DSCP value to an internal traffic class.
Page 606: Classofservice Trust
User Guidelines This command has no user guidelines. Example The following example displays mapping for IP DSCP 1 and traffic class 2. console(config)#classofservice ip-dscp-mapping 1 2 classofservice trust Use the classofservice trust command in either Global Configuration mode or Interface Configuration mode to set the class of service trust mode of an interface.
Page 607: Conform-Color
Examples The following example displays how you set the class of service trust mode of an interface to trust dot1p (802.1p) packet markings when in Global Configuration mode. console(config)#classofservice trust dot1p The following example displays how you set the class of service trust mode of an interface to trust IP Precedence packet mark console(config)#classofservice trust ip-precedence conform-color...
Page 608: Cos-Queue Min-Bandwidth
cos-queue min-bandwidth Use the cos-queue min-bandwidth command in either Global Configuration mode or Interface Configuration mode to specify the minimum transmission bandwidth for each interface queue. To restore the default for each queue’s minimum bandwidth value, use the no form of this command. Syntax bw-0 bw-1 bw-n...
Page 609 Syntax queue-id1 queue-id2 queue-idn cos-queue {random-detect queue-id1 queue-id2 queue-idn no cos-queue {random-detect Parameter Description Parameter Description queue-id An integer indicating the queue-id which is to be enabled for WRED. Range 0-6. Up to 7 queues may be simultaneously specified. Default Configuration WRED queue management policy is disabled by default.
Page 610: Cos-Queue Strict
cos-queue strict Use the cos-queue strict command in either Global Configuration mode or Interface Configuration mode to activate the strict priority scheduler mode for each specified queue. To restore the default weighted scheduler mode for each specified queue, use the no form of this command. Syntax queue-id-1 queue-id-2...
Page 611: Diffserv
diffserv Use the diffserv command in Global Configuration mode to set the DiffServ operational mode to active. While disabled, the DiffServ configuration is retained and can be changed, but it is not activated. When enabled, DiffServ services are activated. To set the DiffServ operational mode to inactive, use the no form of this command.
Page 612: Mark Cos
Default Configuration This command has no default configuration. Command Mode Policy-Class-Map Configuration mode User Guidelines This command has no user guidelines. Example The following example displays how to specify that matching packets are to be dropped at ingress. console(config-policy-classmap)#drop mark cos Use the mark cos command in Policy-Class-Map Configuration mode to mark all packets for the associated traffic stream with the specified class of service value in the priority field of the 802.1p header.
Page 613: Mark Ip-Dscp
Example The following example displays how to mark all packets with a CoS value. console(config-policy-classmap)#mark cos 7 mark ip-dscp Use the mark ip-dscp command in Policy-Class-Map Configuration mode to mark all packets for the associated traffic stream with the specified IP DSCP value.
Page 614: Mark Ip-Precedence
mark ip-precedence Use the mark ip-precedence command in Policy-Class-Map Configuration mode to mark all packets for the associated traffic stream with the specified IP precedence value. Syntax prec-value mark ip-precedence prec-value — Specifies the IP precedence value as an integer. (Range: 0–7) •...
Page 615 Example The following example adds match conditions defined for the Dell class to the class currently being configured. console(config-classmap)#match class-map Dell The following example deletes the match conditions defined for the Dell class from the class currently being configured.
Page 616: Match Cos
Dell match cos Use the match cos command in Class-Map Configuration mode to add to the specified class definition a match condition for the class of service value (the only tag in a single-tagged packet or the first or outer 802.1Q tag of a double- VLAN tagged packet).
Page 617: Match Dstip
macaddr — Specifies any valid layer 2 MAC address formatted as six two- • digit hexadecimal numbers separated by colons. macmask — Specifies a valid layer 2 MAC address bit mask formatted as • six two-digit hexadecimal numbers separated by colons. This address bit mask does not need to be contiguous.
Page 618: Match Dstip6
Default Configuration This command has no default configuration. Command Mode Class-Map Configuration mode User Guidelines This command has no user guidelines. Example The following example displays adding a match condition using the specified IP address and bit mask. console(config-classmap)#match dstip 10.240.1.1 10.240.0.0 match dstip6 The match dstip6 command adds to the specified class definition a match...
Page 619: Match Dstl4Port
Example console(config-classmap)#match dstip6 2001:DB8::/32 match dstl4port Use the match dstl4port command in Class-Map Configuration mode to add to the specified class definition a match condition based on the destination layer 4 port of a packet using a single keyword or a numeric notation. Syntax portkey port-number...
Page 620: Match Ethertype
match ethertype Use the match ethertype command in Class-Map Configuration mode to add to the specified class definition a match condition based on the value of the ethertype. Syntax 0x0600-0xffff } match ethertype {keyword | • keyword — Specifies either a valid keyword or a valid hexadecimal number. The supported keywords are appletalk, arp, ibmsna, ipv4, ipv6, ipx, mplsmcast, mplsucast, netbios, novell, pppoe, rarp.
Page 621: Match Ip Dscp
label - The value to match in the Flow Label field of the IPv6 header • (Range 0-1048575). Default Configuration There is no default configuration for this command. Command Mode Ipv6-Class-Map Configuration mode. User Guidelines There are no user guidelines for this command. Example The following example adds a rule to match packets whose IPv6 Flow Label equals 32312.
Page 622: Match Ip Precedence
Command Mode Class-Map Configuration mode User Guidelines The ip dscp, ip precedence, and ip tos match conditions are alternative ways to specify a match criterion for the same Service Type field in the IP header but with a slightly different user notation. tosbits tosmask To specify a match on all DSCP values, use the match ip tos command with tosbits set to "0"...
Page 623: Match Ip Tos
User Guidelines The ip dscp, ip precedence, and ip tos match conditions are alternative ways to specify a match criterion for the same Service Type field in the IP header but with a slightly different user notation. tosbits To specify a match on all precedence values, use the match ip tos tosmask command with tosbits set to "0"...
Page 624: Match Protocol
User Guidelines The ip dscp, ip precedence, and ip tos match conditions are alternative ways to specify a match criterion for the same Service Type field in the IP header but with a slightly different user notation. free form This specification is the version of the IP DSCP/Precedence/TOS match specification in that you have complete control of specifying which bits of the IP Service Type field are checked.
Page 625: Match Source-Address Mac
Example The following example displays adding a match condition based on the "ip" protocol name keyword. console(config-classmap)#match protocol ip match source-address mac Use the match source-address mac command in Class-Map Configuration mode to add to the specified class definition a match condition based on the source MAC address of the packet.
Page 626: Match Srcip
match srcip Use the match srcip command in Class-Map Configuration mode to add to the specified class definition a match condition based on the source IP address of a packet. Syntax ipaddr ipmask match srcip ipaddr — Specifies a valid IP address. •...
Page 627: Match Srcl4Port
source-ipv6-prefix —IPv6 prefix in IPv6 global address format. • prefix-length —IPv6 prefix length value. • Default Configuration There is no default configuration for this command. Command Mode Ipv6-Class-Map Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-classmap)#match srcip6 2001:DB8::/32 match srcl4port...
Page 628: Match Vlan
User Guidelines This command has no user guidelines. Example The following example displays how to add a match condition using the "snmp" port name keyword. console(config-classmap)#match srcl4port snmp match vlan Use the match vlan command in Class-Map Configuration mode to add to the specified class definition a match condition based on the value of the layer 2 VLAN Identifier field.
Page 629: Mirror
mirror Use the mirror command in Policy-Class-Map Configuration mode to mirror all the data that matches the class defined to the destination port specified. Syntax interface mirror interface — Specifies the Ethernet port to which data needs to be copied. •...
Page 630: Policy-Map
datarate — Data rate in kilobits per second (kbps). (Range: • 1–4294967295) burstsize — Burst size in Kbps (Range: 1–128) • • conform action — Indicates what happens when the packet is conforming to the policing rule: it could be dropped, it could have its COS modified, it could have its IP precedence modified, or it could have its DSCP modified.
Page 631 The policy type dictates which of the individual policy attribute commands are valid within the policy definition. Example The following example shows how to establish a new ingress DiffServ policy named "DELL." console(config)#policy-map DELL in console(config-policy-classmap)# QoS Commands...
Page 632: Redirect
redirect Use the redirect command in Policy-Class-Map Configuration mode to specify that all incoming packets for the associated traffic stream are redirected to a specific egress interface (physical port or port-channel). Syntax interface redirect interface — Specifies any valid interface. Interface is Ethernet port or •...
Page 633 ACLs and DiffServ policies may not both exist on the same interface in the same direction. Example The following example shows how to attach a service policy named "DELL" to all interfaces. console(config)#service-policy DELL QoS Commands...
Page 634: Show Class-Map
This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays all the configuration information for the class named "Dell". console#show class-map Class L3 Class Name Type Proto Reference Class Name...
Page 635: Show Classofservice Dot1P-Mapping
Class Name........ipv4 Class Type........All Class Layer3 Protocol......ipv4 Match Criteria Values ---------------------------- ------------------------------------- Source IP Address 2.2.2.2 (255.255.255.0) console#show class-map stop_http_class Class Name........stop_http_class Class Type........All Class Layer3 Protocol......ipv6 Match Criteria Values ---------------------------- ------------------------------------- Source IP Address 2001:DB8::/32 Source Layer 4 Port 80(http/www)
Page 636 User Guidelines If the interface is specified, the 802.1p mapping table of the interface is displayed. If omitted, the most recent global configuration settings are displayed. Example The following example displays the dot1p traffic class mapping and user priorities. console#show classofservice dot1p-mapping User Priority Traffic Class -------------...
Page 637: Show Classofservice Ip-Dscp-Mapping
show classofservice ip-dscp-mapping Use the show classofservice ip-dscp-mapping command in Privileged EXEC mode to display the current IP DSCP mapping to internal traffic classes for a specific interface. Syntax show classofservice ip-dscp-mapping • Command is supported only globally. Default Configuration This command has no default configuration.
Page 638 8(cs1) 10(af11) 12(af12) 14(af13) 16(cs2) 18(af21) --More-- or (q)uit 20(af22) 22(af23) 24(cs3) 26(af31) 28(af32) 30(af33) 32(cs4) QoS Commands...
Page 639 34(af41) 36(af42) 38(af43) 40(cs5) --More-- or (q)uit 46(ef) 48(cs6) 56(cs7) QoS Commands...
Page 640: Show Classofservice Trust
console# show classofservice trust Use the show classofservice trust command in Privileged EXEC mode to display the current trust mode setting for a specific interface. Syntax unit/slot/port port- show classofservice trust [{gigabitethernet | port-channel channel-number | tengigabitethernet unit/slot/port }] Default Configuration This command has no default configuration.
Page 641: Show Diffserv
show diffserv Use the show diffserv command in Privileged EXEC mode to display the DiffServ general information, which includes the current administrative mode setting as well as the current and maximum number of DiffServ components. Syntax show diffserv Default Configuration This command has no default configuration.
Page 642: Show Diffserv Service Interface
show diffserv service interface Use this command in Privileged EXEC mode to display policy service information for the specified interface. Syntax unit/slot/port show diffserv service interface {gigabitethernet unit/slot/port tengigabitethernet } {in|out} Parameter Description Parameter Description Show ingress policies. Show engress policies. Default Configuration This command has no default configuration.
Page 643: Show Diffserv Service Interface Port-Channel
No policy is attached to this interface in this direction. show diffserv service interface port-channel Syntax Description channel-group show diffserv service interface port-channel {in|out} Parameter Description Parameter Description channel-group A valid port-channel in the system. (Range: 1–18) Show ingress policies. Show engress policies.
Page 644: Show Diffserv Service Brief
Direction OperStatus Policy Name ----------- ----------- ------------ ------------------- 1/0/1 Down DELL show interfaces cos-queue Use the show interfaces cos-queue command in Privileged EXEC mode to display the class-of-service queue configuration for the specified interface. Syntax unit/slot/port show interfaces cos-queue [{gigabitethernet...
Page 645 Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines If the interface is specified, the class-of-service queue configuration of the interface is displayed. If omitted, the most recent global configuration settings are displayed. Examples The following example displays the COS configuration with no unit/slot/port or port-channel parameter.
Page 646 console#show interfaces cos-queue gigabitethernet 1/0/1 Interface........1/0/1 Interface Shaping Rate......0 Queue Id Min. Bandwidth Scheduler Type Queue Management Type -------- -------------- -------------- -------------- Weighted Tail Drop Weighted Tail Drop Weighted Tail Drop Weighted Tail Drop Weighted Tail Drop Weighted Tail Drop Weighted Tail Drop...
Page 647: Show Interfaces Random-Detect
Parameter Description Minimum Bandwidth The minimum transmission bandwidth guarantee for the queue, expressed as a percentage. A value of 0 means bandwidth is not guaranteed and the queue operates using best-effort. This value is a configured value. Scheduler Type Indicates whether this queue is scheduled for transmission using a strict priority or a weighted scheme.
Page 648: Show Policy-Map
The following example displays the DiffServ information. console#show policy-map Policy Name Policy Type Class Members ----------- ----------- ------------- POLY1 DellClass DELL DellClass show policy-map interface Use the show policy-map interface command in Privileged EXEC mode to display policy-oriented statistics information for the specified interface. QoS Commands...
Page 649 Example The following example displays the statistics information for port 1/0/1. console#show policy-map interface 1/0/1 in Interface........1/0/1 Operational Status......Down Policy Name........DELL Interface Summary: Class Name........murali In Discarded Packets......0 Class Name........test In Discarded Packets......0 Class Name........
Page 650: Show Service-Policy
In Discarded Packets......0 Class Name........DELL In Discarded Packets......0 show service-policy Use the show service-policy command in Privileged EXEC mode to display a summary of policy-oriented statistics information for all interfaces. Syntax show service-policy Default Configuration This command has no default configuration.
Page 651: Traffic-Shape
1/0/5 Down DELL 1/0/6 Down DELL 1/0/7 Down DELL 1/0/8 Down DELL 1/0/9 Down DELL 1/0/10 Down DELL traffic-shape Use the traffic-shape command in Global Configuration mode and Interface Configuration mode to specify the maximum transmission bandwidth limit rate shaping for the interface as a whole.
Page 652 Example The following example displays the setting of traffic-shape to a maximum bandwidth of 1024 Kbps. console(config-if-1/0/1)#traffic-shape 1024 kbps QoS Commands...
Page 653: Radius Commands
RADIUS Commands Managing and determining the validity of users in a large network can be significantly simplified by making use of a single database of accessible information supplied by an Authentication Server. These servers commonly use the Remote Authentication Dial In User Service (RADIUS) protocol as defined by RFC 2865.
Page 654: Group Radius
auth-port radius-server deadtime show aaa servers deadtime radius-server host show radius statistics radius-server key source-ip msgauth radius-server retransmit timeout name (RADIUS server) radius-server source-ip usage aaa accounting network default start-stop group radius Use the aaa accounting network default start-stop group radius command to enable RADIUS accounting on the switch.
Page 655: Acct-Port
acct-port Use the acct-port command to set the port that connects to the RADIUS accounting server. Use the "no" form of this command to reset the port to the default. Syntax port acct-port no acct-port port — The layer 4 port number of the accounting server (Range: 1 - •...
Page 656: Deadtime
auth-port-number — Port number for authentication requests. (Range: 1 - • 65535) Default Configuration The default value of the port number is 1812. Command Mode Radius mode User Guidelines The host is not used for authentication if set to 0. User must enter the mode corresponding to a specific Radius server before executing this command.
Page 657 Default Configuration The default deadtime interval is 0 minutes. Command Mode Radius mode User Guidelines If only one RADIUS server is configured, it is recommended to use a deadtime interval of 0. Example The following example specifies a deadtime interval of 60 minutes. console(config)#radius-server host 192.143.120.123 console(config-radius)#deadtime 60 Use the key command to specify the encryption key which is shared with the...
Page 658: Msgauth
Example The following example specifies an authentication and encryption key of lion-king “ ”. console(config)#radius-server host acct 3.2.3.2 console(Config-acct-radius)#key keyacct msgauth Use the msgauth command to enable the message authenticator attribute to be used for the RADIUS Authenticating server being configured. Use the “no”...
Page 659 no name Parameter Description Parameter Description servername The name for the RADIUS server (Range: 1 - 32 characters). Default Configuration The default RADIUS server name is Default-RADIUS-Server. Command Mode Radius mode User Guidelines Names may only be set for authentication servers, not for accounting servers. Names may consist of alphanumeric characters and the underscore, dash and blanks.Embed the name in double quotes to use a name with blanks.
Page 660: Primary
primary Use the primary command to specify that a configured server should be the primary server in the group of authentication servers which have the same server name. Multiple primary servers can be configured for each group of servers which have the same name. When the RADIUS client has to perform transactions with an authenticating RADIUS server of the specified name, it uses the primary server that has the specified server name by default.
Page 661: Radius-Server Deadtime
Default Configuration The default priority is 0. Command Mode Radius mode User Guidelines User must enter the mode corresponding to a specific Radius server before executing this command. Example The following example specifies a priority of 10 for the designated server. console(config)#radius-server host 192.143.120.123 console(config-radius)#priority 10 radius-server deadtime...
Page 662: Radius-Server Host
Command Mode Global Configuration mode User Guidelines If only one RADIUS server is configured, it is recommended that the deadtime interval be left at 0. Example The following example sets the minimum interval for a RADIUS server will not be contacted after becoming unresponsive. console(config)#radius-server deadtime 10 radius-server host Use the radius-server host command in Global Configuration mode to specify...
Page 663: Radius-Server Key
Command Mode Global Configuration mode User Guidelines Radius servers are keyed by the host name, therefore it is advisable to use unique server host names. Example The following example specifies a Radius server host with the following characteristics: Server host IP address — 192.168.10.1 console(config)#radius-server host 192.168.10.1 radius-server key Use the radius-server key command in Global Configuration mode to set the...
Page 664: Radius-Server Retransmit
User Guidelines This command has no user guidelines. Example The following example sets the authentication and encryption key for all Radius communications between the device and the Radius server to “dell- .” server console(config)#radius-server key dell-server radius-server retransmit Use the radius-server retransmit command in Global Configuration mode to specify the number of times the Radius client will retransmit requests to the Radius server.
Page 665: Radius-Server Source-Ip
radius-server source-ip Use the radius-server source-ip command in Global Configuration mode to specify the source IP address used for communication with Radius servers. To return to the default, use the no form of this command. 0.0.0.0 is interpreted as a request to use the IP address of the outgoing IP interface. Syntax source radius-server source-ip...
Page 666: Retransmit
timeout — Specifies the timeout value in seconds. (Range: 1–30) • Default Configuration The default value is 3 seconds. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example sets the interval for which a switch waits for a server host to reply to 5 seconds.
Page 667: Show Aaa Servers
Example The following example of the retransmit command specifies five retries. console(config)#radius-server host 192.143.120.123 console(config-radius)#retransmit 5 show aaa servers Use the show aaa servers command to display the list of configured RADIUS servers and the values configured for the global parameters of the RADIUS client.
Page 668 Field Description Configured The number of RADIUS Authentication servers that have Authentication Servers been configured. Configured Accounting The number of RADIUS Accounting servers that have Servers been configured. Named Authentication The number of configured named RADIUS server groups. Server Groups Named Accounting The number of configured named RADIUS server groups.
Page 669 Global values -------------------------------------------- Number of Configured Authentication Servers..5 Number of Configured Accounting Servers..1 Number of Named Authentication Server Groups... 2 Number of Named Accounting Server Groups..1 Number of Retransmits......3 Timeout Duration....... 15 Deadtime........0 Source IP........0.0.0.0 RADIUS Accounting Mode......
Page 670: Show Radius Statistics
Source IP : 0.0.0.0 RADIUS Attribute 4 Mode : Disable RADIUS Attribute 4 Value : 0.0.0.0 console#show radius-servers accounting name Server Name Host Address Port Type ---------------------- -------------- ------ ---------- Default-RADIUS-Server 2.2.2.2 1813 Secondary console#show radius-servers name Default-RADIUS-Server RADIUS Server Name......Default-RADIUS-Server Current Server IP Address....
Page 671 Parameter Description Parameter Description accounting The type of server (accounting or authentication). authentication ipaddress The RADIUS server host IP address. hostname Host name of the Radius server host. (Range: 1–158 characters). The command allows spaces in the host name when specified in double quotes. For example, console(config)#snmp-server host "host name"...
Page 672 Field Description Responses The number of RADIUS packets received on the accounting port from this server. Malformed The number of malformed RADIUS Accounting Response Responses packets received from this server. Malformed packets include packets with an invalid length. Bad authenticators or signature attributes or unknown types are not included as malformed accounting responses.
Page 673 Field Description Access Challenges The number of RADIUS Access Challenge packets, including both valid and invalid packets, that were received from this server. Malformed Access The number of malformed RADIUS Access Response packets Responses received from this server. Malformed packets include packets with an invalid length.
Page 674: Source-Ip
Pending Requests......0 Timeouts........0 Unknown Types......... 0 Packets Dropped....... 0 console#show radius statistics name Default_RADIUS_Server RADIUS Server Name......Default_RADIUS_Server Server Host Address......192.168.37.200 Access Requests....... 0.00 Access Retransmissions......0 Access Accepts........ 0 Access Rejects........ 0 Access Challenges......0 Malformed Access Responses....0 Bad Authenticators......
Page 675: Timeout
source — A valid source IP address. • Default Configuration The IP address is of the outgoing IP interface. Command Mode Radius mode User Guidelines User must enter the mode corresponding to a specific Radius server before executing this command. Example The following example specifies 10.240.1.23 as the source IP address.
Page 676: Usage
User Guidelines User must enter the mode corresponding to a specific Radius server before executing this command. Example The following example specifies the timeout setting for the designated Radius Server. console(config)#radius-server host 192.143.120.123 console(config-radius)#timeout 20 usage Use the usage command in Radius mode to specify the usage type of the server.
Page 677: Spanning Tree Commands
Spanning Tree Commands The Multiple Spanning Tree Protocol (MSTP) component complies with IEEE 802.1s by efficiently navigating VLAN traffic over separate interfaces for multiple instances of Spanning Tree. IEEE 802.1D, Spanning Tree and IEEE 802.1w, Rapid Spanning Tree are supported through the IEEE 802.1s implementation.
Page 678: Commands In This Chapter
port. In this way, the root guard enforces the position of the root bridge. In MSTP scenario the port may be designated in one of the instances while being alternate in the CIST, and so on. Root guard is a per port (not a per port per instance command) configuration so all the MSTP instances this port participates in should not be in root role.
Page 679: Clear Spanning-Tree Detected-Protocols
clear spanning-tree detected-protocols Use the clear spanning-tree detected-protocols command in Privileged EXEC mode to restart the protocol migration process (force the renegotiation with neighboring switches) on all interfaces or on the specified interface. Syntax unit/slot/port clear spanning-tree detected-protocols [{gigabitethernet port-channel-number | tengigabitethernet unit/slot/port }] port-channel Default Configuration This command has no default setting.
Page 680: Instance (Mst)
Command Mode MST mode User Guidelines This command has no user guidelines. Example The following example shows how to exit the MST configuration mode and save changes. console(config)#spanning-tree mst configuration console(config-mst)#exit instance (mst) Use the instance command in MST mode to map VLANS to an MST instance.
Page 681 All VLANs that are not explicitly mapped to an MST instance are mapped to the common and internal spanning tree (CIST) instance (instance 0) and cannot be unmapped from the CIST. For two or more switches to be in the same MST region, they must have the same VLAN mapping, the same configuration revision number, and the same name.
Page 682: Name (Mst)
console(config)#interface te1/1/1 console(config-if-Te1/1/1)#switchport mode trunk console(config-if-Te1/1/1)#switchport trunk allowed vlan add 2-150 console(config-if-Te1/1/1)#spanning-tree mst 1 port- priority 16 console(config-if-Te1/1/1)#interface te1/1/2 console(config-if-Te1/1/2)#switchport mode trunk console(config-if-Te1/1/2)#switchport trunk allowed vlan add 200-349 console(config-if-Te1/1/2)#spanning-tree mst 2 port- priority 16 console(config-if-Te1/1/2)#exit name (mst) Use the name command in MST mode to define the configuration name. To return to the default setting, use the no form of this command.
Page 683: Show Spanning-Tree
Example The following example sets the configuration name to “region1”. console(config)#spanning-tree mst configuration console(config-mst)#name region1 revision (mst) Use the revision command in MST mode to identify the configuration revision number. To return to the default setting, use the no form of this command.
Page 684 Syntax unit/slot/port port- show spanning-tree [{gigabitethernet | port-channel channel-number | tengigabitethernet unit/slot/port }] [instance instance-id ] instance-id show spanning-tree [detail] [active | blockedports] | [instance show spanning-tree mst-configuration Parameter Description Parameter Description detail Displays detailed information. active Displays active ports only. blockedports Displays blocked ports only.
Page 685 Root Port Gi1/0/1 Hello Time 2 Sec Max Age 20 sec Forward Delay 15 sec TxHoldCount 6 sec Bridge ID Priority 32768 Address 001E.C9AA.AD1B Hello Time 2 Sec Max Age 20 sec Forward Delay 15 sec Interfaces Name State Prio.Nbr Cost Role Restricted...
Page 686 Path Cost 20000 Root Port Gi1/0/1 Hello Time 2 Sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32768 Address 001E.C9AA.AD1B Hello Time 2 Sec Max Age 20 sec Forward Delay 15 sec Number of topology changes 1 last change occurred 0d0h17m7s ago Times: hold 6, hello 2, max age 20, forward delay 15 Port Gi1/0/1 Enabled State: Forwarding...
Page 687: Show Spanning-Tree Summary
Designated bridge Priority: 32768 Address: 0010.1882.1C53 Designated port id: 128.48 Designated path cost: 0 CST Regional Root: 80:00:00:10:18:82:1C:53 CST Port Cost: 0 BPDU: sent 24, received 504 Port Gi1/0/5 Enabled State: Forwarding Role: Designated Port id: 128.5 Port Cost: 20000 Root Protection: No Designated bridge Priority: 32768 Address: 001E.C9AA.AD1B...
Page 688 Command Mode Privileged EXEC mode User Guidelines The following fields are displayed: Field Description Spanning Tree Admin Enabled or disabled Mode Spanning Tree Version Version of 802.1 currently supported (IEEE 802.1s, IEEE 802.1w, or IEEE 802.1d) based upon the mode parameter.
Page 689: Spanning-Tree
BPDU Filter Mode....Disabled Configuration Name....00-1E-C9-AA-AC-84 Configuration Revision Level..0 Configuration Digest Key..0xac36177f50283cd4b83821d8ab26de62 Configuration Format Selector..0 spanning-tree Use the spanning-tree command in Global Configuration mode to enable spanning-tree functionality. To disable spanning-tree functionality, use the no form of this command. Syntax spanning-tree no spanning-tree...
Page 690: Spanning-Tree Auto-Portfast
spanning-tree auto-portfast Use the spanning-tree auto-portfast command to set the port to auto portfast mode. This enables the port to become a portfast port if it does not see any BPDUs for 3 seconds. Use the “no” form of this command to disable auto portfast mode.
Page 691: Spanning-Tree Bpdu-Protection
no spanning-tree bpdu flooding Default Configuration This feature is disabled by default. Command Mode Global Configuration mode Usage Guidelines There are no usage guidelines for this command. Example console#spanning-tree bpdu flooding spanning-tree bpdu-protection Use the spanning-tree bpdu-protection command in Global Configuration mode to enable BPDU protection on a switch.
Page 692: Spanning-Tree Cost
Default Configuration BPDU protection is not enabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enables BPDU protection. console(config)#spanning-tree bpdu-protection spanning-tree cost Use the spanning-tree cost command in Interface Configuration mode to configure the external spanning-tree path cost for a port.
Page 693: Spanning-Tree Disable
Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines This command configures the external cost. Since by default each switch is in its own region, the external cost is considered in determining the spanning tree of the network. This command is also used to configure the rstp path cost. Example The following example configures the spanning-tree cost on 1/0/5 to 35000.
Page 694: Spanning-Tree Forward-Time
Example The following example disables spanning-tree on 1/0/5. console(config)#interface gigabitethernet 1/0/5 console(config-if-1/0/5)#spanning-tree disable spanning-tree forward-time Use the spanning-tree forward-time command in Global Configuration mode to configure the spanning-tree bridge forward time, which is the amount of time a port remains in the listening and learning states before entering the forwarding state.
Page 695: Spanning-Tree Guard
spanning-tree guard The spanning-tree guard command selects whether loop guard or root guard is enabled on an interface. If neither is enabled, the port operates in accordance with the multiple spanning tree protocol. Use the “no” form of this command to disable loop guard or root guard on the interface. Syntax spanning-tree guard { root | loop | none } •...
Page 696: Spanning-Tree Max-Age
Syntax spanning-tree loopguard default no spanning-tree loopguard default Default Configuration Loop guard is disabled by default. Command Mode Global Configuration mode Usage Guidelines There are no usage guidelines for this command. Example The following example enables spanning-tree loopguard functionality on all ports.
Page 697: Spanning-Tree Max-Hops
User Guidelines When configuring the Max-Age the following relationships should be satisfied: 2*(Forward-Time - 1) >= Max-Age Max-Age >= 2*(Hello-Time + 1) Example The following example configures the spanning-tree bridge maximum-age to 10 seconds. console(config)#spanning-tree max-age 10 spanning-tree max-hops Use the spanning-tree max-hops command to set the MSTP Max Hops parameter to a new value for the common and internal spanning tree.
Page 698: Spanning-Tree Mode
spanning-tree mode Use the spanning-tree mode command in Global Configuration mode to configure the spanning-tree protocol. To return to the default configuration, use the no form of this command. Syntax spanning-tree mode {stp | rstp | mst} no spanning-tree mode •...
Page 699: Spanning-Tree Mst Cost
Syntax spanning-tree mst configuration Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines For two or more switches to be in the same MST region, they must have the same VLAN mapping, the same configuration revision number and the same name.
Page 700: Spanning-Tree Mst Port-Priority
cost — The port path cost. (Range: 0–200,000,000) • Default Configuration The default value is 0, which signifies that the cost will be automatically calculated based on port speed. The default configuration is: — 2,000,000 • Ethernet (10 Mbps) — 200,000 •...
Page 701: Spanning-Tree Mst Priority
Parameter Description Parameter Description instance-id ID of the spanning-tree instance. (Range: 1-4094) priority The port priority. (Range: 0-240 in multiples of 16.) Default Configuration The default port-priority for IEEE STP is 128. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines The priority will be set to the nearest multiple of 4096 if not an exact multiple of 4096.
Page 702: Spanning-Tree Portfast
Parameter Description Parameter Description instance-id ID of the spanning-tree instance. (Range: 1-4094) priority Sets the switch priority for the specified spanning-tree instance. This setting affects the likelihood that the switch is selected as the root switch. A lower value increases the probability that the switch is selected as the root switch.
Page 703: Spanning-Tree Portfast Bpdufilter Default
Default Configuration PortFast mode is disabled. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines This command only applies to access ports. The command is to be used only with interfaces connected to end stations. Otherwise, an accidental topology loop could cause a data packet loop and disrupt switch and network operations.
Page 704: Spanning-Tree Portfast Default
Command Mode Global Configuration mode Usage Guidelines There are no usage guidelines for this command. Example The following example discards BPDUs received on spanning-tree ports in portfast mode. console#spanning-tree portfast bpdufilter default spanning-tree portfast default Use the spanning-tree portfast default command to enable Portfast mode only on access ports.
Page 705: Spanning-Tree Port-Priority
Example The following example enables Portfast mode on all access ports. console(config)#spanning-tree portfast default spanning-tree port-priority Use the spanning-tree port-priority command in Interface Configuration mode to configure port priority. To reset the default port priority, use the no form of this command. Syntax priority spanning-tree port-priority...
Page 706: Spanning-Tree Priority
spanning-tree priority Use the spanning-tree priority command in Global Configuration mode to configure the spanning-tree priority. The priority value is used to determine which bridge is elected as the root bridge. To reset the default spanning-tree priority use the no form of this command. Syntax priority spanning-tree priority...
Page 707: Spanning-Tree Transmit Hold-Count
Default Configuration TCN propagation is disabled by default. Command Mode Interface Configuration (Ethernet, Port Channel) mode User Guidelines There are no user guidelines for this command. Example The following example configures spanning-tree tcnguard on 4/0/1. console(config-if-4/0/1)#spanning-tree tcnguard spanning-tree transmit hold-count Use the spanning-tree transmit hold-count command to set the maximum number of BPDUs that a bridge is allowed to send within a hello time window (2 seconds).
Page 708 Example The following example sets the maximum number of BPDUs sent to 6. console(config)#spanning-tree transmit hold-count 6 Spanning Tree Commands...
Page 709: Tacacs+ Commands
TACACS+ Commands TACACS+ provides access control for networked devices via one or more centralized servers, similar to RADIUS this protocol simplifies authentication by making use of a single database that can be shared by many clients on a large network. TACACS+ is based on the TACACS protocol (described in RFC1492) but additionally provides for separate authentication, authorization and accounting services.
Page 710: Commands In This Chapter
Commands in this Chapter This chapter explains the following commands: tacacs-server host port tacacs-server key priority tacacs-server timeout show tacacs timeout Use the key command in TACACS Configuration mode to specify the authentication and encryption key for all TACACS communications between the device and the TACACS server.
Page 711: Port
port Use the port command in TACACS Configuration mode to specify a server port number. Syntax port [ port-number ] port-number — The server port number. If left unspecified, the default • port number is 49. (Range: 0 – 65535) Default Configuration The default port number is 49.
Page 712: Show Tacacs
Command Mode TACACS Configuration mode User Guidelines This command has no user guidelines. Example The following example shows how to specify a server priority of 10000. console(tacacs)#priority 10000 show tacacs Use the show tacacs command in Privileged EXEC mode to display the configuration and statistics of a TACACS+ server.
Page 713: Tacacs-Server Host
IP address Port Timeout Priority --------------- ----- ------- -------- 10.254.24.162 Global tacacs-server host Use the tacacs-server host command in Global Configuration mode to configure a TACACS+ server. This command enters into the TACACS+ configuration mode. To delete the specified hostname or IP address, use the no form of this command.
Page 714: Tacacs-Server Key
console(config)#tacacs-server host 172.16.1.1 console(tacacs)# tacacs-server key Use the tacacs-server key command in Global Configuration mode to set the authentication and encryption key for all TACACS+ communications between the switch and the TACACS+ daemon. To disable the key, use the no form of this command. Syntax key-string tacacs-server key [...
Page 715: Tacacs-Server Timeout
console(config)#tacacs-server key @#$%^&*()_+=- {}][<>.,/';:| tacacs-server timeout Use the tacacs-server timeout command in Global Configuration mode to set the interval during which a switch waits for a server host to reply. To restore the default, use the no form of this command. Syntax timeout tacacs-server timeout [...
Page 716 timeout — The timeout value in seconds. (Range: 1–30) • Default Configuration If left unspecified, the timeout defaults to the global value. Command Mode TACACS Configuration mode User Guidelines This command has no user guidelines. Example This example shows how to specify the timeout value. console(tacacs)#timeout 23 TACACS+ Commands...
Page 717: Vlan Commands
VLAN Commands PowerConnect 802.1Q VLANs are an implementation of the Virtual Local Area Network, specification 802.1Q. Operating at Layer 2 of the OSI model, the VLAN is a means of parsing a single network into logical user groups or organizations as if they physically resided on a dedicated LAN segment of their own.
Page 718: Independent Vlan Learning
two TPID values can be different or the same. VLAN normalization, source MAC learning, and forwarding are based on the S-TAG value in a received frame. PowerConnect supports configuring one outer VLAN TPID value per switch. The global default TPID is 0x88A8, which indicates a Virtual Metropolitan Area Network (VMAN).
Page 719: Ip Subnet Based Vlans
its own VLAN. Additionally, protocol-based classification allows an administrator to assign nonroutable protocols, such as NetBIOS or DECnet, to larger VLANs than routable protocols like IPX or IP. This maximizes the efficiency gains that are possible with VLANs. In port-based VLAN classification, the Port VLAN Identifier (PVID) is associated with the physical ports.
Page 720: Dvlan-Tunnel Ethertype
name (VLAN show vlan switchport trunk vlan protocol group Configuration) association mac name protocol group show vlan vlan vlan protocol group association subnet remove protocol vlan group switchport access vlan (Global vlan routing vlan Config) protocol vlan group switchport vlan association forbidden vlan show dvlan-tunnel switchport general vlan association...
Page 721: Interface Vlan
Default Configuration The default for this command is 802.1Q. The default S-TAG TPID, when double-tagging is enabled, is 0x88A8. The default C-TAG TPID when double vlan tagging is enabled is 0x8100. Command Mode Global Configuration, Interface Configuration mode User Guidelines This command configures the TPID value on the outer VLAN (S-VLAN).
Page 722: Interface Range Vlan
Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example configures the VLAN 1 IP address of 131.108.1.27 and subnet mask 255.255.255.0. console(config)#interface vlan 1 console(config-vlan)#ip address 131.108.1.27 255.255.255.0 interface range vlan...
Page 723: Mode Dvlan-Tunnel
User Guidelines Commands used in the interface range context are executed independently on each interface in the range. If the command returns an error on one of the interfaces, an error message is displayed and execution continues on other interfaces. Example The following example groups VLAN 221 till 228 and VLAN 889 to receive the same command.
Page 724: Name (Vlan Configuration)
Example The following example displays how to enable Double VLAN Tunneling at gigabit ethernet port 1/0/1. console(config-if-1/0/1)#mode dvlan-tunnel name (VLAN Configuration) Use the name command in VLAN Configuration mode to configure the VLAN name. To return to the default configuration, use the no form of this command.
Page 725: Protocol Group
Example The following example configures a VLAN name of office2 for VLAN 2. console(config)#interface vlan 2 console(config-vlan)#name "RDU-NOC Management VLAN" protocol group Use the protocol group command in VLAN Database mode to attach a groupid VLAN ID to the protocol-based group identified by .
Page 726: Protocol Vlan Group
Example The following example displays how to attach the VLAN ID "100" to the protocol-based VLAN group "3." console#vlan database console(config-vlan)#protocol group 3 100 protocol vlan group Use the protocol vlan group command in Interface Configuration mode to add the physical unit/slot/port interface to the protocol-based group groupid identified by .
Page 727: Protocol Vlan Group All
User Guidelines This command has no user guidelines. Example The following example displays how to add a physical port interface to the group ID of "2." console(config-if-1/0/1)#protocol vlan group 2 protocol vlan group all Use the protocol vlan group all command in Global Configuration mode to groupid add all physical interfaces to the protocol-based group identified by A group may have more than one interface associated with it.
Page 728: Show Dvlan-Tunnel
User Guidelines This command has no user guidelines. Example The following example displays how to add all physical interfaces to the protocol-based group identified by group ID "2." console(config)#protocol vlan group all 2 show dvlan-tunnel Use the show dvlan-tunnel command in Privileged EXEC mode to display all interfaces enabled for Double VLAN Tunneling.
Page 729: Show Dvlan-Tunnel Interface
show dvlan-tunnel interface Use the show dvlan-tunnel interface command in Privileged EXEC mode to display detailed information about Double VLAN Tunneling for the specified interface or all interfaces. Syntax unit/slot/port show dvlan-tunnel interface {gigabithethernet unit/slot/port tengigabitethernet | all} • all — Displays information for all interfaces. Default Configuration This command has no default configuration.
Page 730: Show Interfaces Switchport
EtherType This field represents a 2-byte hex EtherType to be used as the first 16 bits of the DVLAN tunnel. The three different EtherType tags are: (1) 802.1Q, which represents the commonly used value of 0x8100. (2) vMAN, which represents the commonly used value of 0x88A8.
Page 731 PVID: 1 (default) Ingress Filtering: Enabled Acceptable Frame Type: All GVRP status: Enabled Protected: Enabled Port 1/0/1 is member in: VLAN Name Egress rule Type ---- --------- ----------- ----- default untagged Default VLAN008 tagged Dynamic VLAN0011 tagged Static IPv6 VLAN untagged Static VLAN0072...
Page 732 The following example displays switchport configuration individually for 1/0/2. console#show interface switchport gigabitethernet 1/0/2 Port 1/0/2: VLAN Membership mode: General Operating parameters: PVID: 4095 (discard vlan) Ingress Filtering: Enabled Acceptable Frame Type: All Port 1/0/1 is member in: VLAN Name Egress rule Type ----...
Page 733 ---- --------- The following example displays switchport configuration individually for 2/0/19. console#show interfaces switchport gigabitethernet 2/0/19 Port 2/0/19: Operating parameters: PVID: 2922 Ingress Filtering: Enabled Acceptable Frame Type: Untagged GVRP status: Disabled Port 2/0/19 is member in: VLAN Name Egress rule Type ---- ---------...
Page 734: Show Port Protocol
2922 Community A1 untagged Static show port protocol Use the show port protocol command in Privileged EXEC mode to display the Protocol-Based VLAN information for either the entire system or for the indicated group. Syntax groupid show port protocol { | all} groupid —...
Page 735: Show Vlan
show vlan Use the show vlan command in Privileged EXEC mode to display detailed information, including interface information and dynamic VLAN type, for a specific VLAN. The ID is a valid VLAN identification number. Syntax vlanid |name vlan-name] show vlan [id Parameter Description Parameter Description...
Page 736: Show Vlan Association Mac
----- --------------- ------------- -------------- VLAN0002 Gi1/0/11-20 Dynamic (DOT1X) console#show vlan id 3 VLAN Name Ports Type ----- --------------- ------------- -------------- VLAN0003 Gi1/0/21-24 Dynamic (GVRP) show vlan association mac Use the show vlan association mac command in Privileged EXEC mode to display the VLAN associated with a specific configured MAC address.
Page 737: Show Vlan Association Subnet
MAC Address VLAN ID ----------------------- ------- 0001.0001.0001.0001 console# show vlan association subnet Use the show vlan association subnet command in Privileged EXEC mode to display the VLAN associated with a specific configured IP-Address and netmask. If no IP Address and net mask are specified, the VLAN associations of all the configured IP-subnets are displayed.
Page 738: Switchport Access Vlan
The IP Subnet to VLAN association does not exist. switchport access vlan Use the switchport access vlan command in Interface Configuration mode to configure the VLAN ID when the interface is in access mode. To reconfigure the default, use the no form of this command. Syntax vlan-id switchport access vlan...
Page 739: Switchport Forbidden Vlan
switchport forbidden vlan Use the switchport forbidden vlan command in Interface Configuration mode to forbid adding specific VLANs to a port. To revert to allowing the addition of specific VLANs to the port, use the remove parameter of this command. Syntax vlan-list vlan-list...
Page 740: Tagged-Only
switchport general acceptable-frame-type tagged-only Use the switchport general acceptable-frame-type tagged-only command in Interface Configuration mode to discard untagged frames at ingress. To enable untagged frames at ingress, use the no form of this command. Syntax switchport general acceptable-frame-type tagged-only no switchport general acceptable-frame-type tagged-only Default Configuration All frame types are accepted at ingress.
Page 741: Switchport General Ingress-Filtering Disable
vlan-list switchport general allowed vlan remove vlan-list — List of VLAN IDs to add. Separate nonconsecutive VLAN • IDs with a comma and no spaces. Use a hyphen to designate a range of IDs. vlan-list — List of VLAN IDs to remove. Separate nonconsecutive remove •...
Page 742: Switchport General Pvid
Syntax switchport general ingress-filtering disable no switchport general ingress-filtering disable Default Configuration Ingress filtering is enabled. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines This command has no user guidelines. Example The following example shows how to enables port ingress filtering on 1/0/8. console(config)#interface gigabitethernet 1/0/8 console(config-if-1/0/8)#switchport general ingress- filtering disable...
Page 743: Switchport Mode
Default Configuration vlan-id The default value for the parameter is 1 when the VLAN is enabled. Otherwise, the value is 4093. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet) mode User Guidelines This command has no user guidelines. Example The following example shows how to configure the PVID for 1/0/8, when the interface is in general mode.
Page 744: Switchport Trunk
Parameter Description trunk A trunk port connects two switches. A trunk port may belong to multiple VLANs. A trunk port accepts only packets tagged with the VLAN IDs of the VLANs to which the trunk is a member or untagged packets if configured with a PVID. A trunk only transmits tagged packets.
Page 745 Parameter Description Parameter Description vlan–list Set the list of allowed VLANs that can receive and send traffic on this interface in tagged format when in trunking mode. The default is all. The vlan–list format is as follows: The vlan-list format is all remove except vlan–atom...
Page 746: Vlan
Example console(config-if-Gi1/0/1)#switchport trunk allowed vlan 1-1024 console(config-if-Gi1/0/1)#switchport trunk allowed vlan except 1,2,3,5,7,11,13 vlan Use the vlan command in VLAN Database mode to configure a VLAN. To delete a VLAN, use the no form of this command. Syntax vlan-range vlan vlan-range no vlan vlan-range —...
Page 747: Vlan (Global Config)
vlan (Global Config) Use the vlan command in Global Configuration mode to configure a VLAN. To delete a VLAN, use the no form of this command. Syntax vlan–id vlan–range vlan { vlan–id vlan–range no vlan { Parameter Description Parameter Description vlan–id A valid VLAN ID.
Page 748: Vlan Association Mac
vlan association mac Use the vlan association mac command in VLAN Database mode to associate a MAC address to a VLAN. The maximum number of MAC-based VLANs is 256. Syntax mac-address vlanid vlan association mac mac-address no vlan association mac mac-address —...
Page 749: Vlan Database
ip-address — Source IP address. (Range: Any valid IP address) • subnet-mask — Subnet mask. (Range: Any valid subnet mask) • vlanid — VLAN to associated with subnet. (Range: 1-4093) • Default Configuration No assigned ip-subnet. Command Mode VLAN Database mode User Guidelines This command has no user guidelines.
Page 750: Vlan Makestatic
Example The following example enters the VLAN database mode. console(config)#vlan database console(config-vlan)# vlan makestatic This command changes a dynamically created VLAN (one that is created by GVRP registration) to a static VLAN (one that is permanently configured and defined). The ID is a valid VLAN identification number. VLAN range is 2- 4093.
Page 751: Vlan Protocol Group
vlan protocol group Use the vlan protocol group command in Global Configuration mode to add protocol-based groups to the system. When a protocol group is created, it is assigned a unique group ID number. The group ID is used to identify the group in subsequent commands.
Page 752: Vlan Protocol Group Add Protocol
vlan protocol group add protocol Use the vlan protocol group add protocol command in Global Configuration mode to add a protocol to the protocol-based VLAN groups identified by groupid . A group may have more than one protocol associated with it. Each interface and protocol combination can be associated with one group only.
Page 753: Vlan Protocol Group Name
console(config)#vlan protocol group add protocol 2 ethertype 0xXXXX vlan protocol group name This is a new command for assigning a group name to vlan protocol group id. Syntax groupid groupName vlan protocol group name groupid no vlan protocol group name groupid —The protocol-based VLAN group ID, which is automatically •...
Page 754: Vlan Routing
Syntax groupid vlan protocol group remove groupid — The protocol-based VLAN group ID, which is automatically • generated when you create a protocol-based VLAN group with the vlan protocol group command. To see the group ID associated with the name of a protocol group, use the show port protocol all command.
Page 755 Parameter Description index Internal interface ID. This optional parameter is listed in the configuration file for all VLAN routing interfaces. When a nonstop forwarding failover occurs, this information enables the system to correlate checkpointed state information with the proper interfaces and their configuration. Default Configuration Routing is not enabled on any VLANs by default.
Page 756 VLAN Commands...
Page 757: Voice Vlan Commands
Voice VLAN Commands The Voice VLAN feature enables switch ports to carry voice traffic with defined priority so as to enable separation of voice and data traffic coming onto the port. Using Voice VLAN ensures that sound quality of an IP phone is safeguarded from deterioration when the data traffic on the port is high.
Page 758: Voice Vlan (Interface)
voice vlan This command is used to enable the voice vlan capability on the switch. Syntax voice vlan no voice vlan Parameter Ranges Not applicable Command Mode Global Configuration Usage Guidelines Not applicable Default Value This feature is disabled by default. Example console(config)#voice vlan console(config)#no voice vlan...
Page 759 Parameter Description Parameter Description auth Enables/disables authentication on the voice vlan port. data Observe the priority on received voice vlan traffic (trusted mode). dot1p Configure Voice VLAN 802.1p priority tagging for voice traffic. dscp Configure DSCP value for voice traffic on the voice vlan port. (Range: 0–64).
Page 760: Voice Vlan Data Priority
console(config-if-Gi1/0/1)#voice vlan untagged voice vlan data priority This command is to either trust or not trust (untrust) the data traffic arriving on the voice VLAN port. Syntax voice vlan data priority { trust | untrust } • trust Trust the dot1p priority or DSCP values contained in packets —...
Page 761 When the interface parameter is specified: Voice VLAN Mode The admin mode of the voice VLAN on the interface. Voice VLAN ID The voice VLAN ID. Voice VLAN Priority The Dot1p priority for the voice VLAN on the port. Voice VLAN The tagging option for the voice VLAN traffic.
Page 762 Voice VLAN Commands...
Page 763: X Commands
802.1x Commands Local Area Networks (LANs) are often deployed in environments that permit the attachment of unauthorized devices. The networks also permit unauthorized users to attempt to access the LAN through existing equipment. In such environments, the administrator may desire to restrict access to the services offered by the LAN.
Page 764: Mac Authentication Bypass
Whenever an operator configures a port in Dot1x authentication mode and selects the authentication method as internal, then the user credentials received from the Dot1x supplicant is validated against the IDAS by Dot1x component. The Dot1x application accesses the Dot1x user database to check whether the user credentials present in the authentication message corresponds to a valid user or not.
Page 765: Guest Vlan
Guest VLAN The Guest VLAN feature allows a PowerConnect switch to provide a distinguished service to unauthenticated users (not rogue users who fail authentication). This feature provides a mechanism to allow visitors and contractors to have network access to reach external network with no ability to surf internal LAN.
Page 766: Radius-Based Dynamic Vlan Assignment
client is authenticated and is undisturbed by the failure condition(s). The reasons for failure are logged and buffered into the local logging database such that the operator can track the failure conditions. RADIUS-based Dynamic VLAN Assignment If VLAN assignment is enabled in the RADIUS server then as part of the response message, the RADIUS server sends the VLAN ID which the client is requested to use in the 802.1x tunnel attributes.
Page 767: Dot1X Dynamic-Vlan Enable
802.1x Advanced Features dot1x guest-vlan dot1x unauth-vlan show dot1x advanced 802.1x Option 81 radius-server attribute 4 dot1x dynamic-vlan enable Use the dot1x dynamic-vlan enable command in Global Configuration mode to enable the capability of creating VLANs dynamically when a RADIUS–assigned VLAN does not exist in the switch. Use the no form of the command to disable this capability.
Page 768: Dot1X Initialize
dot1x initialize This command begins the initialization sequence on the specified port. This command is only valid if the control mode for the specified port is auto or mac-based. If the control mode is not auto or mac-based, an error will be returned.
Page 769: Dot1X Max-Req
Command Mode Interface Configuration (Ethernet) mode User Guidelines There are no user guidelines for this command. Example The following example sets MAC Authentication Bypass on interface 1/2: console(config-if-1/0/2)#dot1x mac-auth-bypass dot1x max-req Use the dot1x max-req command in Interface Configuration mode to set the maximum number of times that the switch sends an Extensible Authentication Protocol (EAP)-request frame (assuming that no response is received) to the client before restarting the authentication process.
Page 770: Dot1X Max-Users
Example The following example sets the number of times that the switch sends an EAP-request/identity frame to 6. console(config)# interface gigabitethernet 1/0/16 console(config-if-1/0/16)# dot1x max-req 6 dot1x max-users Use the dot1x max-users command in Interface Configuration mode to set the maximum number of clients supported on the port when MAC-based 802.1X authentication is enabled on the port.
Page 771: Dot1X Port-Control
console(config-if-1/0/2)#dot1x max-users 3 dot1x port-control Use the dot1x port-control command in Interface Configuration mode to enable the IEEE 802.1X operation on the port. Syntax dot1x port-control {force-authorized | force-unauthorized | auto | mac- based} no dot1x port-control • auto — Enables 802.1x authentication on the interface and causes the port to transition to the authorized or unauthorized state based on the 802.1x authentication exchange between the switch and the client.
Page 772: Dot1X Re-Authenticate
User Guidelines It is recommended that you disable the spanning tree or enable spanning-tree PortFast mode on 802.1x edge ports (ports in auto state that are connected to end stations), in order to go immediately to the forwarding state after successful authentication.
Page 773: Dot1X Reauthentication
console# dot1x re-authenticate gigabitethernet 1/0/16 dot1x reauthentication Use the dot1x reauthentication command in Interface Configuration mode to enable periodic re-authentication of the client. To return to the default setting, use the no form of this command. Syntax dot1x reauthentication no dot1x reauthentication Default Configuration Periodic re-authentication is disabled.
Page 774: Dot1X Timeout Guest-Vlan-Period
Parameter Description This command has no arguments or keywords. Default Configuration Dot1x monitor mode is disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enables 802.1x globally. console(config)# dot1x system-auth-control monitor dot1x timeout guest-vlan-period Use the dot1x timeout guest-vlan-period command in Interface Configuration mode to set the number of seconds that the switch waits...
Page 775: Dot1X Timeout Quiet-Period
User Guidelines It is recommended that the user set the dot1x timeout guest-vlan-period to at least three times the while timer, so that at least three EAP Requests are sent, before assuming that the client is a dot1x unaware client. Example The following example sets the dot1x timeout guest vlan period to 100 seconds.
Page 776: Dot1X Timeout Re-Authperiod
Change the default value of this command only to adjust for unusual circumstances, such as unreliable links or specific behavioral problems with certain clients and authentication servers. To provide a faster response time to the user, enter a smaller number than the default.
Page 777: Dot1X Timeout Server-Timeout
Example The following example sets the number of seconds between re-authentication attempts to 300. console(config)# interface gigabitethernet 1/0/16 console(config-if-1/0/16)# dot1x timeout re- authperiod 300 dot1x timeout server-timeout Use the dot1x timeout server-timeout command in Interface Configuration mode to set the time that the switch waits for a response from the authentication server.
Page 778: Dot1X Timeout Supp-Timeout
console(config-if-1/0/1)# dot1x timeout server- timeout 3600 dot1x timeout supp-timeout Use the dot1x timeout supp-timeout command in Interface Configuration mode to set the time that the switch waits for a response before retransmitting an Extensible Authentication Protocol (EAP)-request frame to the client. To return to the default setting, use the no form of this command. Syntax seconds dot1x timeout supp-timeout...
Page 779: Dot1X Timeout Tx-Period
dot1x timeout tx-period Use the dot1x timeout tx-period command in Interface Configuration mode to set the number of seconds that the switch waits for a response to an Extensible Authentication Protocol (EAP)-request/identity frame from the client before resending the request. To return to the default setting, use the no form of this command.
Page 780: Show Dot1X
show dot1x Use the show dot1x command in Privileged EXEC mode to display: • A summary of the global dot1x configuration. • Summary information of the dot1x configuration for a specified port or all ports. • Detailed dot1x configuration for a specified port •...
Page 781: Show Dot1X Authentication-History
Field Description Monitor Mode Indicates whether the Dot1x Monitor mode on the switch is enabled or disabled. Example console#show dot1x Administrative Mode....Enabled VLAN Assignment Mode.....Disabled Monitor Mode.....Disabled show dot1x authentication-history Use the show dot1x authentication-history command in Privileged EXEC mode to display the dot1x authentication events and information during successful and unsuccessful dot1x authentication processes.
Page 782 Parameter Description Reason Actual reason behind the successful or failure authentication. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example console#show dot1x authentication-history all detail Time Stamp....... Mar 22 2010 01:16:31 Interface........
Page 783: Show Dot1X Clients
console#show dot1x authentication-history gi1/0/1 Time Stamp Interface MAC-Address VLANID Auth Status --------------------- --------- ----------------- ------ ---------- Mar 22 2010 01:16:31 gi1/0/1 00:01:02:03:04:05 111 Authorized Mar 22 2010 01:18:22 gi1/0/1 00:00:00:03:04:05 0 Unauthorized console#show dot1x authentication-history gi1/0/1 failed-auth-only Time Stamp Interface MAC-Address VLANID Auth Status --------------------- --------- ----------------- ------ ---------- Mar 22 2010 01:18:22...
Page 784 User Guidelines The following fields are displayed by this command. Field Description Clients Indicates the number of Dot1x clients authenticated using Authenticated using Monitor mode. Monitor Mode Clients Indicates the number of Dot1x clients authenticated using Authenticated using 802.1x authentication process. Dot1x The following table describes the significant fields shown in the display.
Page 785: Show Dot1X Interface
Clients Authenticated using Dot1x....1 Logical Interface......16 Interface........gi1/0/2 User Name........000102030405 Supp MAC Address....... 00:01:02:03:04:05 Session Time........518 Filter Id........VLAN Id........1 VLAN Assigned........Default Session Timeout........ 0 Session Termination Action..... Default Logical Interface......96 Interface........gi1/0/7 User Name........
Page 786 Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example console#show dot1x interface gigabitethernet 1/0/10 Administrative Mode....Disabled Dynamic VLAN Creation Mode..Disabled Monitor Mode...... Disabled Port Admin Oper...
Page 787: Show Dot1X Statistics
VLAN Assigned........Supplicant Timeout......30 Guest-vlan Timeout......30 Server Timeout (secs)......30 MAB mode (configured)......Disabled MAB mode (operational)......Disabled Authenticator PAE State......Initialize Backend Authentication State....Initialize show dot1x statistics Use the show dot1x statistics command in Privileged EXEC mode to display 802.1x statistics for the specified interface.
Page 788 console#show dot1x statistics gigabitethernet 1/0/2 Port........... 1/0/2 EAPOL Frames Received......0 EAPOL Frames Transmitted....... 0 EAPOL Start Frames Received....0 EAPOL Logoff Frames Received....0 Last EAPOL Frame Version....... 0 Last EAPOL Frame Source......0000.0000.0000 EAP Response/Id Frames Received....0 EAP Response Frames Received....
Page 789: Show Dot1X Users
Field Description EapolRespFramesRx The number of valid EAP Response frames (other than Resp/Id frames) that have been received by this Authenticator. EapolReqIdFramesTx The number of EAP Req/Id frames that have been transmitted by this Authenticator. EapolReqFramesTx The number of EAP Request frames (other than Rq/Id frames) that have been transmitted by this Authenticator.
Page 790: Clear Dot1X Authentication–History
User Guidelines This command has no user guidelines. Example The following example displays 802.1x users. console#show dot1x users Port Username --------- --------- 1/0/1 1/0/2 John Switch# show dot1x users username Bob Port Username --------- --------- 1/0/1 The following table describes the significant fields shown in the display: Field Description Username...
Page 791: Dot1X Guest-Vlan
Parameter Description Parameter Description interface–id Any valid interface. See Interface Naming Conventions for interface representation. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example console#clear dot1x authentication-history Purge all entries from the log.
Page 792: Dot1X Unauth-Vlan
no dot1x guest-vlan vlan-id — The ID of a valid VLAN to use as the guest VLAN (Range: 0- • 4093). Default Configuration The guest VLAN is disabled on the interface by default. Command Mode Interface Configuration (Ethernet) mode User Guidelines Configure the guest VLAN before using this command.
Page 793: Show Dot1X Advanced
User Guidelines Configure the unauthenticated VLAN before using this command. Example The following example set the unauthenticated VLAN on port 1/0/2 to VLAN console(config-if-1/0/2)#dot1x unauth-vlan 20 show dot1x advanced Use the show dot1x advanced command in Privileged EXEC mode to display 802.1x advanced features for the switch or for the specified interface.
Page 794: Radius-Server Attribute 4
VLAN Vlan --------- --------- --------------- 1/0/1 Disabled Disabled 1/0/2 1/0/3 Disabled Disabled 1/0/4 Disabled Disabled 1/0/5 Disabled Disabled 1/0/6 Disabled Disabled console#show dot1x advanced gigabitethernet 1/0/2 Port Guest Unauthenticated VLAN Vlan --------- --------- --------------- 1/0/2 802.1x Option 81 radius-server attribute 4 Use the radius-server attribute 4 command in Global Configuration mode to set the network access server (NAS) IP address for the RADIUS server.
Page 795 Default Configuration If a RADIUS server has been configured on the switch, the default attribute 4 value is the RADIUS server IP address. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example sets the NAS IP address in RADIUS attribute 4 to 192.168.10.22.
Page 796 802.1x Commands...
Page 797: Layer 3 Commands
Layer 3 Commands The chapters that follow describe commands that conform to the OSI model’s Network Layer (Layer 3). Layer 3 commands perform a series of exchanges over various data links to deliver data between any two nodes in a network.
Page 798 Layer 3 Commands...
Page 799: Arp Commands
ARP Commands When a host has an IP packet to send on an Ethernet network, it must encapsulate the IP packet in an Ethernet frame. The Ethernet header requires a destination MAC address. If the destination IP address is on the same network as the sender, the sender uses the Address Resolution Protocol (ARP) to determine the MAC address associated with destination IP address.
Page 800: Arp Aging
ARP Aging Dynamic entries in the ARP cache are aged. When an entry for a neighbor router reaches its maximum age, the system sends an ARP request to the neighbor router to renew the entry. Entries for neighbor routers should remain in the ARP cache as long as the neighbor continues to respond to ARP requests.
Page 801: Arp Cachesize
Syntax ip-address hardware-address ip-address no arp ip-address — IP address of a device on a subnet attached to an existing • routing interface. hardware-address — A unicast MAC address for that device. • Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines...
Page 802: Arp Dynamicrenew
Default Configuration The default integer value is 896. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example defines an arp cachesize of 500. console(config)#arp cachesize 500 arp dynamicrenew Use the arp dynamicrenew command in Global Configuration mode to enable the ARP component to automatically renew dynamic ARP entries when they age out.
Page 803: Arp Purge
entry is reset to 0 without removing the entry from the hardware. Traffic to the host continues to be forwarded in hardware without interruption. If the entry is not being used to forward data packets, then the entry is deleted from the ARP cache, unless the dynamic renew option is enabled.
Page 804: Arp Resptime
Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example removes the specified IP address from arp cache. console#arp purge 192.168.1.10 arp resptime Use the arp resptime command in Global Configuration mode to configure the ARP request response timeout.
Page 805: Arp Retries
arp retries Use the arp retries command in Global Configuration mode to configure the ARP count of maximum requests for retries. To return to the default value, use the no form of this command. Syntax integer arp retries no arp retries integer —...
Page 806: Clear Arp-Cache
Default Configuration The default value is 1200 seconds. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example defines 900 seconds as the timeout. console(config)#arp timeout 900 clear arp-cache Use the clear arp-cache command in Privileged EXEC mode to remove all ARP entries of type dynamic from the ARP cache.
Page 807: Clear Arp-Cache Management
console#clear arp-cache gateway clear arp-cache management Use the clear arp-cache management command to clear all entries that show as management arp entries in the show arp command. Syntax clear arp-cache management Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines.
Page 808: Ip Local-Proxy-Arp
IP Address MAC Address Interface Type --------------- ----------------- -------------- -------- ----------- 10.27.20.241 001A.A0FF.F662 Management Dynamic n/a 10.27.20.243 0019.B9D1.29A3 Management Dynamic n/a console#clear arp-cache management ip local-proxy-arp Use the ip local proxy-arp command in Interface Configuration mode to enable proxying of ARP requests. This allows the switch to respond to ARP requests within a subnet where routing is not enabled.
Page 809: Show Arp
next hops in its route to the destination are through interfaces other than the interface that received the ARP request. Use the no form of the command to disable proxy ARP on a router interface. Syntax ip proxy-arp no ip proxy-arp Default Configuration Enabled is the default configuration.
Page 810 Default Configuration This command has no default configuration. Command Mode User EXEC and Privileged EXEC modes User Guidelines This command has no user guidelines. Example The following example shows show arp command output. console#show arp Age Time (seconds)......1200 Response Time (seconds)......1 Retries........
Page 811: Commands
DHCP Server and Relay Agent Commands DHCP is based on the Bootstrap Protocol (BOOTP). It also captures the behavior of BOOTP relay agents and DHCP participants can inter operate with BOOTP participants. The host RFC’s standardize the configuration parameters which can be supplied by the DHCP server to the client.
Page 812: Ip Dhcp Pool
• Internet access cost is greatly reduced by using automatic assignment as Static IP addresses are considerably more expensive to purchase than are automatically allocated IP addresses. • Using DHCP a centralized management policy can be implemented as the DHCP server keeps information about all the subnets. This allows a system operator to update a single server when configuration changes take place.
Page 813 Syntax pool-name ip dhcp pool [ pool-name no ip dhcp pool [ Parameter Description Parameter Description pool-name The name of an existing or new DHCP address pool. The pool name can be up to 31 characters in length and can contain the following characters: a-z, A-Z, 0-9, ’-’, ’_’, ’...
Page 814 • Client DNS server – dns-server • NetBIOS WINS Server – netbios-name-server • NetBIOS Node Type – netbios-node-type • Client default router – default-router • Client address lease time – lease Administrators may also configure manual bindings for clients using the in DHCP Pool Configuration mode.
Page 815: Bootfile
console(config-dhcp-pool)#network 192.168.21.0 /24 console(config-dhcp-pool)#domain-name power- connect.com console(config-dhcp-pool)#dns-server 192.168.22.3 192.168.23.3 console(config-dhcp-pool)#netbios-name-server 192.168.22.2 192.168.23.2 console(config-dhcp-pool)#netbios-node-type h-node console(config-dhcp-pool)#lease 2 12 console(config-dhcp-pool)#default-router 192.168.22.1 192.168.23.1 bootfile Use the bootfile command in DHCP Pool Configuration mode to set the name of the image for the DHCP client to load. Use the no form of the command to remove the bootfile configuration.
Page 816: Clear Ip Dhcp Binding
User Guidelines This command has no user guidelines. Example console(config-dhcp-pool)#bootfile ntldr clear ip dhcp binding Use the clear ip dhcp binding command in Privileged EXEC mode to remove automatic DHCP server bindings. Syntax clear ip dhcp binding {ip-address | *} Parameter Description Parameter Description...
Page 817: Clear Ip Dhcp Conflict
clear ip dhcp conflict Use the clear ip dhcp conflict command in Privileged EXEC mode to remove DHCP server address conflicts. Use the show ip dhcp conflict command to display address conflicts detected by the DHCP server. Syntax clear ip dhcp conflict {ip-address | *} Parameter Description Parameter Description...
Page 818: Client-Name
no client-identifier Parameter Description Parameter Description unique-identifier The identifier of the Microsoft DHCP client. The client identifier is specified as 7 bytes of the form XX:XX:XX:XX:XX:XX:XX where X is a hexadecimal digit. Default Configuration This command has no default configuration. Command Mode DHCP Pool Configuration mode User Guidelines...
Page 819: Default-Router
no client-name Parameter Description Parameter Description name The name of the DHCP client. The client name is specified as up to 31 printable characters. Default Configuration There is no default client name. Command Mode DHCP Pool Configuration mode User Guidelines Use the show ip dhcp pool command to display pool configuration parameters.
Page 820: Dns-Server (Ip Dhcp Pool Config)
no default-router Parameter Description Parameter Description ip-address1 The IPv4 address of the first default router for the DHCP client. ip-address2 The IPv4 address of the second default router for the DHCP client. Default Configuration No default router is configured. Command Mode DHCP Pool Configuration mode User Guidelines This command has no user guidelines.
Page 821: Domain-Name (Ip Dhcp Pool Config)
Parameter Description Parameter Description ip-address1 Valid IPv4 address. Default Configuration This command has no default configuration. Command Mode IP DHCP Pool Configuration mode User Guidelines This command has no user guidelines. domain-name (IP DHCP Pool Config) Use the domain-name command in IP DHCP Pool Configuration mode to set the DNS domain name which is provided to a DHCP client by the DHCP server.
Page 822: Hardware-Address
hardware-address Use the hardware-address command in DHCP Pool Configuration mode to specify the MAC address of a client to be manually assigned an address. Use the no form of the command to remove the MAC address assignment. Syntax hardware-address hardware-address no hardware-address Parameter Description Parameter...
Page 823: Host
host Use the host command in DHCP Pool Configuration mode to specify a manual binding for a DHCP client host. Use the no form of the command to remove the manual binding. Syntax host ip-address [netmask|prefix-length] no host Parameter Description Parameter Description ip-address...
Page 824: Ip Dhcp Bootp Automatic
ip dhcp bootp automatic Use the ip dhcp bootp automatic command in Global Configuration mode to enable automatic BOOTP address assignment. By default, BOOTP clients are not automatically assigned addresses, although they may be assigned a static address. Use the no form of the command to disable automatic BOOTP client address assignment.
Page 825: Ip Dhcp Excluded-Address
no ip dhcp conflict logging Parameter Description This command does not require a parameter description. Default Configuration Conflict logging is enabled by default. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example console#ip dhcp conflict logging ip dhcp excluded-address Use the ip dhcp excluded-address command in Global Configuration mode to exclude one or more DHCP addresses from automatic assignment.
Page 826: Ip Dhcp Ping Packets
Parameter Description High-address An IPv4 address indicating the ending range for exclusion from automatic DHCP address assignment. The high-address must be numerically greater than the low-address. Default Configuration By default, no IP addresses are excluded from the lists configured by the IP DHCP pool configuration.
Page 827: Lease
Parameter Description Parameter Description count The number of ping packets sent to detect an address in use. The default is 2 packets. Range 0, 2-10. A value of 0 turns off address detection. Use the no form of the command to return the setting to the default value.
Page 828: Netbios-Name-Server
Parameter Description Parameter Description days The number of days for the lease duration. Range 0-59. Default is 1. hours The number of hours for the lease duration. Range 0-23. There is no default. minutes The number of minutes for the lease duration. Range 0-59. There is no default.
Page 829: Netbios-Node-Type
Parameter Description Parameter Description ip-address IPv4 address Default Configuration There is no default name server configured. Command Mode DHCP Pool Configuration mode User Guidelines Use the show ip dhcp pool command to display pool configuration parameters. Up to eight name server addresses may be specified. The NetBIOS WINS information is conveyed in the Option 44 TLV of the DHCP OFFER, DCHP ACK, DHCP INFORM ACK and DHCP BOOTREPLY messages.
Page 830: Network
Parameter Description Parameter Description type The NetBIOS node type can be b-node, h-node, m-node or p- node. Default Configuration There is no default NetBIOS node type configured. Command Mode DHCP Pool Configuration mode User Guidelines Use the show ip dhcp pool command to display pool configuration parameters.
Page 831: Next-Server
Parameter Description Parameter Description network-number A valid IPv4 address mask A valid IPv4 network mask with contiguous left-aligned bits. prefix-length An integer indicating the number of leftmost bits in the network-number to use as a prefix for allocating cells. Default Configuration This command has no default configuration.
Page 832: Option
User Guidelines Use the show ip dhcp pool command to display pool configuration parameters. The IPv4 address is conveyed in the SIADDR field of the DHCP OFFER, DHCP ACK, DHCP INFORM ACK and DHCP BOOTREPLY messages. Example console(config-dhcp-pool)#next-server 192.168.21.2 option Use the option command in DHCP Pool Configuration mode to supply arbitrary configuration information to a DHCP client.
Page 833 Command Mode DHCP Pool Configuration mode User Guidelines The option information must match the selected option type and length. Options cannot be longer than 255 characters in length. The option information is conveyed in the TLV specified by the code parameter in the DHCP OFFER, DHCP ACK, DHCP INFORM ACK and DHCP BOOTREPLY messages.
Page 834 (continued) Figure 41-1. Option Codes and Lengths Option Code Fixed Length Minimum Length Multiple Of 21 (Policy Filter) – 22 (Max Datagram – – Reassembly) 23 (IP TTL) – – 24 (Path MTU Aging) – – 25 (Path MTU Plateau) –...
Page 835 (continued) Figure 41-1. Option Codes and Lengths Option Code Fixed Length Minimum Length Multiple Of 42 (NTP Servers) – 43 (Vendor Specific – – Information) 45 (NetBIOS Datagram – Distribution) 47 (Netbois Scope) – – 48 (X-Windows Font – Server) 49 (X-Windows Display –...
Page 836: Service Dhcp
Example console(config-dhcp-pool)#option 4 ascii "ntpservice.com " console(config-dhcp-pool)#option 42 ip 192.168.21.1 console(config-dhcp-pool)#option 29 hex 01 console(config-dhcp-pool)#option 59 hex 00 00 10 01 console(config-dhcp-pool)#option 25 hex 01 ff service dhcp Use the service dhcp command in Global Configuration mode to enable local IPv4 DHCP server on the switch.
Page 837: Show Ip Dhcp Binding
Syntax ip-address sntp no sntp Parameter Description Parameter Description ip-address The IPv4 address of the NTP server to use for time services. Default Configuration There is no default IPv4 NTP server configured. Command Mode DHCP Pool Configuration mode User Guidelines Use the show ip dhcp pool command to display pool configuration parameters.
Page 838: Show Ip Dhcp Conflict
Parameter Description Parameter Description address A valid IPv4 address Default Configuration The command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. show ip dhcp conflict Use the show ip dhcp conflict command in User EXEC mode to display DHCP address conflicts for all relevant interfaces or a specified interface.
Page 839: Show Ip Dhcp Global Configuration
User Guidelines This command has no user guidelines. show ip dhcp global configuration Use the show ip dhcp global configuration command in Privileged EXEC mode to display the DHCP global configuration. Syntax show ip dhcp server statistics Parameter Description This command does not require a parameter description. Default Configuration This command has no default configuration.
Page 840: Show Ip Dhcp Server Statistics
Parameter Description Parameter Description poolname Name of the pool. (Range: 1-32 characters) Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC modes User Guidelines This command has no user guidelines. show ip dhcp server statistics Use the show ip dhcp server statistics command in Privileged EXEC mode to display the DHCP server binding and message counters.
Page 841 Example console#show ip dhcp server statistics Automatic Bindings......100 Expired Bindings....... 32 Malformed Bindings......0 Messages Received ---------- ---------- DHCP DISCOVER........132 DHCP REQUEST........132 DHCP DECLINE........0 DHCP RELEASE........32 DHCP INFORM........0 Messages Sent ---------- ------ DHCP OFFER........132 DHCP ACK........
Page 842 DHCP Server and Relay Agent Commands...
Page 843: Dhcpv6 Commands
DHCPv6 Commands This chapter explains the following commands: clear ipv6 dhcp service dhcpv6 dns-server (IPv6 DHCP Pool Config) show ipv6 dhcp domain-name (IPv6 DHCP Pool Config) show ipv6 dhcp binding ipv6 dhcp pool show ipv6 dhcp interface (User EXEC) ipv6 dhcp relay show ipv6 dhcp interface (Privileged EXEC) ipv6 dhcp server...
Page 844: Dns-Server (Ipv6 Dhcp Pool Config)
FILE LOCATION: C:\My Documents\ActiveProjects\2CSPC7000-SWUM400 Dell Zeiss CLI Guide\working\DHCPv6.fm Examples The following examples clears DHCPv6 statistics for VLAN 11. console#clear ipv6 dhcp interface vlan 11 statistics\ dns-server (IPv6 DHCP Pool Config) Use the dns-server command in IPv6 DHCP Pool Configuration mode to set the IPv6 DNS server address which is provided to a DHCPv6 client by the DHCPv6 server.
Page 845: Ipv6 Dhcp Pool
FILE LOCATION: C:\My Documents\ActiveProjects\2CSPC7000-SWUM400 Dell Zeiss CLI Guide\working\DHCPv6.fm Syntax domain domain-name domain no domain-name domain — DHCPv6 domain name. (Range: 1–255 characters) • Default Configuration This command has no default configuration. Command Mode IPv6 DHCP Pool Configuration mode User Guidelines...
Page 846: Ipv6 Dhcp Relay
FILE LOCATION: C:\My Documents\ActiveProjects\2CSPC7000-SWUM400 Dell Zeiss CLI Guide\working\DHCPv6.fm pool-name — DHCPv6 pool name. (Range: 1-31 characters) • Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enters IPv6 DHCP Pool Configuration mode.
Page 847: Ipv6 Dhcp Server
FILE LOCATION: C:\My Documents\ActiveProjects\2CSPC7000-SWUM400 Dell Zeiss CLI Guide\working\DHCPv6.fm Default Configuration This command has no default configuration. Command Mode Interface Configuration (VLAN, Tunnel) mode User Guidelines relay-address relay-interface is an IPv6 global address, then is not required. relay-address relay-interface is a link-local or multicast address, then relay-address required.
Page 848: Prefix-Delegation
FILE LOCATION: C:\My Documents\ActiveProjects\2CSPC7000-SWUM400 Dell Zeiss CLI Guide\working\DHCPv6.fm • rapid-commit — Is an option that allows for an abbreviated exchange between the client and server. pref-value — Preference value • used by clients to determine preference — between multiple DHCPv6 servers. (Range: 0-4294967295) Default Configuration The default preference value is 20.
Page 849 FILE LOCATION: C:\My Documents\ActiveProjects\2CSPC7000-SWUM400 Dell Zeiss CLI Guide\working\DHCPv6.fm Parameter Description Parameter Description prefix/prefix-length Delegated IPv6 prefix. client-DUID Client DUID (e.g. 00:01:00:09:f8:79:4e:00:04:76:73:43:76'). hostname Client hostname used for logging and tracing. (Range: 0-31 characters.) The command allows spaces in the host name when specified in double quotes.
Page 850: Service Dhcpv6
FILE LOCATION: C:\My Documents\ActiveProjects\2CSPC7000-SWUM400 Dell Zeiss CLI Guide\working\DHCPv6.fm The following example defines a unique local address prefix with the MAC address 00:1D:BA:06:37:64 converted to EUI-64 format and a preferred lifetime of 5 days. console(config-dhcp6s-pool)#prefix-delegation fc00::/7 00:1D:BA:FF:FE:06:37:64 preferred-lifetime 43200 service dhcpv6 Use the service dhcpv6 command in Global Configuration mode to enable local IPv6 DHCP server on the switch.
Page 851: Show Ipv6 Dhcp
FILE LOCATION: C:\My Documents\ActiveProjects\2CSPC7000-SWUM400 Dell Zeiss CLI Guide\working\DHCPv6.fm show ipv6 dhcp Use the show ipv6 dhcp command in Privileged EXEC mode to display the DHCPv6 server name and status. Syntax show ipv6 dhcp Syntax Description This command has no arguments or keywords.
Page 852: Show Ipv6 Dhcp Interface (User Exec)
FILE LOCATION: C:\My Documents\ActiveProjects\2CSPC7000-SWUM400 Dell Zeiss CLI Guide\working\DHCPv6.fm Default Configuration This command has no default configuration. Command Mode Privileged EXEC and User EXEC modes User Guidelines This command has no user guidelines. Example The following example displays the configured DHCP pool based on the entered IPv6 address.
Page 853 FILE LOCATION: C:\My Documents\ActiveProjects\2CSPC7000-SWUM400 Dell Zeiss CLI Guide\working\DHCPv6.fm Command Mode User EXEC, Privileged EXEC modes User Guidelines Statistics are shown depending on the interface mode (relay, server, or client). Examples The following examples display DHCPv6 information for VLAN 11 when configured in relay mode.
Page 854: Show Ipv6 Dhcp Interface (Privileged Exec)
FILE LOCATION: C:\My Documents\ActiveProjects\2CSPC7000-SWUM400 Dell Zeiss CLI Guide\working\DHCPv6.fm DHCPv6 Malformed Packets Received....0 Received DHCPv6 Packets Discarded....0 Total DHCPv6 Packets Received....0 DHCPv6 Advertisement Packets Transmitted..0 DHCPv6 Reply Packets Transmitted....0 DHCPv6 Reconfig Packets Transmitted.... 0 DHCPv6 Relay-reply Packets Transmitted..0 DHCPv6 Relay-forward Packets Transmitted..
Page 855 FILE LOCATION: C:\My Documents\ActiveProjects\2CSPC7000-SWUM400 Dell Zeiss CLI Guide\working\DHCPv6.fm User Guidelines This command shows the DHCP status. Information displayed depends on the mode. The command output provides the following information for an interface configured in client mode. Not all fields will be shown for an inactive client.
Page 856 FILE LOCATION: C:\My Documents\ActiveProjects\2CSPC7000-SWUM400 Dell Zeiss CLI Guide\working\DHCPv6.fm Example The following example shows the output from this command when the device has leased an IPv6 address from the DHCPv6 server on interface 1/0/1. NOTE: Note that the interface is in client mode.
Page 857: Show Ipv6 Dhcp Pool
FILE LOCATION: C:\My Documents\ActiveProjects\2CSPC7000-SWUM400 Dell Zeiss CLI Guide\working\DHCPv6.fm DHCPv6 Solicit Packets Received....0 DHCPv6 Request Packets Received....0 DHCPv6 Confirm Packets Received....0 DHCPv6 Renew Packets Received....0 DHCPv6 Rebind Packets Received....0 DHCPv6 Release Packets Received....0 DHCPv6 Decline Packets Received....0 DHCPv6 Inform Packets Received....
Page 858: Show Ipv6 Dhcp Statistics
FILE LOCATION: C:\My Documents\ActiveProjects\2CSPC7000-SWUM400 Dell Zeiss CLI Guide\working\DHCPv6.fm Syntax poolname show ipv6 dhcp pool poolname — Name of the pool. (Range: 1-32 characters) • Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC modes User Guidelines This command has no user guidelines.
Page 859 FILE LOCATION: C:\My Documents\ActiveProjects\2CSPC7000-SWUM400 Dell Zeiss CLI Guide\working\DHCPv6.fm Example The following example displays the DHCPv6 server name and status. console> show ipv6 dhcp statistics DHCPv6 Interface Global Statistics ------------------------------------ DHCPv6 Solicit Packets Received....0 DHCPv6 Request Packets Received....0 DHCPv6 Confirm Packets Received....0 DHCPv6 Renew Packets Received....
Page 860 FILE LOCATION: C:\My Documents\ActiveProjects\2CSPC7000-SWUM400 Dell Zeiss CLI Guide\working\DHCPv6.fm D E L L C O N F I D E N T I A L – P R E L I M I N A R Y 3 / 1 0 / 1 1 - F O R P R O O F O N LY...
Page 861: Dvmrp Commands
DVMRP Commands Distance Vector Multicast Routing Protocol (DVMRP) is a dense mode multicast protocol and is most appropriate for use in networks where bandwidth is relatively plentiful and there is at least one multicast group member in each subnet. DVMRP assumes that all hosts are part of a multicast group until it is informed of multicast group changes.
Page 862: Ip Dvmrp Metric
Default Configuration Disabled is the default configuration. Command Mode Global Configuration Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example sets VLAN 15’s administrative mode of DVMRP to active. console(config)#interface vlan 15 console(config-if-vlan15)#ip dvmrp ip dvmrp metric Use the ip dvmrp metric command in Interface Configuration mode to configure the metric for an interface.
Page 863: Show Ip Dvmrp
User Guidelines This command has no user guidelines. Example The following example configures a metric of 5 for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ip dvmrp metric 5 show ip dvmrp Use the show ip dvmrp command in Privileged EXEC mode to display the system-wide information for DVMRP .
Page 864: Show Ip Dvmrp Interface
DVMRP INTERFACE STATUS Interface Interface Mode Protocol State --------- -------------- -------------- show ip dvmrp interface Use the show ip dvmrp interface command in Privileged EXEC mode to display the interface information for DVMRP on the specified interface. Syntax vlan-id show ip dvmrp interface vlan vlan-id —...
Page 865: Show Ip Dvmrp Nexthop
Default Configuration This command has no default condition. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays the neighbor information for DVMRP . console(config)#show ip dvmrp neighbor No neighbors available. show ip dvmrp nexthop Use the show ip dvmrp nexthop command in Privileged EXEC mode to display the next hop information on outgoing interfaces for routing multicast datagrams.
Page 866: Show Ip Dvmrp Prune
Example The following example displays the next hop information on outgoing interfaces for routing multicast datagrams. console(config)#show ip dvmrp nexthop Next Hop Source IP Source Mask Interface Type -------------- -------------- --------- ------ show ip dvmrp prune Use the show ip dvmrp prune command in Privileged EXEC mode to display the table that lists the router’s upstream prune information.
Page 867: Show Ip Dvmrp Route
show ip dvmrp route Use the show ip dvmrp route command in Privileged EXEC mode to display the multicast routing information for DVMRP. Syntax show ip dvmrp route Default Configuration This command has no default condition. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines.
Page 868 DVMRP Commands...
Page 869: Gmrp Commands
GMRP Commands The GARP Multicast Registration Protocol provides a mechanism that allows networking devices to dynamically register (and de-register) Group membership information with the MAC networking devices attached to the same segment, and for that information to be disseminated across all networking devices in the bridged LAN that support Extended Filtering Services.
Page 870: Gmrp Enable
The registration and de-registration of membership results in the multicast table being updated with a new entry or the existing entry modified. This ensures that the networking device receives multicast frames from all ports but forwards them through only those ports for which GMRP has created Group registration entry (for that multicast address).
Page 871: Show Gmrp Configuration
Example In this example, GMRP is globally enabled. console(config)#gmrp enable show gmrp configuration Use the show gmrp configuration command in Global Configuration mode and Interface Configuration mode to display GMRP configuration. Syntax show gmrp configuration Parameter Description This command does not require a parameter description. Default Configuration GMRP is disabled by default.
Page 872 Gi1/0/2 1000 Disabled Gi1/0/3 1000 Disabled Gi1/0/4 1000 Disabled Gi1/0/5 1000 Disabled Gi1/0/6 1000 Disabled GMRP Commands...
Page 873: Igmp Commands
IGMP Commands Internet Group Management Protocol (IGMP) is the multicast group membership discovery protocol used for IPv4 multicast groups. Three versions of IGMP exist. Versions one and two are widely deployed. Since IGMP is used between end systems (often desktops) and the multicast router, the version of IGMP required depends on the end-user operating system being supported.
Page 874: Commands In This Chapter
IGMPv2 introduced a Leave Group message, which is sent by a host when it leaves a multicast group for which it was the last host to send an IGMP Report message. Receipt of this message causes the Querier possibly to reduce the remaining lifetime of its state for the group, and to send a group- specific IGMP Query message to the multicast group.The Leave Group message is not used with IGMPv3, since the source address filtering...
Page 875: Ip Igmp Last-Member-Query-Count
ip igmp Use the ip igmp command in Global Configuration mode to set the administrative mode of IGMP in the system to active. IGMP only operates over VLAN interfaces. Syntax ip igmp no ip igmp Default Configuration Disabled is the default state. Command Mode Global Configuration mode User Guidelines...
Page 876: Ip Igmp Last-Member-Query-Interval
Default Configuration The default last member query count is 2. Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example sets 10 as the number of VLAN 2 Group-Specific Queries. console#configure console(config)#interface vlan 2 console(config-if-vlan2)#ip igmp last-member-query- count 10 console(config-if-vlan2)#no ip igmp last-member-...
Page 877: Ip Igmp Query-Interval
Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example configures 2 seconds as the Maximum Response Time inserted in VLAN 15’s Group-Specific Queries. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp last-member-query- interval 20 ip igmp query-interval Use the ip igmp query-interval command in Interface Configuration mode to configure the query interval for the specified interface.
Page 878: Ip Igmp Query-Max-Response-Time
Example The following example configures a 10-second query interval for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp query-interval 10 ip igmp query-max-response-time Use the ip igmp query-max-response-time command in Internet Configuration mode to configure the maximum response time interval for the specified interface.
Page 879: Ip Igmp Robustness
ip igmp robustness Use the ip igmp robustness command in Interface Configuration mode to configure the robustness that allows tuning of the interface, that is, tuning for the expected packet loss on a subnet. If a subnet is expected to have significant loss, the robustness variable may be increased for the interface.
Page 880: Ip Igmp Startup-Query-Interval
no ip igmp startup-query-count count — The number of startup queries. (Range: 1-20) • Default Configuration The default count value is 2. Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example sets for VLAN 15 the number of queries sent out on startup at 10.
Page 881: Ip Igmp Version
Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example sets at 10 seconds the interval between general queries sent at startup for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp startup-query- interval 10 ip igmp version Use the ip igmp version command in Interface Configuration mode to configure the version of IGMP for an interface.
Page 882: Show Ip Igmp
console(config-if-vlan15)#ip igmp version 2 show ip igmp Use the show ip igmp command in Privileged EXEC mode to display system- wide IGMP information. Syntax show ip igmp Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines.
Page 883: Show Ip Igmp Groups
show ip igmp groups Use the show ip igmp groups command in User EXEC or Privileged EXEC modes to display the registered multicast groups on the interface. If detail is specified, this command displays the registered multicast groups on the interface in detail.
Page 884: Show Ip Igmp Interface
show ip igmp interface Use the show ip igmp interface command in Privileged EXEC mode to display the IGMP information for the specified interface. Syntax show ip igmp interface [interface-type interface-number] Syntax Description Parameter Description interface-type Interface type of VLAN and a valid VLAN ID. interface-number Default Configuration This command has no default configuration.
Page 885: Show Ip Igmp Membership
Startup Query Interval (secs) ....31 Startup Query Count......2 Last Member Query Interval (1/10 of a second).. 10 Last Member Query Count......2 show ip igmp membership Use the show ip igmp membership command in Privileged EXEC mode to display the list of interfaces that have registered in the multicast group.
Page 886: Show Ip Igmp Interface Stats
show ip igmp interface stats Use the show ip igmp interface stats command in User EXEC mode to display the IGMP statistical information for the interface. The statistics are only displayed when the interface is enabled for IGMP . Syntax vlan-id show ip igmp interface stats vlan vlan-id —...
Page 887: Ip Igmp Router-Alert-Optional
ip igmp router-alert-optional Use the ip igmp router-alert-optional command to set IGMP to not require the Router-Alert field. Syntax ip igmp router-alert-optional no ip igmp router-alert-optional Default Value The Router-Alert field is not required by default. Command Mode Global Configuration Usage Guidelines No specific guidelines Example...
Page 888 IGMP Commands...
Page 889: Igmp Proxy Commands
IGMP Proxy Commands IGMP Proxy is used by the router on IPv4 systems to enable the system to issue IGMP host messages on behalf of hosts that the system discovered through standard IGMP router interfaces, thus acting as proxy to all its hosts residing on its router interfaces.
Page 890: Ip Igmp-Proxy Reset-Status
Default Configuration Disabled is the default configuration. Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example enables the IGMP Proxy on the VLAN 15 router. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp-proxy ip igmp-proxy reset-status Use the ip igmp-proxy reset-status command in Interface Configuration mode to reset the host interface status parameters of the IGMP Proxy router.
Page 891: Ip Igmp-Proxy Unsolicited-Report-Interval
Example The following example resets the host interface status parameters of the IGMP Proxy router. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp-proxy reset-status ip igmp-proxy unsolicited-report-interval Use the ip igmp-proxy unsolicited-report-interval command in Interface Configuration mode to set the unsolicited report interval for the IGMP Proxy router.
Page 892: Show Ip Igmp-Proxy
show ip igmp-proxy Use the show ip igmp-proxy command in Privileged EXEC mode to display a summary of the host interface status parameters. It displays status parameters only when IGMP Proxy is enabled. Syntax show ip igmp-proxy Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines...
Page 893: Show Ip Igmp-Proxy Interface
Proxy Start Frequency......1 show ip igmp-proxy interface Use the show ip igmp-proxy interface command in Privileged EXEC mode to display a detailed list of the host interface status parameters. It displays status parameters only when IGMP Proxy is enabled. Syntax show ip igmp-proxy interface Default Configuration...
Page 894: Show Ip Igmp-Proxy Groups
show ip igmp-proxy groups Use the show ip igmp-proxy groups command in Privileged EXEC mode to display a table of information about multicast groups that IGMP Proxy reported. It displays status parameters only when IGMP Proxy is enabled. Syntax show ip igmp-proxy groups Default Configuration This command has no default configuration.
Page 895 Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays complete information about multicast groups that IGMP Proxy has reported. console#show ip igmp-proxy groups detail Interface Index........
Page 896 IGMP Proxy Commands...
Page 897: Ip Helper/Dhcp Relay Commands
IP Helper/DHCP Relay Commands The IP Helper feature provides the ability for a router to forward configured UDP broadcast packets to a particular IP address. This allows applications to reach servers on non-local subnets. This is possible even when the application is designed to assume a server is always on a local subnet or when the application uses broadcast packets to reach the server (with the limited broadcast address 255.255.255.255, or a network directed broadcast address).
Page 898 Protocol UDP Port Number NetBIOS Name Server NetBIOS Datagram Server TACACS Server Time Service DHCP Trivial File Transfer Protocol Certain preexisting configurable DHCP relay options do not apply to relay of other protocols. These options are unchanged. The user may optionally set a DHCP maximum hop count or minimum wait time.
Page 899: Bootpdhcprelay Maxhopcount
• The protocol field in the IP header must be UDP (17). • The destination UDP port must match a configured relay entry. DHCP relay cannot be enabled and disabled globally. IP helper can be enabled or disabled globally. Enabling IP helper enables DHCP relay. Commands in this Chapter This chapter explains the following commands: bootpdhcprelay maxhopcount...
Page 900: Bootpdhcprelay Minwaittime
Command Mode Global Configuration mode User Guidelines Enable DHCP Relay using the ip helper enable command. Example The following example defines a maximum hopcount of 6. console(config)#bootpdhcprelay maxhopcount 6 bootpdhcprelay minwaittime Use the bootpdhcprelay minwaittime command in Global Configuration mode to configure the minimum wait time in seconds for BootP/DHCP Relay on the system.
Page 901: Clear Ip Helper Statistics
Example The following example defines a minimum wait time of 10 seconds. console(config)#bootpdhcprelay minwaittime 10 clear ip helper statistics Use the clear ip helper statistics command to reset to 0 the statistics displayed in show ip helper statistics. Syntax clear ip helper statistics Default Configuration There is no default configuration for this command.
Page 902: Ip Dhcp Relay Information Check-Reply
Parameter Description This command has no arguments or keywords. Default Configuration This is enabled by default for a DHCP relay agent. Command Mode Global Configuration mode User Guidelines Enable DHCP Relay using the ip helper enable command. Interface configuration takes precedence over global configuration. However if there is no interface configuration then global configuration is followed.
Page 903: Ip Dhcp Relay Information Option
Parameter Description Parameter Description none (Optional) Disables the command function. Default Configuration This check is enabled by default. Command Mode Interface Configuration (VLAN) mode User Guidelines Enable DHCP Relay using the ip helper enable command. Use the global configuration command ip dhcp relay information option command to enable processing of DHCP circuit ID and remote agent ID options.
Page 904: Ip Dhcp Relay Information Option-Insert
Default Configuration Disabled is the default configuration. Command Mode Global Configuration mode User Guidelines Enable DHCP Relay using the ip helper enable command. Example The following example enables the circuit ID and remote agent ID options. console(config)#ip dhcp relay information option ip dhcp relay information option-insert Use the ip dhcp relay information option-insert command in Interface Configuration mode to enable the circuit ID option and remote agent ID...
Page 905: Ip Helper-Address (Global Configuration)
Command Mode Interface (VLAN) Configuration mode User Guidelines Enable DHCP Relay using the ip helper enable command. The interface configuration always takes precedence over global configuration. However, if there is no interface configuration, then global configuration is followed. Example The following example enables the circuit ID and remote agent ID options on vlan 10.
Page 906 (port 53), isakmp (port 500), mobile-ip (port 434), nameserver (port 42), netbios-dgm (port 138), netbios-ns (port 137), ntp (port 123), pim-auto- rp (port 496), rip (port 520), tacacs (port 49), tftp (port 69), and time (port 37). Other ports must be specified by number. Default Configuration No helper addresses are configured.
Page 907: Ip Helper-Address (Interface Configuration)
ip helper-address (interface configuration) Use the ip helper-address (interface configuration) command to configure the relay of certain UDP broadcast packets received on a specific interface. To delete a relay entry on an interface, use the no form of this command. Syntax ip helper-address { server-address | discard } [ dest-udp-port | dhcp | domain | isakmp | mobile ip | nameserver | netbios-dgm | netbios-ns | ntp...
Page 908 User Guidelines This command can be invoked multiple times on routing interface, either to specify multiple server addresses for a given port number or to specify multiple port numbers handled by a specific server. The command no ip helper-address with no arguments clears all helper addresses on the interface.
Page 909: Ip Helper Enable
and DNS packets received on vlan 5 to 192.168.40.2, relays SNMP traps (port 162) received on interface vlan 6 to 192.168.23.1, and drops DHCP packets received on vlan 6: console#config console(config)#ip helper-address 192.168.40.1 dhcp console(config)#interface vlan 5 console(config-if-vlan5)#ip helper-address 192.168.40.2 dhcp console(config-if-vlan5)#ip helper-address 192.168.40.2 domain console(config-if-vlan5)#exit...
Page 910: Show Ip Helper-Address
User Guidelines This command can be used to temporarily disable IP helper without deleting all IP helper addresses. This command replaces the bootpdhcprelay enable command, but affects not only relay of DHCP packets, but also relay of any other protocols for which an IP helper address has been configured.
Page 911: Show Ip Dhcp Relay
UDP Port The relay configuration is applied to packets whose destination UDP port is this port. Entries whose UDP port is identified as “any” are applied to packets with the destination UDP ports listed in Table 47-1. Discard If “Yes”, packets arriving on the given interface with the given destination UDP port are discarded rather than relayed.
Page 912: Show Ip Helper Statistics
Default Configuration The command has no default configuration. Command Mode User EXEC and Privileged EXEC modes User Guidelines This command has no user guidelines. Example The following example defines the Boot/DHCP Relay information. console#show ip dhcp relay Maximum Hop Count......4 Minimum Wait Time(Seconds).....
Page 913 User Guidelines Field Description DHCP client The number of valid messages received from a DHCP client. messages received The count is only incremented if IP helper is enabled globally, the ingress routing interface is up, and the packet passes a number of validity checks, such as having a TTL >...
Page 914 Packets with The number of packets received with TTL of 0 or 1 that might expired TTL otherwise have been relayed. Packets that The number of packets ignored by the relay agent because they matched a discard match a discard relay entry. entry Example console#show ip helper statistics...
Page 915: Ip Routing Commands
IP Routing Commands The Routing Module provides the base Layer 3 support for Local Area Network (LAN) and Wide Area Network (WAN) environments. The PowerConnect switches allows the network operator to build a complete Layer 3+ configuration with advanced functionality. As the PowerConnect defaults to Layer 2 switching functionality, routing must be explicitly enabled on the PowerConnect to perform Layer 3 forwarding.
Page 916: Static Reject Routes
The addition of a preference option has a side benefit. The preference option allows the operator to control the preference of individual static routes relative to routes learned from other sources (such as OSPF). When routes from different sources have the same preference, PowerConnect routing prefers a static route over a dynamic route.
Page 917: Encapsulation
encapsulation Use the encapsulation command in Interface Configuration mode to configure the Link Layer encapsulation type for the packet. Routed frames are always ethernet-encapsulated when a frame is routed to a VLAN. Syntax encapsulation {ethernet | snap} • ethernet — Specifies Ethernet encapsulation. •...
Page 918 Syntax ip-address subnet-mask prefix-length ip address } [ secondary ] ip-address subnet-mask prefix-length no ip address } [ secondary ] ip-address — IP address of the interface. • subnet-mask — Subnet mask of the interface • prefix-length — Length of the prefix. Must be preceded by a forward slash •...
Page 919: Ip Mtu
ip mtu Use the ip mtu command in Interface Configuration mode to set the IP Maximum Transmission Unit (MTU) on a routing interface. The IP MTU is the size of the largest IP packet that can be transmitted on the interface without fragmentation.
Page 920: Ip Netdirbcast
Example The following example defines 1480 as the MTU for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ip mtu 1480 ip netdirbcast Use the ip netdirbcast command in Interface Configuration mode to enable the forwarding of network-directed broadcasts. When enabled, network directed broadcasts are forwarded. When disabled they are dropped. Use the no form of the command to disable the broadcasts.
Page 921: Ip Route
ip route Use the ip route command in Global Configuration mode to configure a static route. Use the no form of the command to delete the static route. The IP route command sets a value for the route preference. Among routes to the same destination, the route with the lowest preference value is the route entered into the forwarding database.
Page 922: Ip Route Default
Example ip-address subnet-mask, next-hop-ip The following example identifies the and a preference value of 200. console(config)#ip route 192.168.10.10 255.255.255.0 192.168.20.1 metric 200 ip route default Use the ip route default command in Global Configuration mode to configure the next hop address of the default route. Use the no form of the command to delete the default route.
Page 923: Ip Route Distance
Using this command, the administrator may manually configure a single, global default gateway. The switch installs a default route for a configured default gateway with a preference of 253, making it more preferred than the default gateways learned via DHCP , but less preferred than a static default route.
Page 924: Ip Routing
Command Mode Global Configuration mode User Guidelines Lower route distance values are preferred when determining the best route. Example The following example sets the default route metric to 80. console(config)#ip route distance 80 ip routing To globally enable IPv4 routing on the router, use the "ip routing" command in Global Configuration mode.
Page 925: Routing
routing Use the routing command in Interface Configuration mode to enable IPv4 and IPv6 routing for an interface. View the current value for this function with the show ip brief command. The value is labeled Routing Mode in the output display. Use the no form of the command to disable routing for an interface.
Page 926: Show Ip Interface
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example displays IP summary information. console#show ip brief Default Time to Live....... 30 Routing Mode....... Disabled IP Forwarding Mode......
Page 927 Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC modes User Guidelines The Method field contains one of the following values. Field Description DHCP The address is leased from a DHCP server. Manual The address is manually configured. The following examples display all IP information and information specific to VLAN 2.
Page 928 The Method field is also added to the long form. console#show ip interface vlan2 Routing Interface Status..Up Primary IP Address..192.168.75.1/255.255.255.0 Method......DHCP Routing Mode..... Enable Administrative Mode....Enable Forward Net Directed Broadcasts..Disable Proxy ARP......Enable Local Proxy ARP....Disable Active State.......
Page 929: Show Ip Protocols
Burned In MAC Address....001E.C9AA.AD1C show ip protocols Use the show ip protocols command in User EXEC or Privileged EXEC mode to display the parameters and current state of the active routing protocols. Syntax show ip protocols Syntax Description This command has no arguments or keywords. Default Configuration This command has no default configuration.
Page 930: Show Ip Route
-------- --------- ----------- ---------- 176.1.1.1 1 1 flowers 176.2.1.1 passive 2 Routing Information Sources: Gateway Last Update 176.1.1.2 0:00:17 Preference: 60 Routing Protocol is "ospf" Redistributing: OSPF, External direct, Static, RIP Interfaces: Interface Metric Key-chain -------- --------- ----------- ---------- 176.1.1.1 10 flowers 176.2.1.1 1 Routing Information Sources: Gateway State...
Page 931 Syntax Description Parameter Description ip-address Specifies the network for which the route is to be displayed and displays the best matching best-route for the address. mask Subnet mask of the IP address. prefix-length Length of prefix, in bits. Must be preceded with a forward slash (/).
Page 932: Show Ip Route Preferences
Default gateway is 10.1.20.1 0.0.0.0/0 254/0 via 10.1.20.1 10.1.20.0/24 directly connected, vlan2 20.1.20.0/24 directly connected, vlan4 show ip route preferences Use the show ip route preferences command in Privileged EXEC mode displays detailed information about the route preferences. Route preferences are used in determining the best route.
Page 933: Show Ip Route Summary
Local.......... 0 Static......... 1 OSPF Intra........110 OSPF Inter........110 OSPF External........110 RIP..........120 Configured Default Gateway..... 253 DHCP Default Gateway......254 show ip route summary Use the show ip route summary command in Privileged EXEC mode to display the routing table summary, including best and non-best routes. Syntax show ip route summary [best] Parameter Description...
Page 934: Show Ip Traffic
Example The following example displays the IP route summary. console#show ip route summary Connected Routes....... 0 Static Routes........0 RIP Routes........0 OSPF Routes........0 Intra Area Routes......0 Inter Area Routes......0 External Type-1 Routes......0 External Type-2 Routes......0 Total routes........
Page 935 User Guidelines This command has no user guidelines. Example The following example displays IP route preferences. console>show ip traffic IpInReceives........24002 IpInHdrErrors........1 IpInAddrErrors......... 925 IpForwDatagrams........ 0 IpInUnknownProtos......0 IpInDiscards........0 IpInDelivers........18467 IpOutRequests........295 IpOutDiscards........0 IpOutNoRoutes........0 IpReasmTimeout......... 0 IpReasmReqds........
Page 936: Show Ip Vlan
IcmpInTimeExcds........ 0 IcmpInParmProbs........ 0 IcmpInSrcQuenchs....... 0 IcmpInRedirects........ 0 IcmpInEchos........3 IcmpInEchoReps......... 0 IcmpInTimestamps....... 0 IcmpInTimestampReps......0 IcmpInAddrMasks........ 0 IcmpInAddrMaskReps......0 IcmpOutMsgs........3 IcmpOutErrors........0 IcmpOutDestUnreachs......0 IcmpOutTimeExcds....... 0 IcmpOutParmProbs....... 0 IcmpOutSrcQuenchs......0 IcmpOutRedirects....... 0 IcmpOutEchos........3 IcmpOutEchoReps........ 3 IcmpOutTimestamps......0 IcmpOutTimestampReps......
Page 937 Syntax show ip vlan Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines This command has no user guidelines. Example The following example displays VLAN routing information. console#show ip vlan MAC Address used by Routing VLANs: 00:00:00:01:00:02 VLAN ID IP Address Subnet Mask ------- --------------- ---------------...
Page 938 IP Routing Commands...
Page 939: Ipv6 Pim Commands
IPv6 PIM Commands This chapter explains the following commands: ipv6 pim ipv6 pim join-prune- show ipv6 pim bsr-router interval ipv6 pim sparse (Global ipv6 pim register-rate-limit show ipv6 pim interface config) ipv6 pim dense ipv6 pim rp-address show ipv6 pim neighbor ipv6 pim bsr-border ipv6 pim rp-candidate show ipv6 pim rp hash...
Page 940: Ipv6 Pim Dense
Example console(if-vlan-10)#ipv6 pim ipv6 pim sparse (Global config) Use the ipv6 pim sparse command to administratively configure PIM sparse mode for multicast routing. Use the no form of this command to disable PIM sparse mode. Syntax ipv6 pim sparse no ipv6 pim sparse Default Configuration IPv6 PIM is disabled by default.
Page 941: Ipv6 Pim Bsr-Border
Default Configuration PIM is disabled by default. Command Mode Global Configuration mode User Guidelines Only one of sparse or dense mode can be configured on a router. Example console(config)#ipv6 pim dense ipv6 pim bsr-border Use the ipv6 pim bsr-border command to administratively disable bootstrap router (BSR) messages from being sent or received through an interface.
Page 942: Ipv6 Pim Bsr-Candidate
ipv6 pim bsr-candidate Use the ipv6 pim bsr-candidate command to configure the router to advertise itself as a bootstrap router (BSR). Use the no form of this command to return to the default configuration. Syntax vlan-id hash-mask-len bsr-priority ipv6 pim bsr-candidate vlan { vlan-id no ipv6 pim bsr-candidate vlan { Parameter Description...
Page 943: Ipv6 Pim Dr-Priority
ipv6 pim dr-priority Use the ipv6 pim dr-priority command to administratively configure the advertised designated router (DR) priority. Use the no form of this command to return the configuration to the default. Syntax priority ipv6 pim dr-priority no ipv6 pim dr-priority Parameter Description Parameter Description...
Page 944: Ipv6 Pim Join-Prune-Interval
no ipv6 pim hello-interval Parameter Description Parameter Description interval The number of seconds between successive hello transmissions. Range 0-18000. Default 30. Default Configuration The default hello interval is 30 seconds. Command Mode Interface (VLAN) Configuration mode User Guidelines There are no user guidelines for this command. Example console(if-vlan-10)#ipv6 pim hello-interval 20 ipv6 pim join-prune-interval...
Page 945: Ipv6 Pim Register-Rate-Limit
Default Configuration The join/prune interval defaults to 60 seconds. Command Mode Interface (VLAN) Configuration mode User Guidelines This command only has an effect if sparse mode is enabled. Example console(if-vlan-10)#ipv6 pim join-prune-interval 30 ipv6 pim register-rate-limit Use the ipv6 pim register-rate-limit command to set a limit on the maximum number of PIM register messages sent per second for each (S,G) entry.
Page 946: Ipv6 Pim Rp-Address
User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 pim register-rate-limit 10 ipv6 pim rp-address Use the ipv6 pim rp-address command to define the address of a PIM Rendezvous Point (RP) for a specific multicast group range. Use the no form of this command to remove a configured RP .
Page 947: Ipv6 Pim Rp-Candidate
Example console(config)#ipv6 pim rp-address 2001:db8:85a3:0:0:8a2e:370:7334 ffe8::0 /16 override ipv6 pim rp-candidate Use the ipv6 pim rp-candidate command to configure the router to advertise itself to the bootstrap router (BSR) as a PIM candidate Rendezvous Point (RP) for a specific multicast group range. Use the no form of this command to return to the default configuration.
Page 948: Ipv6 Pim Spt-Threshold
ipv6 pim spt-threshold Use the ipv6 pim spt-threshold command to set the multicast traffic threshold rate for the last-hop router to switch to the shortest path on the router. Use the no form of this command to return the threshold to its default value (0).
Page 949: Show Ipv6 Pimsm
Syntax group-address group-mask ipv6 pim ssm { default | group-address group-mask no ipv6 pim ssm { default | Parameter Description Parameter Description default Defines the SSM range access list to 232/8. group-address An IPv6 multicast group address. group-mask An IPv6 mask in /prefix form. Default Configuration There are no group addresses configured by default.
Page 950: Show Ipv6 Pim Bsr-Router
Command Mode Privileged EXEC mode User Guidelines There are no user guidelines for this command. Example console#show ipv6 pimsm Admin Mode........Enabled Data Threshold Rate (Kbps)....1000 Register Threshold Rate (Kbps)....250 SSM RANGE TABLE Group Address/Prefix Length --------------------------------------- FF1E::/64 PIM-SM INTERFACE STATUS Interface Interface-Mode...
Page 951 Syntax show ipv6 pimsm bsr Default Configuration There is no default configuration for this command. Command Mode User EXEC, Privileged EXEC modes User Guidelines There are no user guidelines for this command. Field descriptions are shown in the following table. Field Description BSR Address...
Page 952: Show Ipv6 Pim Interface
If no configured/elected BSR’s exist on the router, the following message is displayed: No BSR’s exist/learned on this router. show ipv6 pim interface Use the show ipv6 pim interface command to display the PIM interface status parameters. If the interface number is not specified, this command displays the status parameters of all the PIM-enabled interfaces.
Page 953 Field Description BSR Border Whether or not this interface is configured as a BSR border Neighbor Count Number of PIM neighbors learned on this interface Designated-Router IPv6 address of the elected DR on the interface Example (console) #show ipv6 pim Interface VLAN0010 Mode...
Page 954: Show Ipv6 Pim Neighbor
None of the routing interfaces are enabled for PIM show ipv6 pim neighbor Use the show ipv6 pim neighbor command to display IPv6 PIM neighbors discovered by PIMv2 Hello messages. If the interface number is not specified, this command displays the neighbors discovered on all the PIM-enabled interfaces.
Page 955: Show Ipv6 Pim Rp Hash
Neighbor Addr Interface Uptime Expiry Time (HH:MM::SS)(HH:MM::SS) --------------- --------- ----------- ----------- 2001:db8:85a3:0:0:8a2e:370:7334 VLAN0010 00:02:55 00:01:15 (FASTPATH) #show ipv6 pim neighbor Neighbor Addr Interface Uptime Expiry Time (HH:MM::SS)(HH:MM::SS) --------------- --------- ----------- ----------- 2001:db8:85a3:0:0:8a2e:370:7334 VLAN0001 00:02:55 00:01:15 2001:db8:85a3:0:0:8a2e:370:7334 VLAN0010 00:03:50 00:02:10 If no neighbors are learned on any of the interfaces, the following message is displayed: No neighbors are learned on any interface.
Page 956: Show Ipv6 Pim Rp Mapping
Command Mode User EXEC, Privileged EXEC modes User Guidelines There are no user guidelines for this command. Field descriptions are shown in the following table. Field Description RP Address Address of the RP Type Origin from where this group mapping is learned Example (console) # show ipv6 pim rp-hash ff1e:abcd:fed1::0 RP Address...
Page 957 Parameter Description Parameter Description rp-address IP address of the RP Default Configuration There is no default configuration for this command. Command Mode User EXEC, Privileged EXEC modes User Guidelines There are no user guidelines for this command. Field descriptions are shown in the following table.
Page 958 RP Address 2001:0db8:0:abcd::1 Group Address ff1e:abcd:def1::0 Group Mask Origin Static RP Address 2001:0db8:0:badc::1 Group Address ff1e:abcd:fed1::0 Group Mask Origin Static If no RP Group mapping exist on the router, the following message is displayed: No RP-Group mappings exist on this router. IPv6 PIM Commands...
Page 959: Ipv6 Routing Commands
IPv6 Routing Commands The IPv6 version of the routing table manager provides a repository for IPv6 routes learned by dynamic routing protocols or static configuration. RTO6 manages dynamic and static IPv6 routes, redistributes routes to registered protocols, supports ECMP routes, and supports multiple routes to the same destination, sorted by preference.
Page 960 ipv6 mld last- ipv6 nd other- show ipv6 interface show ipv6 route member-query- config-flag summary count ipv6 mld last- ipv6 nd prefix show ipv6 interface show ipv6 traffic member-query- management interval statistics ipv6 mld-proxy ipv6 nd ra-interval show ipv6 mld show ipv6 vlan groups ipv6 mld-proxy...
Page 961: Clear Ipv6 Neighbors
clear ipv6 neighbors Use the clear ipv6 neighbors command in Privileged EXEC mode to clear all entries in the IPv6 neighbor table or an entry on a specific interface. Syntax vlan-id clear ipv6 neighbors [vlan vlan-id — Valid VLAN ID. •...
Page 962: Ipv6 Address
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode. User Guidelines This command has no user guidelines. Example The following example clears IPv6 statistics for VLAN 11. console(config)#clear ipv6 statistics vlan 11 ipv6 address Use the ipv6 address command in Interface Configuration mode to configure an IPv6 address on an interface (including tunnel and loopback interfaces) and to enable IPv6 processing on this interface.
Page 963: Ipv6 Enable
prefix — Consists of the bits of the address to be configured. • prefix-length — Designates how many of the high-order contiguous bits of • the address make up the prefix. • eui64 — The optional eui-64 field designates that IPv6 processing on the interfaces is enabled using an EUI-64 interface ID in the low order 64 bits prefix_length must be 64 of the address.
Page 964: Ipv6 Hop-Limit
Default Configuration Disabled is the default configuration. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode. User Guidelines This command has no user guidelines. Example The following example enables IPv6 routing, which has not been configured with an explicit IPv6 address. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 enable ipv6 hop-limit...
Page 965: Ipv6 Host
Global Configuration mode. User Guidelines This command has no user guidelines. Example console(config)#ipv6 host Dell 2001:DB8::/32 ipv6 mld last-member-query-count The ipv6 mld last-member-query-count command sets the number of listener-specific queries sent before the router assumes that there are no local members on the interface.
Page 966: Ipv6 Mld Last-Member-Query-Interval
no ipv6 mld last-member-query-count last-member-query-count — Query count (Range: 1–20). • Default Configuration The default last member query count is 2. Command Mode Interface Configuration (VLAN) mode. User Guidelines There are no user guidelines for this command. Example console(config-if-vlan3)#ipv6 mld last-member-query- count 5 ipv6 mld last-member-query-interval The ipv6 mld last-member-query-interval command sets the last member...
Page 967: Ipv6 Mld-Proxy
User Guidelines There are no user guidelines for this command. Example console(config-if-vlan3)#ipv6 mld last-member-query- interval 5000 ipv6 mld-proxy Use the ipv6 mld-proxy command to enable MLD Proxy on the router. To enable MLD Proxy on the router, you must also enable multicast forwarding. Also, ensure that there are no other multicast routing protocols enabled on the router.
Page 968: Ipv6 Mld-Proxy Unsolicit-Rprt-Interval
Syntax ipv6 mld-proxy reset-status Command Mode Interface Configuration (VLAN) mode. Default Configuration There is no default configuration for this command. User Guidelines There are no user guidelines for this command. Example console(config-if-vlan3)#ipv6 mld-proxy reset-status ipv6 mld-proxy unsolicit-rprt-interval Use the ipv6 mld-proxy unsolicit-rprt-interval command to set the unsolicited report interval for the MLD Proxy router.
Page 969: Ipv6 Mld Query-Interval
User Guidelines This command has no user guidelines Example console(config-if-vlan3)#ipv6 mld-proxy unsolicit- rprt-interval 10 ipv6 mld query-interval The ipv6 mld query-interval command sets the MLD router's query interval for the interface. The query-interval is the amount of time between the general queries sent when the router is querying on that interface.
Page 970: Ipv6 Mld Query-Max-Response-Time
ipv6 mld query-max-response-time The ipv6 mld query-max-response-time command sets MLD query maximum response time for the interface. This value is used in assigning the maximum response time in the query messages that are sent on that interface. Use the “no” form of this command to set the maximum query response time to the default.
Page 971: Ipv6 Mtu
no ipv6 mld router Default Configuration MLD is disabled by default. Command Mode Global Configuration mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command. Example console(config-if-vlan3)#ipv6 mld router ipv6 mtu Use the ipv6 mtu command in Interface Configuration mode to set the maximum transmission unit (MTU) size, in bytes, of IPv6 packets on an interface.
Page 972: Ipv6 Nd Dad Attempts
Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines This command has no user guidelines. Example The following example sets the maximum transmission unit (MTU) size, in bytes, of IPv6 packets. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 mtu 1300 ipv6 nd dad attempts Use the ipv6 nd dad attempts command in Interface Configuration mode to set the number of duplicate address detection probes transmitted while doing neighbor discovery.
Page 973: Ipv6 Nd Managed-Config-Flag
User Guidelines This command has no user guidelines. Example The following example sets at 10 the number of duplicate address detection probes transmitted while doing neighbor discovery. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 nd dad attempts 10 ipv6 nd managed-config-flag Use the ipv6 nd managed-config-flag command in Interface Configuration mode to set the “managed address configuration”...
Page 974: Ipv6 Nd Ns-Interval
console(config-if-vlan15)#ipv6 nd managed-config-flag ipv6 nd ns-interval Use the ipv6 nd ns-interval command in Interface Configuration mode to set the interval between router advertisements for advertised neighbor solicitations. An advertised value of 0 means the interval is unspecified. Syntax milliseconds ipv6 nd ns-interval no ipv6 nd ns-interval milliseconds —...
Page 975: Ipv6 Nd Prefix
Syntax ipv6 nd other-config-flag no ipv6 nd other-config-flag Default Configuration False is the default configuration. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines This command has no user guidelines. Example The following example sets to true the “other stateful configuration” flag in router advertisements console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 nd other-config-flag...
Page 976 Parameter Description valid-lifetime Valid lifetime of the router in seconds. (Range: 0–4294967295 seconds.) infinite Indicates lifetime value is infinite. preferred-lifetime Preferred-lifetime of the router in seconds. (Range: 0–4294967295 seconds.) no-autoconfig Do not use Prefix for autoconfiguration. off-link Do not use Prefix for onlink determination. Default Configuration 604800 seconds is the default value for valid-lifetime, 2592000 seconds for preferred lifetime.
Page 977: Ipv6 Nd Ra-Interval
console(config)#interface vlan 11 console(config-if-vlan11)#ipv6 nd prefix 2020:1::1/64 ipv6 nd ra-interval Use the ipv6 nd ra-interval command in Interface Configuration mode to set the transmission interval between router advertisements. Syntax maximum minimum ipv6 nd ra-interval no ipv6 nd ra-interval maximum — The maximum interval duration (Range: 4–1800 seconds). •...
Page 978: Ipv6 Nd Ra-Lifetime
ipv6 nd ra-lifetime Use the ipv6 nd ra-lifetime command in Interface Configuration mode to set the value that is placed in the Router Lifetime field of the router advertisements sent from the interface. Syntax seconds ipv6 nd ra-lifetime no ipv6 nd ra-lifetime seconds —...
Page 979: Ipv6 Nd Suppress-Ra
Syntax seconds ipv6 nd reachable-time milli no ipv6 nd reachable-time milliseconds — Reachable-time duration. A value of zero means the time • is unspecified by the router. (Range: 0-3600000 milliseconds) Default Configuration The default value for neighbor discovery reachable times is 0 milliseconds. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines...
Page 980: Ipv6 Route
Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines This command has no user guidelines. Example The following example suppresses router advertisement transmission. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 nd suppress-ra ipv6 route Use the ipv6 route command in Global Configuration mode to configure an IPv6 static route.
Page 981: Ipv6 Route Distance
Parameter Description prefix-length The length of the IPv6 prefix — a decimal value (usually 0-64) that shows how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address). A slash mark must separate the prefix from the prefix- length with no spaces on either side of the slash mark.
Page 982: Ipv6 Unicast-Routing
the distance of existing static routes, even if they were assigned the original default distance. The new default distance is applied to static routes created after invoking the ipv6 route distance command. Syntax integer ipv6 route distance integer no ipv6 route distance integer —...
Page 983: Ping Ipv6
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example globally enables Ipv6 unicast datagram forwarding. console(config)#ipv6 unicast-routing console(config)#no ipv6 unicast-routing ping ipv6 Use ping ipv6 command in Privileged EXEC mode to determine whether another computer is on the network.
Page 984: Ping Ipv6 Interface
Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example determines whether another computer is on the network at the IPv6 address specified. console#ping ipv6 2030:1::1/64 Send count=3, Receive count=0 from 2030:1::1/64 Average round trip time = 0.00 ms ping ipv6 interface Use ping ipv6 interface command in the Privileged EXEC mode to determine whether another computer is on the network.
Page 985: Show Ipv6 Brief
Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example The following example determines whether another computer is on the network at the IPv6 address specified. console(config)#ping ipv6 interface loopback 1 FE80::202:BCFF:FE00:3068/128 Send count=3, Receive count=0 from FE80::202:BCFF:FE00:3068/128...
Page 986: Show Ipv6 Interface
Example The following example displays the IPv6 status of forwarding mode and IPv6 unicast routing mode. console#show ipv6 brief IPv6 Forwarding Mode......Enable IPv6 Unicast Routing Mode....Disable IPv6 Hop Limit.......1 show ipv6 interface Use the show ipv6 interface command in Privileged EXEC mode to show the usability status of IPv6 interfaces.
Page 987 User Guidelines The Method field contains one of the following values. Field Description Auto The IPv6 address is automatically generated using IPv6 auto address configuration (RFC 2462). Config The IPv6 address is manually configured. DHCP The IPv6 address is leased from a DHCP server. The long form of the command includes the same annotations and shows whether address autoconfiguration or DHCP client are enabled on the interface.
Page 988: Show Ipv6 Interface Management Statistics
The following example displays the long form of the command, and indicates whether address autoconfiguration or DHCP client are enabled on the interface. When the interface acts as a host interface, the output also shows the default gateway on the interface, if one exists. console#show ipv6 interface vlan2 IPv6 is enabled IPv6 Prefix is ........
Page 989 Syntax show ipv6 interface management statistics Parameter Description This command does not require a parameter description. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command has no user guidelines. Example console#show ipv6 interface management statistics DHCPv6 Client Statistics ------------------------- DHCPv6 Advertisement Packets Received..
Page 990: Show Ipv6 Mld Groups
DHCPv6 Release Packets Transmitted..... 0 Total DHCPv6 Packets Transmitted....0 show ipv6 mld groups The show ipv6 mld groups command is used to display information about multicast groups that MLD reported. The information is displayed only when MLD is enabled on at least one interface. If MLD was not enabled on any interfaces, there is no group information to be displayed.
Page 991 Expiry Time Time left in seconds before the entry is removed from the MLD membership table. vlan-id If vlan is not specified, the following fields are displayed for each multicast group and each interface: Field Description Group Address The address of the multicast group. Interface Interface through which the multicast group is reachable.
Page 992 Interface........vlan 6 Group Address........ FF1E::5 Last Reporter....FE80::200:FF:FE00:22 Up Time (hh:mm:ss)......00:03:43 Expiry Time (hh:mm:ss)......----- Filter Mode..........Include Version1 Host Timer......----- Group compat mode......v2 Source Address ExpiryTime ----------------- ----------- 4001::6 00:03:15 4001::7 00:03:15 4001::8 00:03:15 console#show ipv6 mld groups vlan 6 Group Address........
Page 993: Show Ipv6 Mld Interface
Group Address........ FF1E::3 Interface........vlan 6 Up Time (hh:mm:ss)......00:04:23 Expiry Time (hh:mm:ss)......------ Group Address........ FF1E::4 Interface........vlan 6 Up Time (hh:mm:ss)......00:04:23 Expiry Time (hh:mm:ss)......------ show ipv6 mld interface The show ipv6 mld interface command is used to display MLD related information for an interface.
Page 994 MLD Global This field displays the configured global administrative status of Admin Mode MLD. MLD Interface This field displays the configured interface administrative status Admin Mode of MLD. MLD Operational The operational status of MLD on the interface. Mode MLD Version This field indicates the version of MLD configured on the interface.
Page 995: Show Ipv6 Mld-Proxy
Querier Expiry Time left in seconds before the Querier losses its title as querier. Time Wrong Version Indicates the number of queries received whose MLD version Queries does not match the MLD version of the interface. Number of Joins The number of times a group membership has been added on this interface.
Page 996 Syntax show ipv6 mld-proxy Command Mode Privileged EXEC mode Default Configuration There is no default configuration for this command. User Guidelines The command displays the following parameters only when you enable MLD Proxy: Field Description Interface Index The interface number of the MLD Proxy interface. Admin Mode Indicates whether MLD Proxy is enabled or disabled.
Page 997: Show Ipv6 Mld-Proxy Groups
Interface Index......vlan 10 Admin Mode........Enabled Operational Mode......Enabled Version........3 Num of Multicast Groups...... 0 Unsolicited Report Interval....1 Querier IP Address on Proxy Interface..fe80::1:2:5 Older Version 1 Querier Timeout..00:00:00 Proxy Start Frequency.....1 show ipv6 mld-proxy groups Use the show ipv6 mld-proxy groups command to display information about multicast groups that the MLD Proxy reported.
Page 998: Show Ipv6 Mld-Proxy Groups Detail
Last Reporter The IP address of the host that last sent a membership report for the current group on the network attached to the MLD-Proxy interface (upstream interface). Up Time (in The time elapsed in seconds since last created. secs) Member State Possible values are: •...
Page 999 Command Mode Privileged EXEC User Guidelines The following parameters are displayed by this command: Field Description Interface The interface number of the MLD-Proxy. Group Address The IP address of the multicast group. Last Reporter The IP address of the host that last sent a membership report for the current group on the network attached to the MLD Proxy interface (upstream interface).
Page 1000: Show Ipv6 Mld-Proxy Interface
Group Source List Expiry Time ------------------ --------------- 2001::1 00:02:40 2001::2 -------- FF1E::2 FE80::100:2.3 DELAY_MEMBER Include Group Source List Expiry Time ------------------ --------------- 3001::1 00:03:32 3002::2 00:03:32 FF1E::3 FE80::100:2.3 DELAY_MEMBER Exclude FF1E::4 FE80::100:2.3 DELAY_MEMBER Include Group Source List Expiry Time ------------------ --------------- 4001::1 00:03:40...

This manual is also suitable for:

Poweredge m520 Powerconnect m8428-k Poweredge m915 Poweredge m820 Poweredge m620 Powerconnect pcm6220 ... Show all

Dell PowerEdge M420 Reference Manual

Table of Contents

Ipv6 Mld Snooping Querier Commands/Ip Source Guard Commands

Table of Contents

42 Dhcpv6 Commands 843

Table of Contents

Table of Contents

79 Syslog Commands 1513

List of Commands

Data Center Bridging Commands

Dynamic ARP Inspection Commands

Email Alerting Commands

Ipv6 MLD Snooping Querier Commands

IP Source Guard Commands

Iscsi Optimization Commands

Link Dependency Commands

LLDP Commands

Multicast VLAN Registration Commands

DVMRP Commands

Ipv6 PIM Commands

Commands

Configuration and Image File Commands

Serviceability Tracing Packet Commands

SSH Commands

Quick Links

Chapters

Related Manuals for Dell PowerEdge M420

Summary of Contents for Dell PowerEdge M420