Qtech QSW-3300-28F-AC-AC [382/693] Port based network access control commands

Filter displayed output to only include lines containing a specified string match filter displayed output to exclude lines containing a specified string match filter displayed output to only include lines including and following a specified string match filter displayed output to only include a specified section of the content e g interface 0 1 with a configurable end of section delimiter string matching should be case insensitive pagination when enabled also applies to filtered output 54

For new commands for the feature see cli output filtering commands on page 194 54

Grep like control for modifying the displayed output to only show the user desired content 54

Note although some switch show commands already support pagination the implementation is unique per command and not generic to all commands 54

Output filtering 54

Supports enabling disabling paginated output for all show cli commands when disabled output is displayed in its entirety when enabled output is displayed page by page such that content does not scroll off the terminal screen until the user presses a key to continue more or q uit is displayed at the end of each page 54

When pagination is enabled press the return key to advance a single line press q or q to stop pagination or press any other key to advance a whole page these keys are not configurable 54

Section 3 fastpath smb smb modules 55

Section 3 switch smb modules 55

Command modes 56

Command completion and abbreviation 58

From the global config mode enter 58

Cli error messages 59

Cli line editing conventions 59

Accessing the cli 61

Enter a question mark after each word you enter to display available command keywords or parameters 61

Enter a question mark at the command prompt to display the commands available in the current mode 61

If the help output shows a parameter in angle brackets you must replace the parameter with a value 61

If there are no additional command keywords or parameters or if additional parameters are optional the following message appears in the output 61

Using cli help 61

You can access the cli by using a direct console connection or by using a telnet or ssh connection from a remote management host 61

You can also enter a question mark after typing one or more characters of a word to list the available command or parameters that begin with the letters as shown in the following example 61

Dedicated port stacking 63

Member 63

Section 4 stacking commands 63

No member 64

Switch priority 64

Switch renumber 64

Movemanagement 65

No standby 65

Standby 65

No set slot disable 66

No slot 66

Set slot disable 66

Set slot power 66

No set slot power 67

Reload stack 67

Stack status sample mode 67

Show slot 68

Show stack status 69

Show supported cardtype 69

Show switch 70

The following information appears 71

When you specify a value for 71

Show supported switchtype 72

Stack port 72

Stack port commands 72

Show stack port 73

Show stack port counters 73

Show stack port diag 74

Format 77

Mode privileged exec 77

Show stack port stack path 77

This command displays the route a packet will take to reach the destination 77

Boot auto copy sw 78

Boot auto copy sw allow downgrade 78

Boot auto copy sw trap 78

No boot auto copy sw 78

No boot auto copy sw trap 78

Stack firmware synchronization commands 78

No boot auto copy sw allow downgrade 79

Show auto copy sw 79

Section 5 management commands 80

Do privileged exec commands 81

Enable privileged exec access 81

Network interface commands 81

Serviceport protocol dhcp 81

Network parms 82

Network protocol 82

Network protocol dhcp 82

Network javamode 83

Network mac address 83

Network mac type 83

No network mac type 83

Command will always show interface status as 84

No network javamode 84

Show network 84

This command displays configuration settings associated with the switch s network interface the network interface is the logical interface used for in band connectivity with the switch via any of the switch s front panel ports the configuration parameters associated with the switch s network interface do not affect the configuration of the front panel ports through which traffic is switched or routed the network interface is always considered to be up whether or not any member ports are up therefore the 84

Show serviceport 85

Configure 86

Console port access commands 86

No serial baudrate 87

No serial timeout 87

Serial baudrate 87

Serial timeout 87

Ip telnet server enable 88

No ip telnet server enable 88

Show serial 88

Telnet commands 88

No telnetcon maxsessions 89

No transport input telnet 89

Telnetcon maxsessions 89

Telnetcon timeout 89

Transport input telnet 89

Ip ssh 90

No telnetcon timeout 90

Secure shell commands 90

Show telnetcon 90

Ip ssh protocol 91

Ip ssh server enable 91

No ip ssh server enable 91

No sshcon maxsessions 91

Sshcon maxsessions 91

Sshcon timeout 91

No sshcon timeout 92

Show ip ssh 92

Crypto certificate generate 93

Crypto key generate dsa 93

Crypto key generate rsa 93

Management security commands 93

No crypto certificate generate 93

No crypto key generate dsa 93

No crypto key generate rsa 93

Hypertext transfer protocol commands 94

Ip http accounting exec ip https accounting exec 94

Ip http authentication 94

No ip http https accounting exec 94

Ip https authentication 95

No ip http authentication 95

No ip https authentication 95

Ip http java 96

Ip http secure server 96

Ip http server 96

No ip http secure server 96

No ip http server 96

Ip http session hard timeout 97

Ip http session maxsessions 97

Ip http session soft timeout 97

No ip http java 97

No ip http session hard timeout 97

No ip http session maxsessions 97

Ip http secure session hard timeout 98

Ip http secure session maxsessions 98

Ip http secure session soft timeout 98

No ip http secure session hard timeout 98

No ip http secure session maxsessions 98

No ip http session soft timeout 98

Ip http secure port 99

Ip http secure protocol 99

No ip http secure port 99

No ip http secure session soft timeout 99

Show ip http 99

Access commands 101

Disconnect 101

Show loginsession 101

Example the following shows an example of the command 102

Format 102

Mode privileged exec 102

Show loginsession long 102

This command displays the complete user names of the users currently logged in to the switch 102

Aaa authentication login 103

User account commands 103

Aaa authentication enable 104

No aaa authentication login 104

Aaa authorization 105

No aaa authentication enable 105

Exec authorization 106

Per command authorization 106

Authorization commands 107

No aaa authorization 107

No authorization commands 107

Authorization exec 108

Authorization exec default 108

No authorization exec 108

No authorization exec default 108

Show authorization methods 108

Command 109

Default uses the default list created with the 109

Enable authentication 109

Example the following example specifies the default authentication method when accessing a higher privilege level console 109

Format 109

List name uses the indicated list created with the 109

Mode line config 109

No enable authentication 109

Parameter description 109

Use this command to return to the default specified by the 109

Use this command to specify the authentication method list when accessing a higher privilege level from a remote telnet or console 109

Username global config 110

No username 111

Username nopassword 111

Username snmpv3 accessmode 111

Username unlock 111

No username snmpv3 accessmode 112

No username snmpv3 authentication 112

Username snmpv3 authentication 112

Username snmpv3 encryption 112

No username snmpv3 encryption 113

Show users 113

Show users long 113

Username snmpv3 encryption encrypted 113

Show users accounts 114

Example the following example shows user login history outputs 115

Format 115

Mode privileged exec 115

Name name of the user range 1 20 characters 115

Parameter description 115

Show users login history long 115

Show users login history username 115

Use this command to display information about the login history of users 115

Login authentication 116

No login authentication 116

Password 116

Password line configuration 116

No password line configuration 117

Password aaa ias user config 117

Password user exec 117

Configuration command to set a local password to control access to the privileged exec mode 118

Enable password privileged exec 118

Encrypted encrypted password you entered copied from another switch configuration the encrypted password should be 128 characters long because the assumption is that this password is already encrypted with aes 118

Example the following is an example of adding a mab client to the internal user database 118

Example the following shows an example of the command 118

Format 118

Mode aaa ias user config 118

Mode privileged exec 118

No password aaa ias user config 118

Parameter description 118

Password password string range 8 64 characters 118

This command is used to clear the password of a user 118

Use the 118

No enable password privileged exec 119

No passwords history 119

No passwords min length 119

Passwords history 119

Passwords min length 119

No passwords aging 120

No passwords lock out 120

Passwords aging 120

Passwords lock out 120

Passwords strength check 120

No passwords strength check 121

No passwords strength minimum uppercase letters 121

Passwords strength maximum consecutive characters 121

Passwords strength maximum repeated characters 121

Passwords strength minimum lowercase letters 121

Passwords strength minimum uppercase letters 121

No passwords strength minimum lowercase letters 122

No passwords strength minimum numeric characters 122

No passwords strength minimum special characters 122

Passwords strength minimum character classes 122

Passwords strength minimum numeric characters 122

Passwords strength minimum special characters 122

No passwords strength exclude keyword 123

No passwords strength minimum character classes 123

Passwords strength exclude keyword 123

Show passwords configuration 123

Aaa ias user username 124

No aaa ias user username 124

Show passwords result 124

Aaa accounting 125

Aaa session id 125

No aaa session id 125

No aaa accounting 126

Clear aaa ias users 127

No password aaa ias user configuration 127

Password aaa ias user configuration 127

Accounting 128

Show aaa ias users 128

Dot1x dfltdot1xlist start stop radius 129

Example the following shows example cli display output for the command 129

Format 129

Mode line configuration 129

Mode privileged exec 129

No accounting 129

Show accounting 129

Show accounting methods 129

Use this command to display configured accounting method lists 129

Use this command to display ordered methods for accounting lists 129

Use this command to remove accounting from a line configuration mode 129

Clear accounting statistics 130

Example the following shows example cli display output for the command 130

Format 130

Mode privileged exec 130

Show domain name 130

This command clears the accounting statistics 130

This command displays the configured domain name 130

Snmp commands 131

Snmp server 131

Snmp server community 131

No snmp server community 132

Snmp server community group 132

Snmp server enable traps violation 132

No snmp server enable traps 133

No snmp server enable traps violation 133

No snmp server port 133

Snmp server enable traps 133

Snmp server port 133

Snmp trap link status 133

No snmp trap link status 134

No snmp trap link status all 134

Snmp trap link status all 134

No snmp server enable traps linkmode 135

No snmp server enable traps multiusers 135

Snmp server enable traps linkmode 135

Snmp server enable traps multiusers 135

Snmp server enable traps stpmode 135

No snmp server enable traps stpmode 136

No snmp server engineid local 136

Snmp server engineid local 136

Snmp server filter 136

No snmp server filter 137

Snmp server group 137

No snmp server group 138

No snmp server host 138

Snmp server host 138

Snmp server user 138

No snmp server user 139

Snmp server view 139

No snmp server view 140

Snmp server v3 host 140

Snmptrap source interface 140

No snmptrap source interface 141

Show snmp 141

Snmptrap ip6addr snmpversion 141

Snmptrap ipaddr snmpversion 141

Show snmp engineid 142

Show snmp filters 142

Show snmp group 143

Show snmp server 143

Show snmp source interface 143

Show snmp user 144

Show snmp views 144

Show trapflags 144

Aaa server radius dynamic author 146

Auth type 146

No aaa server radius dynamic author 146

No auth type 146

Radius commands 146

Clear radius dynamic author statistics 147

Client 147

No client 147

Debug aaa coa 148

Debug aaa pod 148

Ignore server key 148

Ignore session key 148

No ignore server key 148

No ignore session key 149

No port 149

No radius accounting mode 150

No radius server attribute 4 150

Radius accounting mode 150

Radius server attribute 4 150

Radius server host 151

No radius server host 152

Radius server key 152

No radius server msgauth 153

Radius server msgauth 153

Radius server primary 153

Radius server retransmit 153

No radius server retransmit 154

No radius source interface 154

Radius source interface 154

No radius server timeout 155

No server key 155

Radius server timeout 155

Server key 155

Default none 156

Default not applicable 156

Example 156

Format 156

Mode dynamic authorization 156

Mode privileged exec 156

Mode user exec 156

Number of administratively prohibited requests 156

Show radius 156

Show radius servers 156

This command displays the values configured for the global parameters of the radius client 156

Use this command to display the authentication parameters 156

Show radius servers 157

A global parameter to indicate whether the accounting mode for all the servers is enabled or not 158

Current host address the ip address of the currently active authenticating server 158

Example the following shows example cli display output for the command 158

Field description 158

Host address the ip address of the host 158

Message authenticator a global parameter to indicate whether the message authenticator attribute is enabled or disabled 158

Number of retransmits the configured value of the maximum number of times a request packet is retransmitted 158

Port the port used for communication with the authenticating server 158

Radius accounting mode 158

Radius attribute 4 mode a global parameter to indicate whether the nas ip address attribute has been enabled to use in radius requests 158

Radius attribute 4 value a global parameter that specifies the ip address to be used in nas ip address attribute used in radius requests 158

Secret configured yes or no boolean value that indicates whether this server is configured with a secret 158

Server name the name of the authenticating server 158

Time duration the configured timeout value in seconds for request retransmissions 158

Type specifies whether this server is a primary or secondary type 158

A global parameter to indicate whether the accounting mode for all the servers is enabled or not 159

Example the following shows example cli display output for the command 159

Field description 159

Format 159

Host address the ip address of the host 159

If you do not specify any parameters then only the accounting mode and the radius accounting server details are displayed 159

Mode privileged exec 159

Port the port used for communication with the accounting server 159

Radius accounting mode 159

Secret configured yes or no boolean value indicating whether this server is configured with a secret 159

Server name the name of the accounting server 159

Servername an alias name to identify the server 159

Show radius accounting 159

Term definition 159

This command displays a summary of configured radius accounting servers 159

Show radius accounting statistics 160

Example the following shows example cli display output for the command 161

Format 161

Mode privileged exec 161

Show radius source interface 161

Show radius statistics 161

This command displays the summary statistics of configured radius authenticating servers 161

Use this command in privileged exec mode to display the configured radius client source interface source ip address information 161

No tacacs server host 164

Tacacs commands 164

Tacacs server host 164

Tacacs server key 164

No tacacs server key 165

Tacacs server keystring 165

Tacacs server source interface 165

No tacacs server source interface 166

No tacacs server timeout 166

Tacacs server timeout 166

Keystring 167

Priority tacacs config 167

Timeout 167

Show tacacs 168

Show tacacs source interface 168

Configuration scripting commands 169

Script apply 169

Script delete 170

Script list 170

Script show 170

Script validate 170

Copy pre login banner 171

Hostname 171

Prelogin banner system prompt and host name commands 171

Set prompt 171

Show clibanner 171

Example the following shows example cli display output for the command 172

Format 172

Line banner text where double quote is a delimiting character the banner message can be up to 2000 characters 172

Mode global config 172

No set clibanner 172

Parameter description 172

Set clibanner 172

Use this command to configure the prelogin cli banner before displaying the login prompt 172

Use this command to unconfigure the prelogin cli banner 172

Section 6 utility commands 173

Autoinstall commands 174

Boot autoinstall 174

Boot host retrycount 174

Boot host autosave 175

Boot host dhcp 175

No boot host autosave 175

No boot host dhcp 175

No boot host retrycount 175

Boot host autoreboot 176

Erase factory defaults 176

Erase startup config 176

No boot host autoreboot 176

Show autoinstall 176

Cli output filtering commands 177

Show xxx exclude string 177

Show xxx include string 177

Show xxx include string exclude string2 177

Show xxx begin string 178

Show xxx section string 178

Show xxx section string include string2 178

Show xxx section string string2 178

Boot system 179

Delete 179

Dual image commands 179

Filedescr 179

Show bootvar 179

Update bootcode 179

Show arp switch 180

Show eventlog 180

Show hardware 180

System information and statistics commands 180

Show platform vpd 181

Show version 181

Show interface 182

Show interfaces status 183

Show interface counters 184

Show interfaces traffic 184

Example the following shows example cli display output for the command 185

Format 185

Inbcastpkts the total number of broadcast packets received on the interface 185

Mode privileged exec 185

Outbcastpkts the total number of broadcast packets transmitted by the interface 185

Outmcastpkts the total number of multicast packets transmitted by the interface 185

Outoctects the total number of octets transmitted by the interface 185

Outucastpkts the total number of unicast packets transmitted by the interface 185

Show interface ethernet 185

Term definition 185

This command displays detailed statistics for a specific interface or for all cpu traffic based upon the argument 185

Show interface ethernet switchport 190

Show fiber ports optical transceiver 191

Show interface lag 191

Show fiber ports optical transceiver info 192

Br nominal the nominal bit signaling rate br nominal is specified in units of 100 mbd rounded off to the nearest 100 mbd the bit rate includes those bits necessary to encode and delimit the signal as well as those bits carrying data information a value of 0 indicates that the bit rate is not specified and must be determined from the transceiver technology the actual information transfer rate will depend on the encoding of the data as defined by the encoding value 193

Can also be used to specify the lag interface where 193

Can be used as an alternate way to specify the lag interface 193

Example the following information shows an example of the command output 193

Field description 193

Format 193

Instead of 193

Is the lag port number use the 193

Mode privileged exec 193

Or no parameter to display the entire table enter a mac address and vlan id to display the table entry for the requested mac address on the specified vlan enter the 193

Parameter to display information about mac addresses on a specified vlan 193

Parameter to view summary information about the forwarding database table use the 193

Show mac addr table 193

Term definition 193

The following information displays if you do not enter a parameter the keyword all or the mac address and vlan id 193

This command displays the forwarding database entries these entries are used by the transparent bridging function to determine how to forward a received frame 193

Unit slot port parameter to view mac addresses on a specific interface 193

Vendor rev the vendor revision number vendor rev contains ascii characters left aligned and padded on the right with ascii spaces 20h defining the vendor s product revision number a value of all zero in this field indicates that the vendor revision is unspecified 193

Vlan id the vlan in which the mac address is learned 193

Process cpu threshold 194

Show process app list 195

Cpu share the maximum percentage of cpu utilization the process can consume 196

Format 196

Id the application identifier 196

Max mem usage the maximum amount of memory the process has used at any given time since it started 196

Memory limit the maximum amount of memory the process can consume 196

Memory usage the amount of memory the process is currently using 196

Mode privileged exec 196

Name the name that identifies the process 196

Note it is not necessarily the traffic to the cpu but different tasks that keep the cpu busy 196

Note this command is available in linux 2 only 196

Parameter description 196

Pid the number the software uses to identify the process 196

Show process app resource list 196

Show process cpu 196

This command displays the configured and in use resources of each application 196

This command provides the percentage utilization of the cpu by different tasks 196

Alloc system wide allocated memory excluding cache file system used space 197

Example the following shows example cli display output for the command using linux 197

Format 197

Free system wide free memory 197

Keyword description 197

Mode privileged exec 197

Name process or thread name 197

Note this command is available in linux 2 only 197

Pid process or thread id 197

Secs cpu utilization sampling in 300secs interval 197

Secs cpu utilization sampling in 5secs interval 197

Secs cpu utilization sampling in 60secs interval 197

Show process proc list 197

This application displays the processes started by applications created by the process manager 197

Total cpu utilization total cpu utilization within the specified window of 5secs 60secs and 300secs 197

Application id name the application identifier and its associated name 198

Child indicates whether the process has spawned a child process 198

Example the following shows example cli display output for the command 198

Fd count the file descriptors count for the process 198

Format 198

Mode privileged exec 198

Note show running config does not display the user password even if you set one different from the default 198

Note this command is available in linux 2 only 198

Option 198

Parameter description 198

Pid the number the software uses to identify the process 198

Process name the name that identifies the process 198

Show running config 198

Use this command to display or capture the current setting of different protocol packages supported on the switch this command displays or captures commands with settings and configurations that differ from the default value to display or capture the commands with settings and configurations that are equal to the default value include the 198

Vm peak the maximum amount of virtual memory the process has used at a given time 198

Vm size virtual memory size 198

Show running config interface 199

Example the following shows example cli display output for the command using the backup config parameter 201

Example the following shows example cli display output for the command using the factory defaults parameter 202

Format 202

Mode privileged exec 202

Use this command to list the files in the directory mnt switch in flash from the cli 202

Show sysinfo 203

Show tech support 203

Length value 204

No length value 204

No terminal length 204

Terminal length 204

Memory free low watermark processor 205

Show terminal length 205

Box services commands 206

Environment temprange 206

Environment trap 206

Show version bootloader 206

Logging buffered 208

Logging buffered wrap 208

Logging cli command 208

Logging commands 208

No logging buffered 208

No logging buffered wrap 208

Logging console 209

Logging host 209

No logging cli command 209

No logging console 209

Logging host reconfigure 210

Logging host remove 210

Logging syslog 210

No logging syslog 210

Logging syslog port 211

Logging syslog source interface 211

No logging syslog port 211

No logging syslog source interface 211

Show logging 212

Show logging buffered 213

Show logging hosts 213

Example the following shows example cli display output for the command 214

Format 214

Is specified 214

Is specified the system persistent log files are displayed 214

Mode privileged exec 214

Parameter description 214

Persistent log count the number of persistent log entries 214

Persistent log files the list of persistent log files in the system only displayed if 214

Persistent logging if persistent logging is enabled or disabled 214

Show logging persistent 214

Show logging traplogs 214

This command displays snmp trap events and statistics 214

Use the show logging persistent command to display persistent log entries if 214

Clear logging buffered 215

Email alerting and mail server commands 216

Logging email 216

Logging email message type to addr 216

Logging email urgent 216

No logging email 216

No logging email urgent 216

Logging email from addr 217

Logging email message type subject 217

No logging email from addr 217

No logging email message type subject 217

No logging email message type to addr 217

Logging email logtime 218

Logging email test message type 218

Logging traps 218

No logging email logtime 218

No logging traps 218

Show logging email config 218

Clear logging email statistics 219

Show logging email statistics 219

Mail server 220

No mail server 220

Security 220

Username mail server config 220

Password 221

Show mail server config 221

System utility and clear commands 222

Traceroute 222

Clear config 224

Clear counters 224

Example traceroute failure 224

Example traceroute ipv6 failure 224

For all the ports or for an interface on a valn based on the argument 224

Format 224

Mode privileged exec 224

This command clears the statistics for a specified unit slot por 224

This command resets the configuration to the factory defaults without powering off the switch when you issue this command a prompt appears to confirm that the reset should proceed when you enter 224

You automatically reset the current configuration on the switch to the default values it does not reset the switch 224

Clear igmpsnooping 225

Clear ip access list counters 225

Clear ipv6 access list counters 225

Clear mac access list counters 225

Clear pass 225

Clear traplog 225

Clear vlan 226

Command for ipv6 hosts see ping ipv6 on page 580 226

Default the default count is 1 the default interval is 3 seconds the default size is 0 bytes 226

Format 226

Gvrp is restored to the factory default as a result of handling the vlan restore notify event since gvrp is disabled by default this means that gvrp should be disabled and all of its dynamic vlans should be deleted 226

Logout 226

Mode privileged exec 226

Modes privileged exec user exec 226

Note for information about the 226

Note save configuration changes before logging out 226

Static vlans are deleted 226

This command closes the current telnet connection or resets the current serial connection 226

This command resets vlan configuration parameters to the factory defaults when the vlan configuration is reset to the factory defaults there are some scenarios regarding gvrp that happen due to this 226

Use this command to determine whether another computer is on the network ping provides a synchronous response when initiated from the cli and web interfaces 226

Reload 228

Copies a specified configuration script file to a server 230

Copies the crash log to a server 230

Copies the error log file to a server 230

Copies the log file to a server 230

Copies the operational log file to a server 230

Copies the startup configuration to a server 230

Copies the startup configuration to the backup configuration 230

Copies the trap log file to a server 230

Destination file name for the application file 230

Downloads a configuration script file to the system during the download of a configuration script the copy command validates the script in case of any error the command lists all the lines at the end of the validation process and prompts you to confirm before copying the script file 230

Downloads public key for image validation 230

Downloads the binary config file to the system 230

Downloads the cli banner to the system 230

Downloads the public key for configuration script validation 230

Saves the running configuration to nvram 230

Saves the running configuration to nvram to the 230

Saves the system image to a server 230

Source destination description 230

Table 9 copy parameters cont 230

Uploads cpu packets capture file 230

Uploads factory defaults file 230

Uploads the binary config file to a server 230

Uploads the core dump file on the local system to an external tftp ftp scp sftp server 230

Uploads the startup log file 230

Uploads the system and configuration information for technical support 230

Command 231

Copy the active image to the backup image 231

Copy the backup image to the active image 231

Download an image from the remote server to either image 231

Downloads an http secure server certificate 231

Downloads an http secure server certificate for more information see hypertext transfer protocol commands on page 111 231

Downloads an ias users database file to the system when the ias users file is downloaded the switch ias user s database is replaced with the users and their attributes available in the downloaded file 231

Downloads an ssh key file 231

Downloads an ssh key file for more information see secure shell commands on page 107 231

Downloads the file containing list of commands to be displayed using the 231

Downloads the startup configuration file to the system 231

Example the following shows an example of downloading and applying ias users file 231

Source destination description 231

Table 9 copy parameters cont 231

Upload either image to the remote server 231

When you use this option the copy command will not validate the downloaded script file an example of the cli command follows 231

File verify 232

No file verify 232

Power over ethernet commands 232

Write memory 232

Flexible power management 233

Poe high power 233

No poe high power 234

No power power limit 234

Poe power limit 234

Poe power management 234

No poe power management 235

No poe priority 235

Poe priority 235

Poe reset 235

No poe usagethreshold 236

Poe traps 236

Poe usagethreshold 236

Show poe 236

Example 237

Format 237

Mode privileged exec 237

Show poe mpsm 237

Show poe port configuration 237

Show poe port info 237

Use this command to display poe port configuration information for individual ports or all ports 237

Use this command to display poe port information 237

Use this command to display the current mpsm and power bank values if a slot is selected only the mpsm and power bank values for that slot are displayed 237

Can be a value from 6 to 10 238

Default 6 238

Example 238

Format 238

Mode global config 238

Mode privileged exec 238

No sntp broadcast client poll interval 238

Simple network time protocol commands 238

Sntp broadcast client poll interval 238

This command resets the poll interval for sntp broadcast client back to the default value 238

This command sets the poll interval for sntp broadcast clients in seconds as a power of two where 238

This section describes the commands you use to automatically configure the system time and date by using simple network time protocol sntp 238

No sntp client mode 239

No sntp client port 239

Sntp client mode 239

Sntp client port 239

Sntp unicast client poll interval 239

No sntp unicast client poll interval 240

No sntp unicast client poll retry 240

No sntp unicast client poll timeout 240

Sntp server 240

Sntp unicast client poll retry 240

Sntp unicast client poll timeout 240

Format 241

Loopback id configures the loopback interface the range of the loopback id is 0 to 7 241

Mode global config 241

No sntp server 241

No sntp source interface 241

Parameter description 241

Show sntp 241

Sntp source interface 241

This command deletes an server from the configured sntp servers 241

This command is used to display sntp settings and status 241

Tunnel id configures the ipv6 tunnel interface the range of the tunnel id is 0 to 7 241

Unit slot port the unit identifier assigned to the switch 241

Use this command to reset the sntp source interface to the default settings 241

Use this command to specify the physical or logical interface to use as the source interface source ip address for sntp unicast server configuration if configured the address of source interface is used for all sntp communications between the sntp server and the sntp client the selected source interface ip address is used for filling the ip header of management protocol packets this allows security devices firewalls to identify the source packets coming from the specific switch if a source interface is not specified the primary ip address of the originating outbound interface is used as the source address if the configured interface is down the sntp client falls back to its default behavior 241

Vlan id configures the vlan interface to use as the source ip address the range of the vlan id is 1 to 4093 241

Show sntp client 242

Show sntp server 242

Show sntp source interface 243

Clock set 244

Clock set hh mm ss 244

Clock summer time date 244

Time zone commands 244

Clock summer time recurring 245

No clock summer time 245

Clock timezone 246

No clock timezone 246

Show clock 246

Example the following shows example cli display output for the command 247

Format show clock detail 247

Mode privileged exec 247

Show clock detail 247

Use this command to display the detailed system time along with the time zone and the summertime configuration 247

With the above configuration the output appears as below 247

Client identifier 248

Dhcp server commands 248

Ip dhcp pool 248

No client identifier 248

No ip dhcp pool 248

Client name 249

Default router 249

Dns server 249

No client name 249

No default router 249

No dns server 249

Hardware address 250

No hardware address 250

No host 250

Bootfile 251

Network dhcp pool config 251

No bootfile 251

No lease 251

No network 251

Domain name 252

Domain name enable 252

Netbios name server 252

No domain name 252

No domain name enable 252

Netbios node type 253

Next server 253

No netbios name server 253

No netbios node type 253

No next server 253

Ip dhcp excluded address 254

No ip dhcp excluded address 254

No option 254

Option 254

Ip dhcp bootp automatic 255

Ip dhcp ping packets 255

No ip dhcp bootp automatic 255

No ip dhcp ping packets 255

No service dhcp 255

Service dhcp 255

Clear ip dhcp binding 256

Clear ip dhcp conflict 256

Clear ip dhcp server statistics 256

Ip dhcp conflict logging 256

No ip dhcp conflict logging 256

Show ip dhcp binding 257

Show ip dhcp global configuration 257

Show ip dhcp pool configuration 257

Show ip dhcp server statistics 258

Show ip dhcp conflict 259

Dns client commands 260

Ip domain lookup 260

Ip domain name 260

No ip domain lookup 260

No ip domain name 260

Ip domain list 261

Ip name server 261

Ip name source interface 261

No ip domain list 261

No ip name server 261

Ip host 262

Ipv6 host 262

No ip host 262

No ip name source interface 262

No ipv6 host 262

Clear host 263

Ip domain retry 263

Ip domain timeout 263

No ip domain retry 263

No ip domain timeout 263

Show hosts 264

Clear ip address conflict detect 265

Ip address conflict commands 265

Ip address conflict detect run 265

Show ip address conflict 265

Show ip name source interface 265

Use this command to display the configured source interface details used for a dns client the ip address of the selected interface is used as source ip for all communications with the server 265

Capture file remote line 266

Capture start 266

Capture stop 266

Serviceability packet tracing commands 266

Capture file size 267

Capture remote port 267

Capture line wrap 268

Debug aaa accounting 268

No capture line wrap 268

No debug aaa accounting 268

Show capture packets 268

Debug arp 269

Debug auto voip 269

Debug clear 269

No debug arp 269

No debug auto voip 269

Debug console 270

Debug crashlog 270

No debug console 270

Debug debug config 271

Debug dhcp packet 271

Debug dot1x packet 271

No debug dhcp 271

Debug fip snooping packet 272

No debug dot1x packet 272

No debug fip snooping packet 272

Debug igmpsnooping packet 273

Debug igmpsnooping packet transmit 273

No debug igmpsnooping packet 273

Debug igmpsnooping packet receive 274

No debug igmpsnooping receive 274

No debug igmpsnooping transmit 274

Debug ip acl 275

Debug lacp packet 275

Debug ping packet 275

No debug ip acl 275

No debug lacp packet 275

Debug spanning tree bpdu 276

No debug ping packet 276

No debug spanning tree bpdu 276

Debug spanning tree bpdu receive 277

Debug spanning tree bpdu transmit 277

No debug spanning tree bpdu receive 277

Debug tacacs 278

Debug telnetd start 278

No debug spanning tree bpdu transmit 278

Debug telnetd stop 279

Debug transfer 279

No debug transfer 279

Show debugging 279

Exception dump active port 280

Exception protocol 280

No exception protocol 280

No show debugging 280

Exception dump nfs 281

Exception dump tftp server 281

No exception dump active port 281

No exception dump tftp server 281

Exception core file 282

Exception dump filepath 282

No exception dump filepath 282

No exception dump nfs 282

Exception dump ftp server 283

Exception switch chip register 283

No exception core file 283

Exception dump compression 284

Exception dump stack ip address protocol 284

No exception dump compression 284

No exception dump ftp server 284

No exception dump stack ip address protocol 284

Exception dump stack ip address add 285

Exception dump stack ip address remove 285

Exception nmi 285

Write core 285

Debug exception 286

Default none 286

Example the following shows an example of this command 286

Format 286

Mode privileged exec 286

Note this command is only available on selected linux based platforms 286

Show exception 286

The command displays core dump features support 286

Use this command to display the configuration parameters for generating a core dump file 286

Logging persistent 287

No logging persistent 287

Show exception core dump file 287

Show exception log 287

Show mbuf 288

Show mbuf total 288

Session start 289

Show msg queue 289

Session stop 290

Cable test command 291

Cablestatus 291

Green ethernet commands 292

Green mode energy detect 292

Green mode short reach 292

No green mode energy detect 292

Green mode eee 293

Green mode eee tx idle time 293

No green mode eee 293

No green mode eee tx idle time 293

No green mode short reach 293

Green mode eee lpi history sampling interval 294

Green mode eee tx wake time 294

No green mode eee lpi history sampling interval 294

No green mode eee tx wake time 294

Green mode eee lpi history max samples 295

No green mode eee lpi history max samples 295

Show green mode 295

Clear green mode statistics 299

Clears only the eee transmit receive lpi event count lpi duration and cumulative energy savings estimates of the port other status parameters that display after executing 299

Cumulative power savings estimates 299

Eee lpi event count and lpi duration 299

Eee lpi history table entries 299

Format 299

Mode privileged exec 299

Note executing 299

Sampling interval interval at which eee lpi statistics is collected 299

See show green mode on page 312 retain their data 299

Show green mode eee lpi history 299

Term definition 299

Use this command to clear the following green ethernet mode statistics 299

Use this command to display interface green mode eee lpi history 299

You can clear the statistics for a specified port or for all ports 299

Example the following shows example cli display output for the command on a system with the eee feature enabled 300

Percentage lpi time per stack percentage of total time spent in lpi mode by all port in stack when compared to total time since reset 300

Sample no sample index 300

Sample time time since last reset 300

Term definition 300

Time spent in lpi mode since last reset percentage of total time spent in lpi mode on this port when compared to time since reset 300

Time spent in lpi mode since last sample percentage of time spent in lpi mode on this port when compared to sampling interval 300

Total no of samples to keep maximum number of samples to keep 300

Remote monitoring commands 301

Rmon alarm 301

No rmon alarm 302

Rmon hcalarm 302

No rmon hcalarm 303

No rmon event 304

Rmon collection history 304

Rmon event 304

No rmon collection history 305

Show rmon 305

Example the following shows example cli display output for the command 307

Format 307

History control buckets granted the number of discrete sampling intervals over which data shall be saved this object is read only the default is 10 307

History control buckets requested 307

History control data source the source interface for which historical data is collected 307

History control index an index that uniquely identifies an entry in the historycontrol table each such entry defines a set of samples at a particular interval for an interface on the device the range is 1 to 65535 307

History control interval the interval in seconds over which the data is sampled the range is 1 to 3600 the default is 1800 307

History control owner the owner string associated with the history control entry the default is monitorhistorycontrol 307

Mode privileged exec 307

Parameter description 307

Show rmon collection history 307

The requested number of discrete time intervals over which data is to be saved the range is 1 to 65535 the default is 50 307

This command displays the entries in the rmon history control table 307

Show rmon events 308

Show rmon history 308

Example the following shows example cli display output for the command 310

Show rmon log 311

Show rmon statistics interfaces 311

Show rmon hcalarms 313

Statistics application commands 316

Stats group 316

Dstip ip address the destination ip address 317

Example the following shows examples of the command 317

Format 317

List of reporting methods report the statistics to the configured method the range is 0 none 1 console 2 syslog 3 e mail the default is none 317

Mode global config 317

No stats group 317

Parameter description 317

Rule id the flow based rule id the range is 1 to 16 the default is none 317

Srcip ip address the source ip address 317

Stats flow based 317

This command configures flow based statistics rules for the given parameters over the specified time range only an ipv4 address is allowed as source and destination ip address 317

This command deletes the configured group 317

Time range name name of the time range for the group or the flow based rule the range is 1 to 31 alphanumeric characters the default is none 317

No stats flow based 318

Stats flow based reporting 318

No stats group 319

Stats flow based 319

Stats group 319

Example the following shows example cli display output for the command 320

Example the following shows examples of the command 320

Format 320

Group id the unique identifier for the group 320

Mode interface config 320

Mode privileged exec 320

Name the name of the group 320

No stats flow based 320

Parameter description 320

Show stats group 320

This command deletes the interface or interface range from the flow based rule specified 320

This command displays the configured time range and the interface list for the group specified and shows collected statistics for the specified time range name on the interface list after the time range expiry 320

Example the following shows example cli display output for the command 321

Format 321

Mode privileged exec 321

Parameter description 321

Rule id the unique identifier for the flow based rule 321

Show stats flow based 321

This command displays the configured time range flow based rule parameters and the interface list for the flow specified 321

Example the following shows example cli display output for the command 322

Port configuration commands 323

Section 7 switching commands 323

Auto negotiate 324

Auto negotiate all 324

Interface 324

No auto negotiate 324

Description 325

Media type 325

No auto negotiate all 325

No media type 325

No mtu 326

No shutdown 326

Shutdown 326

No shutdown all 327

Show interface media type 327

Shutdown all 327

Speed all 327

Show port 328

Example the following command shows an example of the command output for a range of ports 329

Example the following command shows an example of the command output for all ports 329

Lacp mode lacp is enabled or disabled on this port 329

Link trap this object determines whether or not to send a trap when link status changes the factory default is enabled 329

Parameter definition 329

Show port advertise 329

Use this command to display the local administrative link advertisement configuration local operational link advertisement and the link partner advertisement for an interface it also displays priority resolution for speed and duplex as per 802 annex 28b it displays the auto negotiation state phy master slave clock configuration and link state of the port 329

Can also be used to specify the lag interface where 330

Can be used as an alternate way to specify the lag interface 330

Example the following commands show the command output with and without the optional parameter 330

Format 330

If the link is down the clock is displayed as no link and a dash is displayed against the oper peer advertisement and priority resolution if auto negotiation is disabled then the admin local link advertisement operational local link advertisement operational peer advertisement and priority resolution fields are not displayed 330

If this command is executed without the optional 330

Ifindex the interface index number associated with the port 330

Interface unit slot port 330

Is the lag port number 330

Mode privileged exec 330

Parameter then it displays the auto negotiation state and operational local link advertisement for all the ports operational link advertisement will display speed only if it is supported by both local as well as link partner if auto negotiation is disabled then operational local link advertisement is not displayed 330

Show port description 330

Term definition 330

This command displays the interface description instead of 330

No spanning tree 332

No spanning tree auto edge 332

Spanning tree 332

Spanning tree auto edge 332

Spanning tree protocol commands 332

No spanning tree bpdufilter 333

No spanning tree bpdufilter default 333

No spanning tree bpduguard 333

Spanning tree bpdufilter 333

Spanning tree bpdufilter default 333

Spanning tree bpduguard 333

No spanning tree configuration name 334

No spanning tree configuration revision 334

Spanning tree bpdumigrationcheck 334

Spanning tree configuration name 334

Spanning tree configuration revision 334

No spanning tree cost 335

No spanning tree edgeport 335

Spanning tree cost 335

Spanning tree edgeport 335

Spanning tree forceversion 335

No spanning tree forceversion 336

No spanning tree forward time 336

No spanning tree max age 336

Spanning tree forward time 336

Spanning tree max age 336

No spanning tree max hops 337

Spanning tree max hops 337

Spanning tree mst 337

No spanning tree mst 338

No spanning tree mst instance 338

Spanning tree mst instance 338

Spanning tree mst priority 338

No spanning tree mst priority 339

No spanning tree mst vlan 339

Spanning tree mst vlan 339

Spanning tree port mode 339

No spanning tree port mode 340

No spanning tree port mode all 340

No spanning tree tcnguard 340

Spanning tree port mode all 340

Spanning tree tcnguard 340

Show spanning tree 341

Spanning tree transmit 341

Show spanning tree brief 343

Show spanning tree interface 343

Example the following shows example cli display output for the command 345

Format 345

Mode privileged exec user exec 345

Mstid a multiple spanning tree instance identifier the value is 0 4094 345

Parameter description 345

Show spanning tree mst detailed 345

This command displays the detailed settings for an mst instance 345

Show spanning tree mst port detailed 346

Can also be used to specify the lag interface where 348

Can be used as an alternate way to specify the lag interface 348

Example the following shows example cli display output for the command using a lag interface number 348

Format 348

If you specify 0 defined as the default cist id as the 348

Indicates a particular mst instance the parameter 348

Indicates the desired switch port or all ports instead of 348

Is the lag port number 348

Mode privileged exec user exec 348

Show spanning tree mst port summary 348

The status summary displays for one or all ports within the common and internal spanning tree 348

This command displays the settings of one or all ports within the specified multiple spanning tree instance the parameter 348

Unit slot por 348

Show spanning tree mst port summary active 349

Show spanning tree mst summary 350

Show spanning tree summary 350

Show spanning tree vlan 351

Network mgmt_vlan 353

No network mgmt_vlan 353

No vlan 353

Vlan commands 353

Vlan database 353

No vlan acceptframe 354

No vlan ingressfilter 354

Vlan acceptframe 354

Vlan ingressfilter 354

No vlan name 355

Vlan internal allocation 355

Vlan makestatic 355

Vlan name 355

Vlan participation 355

Vlan participation all 356

Vlan port acceptframe all 356

No vlan port acceptframe all 357

No vlan port ingressfilter all 357

Vlan port ingressfilter all 357

Vlan port pvid all 357

No vlan port pvid all 358

No vlan port tagging all 358

No vlan pvid 358

Vlan port tagging all 358

Vlan pvid 358

Vlan tagging 358

No remote span 359

No vlan association mac 359

No vlan tagging 359

Remote span 359

Vlan association mac 359

Show vlan 360

Show vlan brief 361

Show vlan internal usage 361

Show vlan port 361

No switchport private vlan 363

Private vlan commands 363

Switchport mode private vlan 363

Switchport private vlan 363

This section describes the commands you use for private vlans private vlans provides layer 2 isolation between ports that share the same broadcast domain in other words it allows a vlan broadcast domain to be partitioned into smaller point to multipoint subdomains the ports participating in a private vlan can be located anywhere in the layer 2 network 363

No private vlan 364

No switchport mode private vlan 364

Private vlan 364

No switchport mode 365

Switch ports 365

Switchport mode 365

Switchport trunk allowed vlan 365

No switchport trunk allowed vlan 366

No switchport trunk native vlan 366

Switchport trunk native vlan 366

Default 1 default vlan 367

Example 367

Format 367

Mode interface config 367

Mode privileged exec 367

No switchport access vlan 367

Show interfaces switchport 367

Switchport access vlan 367

This command resets the switch port access mode valn to its default value 367

Use this command to configure the vlan on the access port only one vlan can be assigned to the access port access ports are members of vlan 1 by default access ports may be assigned to a vlan other than vlan 1 removing the access vlan on the switch makes the access port a member of vlan 1 configuring an access port to be a member of a vlan that does not exist results in an error and does not change the configuration 367

Use this command to display the switchport status for all interfaces or a specified interface 367

Example 368

Format 368

Mode privileged exec 368

Show interfaces switchport 368

Use this command to display the switchport configuration for a selected mode per interface if the interface is not specified the configuration for all interfaces is displayed 368

No voice vlan global config 370

Voice vlan commands 370

Voice vlan global config 370

Voice vlan interface config 370

No voice vlan interface config 371

Show voice vlan 371

Voice vlan data priority 371

Provisioning ieee 802 p commands 372

Vlan port priority all 372

Vlan priority 372

Cut through asf commands 373

Cut through mode 373

No cut through mode 373

Show cut through mode 373

No switchport protected global config 374

Protected ports commands 374

Switchport protected global config 374

Switchport protected interface config 374

No switchport protected interface config 375

Show interfaces switchport 375

Show switchport protected 375

Garp commands 376

No set garp timer join 376

Set garp timer join 376

Set garp timer leave 376

No set garp timer leave 377

No set garp timer leaveall 377

Set garp timer leaveall 377

Show garp 377

Gvrp commands 378

No set gvrp adminmode 378

Set gvrp adminmode 378

Set gvrp interfacemode 378

Gmrp commands 379

No set gvrp interfacemode 379

Show gvrp configuration 379

No set gmrp adminmode 380

No set gmrp interfacemode 380

Set gmrp adminmode 380

Set gmrp interfacemode 380

Show gmrp configuration 381

Show mac address table gmrp 381

Aaa authentication dot1x default 382

Clear dot1x authentication history 382

Clear dot1x statistics 382

Clear radius statistics 382

Port based network access control commands 382

Dot1x eapolflood 383

Dot1x guest vlan 383

Dot1x initialize 383

No dot1x eapolflood 383

No dot1x guest vlan 383

Dot1x max req 384

Dot1x max users 384

Dot1x port control 384

No dot1x max req 384

No dot1x max users 384

Dot1x port control all 385

No dot1x port control 385

No dot1x port control all 385

Dot1x mac auth bypass 386

Dot1x re authenticate 386

Dot1x re authentication 386

No dot1x mac auth bypass 386

No dot1x re authentication 386

Dot1x system auth control 387

Dot1x system auth control monitor 387

Dot1x timeout 387

No dot1x system auth control 387

No dot1x system auth control monitor 387

Dot1x unauthenticated vlan 388

No dot1x timeout 388

Dot1x user 389

No dot1x unauthenticated vlan 389

No dot1x user 389

Show authentication methods 389

Show dot1x 390

Eapol frames received the number of valid eapol frames of any type that have been received by this authenticator 393

Eapol frames transmitted the number of eapol frames of any type that have been transmitted by this authenticator 393

Eapol logoff frames received 393

Eapol start frames received 393

Example the following shows example cli display output for the command 393

For each client authenticated on the port the 393

If you use the optional parameter 393

Note mac based dot1x authentication is supported on the bcm56224platform 393

Port the interface whose statistics are displayed 393

Term definition 393

The number of eapol logoff frames that have been received by this authenticator 393

The number of eapol start frames that have been received by this authenticator 393

Unit slot port command will display the following mac based dot1x parameters if the port control mode for that specific port is mac based 393

Unit slot port the following dot1x statistics for the specified port appear 393

Show dot1x authentication history 394

Show dot1x clients 395

Show dot1x users 395

Dot1x pae 396

Dot1x supplicant max start 396

Dot1x supplicant port control 396

No dot1x supplicant port control 396

X supplicant commands 396

Dot1x supplicant timeout held period 397

Dot1x supplicant timeout start period 397

No dot1x supplicant max start 397

No dot1x supplicant timeout held period 397

No dot1x supplicant timeout start period 397

Dot1x supplicant timeout auth period 398

Dot1x supplicant user 398

No dot1x supplicant timeout auth period 398

Show dot1x statistics 398

Storm control commands 399

No storm control broadcast 400

No storm control broadcast action 400

Storm control broadcast 400

Storm control broadcast action 400

No storm control broadcast level 401

No storm control broadcast rate 401

Storm control broadcast level 401

Storm control broadcast rate 401

No storm control multicast 402

No storm control multicast action 402

Storm control multicast 402

Storm control multicast action 402

No storm control multicast level 403

No storm control multicast rate 403

Storm control multicast level 403

Storm control multicast rate 403

No storm control unicast 404

No storm control unicast action 404

Storm control unicast 404

Storm control unicast action 404

No storm control unicast level 405

No storm control unicast rate 405

Storm control unicast level 405

Storm control unicast rate 405

Show storm control 406

Link dependency commands 408

Link state group 408

Link state group downstream 408

No link state group 408

No link state group downstream 408

No link state track 408

Example this example displays information for a specified link dependency groups 409

Example this example displays information for all configured link dependency groups 409

Format 409

Link state group upstream 409

Mode interface config 409

Mode privileged exec 409

No link state group upstream 409

Show link state group 409

Use this command to add interfaces to the upstream interface list note that an interface that is defined as an upstream interface cannot also be defined as a downstream interface in the same link state group or as a downstream interface in a different link state group if either configuration creates a circular dependency between groups 409

Use this command to display information for all configured link dependency groups or a specified link dependency group 409

Use this command to remove the selected interfaces from upstream list 409

Format 410

Mode privileged exec 410

Show link state group detail 410

Use this command to display detailed information about the state of upstream and downstream interfaces for a selected link dependency group group transitions is a count of the number of times the downstream interface has gone into its action state as a result of the upstream interfaces link state 410

Addport 411

Port channel 411

Port channel lag 802 ad commands 411

Deleteport global config 412

Deleteport interface config 412

Lacp admin key 412

No lacp admin key 412

Lacp actor admin key 413

Lacp actor admin state individual 413

Lacp collector max delay 413

No lacp actor admin key 413

No lacp collector max delay 413

Lacp actor admin state 414

Lacp actor admin state longtimeout 414

Lacp actor admin state passive 414

No lacp actor admin state individual 414

No lacp actor admin state longtimeout 414

No lacp actor admin state passive 414

Lacp actor port priority 415

No lacp actor admin state 415

No lacp actor port priority 415

Lacp partner admin key 416

Lacp partner admin state individual 416

Lacp partner admin state longtimeout 416

No lacp partner admin key 416

No lacp partner admin state individual 416

Lacp partner admin state passive 417

Lacp partner port id 417

No lacp partner admin state longtimeout 417

No lacp partner admin state passive 417

Lacp partner port priority 418

Lacp partner system id 418

No lacp partner port id 418

No lacp partner port priority 418

Interface lag 419

Lacp partner system priority 419

No lacp partner system id 419

No lacp partner system priority 419

Port channel static 419

No port channel static 420

No port lacpmode 420

No port lacpmode enable all 420

Port lacpmode 420

Port lacpmode enable all 420

Port lacptimeout interface config 420

No port lacptimeout 421

Port channel adminmode 421

Port lacptimeout global config 421

No port channel adminmode 422

No port channel linktrap 422

Port channel linktrap 422

Port channel load balance 422

No port channel load balance 423

No port channel local preference 423

Port channel local preference 423

No port channel system priority 424

Port channel min links 424

Port channel name 424

Port channel system priority 424

Show lacp actor 424

Show lacp partner 425

Show port channel brief 425

Show port channel 426

Show port channel counters 427

Show port channel system priority 427

Clear port channel all counters 428

Clear port channel counters 428

Format 428

Mode privileged exec 428

Use this command to clear and reset all port channel and member flap counters for the specified interface 428

Use this command to clear and reset specified port channel and member flap counters for the specified interface 428

Monitor session source 429

Port mirroring commands 429

Monitor session destination 430

No monitor session source 430

Monitor session filter 431

No monitor session destination 431

Monitor session mode 432

No monitor session filter 432

No monitor 433

No monitor session 433

No monitor session mode 433

Admin mode indicates whether the port mirroring feature is enabled or disabled for the session identified with 434

Example example 1 434

Example example 3 434

Format 434

If no source port is configured for the session this field is blank 434

If probe port is not set then this field is blank 434

Mirrored port the port that is configured as a mirrored port source port for the session identified with 434

Mode privileged exec 434

Note th 434

Parameter is always one 1 434

Parameter is an integer value used to identify the session in the current version of the software the 434

Probe port probe port destination port for the session identified wit 434

Session id an integer value used to identify the session its value can be anything between 1 and the maximum number of mirroring sessions allowed on the platform 434

Show monitor session 434

Term definition 434

The possible values are enabled and disabled 434

This command displays the port monitoring information for a particular mirroring session 434

Type direction in which source port configured for port mirroring types are tx for transmitted packets and rx for receiving packets 434

Example example 4 435

Example example 5 435

Example example 6 435

Show vlan remote span 435

This command displays the configured rspan vlan 435

Example the following shows example output for the command 436

Format 436

Mode privileged exec mode 436

Macfilter 437

Macfilter adddest 437

No macfilter 437

Static mac filtering commands 437

Macfilter adddest all 438

Macfilter addsrc 438

No macfilter adddest 438

No macfilter adddest all 438

No macfilter addsrc 438

Macfilter addsrc all 439

No macfilter addsrc all 439

Show mac address table static 439

Show mac address table staticfiltering 439

Dhcp l2 relay agent commands 441

Dhcp l2relay 441

Dhcp l2relay circuit id subscription 441

No dhcp l2relay 441

No dhcp l2relay circuit id subscription 441

Dhcp l2relay circuit id vlan 442

Dhcp l2relay remote id subscription 442

No dhcp l2relay circuit id vlan 442

No dhcp l2relay remote id subscription 442

Dhcp l2relay remote id vlan 443

Dhcp l2relay subscription 443

Dhcp l2relay trust 443

No dhcp l2relay remote id vlan 443

No dhcp l2relay subscription 443

Dhcp l2relay vlan 444

No dhcp l2relay trust 444

No dhcp l2relay vlan 444

Show dhcp l2relay all 444

Example the following shows example cli display output for the command 445

Format 445

Mode privileged exec 445

Parameter description 445

Show dhcp l2relay circuit id vlan 445

Show dhcp l2relay interface 445

Show dhcp l2relay remote id vlan 445

This command displays dhcp circuit id vlan configuration 445

This command displays dhcp l2 relay configuration specific to interfaces 445

This command displays dhcp remote id vlan configuration 445

Vlan list enter vlan ids in the range 1 4093 use a dash to specify a range or a comma to separate vlan ids in a list spaces and zeros are not permitted 445

Example the following shows example cli display output for the command 446

Format 446

Mode privileged exec 446

Parameter description 446

Show dhcp l2relay agent option vlan 446

Show dhcp l2relay stats interface 446

Show dhcp l2relay subscription interface 446

This command displays dhcp l2 relay configuration specific to a service subscription on an interface 446

This command displays statistics specific to dhcp l2 relay configured interface 446

This command displays the dhcp l2 relay option 82 configuration specific to vlan 446

Vlan list enter vlan ids in the range 1 4093 use a dash to specify a range or a comma to separate vlan ids in a list spaces and zeros are not permitted 446

Clear dhcp l2relay statistics interface 447

Example the following shows example cli display output for the command 447

Format 447

Keyword to clear the counters on all ports 447

Mode privileged exec 447

Parameter description 447

Show dhcp l2relay vlan 447

This command displays dhcp vlan configuration 447

Use this command to reset the dhcp l2 relay counters to zero specify the port with the counters to clear or use the 447

Vlan list enter vlan ids in the range 1 4093 use a dash to specify a range or a comma to separate vlan ids in a list spaces and zeros are not permitted 447

Dhcp client commands 448

Dhcp client vendor id option 448

Dhcp client vendor id option string 448

No dhcp client vendor id option 448

No dhcp client vendor id option string 448

Show dhcp client vendor id option 448

Example the following shows example cli display output for the command 449

Dhcp snooping configuration commands 450

Ip dhcp snooping 450

Ip dhcp snooping verify mac address 450

Ip dhcp snooping vlan 450

No ip dhcp snooping 450

No ip dhcp snooping vlan 450

Ip dhcp snooping binding 451

Ip dhcp snooping database 451

Ip dhcp snooping database write delay 451

No ip dhcp snooping binding 451

No ip dhcp snooping database write delay 451

No ip dhcp snooping verify mac address 451

Ip dhcp filtering trust 452

Ip dhcp snooping limit 452

Ip dhcp snooping log invalid 452

No ip dhcp filtering trust 452

No ip dhcp snooping limit 452

Ip dhcp snooping trust 453

No ip dhcp snooping log invalid 453

No ip dhcp snooping trust 453

Show ip dhcp snooping 453

Show ip dhcp snooping binding 454

Show ip dhcp snooping database 454

Agent url bindings database agent url 455

Example the following shows example cli display output for the command 455

Format 455

Interface the ip address of the interface in unit slot port format 455

Mode privileged exec 455

Mode privileged exec user exec 455

Show ip dhcp snooping interfaces 455

Show ip dhcp snooping statistics 455

Term definition 455

Use this command to list statistics for dhcp snooping security violations on untrusted ports 455

Use this command to show the dhcp snooping status of the interfaces 455

Write delay the maximum write time to write the database into local or remote 455

Clear ip dhcp snooping binding 456

Clear ip dhcp snooping statistics 456

Client ifc mismatch represents the number of dhcp release and deny messages received on the different ports than learned previously 456

Dhcp server msgs rec d represents the number of dhcp server messages received on untrusted ports 456

Example the following shows example cli display output for the command 456

Format 456

Mac verify failures represents the number of dhcp messages that were filtered on an untrusted interface because of source mac address and client hw address mismatch 456

Mode privileged exec user exec 456

Term definition 456

Use this command to clear all dhcp snooping bindings on all interfaces or on a specific interface 456

Use this command to clear all dhcp snooping statistics 456

Igmp snooping configuration commands 457

No set igmp 457

Set igmp 457

No set igmp header validation 458

No set igmp interfacemode 458

Set igmp header validation 458

Set igmp interfacemode 458

No set igmp fast leave 459

No set igmp groupmembership interval 459

Set igmp fast leave 459

Set igmp groupmembership interval 459

No set igmp maxresponse 460

No set igmp mcrtrexpiretime 460

Set igmp maxresponse 460

Set igmp mcrtrexpiretime 460

No set igmp mrouter 461

No set igmp mrouter interface 461

Set igmp mrouter 461

Set igmp mrouter interface 461

Set igmp report suppression 461

No set igmp report suppression 462

Show igmpsnooping 462

Show igmpsnooping mrouter interface 463

Show igmpsnooping mrouter vlan 464

Show igmpsnooping ssm 464

Show mac address table igmpsnooping 464

Igmp snooping querier commands 465

No set igmp querier 465

Set igmp querier 465

No set igmp querier query interval 466

No set igmp querier timer expiry 466

No set igmp querier version 466

Set igmp querier query interval 466

Set igmp querier timer expiry 466

Set igmp querier version 466

No set igmp querier election participate 467

Set igmp querier election participate 467

Show igmpsnooping querier 467

Mld snooping commands 469

No set mld 469

Set mld 469

No set mld fast leave 470

No set mld interfacemode 470

Set mld fast leave 470

Set mld interfacemode 470

No set groupmembership interval 471

No set mld maxresponse 471

Set mld groupmembership interval 471

Set mld maxresponse 471

No set mld mcrtexpiretime 472

No set mld mrouter 472

Set mld mcrtexpiretime 472

Set mld mrouter 472

Set mld mrouter interface 472

No set mld mrouter interface 473

Show mldsnooping 473

Show mldsnooping mrouter interface 474

Show mldsnooping mrouter vlan 474

Show mldsnooping ssm entries 474

Show mldsnooping ssm groups 475

Show mldsnooping ssm stats 475

Clear mldsnooping 476

Show mac address table mldsnooping 476

Mld snooping querier commands 477

No set mld querier 477

Set mld querier 477

Set mld querier query_interval 477

No set mld querier election participate 478

No set mld querier query_interval 478

No set mld querier timer expiry 478

Set mld querier election participate 478

Set mld querier timer expiry 478

Show mldsnooping querier 479

Is used the command shows the global information and the information for all querier enabled vlans 480

When the optional argument 480

No port security 481

No port security max dynamic 481

Port security 481

Port security commands 481

Port security max dynamic 481

No port security mac address 482

No port security max static 482

Port security mac address 482

Port security mac address move 482

Port security max static 482

This command sets the maximum number of statically locked mac addresses allowed on a por 482

Can also be used to specify the lag interface where 483

Can be used as an alternate way to specify the lag interface 483

Is the lag port number 483

No port security mac address sticky 483

Port security mac address sticky 483

Show port security 483

This command displays the port security settings for the port s if you do not use a parameter the command displays the port security administrative mode use the optional parameters to display the settings on a specific interface or on all interfaces instead of 483

Can also be used to specify the lag interface where 484

Can be used as an alternate way to specify the lag interface 484

Is the lag port number 484

Show port security dynamic 484

Show port security static 484

This command displays the statically locked mac addresses for port instead of 484

Can also be used to specify the lag interface where 485

Can be used as an alternate way to specify the lag interface 485

Default disabled 485

Example the following shows example cli display output for the command 485

Format 485

Is the lag port number 485

Lldp 802 ab commands 485

Lldp transmit 485

Mac address the source mac address of the last frame that was discarded at a locked port 485

Mode interface config 485

Mode privileged exec 485

Show port security violation 485

Sticky indicates whether the static mac address entry is added in sticky mode 485

Term definition 485

This command displays the source mac address of the last packet discarded on a locked port instead of 485

This section describes the command you use to configure link layer discovery protocol lldp which is defined in the ieee 802 ab specification lldp allows stations on an 802 lan to advertise major capabilities and physical descriptions the advertisements allow a network management system nms to access and display this information 485

Use this command to enable the lldp advertise capability on an interface or a range of interfaces 485

Vlan id the vlan id if applicable associated with the mac address of the last frame that was discarded at a locked port 485

Lldp receive 486

Lldp timers 486

No lldp receive 486

No lldp timers 486

No lldp transmit 486

Lldp notification 487

Lldp transmit mgmt 487

Lldp transmit tlv 487

No lldp transmit mgmt 487

No lldp transmit tlv 487

Clear lldp remote data 488

Clear lldp statistics 488

Lldp notification interval 488

No lldp notification 488

No lldp notification interval 488

Show lldp 488

Show lldp interface 489

Show lldp statistics 489

Show lldp remote device 490

Show lldp remote device detail 491

Show lldp local device 492

Show lldp local device detail 492

Lldp med 494

Lldp med commands 494

Lldp med confignotification 494

Lldp med transmit tlv 494

No ldp med confignotification 494

No lldp med 494

Lldp med all 495

Lldp med confignotification all 495

Lldp med faststartrepeatcount 495

No lldp med faststartrepeatcount 495

No lldp med transmit tlv 495

Lldp med transmit tlv all 496

No lldp med transmit tlv 496

Show lldp med 496

Show lldp med interface 496

Example the following shows example cli display output for the command 497

Format 497

Mode privileged exec 497

Show lldp med local device detail 497

Use this command to display detailed information about the lldp med data that a specific interface transmits unit slot port indicates a specific physical interface 497

Mode privileged exec 498

Show lldp med remote device 498

Use this command to display the summary information about remote devices that transmit current lldp med data to the system you can show information about lldp med remote data received on all valid lldp interfaces or on a specific physical interface format 498

Device class device classification of the remote device 499

Example the following shows example cli display output for the command 499

Format 499

Local interface the interface that received the lldpdu from the remote device 499

Mode privileged exec 499

Remote id an internal identifier to the switch to mark each remote device to the system 499

Show lldp med remote device detail 499

Term definition 499

Use this command to display detailed information about remote devices that transmit current lldp med data to an interface on the system 499

Denial of service commands 501

Dos control all 501

Dos control firstfrag 502

Dos control sipdip 502

No dos control all 502

No dos control firstfrag 502

No dos control sipdip 502

Dos control l4port 503

Dos control tcpflag 503

Dos control tcpfrag 503

No dos control tcpflag 503

No dos control tcpfrag 503

Dos control smacdmac 504

Dos control tcpport 504

No dos control l4port 504

No dos control smacdmac 504

Dos control tcpflagseq 505

Dos control udpport 505

No dos control tcpport 505

No dos control udpport 505

Dos control tcpoffset 506

Dos control tcpsyn 506

No dos control tcpflagseq 506

No dos control tcpoffset 506

Dos control tcpfinurgpsh 507

Dos control tcpsynfin 507

No dos control tcpfinurgpsh 507

No dos control tcpsyn 507

No dos control tcpsynfin 507

Dos control icmpv4 508

Dos control icmpv6 508

No dos control icmpv4 508

No dos control icmpv6 508

Dos control icmpfrag 509

No dos control icmpfrag 509

Show dos control 509

Bridge aging time 511

Mac database commands 511

No bridge aging time 511

Show forwardingdb agetime 511

Show mac address table multicast 511

Show mac address table stats 512

Section 8 routing commands 514

Address resolution protocol commands 515

Arp cachesize 515

No arp 515

No arp cachesize 515

Arp dynamicrenew 516

Arp purge 516

No arp dynamicrenew 516

Arp resptime 517

Arp retries 517

Arp timeout 517

No arp resptime 517

No arp retries 517

Clear arp cache 518

Clear arp switch 518

No arp timeout 518

Show arp 518

Show arp brief 519

Show arp switch 519

Ip address 521

Ip routing 521

Ip routing commands 521

No ip routing 521

No routing 521

Routing 521

No ip address 522

Ip address dhcp 523

Ip default gateway 523

No ip address dhcp 523

As nexthop parameter adds a static reject route the optional 524

Confirm that the associated link is also up 524

Default preference 1 524

Enable ip routing for the interface 524

Enable ip routing globally 524

Example the following example sets the default gateway to 10 524

For the static routes to be visible you must perform the following steps 524

Format 524

Ip route 524

Is a valid subnet mask the 524

Mode global config 524

Mode interface config 524

No ip default gateway 524

No ip route 524

Parameter is a valid ip address and 524

Parameter is a valid ip address of the next hop router specifying 524

Parameter is an integer value from 1 to 255 that allows you to specify the preference value sometimes called administrative distance of an individual static route among routes to the same destination the route with the lowest preference value is the route entered into the forwarding database by specifying the preference of a static route you control whether a static route is more or less preferred than routes from dynamic routing protocols the preference also controls whether a static route is more or less preferred than other static routes to the same destination a route with a preference of 255 cannot be used to forward traffic 524

Parameter the next hop is deleted if you use the 524

The description parameter allows a description of the route to be entered 524

This command configures a static route the 524

This command deletes a single next hop to a destination static route if you use the 524

This command removes the default gateway address from the configuration 524

Value the preference value of the static route is reset to its default 524

Ip netdirbcast 525

Ip route default 525

Ip route distance 525

No ip route default 525

No ip route distance 525

Ip mtu 526

No ip mtu 526

No ip netdirbcast 526

Release dhcp 526

Encapsulation 527

Renew dhcp 527

Renew dhcp network port 527

Renew dhcp service port 527

Show dhcp lease 528

Show ip brief 528

Show ip interface 529

Dhcp client identifier the client identifier is displayed in the output of the command only if dhcp is enabled with the client id option on the in band interface see ip address dhcp on page 540 530

Example in the following example the dhcp client is enabled on a vlan routing interface 530

Example the following shows example cli display output for the command 530

Format 530

Icmp redirects displays whether icmp redirects may be sent enabled or disabled 530

Show ip interface brief 530

Term definition 530

This command displays summary information about ip configuration settings for all ports in the router and indicates how each ip address was assigned 530

Show ip route 531

Example the following shows example cli display output for the command 533

Example the following shows example cli display output for the command to indicate a truncated route 533

Format 533

Keyword is given some statistics such as the number of routes from each source include counts for alternate routes an alternate route is a route that is not the most preferred route to its destination and therefore is not installed in the forwarding table to include only the number of best routes do not use the optional keyword 533

Mode privileged exec 533

Show ip route ecmp groups 533

Show ip route summary 533

This command displays a summary of the state of the routing table when the optional 533

This command reports all current ecmp groups in the ipv4 routing table an ecmp group is a set of two or more next hops used in one or more routes the groups are numbered arbitrarily from 1 to n the output indicates the number of next hops in the group and the number of routes that use the set of next hops the output lists the ipv4 address and outgoing interface of each next hop in each group 533

Clear ip route counters 535

Example the following shows example cli display output for the command 535

Format 535

Mode privileged exec 535

Modes privileged exec user exec 535

Routes with n next hops the current number of routes with each number of next hops 535

Show ip route preferences 535

Term definition 535

The command resets to zero the ipv4 routing table counters reported in the command show ip route summary on page 550 the command only resets event counters counters that report the current state of the routing table such as the number of routes of each type are not reset 535

This command displays detailed information about the route preferences for each type of route route preferences are used in determining the best route lower router preference values are preferred over higher router preference values a route with a preference of 255 cannot be used to forward traffic 535

Show ip stats 536

Show routing heap summary 536

Ip irdp 537

No ip irdp 537

Router discovery protocol commands 537

Routing policy commands 537

Show ip policy 537

Ip irdp address 538

Ip irdp holdtime 538

Ip irdp maxadvertinterval 538

No ip irdp address 538

No ip irdp holdtime 538

No ip irdp maxadvertinterval 538

Ip irdp minadvertinterval 539

Ip irdp multicast 539

Ip irdp preference 539

No ip irdp minadvertinterval 539

No ip irdp multicast 539

No ip irdp preference 540

Show ip irdp 540

No vlan routing 541

Virtual lan routing commands 541

Vlan routing 541

Example in example 3 you select an interface id that is already in use in this case the cli displays an error message and does not create the vlan interface 542

Example the show running configuration command always lists the interface id for each routing vlan as shown in example 4 below 542

Interface vlan 543

Show ip vlan 543

Bootpdhcprelay cidoptmode 544

Bootpdhcprelay maxhopcount 544

Bootpdhcprelay minwaittime 544

Dhcp and bootp relay commands 544

No bootpdhcprelay cidoptmode 544

No bootpdhcprelay maxhopcount 544

Bootpdhcprelay enable 545

Bootpdhcprelay serverip 545

No bootpdhcprelay enable 545

No bootpdhcprelay minwaittime 545

No bootpdhcprelay serverip 545

Show bootpdhcprelay 546

Show ip bootpdhcprelay 546

Ip helper commands 547

Clear ip helper statistics 548

Ip helper address global config 548

No ip helper address global config 549

Ip helper address interface config 550

Command but affects not only relay of dhcp packets but also relay of any other protocols for which an ip helper address has been configured 551

Command with no arguments clears all helper addresses on the interface 551

Default 551

Example the following shows an example of the command 551

Example this command takes precedence over an ip helper address command given in global configuration mode with the following configuration the relay agent relays dhcp packets received on any interface other than 1 0 2 and 1 0 17 to 192 68 0 relays dhcp and dns packets received on 1 0 2 to 192 68 0 relays snmp traps port 162 received on interface 1 0 17 to 192 68 3 and drops dhcp packets received on 1 0 17 551

Format 551

Ip helper enable 551

Mode global config 551

Mode interface config 551

No ip helper address interface config 551

No ip helper enable 551

Use the no form of this command to disable relay of all udp packets 551

Use this command to delete a relay entry on an interface the 551

Use this command to enable relay of udp packets this command can be used to temporarily disable ip helper without deleting all ip helper addresses this command replaces the 551

Show ip helper address 552

Show ip helper statistics 552

Icmp throttling commands 555

Ip icmp echo reply 555

Ip redirects 555

Ip unreachables 555

No ip redirects 555

No ip unreachables 555

Ip icmp error interval 556

No ip icmp echo reply 556

No ip icmp error interval 556

Section 9 ipv6 management commands 557

Ipv6 management commands 558

Network ipv6 enable 558

No network ipv6 enable 558

No serviceport ipv6 enable 558

Serviceport ipv6 enable 558

No serviceport ipv6 address 559

Serviceport ipv6 address 559

Serviceport ipv6 gateway 559

Network ipv6 address 560

No serviceport ipv6 gateway 560

No serviceport ipv6 neighbor 560

Serviceport ipv6 neighbor 560

Network ipv6 gateway 561

No network ipv6 address 561

No network ipv6 gateway 561

Network ipv6 neighbor 562

No network ipv6 neighbor 562

Show network ipv6 neighbors 562

Ping ipv6 563

Show serviceport ipv6 neighbors 563

Ping ipv6 interface 564

Interface tunnel 565

No interface tunnel 565

Tunnel destination 565

Tunnel interface commands 565

Tunnel mode ipv6ip 565

Tunnel source 565

Show interface tunnel 566

Interface loopback 567

Loopback interface commands 567

No interface loopback 567

Show interface loopback 567

Dhcpv6 commands 568

Ipv6 dhcp client pd 568

No service dhcpv6 568

Service dhcpv6 568

Default prefix delegation is disabled on an interface 569

Example the following examples enable prefix delegation on interface 1 0 1 569

Format 569

Ipv6 dhcp relay destination 569

Ipv6 dhcp server 569

Is a value used by clients to determine preference between multiple dhcpv6 servers for a particular interface dhcpv6 server and dhcpv6 relay functions are mutually exclusive 569

Is an option that allows for an abbreviated exchange between the client and server and 569

Is the dhcpv6 pool containing stateless and or prefix delegation parameters automatic enables the server to automatically determine which pool to use when allocating addresses for a client 569

Is the relay agent information option remote id suboption to be added to relayed messages this can either be the special keyword 569

Keyword to set the relay server interface the 569

Keyword to set the relay server ipv6 address the 569

Mode interface config 569

No ipv6 dhcp client pd 569

Parameter is an interface unit slot port to reach a relay server the optional 569

Parameter is an ipv6 address of a dhcpv6 relay server use the 569

This command disables requests for prefix delegation 569

Use this command to configure an interface for dhcpv6 relay functionality on an interface or range of interfaces use the 569

Use this command to configure dhcpv6 server functionality on an interface or range of interfaces the 569

Which causes the remote id to be derived from the dhcpv6 server duid and the relay interface number or it can be specified as a user defined string 569

Address prefix ipv6 570

Ipv6 dhcp pool 570

No ipv6 dhcp pool 570

Dns server ipv6 571

Domain name ipv6 571

No dns server 571

No domain name 571

No prefix delegation 572

Prefix delegation ipv6 572

Show ipv6 dhcp 572

Show ipv6 dhcp statistics 572

Show ipv6 dhcp interface 573

Show ipv6 dhcp binding 574

Show ipv6 dhcp pool 574

Show network ipv6 dhcp statistics 575

Show serviceport ipv6 dhcp statistics 576

Clear ipv6 dhcp 577

Clear ipv6 dhcp binding 577

Clear network ipv6 dhcp statistics 578

Clear serviceport ipv6 dhcp statistics 578

Dhcpv6 snooping configuration commands 578

Ipv6 dhcp snooping 578

Ipv6 dhcp snooping vlan 578

No ipv6 dhcp snooping 578

Ip dhcp snooping database write delay 579

Ipv6 dhcp snooping database 579

Ipv6 dhcp snooping verify mac address 579

No ipv6 dhcp snooping verify mac address 579

No ipv6 dhcp snooping vlan 579

Ipv6 dhcp snooping binding 580

Ipv6 dhcp snooping log invalid 580

Ipv6 dhcp snooping trust 580

No ip dhcp snooping database write delay 580

No ipv6 dhcp snooping binding 580

No ipv6 dhcp snooping trust 580

Ipv6 dhcp snooping limit 581

Ipv6 verify source 581

No ipv6 dhcp snooping limit 581

No ipv6 dhcp snooping log invalid 581

No ipv6 verify source 581

Example the following shows example cli display output for the command 582

Format 582

Interface the interface for which data is displayed 582

Ipv6 verify binding 582

Log invalid pkts if it is enabled dhcp snooping application logs invalid packets on the specified interface 582

Mode global config 582

Mode interface config 582

Mode privileged exec user exec 582

No ipv6 verify binding 582

Show ipv6 dhcp snooping 582

Term definition 582

Trusted if it is enabled dhcp snooping considers the port as trusted the factory default is disabled 582

Use this command to configure static ipv6 source guard ipv6sg entries 582

Use this command to display the dhcp snooping global configurations and per port configurations 582

Use this command to remove the ipv6sg static entry from the ipv6sg database 582

Show ipv6 dhcp snooping binding 583

Show ipv6 dhcp snooping database 583

Example the following shows example cli display output for the command 584

Show ipv6 dhcp snooping interfaces 584

Show ipv6 dhcp snooping statistics 584

Term definition 584

Use this command to list statistics for ipv6 dhcp snooping security violations on untrusted ports 584

Use this command to show the dhcp snooping status of all interfaces or a specified interface 584

Write delay the maximum write time to write the database into local or remote 584

Clear ipv6 dhcp snooping binding 585

Clear ipv6 dhcp snooping statistics 585

Example the following shows example cli display output for the command 585

Filter type is one of two values ip v6mac user has configured mac address filtering on this interface ipv6 only ipv6 address filtering on this interface 585

Format 585

Interface interface address in unit slot port format 585

Ipv6 address ipv6 address of the interface 585

Mac address if mac address filtering is not configured on the interface the mac address field is empty if port security is disabled on the interface then the mac address field displays permit all 585

Mode privileged exec user exec 585

Show ipv6 verify 585

Term definition 585

Use this command to clear all dhcpv6 snooping bindings on all interfaces or on a specific interface 585

Use this command to clear all dhcpv6 snooping statistics 585

Use this command to display the ipv6 configuration on a specified unit slot port 585

Vlan the vlan for the binding rule 585

Show ipv6 source binding 586

Show ipv6 verify source 586

Example the following shows example cli display output for the command 587

Interface ip address of the interface in unit slot port format 587

Term definition 587

Vlan vlan for the entry 587

Section 10 quality of service commands 588

Class of service commands 589

Classofservice dot1p mapping 589

Classofservice ip dscp mapping 589

No classofservice dot1p mapping 589

No classofservice ip dscp mapping 589

Classofservice ip precedence mapping 590

Classofservice trust 590

No classofservice ip precedence mapping 590

No classofservice trust 590

Cos queue max bandwidth 591

Cos queue min bandwidth 591

Cos queue random detect 591

No cos queue max bandwidth 591

No cos queue min bandwidth 591

Cos queue strict 592

No cos queue random detect 592

No cos queue strict 592

Random detect 592

No random detect 593

No random detect exponential weighting constant 593

Random detect exponential weighting constant 593

Random detect queue parms 593

No random detect queue parms 594

No traffic shape 594

Show classofservice dot1p mapping 594

Traffic shape 594

Show classofservice ip dscp mapping 595

Show classofservice ip precedence mapping 595

Show classofservice trust 595

Show interfaces cos queue 596

Show interfaces random detect 597

Show interfaces tail drop threshold 597

Differentiated services commands 598

Diffserv 598

Class map 599

Diffserv class commands 599

No diffserv 599

Class map rename 600

Match any 600

Match ethertype 600

No class map 600

Match class map 601

Match cos 601

No match class map 601

Match destination address mac 602

Match dstip 602

Match secondary cos 602

Match dstl4port 603

Match ip dscp 603

Match ip precedence 603

Match ip tos 604

Match protocol 604

Match signature 605

Match source address mac 605

Match srcip 605

Match src port 606

Match srcip6 606

Match srcl4port 606

Match vlan 606

Match secondary vlan 607

Assign queue 608

Diffserv policy commands 608

Mirror 608

Conform color 609

Redirect 609

Mark cos 610

Mark cos as sec cos 610

Mark secondary cos 610

No class 610

Mark ip dscp 611

Mark ip precedence 611

Police simple 611

Format 612

Mode global config 612

Mode policy class map config 612

Note the cli mode is changed to policy map config when this command is successfully executed 612

Parameter is a case sensitive alphanumeric string from 1 to 31 characters uniquely identifying the policy the type of policy is specific to the inbound traffic direction as indicated by the 612

Parameter or the outbound traffic direction as indicated by the 612

Parameter respectively 612

Police single rate 612

Police two rate 612

Policy map 612

This command establishes a new diffserv policy the 612

This command is the single rate form of the police command and is used to establish the traffic policing style for the specified class for each outcome the only possible actions are drop set cos as sec cost set cos transmit set sec cos transmit set dscp transmit set prec transmit or transmit in this single rate form of the police command the conform action defaults to send the exceed action defaults to drop and the violate action defaults to drop these actions can be set with this command once the style has been configured 612

This command is the two rate form of the police command and is used to establish the traffic policing style for the specified class for each outcome the only possible actions are drop set cos as sec cos set cos transmit set sec cos transmit set dscp transmit set prec transmit or transmit in this two rate form of the police command the conform action defaults to send the exceed action defaults to drop and the violate action defaults to drop these actions can be set with this command once the style has been configured 612

No policy map 613

Policy map rename 613

Diffserv service commands 614

No service policy 614

Service policy 614

Modes global config interface config 615

Diffserv show commands 616

Show class map 616

Show diffserv 617

Show policy map 617

Show diffserv service 619

Show diffserv service brief 620

Show policy map interface 620

Show service policy 621

Mac access control list commands 622

Mac access list extended 622

Mac access list extended rename 622

No mac access list extended 622

Default 10 623

Deny permit mac acl 623

Format 623

Increment the amount to increment the range is 1 2147483647 the default is 10 623

Mac access list resequence 623

Mode global config 623

Mode mac access list config 623

Note an implicit deny all mac rule always terminates the access list 623

Note for bcm5630x and bcm5650x based systems assign queue redirect and mirror attributes are configurable for a deny rule but they have no operational effect 623

Parameter description 623

Starting sequence number the sequence number from which to start the range is 1 2147483647 the default is 10 623

The sequence number specifies the sequence number for the acl rule the sequence number is specified by the user or is generated by device 623

This command creates a new rule for the current mac access list a rule may either deny or permit traffic according to the specified classification fields at a minimum the source and destination mac value must be specified each of which may be substituted using the keyword any to indicate a match on any value in that field the remaining command parameters are all optional but the most frequently used parameters appear in the same relative order as shown in the command format 623

Use this command to renumber the sequence numbers of the entries for specified mac access list with the given increment value starting from a particular sequence number the command is used to edit the sequence numbers of acl rules in the acl and change the order in which entries are applied this command is not saved in startup configuration and is not displayed in running configuration 623

Mac access group 625

No sequence number 625

No mac access group 626

Remark 626

No remark 627

Show mac access lists 628

Ip access control list commands 629

Access list 630

Command 630

Format 630

Ip extended acl 630

Ip standard acl 630

Match on port ranges is not supported the rate limit command is not supported 630

Mode global config 630

Note ipv4 extended acls have the following limitations for egress acls 630

Parameter description 630

Table 12 acl command parameters 630

This command creates an ip access control list acl that is identified by the access list number which is 1 99 for standard acls or 100 199 for extended acls table 12 describes the parameters for the 630

Use the remark keyword to add a comment remark to an ip standard or ip extended acl the remarks make the acl easier to understand and scan each remark is limited to 100 characters a remark can consist of characters in the range a z a z 0 9 and special characters space hyphen underscore remarks are displayed only in show running configuration one remark per rule can be added for ip standard or ip extended acl user can remove only remarks that are not associated with a rule remarks associated with a rule are removed when the rule is removed 630

Ip access list 634

Ip access list rename 634

No access list 634

No ip access list 634

Default 10 635

Deny permit ip acl 635

Format 635

Increment the amount to increment the range is 1 2147483647 the default is 10 635

Ip access list resequence 635

Mode global config 635

Mode ipv4 access list config 635

Note an implicit deny all ip rule always terminates the access list 635

Note for bcm5630x based systems the 635

Parameter description 635

Parameters are not available 635

Starting sequence number the sequence number from which to start the range is 1 2147483647 the default is 10 635

This command creates a new rule for the current ip access list a rule may either deny or permit traffic according to the specified classification fields at a minimum either the every keyword or the protocol source address and destination address values must be specified the source and destination ip address fields may be specified using the keyword 635

To indicate a match on any value in that field the remaining command parameters are all optional but the most frequently used parameters appear in the same relative order as shown in the command format 635

Use this command to renumber the sequence numbers of the entries for specified ip access list with the given increment value starting from a particular sequence number the command is used to edit the sequence numbers of acl rules in the acl and change the order in which entries are applied this command is not saved in startup configuration and is not displayed in running configuration 635

Ip access group 639

No sequence number 639

Acl trapflags 640

No ip access group 640

No acl trapflags 641

Show ip access lists 641

Show access lists 643

Show access lists vlan 643

Ipv6 access control list commands 644

Ipv6 access list 644

No ipv6 access list 644

Deny permit ipv6 645

Ipv6 access list rename 645

Ipv6 access list resequence 645

For bcm5684x and bcm5644x platforms the ipv6 acl fragment keyword matches only on the first two ipv6 extension headers for the fragment header next header code 44 if the fragment header appears in the third or subsequent header it is not matched 646

For bcm5684x platforms the ipv6 acl routing keyword is not supported when an ipv6 address is specified 646

For the 5650x platform the 646

Format 646

If a time range with the specified name does not exist and the ipv6 acl containing this acl rule is applied to an interface or bound to a vlan then the acl rule is applied immediately if a time range with specified name exists and the ipv6 acl containing this acl rule is applied to an interface or bound to a vlan then the acl rule is applied when the time range with specified name becomes active the acl rule is removed when the time range with specified name becomes inactive for information about configuring time ranges see time range commands for time based acls on page 671 646

Ipv6 acls have the following limitations 646

Is the number of user configurable queues available for the hardware platform the 646

Mode ipv6 access list config 646

Note an implicit deny all ipv6 rule always terminates the access list 646

Note the 646

Parameter allows imposing time limitation on the ipv6 acl rule as defined by the parameter 646

Parameter allows the traffic matching this rule to be copied to the specified unit slot port while the redirect parameter allows the traffic matching this rule to be forwarded to the specified unit slot port the 646

Parameter is valid only for a permit rule 646

Parameters are not available on the 5630x platform 646

Parameters are only valid for a 646

Port ranges are not supported for egress ipv6 acls 646

The assign queue parameter allows specification of a particular hardware queue for handling traffic that matches this rule the allowed 646

The permit command s optional attribute rate limit allows you to permit only the allowed rate of traffic as per the configured rate in kbps and burst size in kbytes 646

Value is 0 n 1 where 646

Ipv6 traffic filter 651

No sequence number 651

No ipv6 traffic filter 652

Show ipv6 access lists 652

Absolute 654

No time range 654

Time range 654

Time range commands for time based acls 654

No absolute 655

No periodic 655

Periodic 655

Show time range 655

Auto voice over ip commands 656

Auto voip 656

Auto voip oui 657

Auto voip oui based priority 657

No auto voip 657

No auto voip oui 657

Auto voip protocol based 659

No auto voip oui 659

No auto voip protocol based 659

Auto voip vlan 660

No auto voip vlan 660

Show auto voip 660

Command 661

Example 661

Example the following shows example cli display output for the command 661

Format 661

Mode privileged exec 661

Note this command replaces the 661

Oui description description of the oui 661

Oui oui of the source mac address 661

Parameter description 661

Show auto voip oui table 661

Status default or configured entry 661

Use this command to display the voip oui table information 661

This command displays mroute entries in the multicast forwarding mfc database 662

Section 11 switch log messages 663

Utilities 665

Management 669

Switching 672

Stacking 678

Technologies 678

O s support 680

Command index 683

Symbols 683

Qtech QSW-3300-28F-AC-AC [382/693] Port based network access control commands

Содержание

Похожие устройства