![Qtech QSW-3300-28F-AC-AC [629/693] Ip access control list commands](/img/pdf.png)
Qtech QSW-3300-28F-AC-AC [629/693] Ip access control list commands
![Qtech QSW-3300-28F-AC-AC [629/693] Ip access control list commands](/views2/1596589/page629/bg275.png)
IP Access Control List Commands
Software User Manual
CLI Command Reference
Page 646
ACL Name: mac1
Outbound Interface(s): control-plane
Sequence Number: 10
Action.............................permit
Source MAC Address................ 00:00:00:00:AA:BB
Source MAC Mask....................FF:FF:FF:FF:00:00
Committed Rate.....................32
Committed Burst Size...............16
Sequence Number: 25
Action.............................permit
Source MAC Address................ 00:00:00:00:AA:BB
Source MAC Mask....................FF:FF:FF:FF:00:00
Destination MAC Address........... 01:80:C2:00:00:00
Destination MAC Mask...............00:00:00:FF:FF:FF
Ethertype..........................ipv6
VLAN...............................36
CoS Value..........................7
Assign Queue.......................4
Redirect Interface.................0/34
Committed Rate.....................32
Committed Burst Size...............16
IP Access Control List Commands
This section describes the commands you use to configure IP Access Control List (ACL) settings. IP ACLs
ensure that only authorized users have access to specific resources and block any unwarranted attempts to
reach network resources.
The following rules apply to IP ACLs:
• Switch software does not s
upport IP ACL configuration for IP packet fragments.
• The maximum number of ACLs you can c
reate is hardware dependent. The limit applies to all ACLs,
regardless of type.
• The maximum number of rules per IP ACL is
hardware dependent.
• On 5630x platforms, if you configure a MAC ACL on an interface, you cannot configure an IP ACL on the
same interfac
e.
• Wildcard masking for ACLs operates differently from a subnet mask. A wildcard mask is in essence the
inverse of a subnet mask. With a subnet mask, the mask has ones (1's) in the bit positions that are used for
the network address, and has zeros (0's) for the bit positions that are not used. In contrast, a wildcard mask
has (0’s) in a bit position that must be check
ed. A 1 in a bit position of the ACL mask indicates the
corresponding bit can be ignored.
Содержание
- Section 1 about switch software 66 1
- Section 2 using the command line interface 67 1
- Section 3 switch smb modules 72 1
- Section 4 stacking commands 80 1
- Table of contents 1
- Section 5 management commands 97 2
- Section 6 utility commands 190 10
- Section 7 switching commands 340 20
- Section 8 routing commands 531 35
- Section 9 ipv6 management commands 574 38
- Section 10 quality of service commands 605 40
- Command index 700 44
- Section 11 switch log messages 680 44
- List of tables 45
- About this document 47
- Acronyms and abbreviations 47
- Document conventions 47
- Purpose and audience 47
- References 48
- Technical support 48
- About fastpath smb software 49
- About switch software 49
- Product concept 49
- Section 1 about fastpath smb software 49
- Section 1 about switch software 49
- Command syntax 50
- Section 2 using the command line interface 50
- Command conventions 51
- Common parameter values 51
- Unit slot port naming convention 52
- Cli output filtering 53
- Executing show commands 53
- Using the no form of a command 53
- Example the following shows an example of the extensions made to the cli show commands for the output filtering feature 54
- Filter displayed output to only include lines containing a specified string match filter displayed output to exclude lines containing a specified string match filter displayed output to only include lines including and following a specified string match filter displayed output to only include a specified section of the content e g interface 0 1 with a configurable end of section delimiter string matching should be case insensitive pagination when enabled also applies to filtered output 54
- For new commands for the feature see cli output filtering commands on page 194 54
- Grep like control for modifying the displayed output to only show the user desired content 54
- Note although some switch show commands already support pagination the implementation is unique per command and not generic to all commands 54
- Output filtering 54
- Supports enabling disabling paginated output for all show cli commands when disabled output is displayed in its entirety when enabled output is displayed page by page such that content does not scroll off the terminal screen until the user presses a key to continue more or q uit is displayed at the end of each page 54
- When pagination is enabled press the return key to advance a single line press q or q to stop pagination or press any other key to advance a whole page these keys are not configurable 54
- Section 3 fastpath smb smb modules 55
- Section 3 switch smb modules 55
- Command modes 56
- Command completion and abbreviation 58
- From the global config mode enter 58
- Cli error messages 59
- Cli line editing conventions 59
- Accessing the cli 61
- Enter a question mark after each word you enter to display available command keywords or parameters 61
- Enter a question mark at the command prompt to display the commands available in the current mode 61
- If the help output shows a parameter in angle brackets you must replace the parameter with a value 61
- If there are no additional command keywords or parameters or if additional parameters are optional the following message appears in the output 61
- Using cli help 61
- You can access the cli by using a direct console connection or by using a telnet or ssh connection from a remote management host 61
- You can also enter a question mark after typing one or more characters of a word to list the available command or parameters that begin with the letters as shown in the following example 61
- Dedicated port stacking 63
- Member 63
- Section 4 stacking commands 63
- No member 64
- Switch priority 64
- Switch renumber 64
- Movemanagement 65
- No standby 65
- Standby 65
- No set slot disable 66
- No slot 66
- Set slot disable 66
- Set slot power 66
- No set slot power 67
- Reload stack 67
- Stack status sample mode 67
- Show slot 68
- Show stack status 69
- Show supported cardtype 69
- Show switch 70
- The following information appears 71
- When you specify a value for 71
- Show supported switchtype 72
- Stack port 72
- Stack port commands 72
- Show stack port 73
- Show stack port counters 73
- Show stack port diag 74
- Format 77
- Mode privileged exec 77
- Show stack port stack path 77
- This command displays the route a packet will take to reach the destination 77
- Boot auto copy sw 78
- Boot auto copy sw allow downgrade 78
- Boot auto copy sw trap 78
- No boot auto copy sw 78
- No boot auto copy sw trap 78
- Stack firmware synchronization commands 78
- No boot auto copy sw allow downgrade 79
- Show auto copy sw 79
- Section 5 management commands 80
- Do privileged exec commands 81
- Enable privileged exec access 81
- Network interface commands 81
- Serviceport protocol dhcp 81
- Network parms 82
- Network protocol 82
- Network protocol dhcp 82
- Network javamode 83
- Network mac address 83
- Network mac type 83
- No network mac type 83
- Command will always show interface status as 84
- No network javamode 84
- Show network 84
- This command displays configuration settings associated with the switch s network interface the network interface is the logical interface used for in band connectivity with the switch via any of the switch s front panel ports the configuration parameters associated with the switch s network interface do not affect the configuration of the front panel ports through which traffic is switched or routed the network interface is always considered to be up whether or not any member ports are up therefore the 84
- Show serviceport 85
- Configure 86
- Console port access commands 86
- No serial baudrate 87
- No serial timeout 87
- Serial baudrate 87
- Serial timeout 87
- Ip telnet server enable 88
- No ip telnet server enable 88
- Show serial 88
- Telnet commands 88
- No telnetcon maxsessions 89
- No transport input telnet 89
- Telnetcon maxsessions 89
- Telnetcon timeout 89
- Transport input telnet 89
- Ip ssh 90
- No telnetcon timeout 90
- Secure shell commands 90
- Show telnetcon 90
- Ip ssh protocol 91
- Ip ssh server enable 91
- No ip ssh server enable 91
- No sshcon maxsessions 91
- Sshcon maxsessions 91
- Sshcon timeout 91
- No sshcon timeout 92
- Show ip ssh 92
- Crypto certificate generate 93
- Crypto key generate dsa 93
- Crypto key generate rsa 93
- Management security commands 93
- No crypto certificate generate 93
- No crypto key generate dsa 93
- No crypto key generate rsa 93
- Hypertext transfer protocol commands 94
- Ip http accounting exec ip https accounting exec 94
- Ip http authentication 94
- No ip http https accounting exec 94
- Ip https authentication 95
- No ip http authentication 95
- No ip https authentication 95
- Ip http java 96
- Ip http secure server 96
- Ip http server 96
- No ip http secure server 96
- No ip http server 96
- Ip http session hard timeout 97
- Ip http session maxsessions 97
- Ip http session soft timeout 97
- No ip http java 97
- No ip http session hard timeout 97
- No ip http session maxsessions 97
- Ip http secure session hard timeout 98
- Ip http secure session maxsessions 98
- Ip http secure session soft timeout 98
- No ip http secure session hard timeout 98
- No ip http secure session maxsessions 98
- No ip http session soft timeout 98
- Ip http secure port 99
- Ip http secure protocol 99
- No ip http secure port 99
- No ip http secure session soft timeout 99
- Show ip http 99
- Access commands 101
- Disconnect 101
- Show loginsession 101
- Example the following shows an example of the command 102
- Format 102
- Mode privileged exec 102
- Show loginsession long 102
- This command displays the complete user names of the users currently logged in to the switch 102
- Aaa authentication login 103
- User account commands 103
- Aaa authentication enable 104
- No aaa authentication login 104
- Aaa authorization 105
- No aaa authentication enable 105
- Exec authorization 106
- Per command authorization 106
- Authorization commands 107
- No aaa authorization 107
- No authorization commands 107
- Authorization exec 108
- Authorization exec default 108
- No authorization exec 108
- No authorization exec default 108
- Show authorization methods 108
- Command 109
- Default uses the default list created with the 109
- Enable authentication 109
- Example the following example specifies the default authentication method when accessing a higher privilege level console 109
- Format 109
- List name uses the indicated list created with the 109
- Mode line config 109
- No enable authentication 109
- Parameter description 109
- Use this command to return to the default specified by the 109
- Use this command to specify the authentication method list when accessing a higher privilege level from a remote telnet or console 109
- Username global config 110
- No username 111
- Username nopassword 111
- Username snmpv3 accessmode 111
- Username unlock 111
- No username snmpv3 accessmode 112
- No username snmpv3 authentication 112
- Username snmpv3 authentication 112
- Username snmpv3 encryption 112
- No username snmpv3 encryption 113
- Show users 113
- Show users long 113
- Username snmpv3 encryption encrypted 113
- Show users accounts 114
- Example the following example shows user login history outputs 115
- Format 115
- Mode privileged exec 115
- Name name of the user range 1 20 characters 115
- Parameter description 115
- Show users login history long 115
- Show users login history username 115
- Use this command to display information about the login history of users 115
- Login authentication 116
- No login authentication 116
- Password 116
- Password line configuration 116
- No password line configuration 117
- Password aaa ias user config 117
- Password user exec 117
- Configuration command to set a local password to control access to the privileged exec mode 118
- Enable password privileged exec 118
- Encrypted encrypted password you entered copied from another switch configuration the encrypted password should be 128 characters long because the assumption is that this password is already encrypted with aes 118
- Example the following is an example of adding a mab client to the internal user database 118
- Example the following shows an example of the command 118
- Format 118
- Mode aaa ias user config 118
- Mode privileged exec 118
- No password aaa ias user config 118
- Parameter description 118
- Password password string range 8 64 characters 118
- This command is used to clear the password of a user 118
- Use the 118
- No enable password privileged exec 119
- No passwords history 119
- No passwords min length 119
- Passwords history 119
- Passwords min length 119
- No passwords aging 120
- No passwords lock out 120
- Passwords aging 120
- Passwords lock out 120
- Passwords strength check 120
- No passwords strength check 121
- No passwords strength minimum uppercase letters 121
- Passwords strength maximum consecutive characters 121
- Passwords strength maximum repeated characters 121
- Passwords strength minimum lowercase letters 121
- Passwords strength minimum uppercase letters 121
- No passwords strength minimum lowercase letters 122
- No passwords strength minimum numeric characters 122
- No passwords strength minimum special characters 122
- Passwords strength minimum character classes 122
- Passwords strength minimum numeric characters 122
- Passwords strength minimum special characters 122
- No passwords strength exclude keyword 123
- No passwords strength minimum character classes 123
- Passwords strength exclude keyword 123
- Show passwords configuration 123
- Aaa ias user username 124
- No aaa ias user username 124
- Show passwords result 124
- Aaa accounting 125
- Aaa session id 125
- No aaa session id 125
- No aaa accounting 126
- Clear aaa ias users 127
- No password aaa ias user configuration 127
- Password aaa ias user configuration 127
- Accounting 128
- Show aaa ias users 128
- Dot1x dfltdot1xlist start stop radius 129
- Example the following shows example cli display output for the command 129
- Format 129
- Mode line configuration 129
- Mode privileged exec 129
- No accounting 129
- Show accounting 129
- Show accounting methods 129
- Use this command to display configured accounting method lists 129
- Use this command to display ordered methods for accounting lists 129
- Use this command to remove accounting from a line configuration mode 129
- Clear accounting statistics 130
- Example the following shows example cli display output for the command 130
- Format 130
- Mode privileged exec 130
- Show domain name 130
- This command clears the accounting statistics 130
- This command displays the configured domain name 130
- Snmp commands 131
- Snmp server 131
- Snmp server community 131
- No snmp server community 132
- Snmp server community group 132
- Snmp server enable traps violation 132
- No snmp server enable traps 133
- No snmp server enable traps violation 133
- No snmp server port 133
- Snmp server enable traps 133
- Snmp server port 133
- Snmp trap link status 133
- No snmp trap link status 134
- No snmp trap link status all 134
- Snmp trap link status all 134
- No snmp server enable traps linkmode 135
- No snmp server enable traps multiusers 135
- Snmp server enable traps linkmode 135
- Snmp server enable traps multiusers 135
- Snmp server enable traps stpmode 135
- No snmp server enable traps stpmode 136
- No snmp server engineid local 136
- Snmp server engineid local 136
- Snmp server filter 136
- No snmp server filter 137
- Snmp server group 137
- No snmp server group 138
- No snmp server host 138
- Snmp server host 138
- Snmp server user 138
- No snmp server user 139
- Snmp server view 139
- No snmp server view 140
- Snmp server v3 host 140
- Snmptrap source interface 140
- No snmptrap source interface 141
- Show snmp 141
- Snmptrap ip6addr snmpversion 141
- Snmptrap ipaddr snmpversion 141
- Show snmp engineid 142
- Show snmp filters 142
- Show snmp group 143
- Show snmp server 143
- Show snmp source interface 143
- Show snmp user 144
- Show snmp views 144
- Show trapflags 144
- Aaa server radius dynamic author 146
- Auth type 146
- No aaa server radius dynamic author 146
- No auth type 146
- Radius commands 146
- Clear radius dynamic author statistics 147
- Client 147
- No client 147
- Debug aaa coa 148
- Debug aaa pod 148
- Ignore server key 148
- Ignore session key 148
- No ignore server key 148
- No ignore session key 149
- No port 149
- No radius accounting mode 150
- No radius server attribute 4 150
- Radius accounting mode 150
- Radius server attribute 4 150
- Radius server host 151
- No radius server host 152
- Radius server key 152
- No radius server msgauth 153
- Radius server msgauth 153
- Radius server primary 153
- Radius server retransmit 153
- No radius server retransmit 154
- No radius source interface 154
- Radius source interface 154
- No radius server timeout 155
- No server key 155
- Radius server timeout 155
- Server key 155
- Default none 156
- Default not applicable 156
- Example 156
- Format 156
- Mode dynamic authorization 156
- Mode privileged exec 156
- Mode user exec 156
- Number of administratively prohibited requests 156
- Show radius 156
- Show radius servers 156
- This command displays the values configured for the global parameters of the radius client 156
- Use this command to display the authentication parameters 156
- Show radius servers 157
- A global parameter to indicate whether the accounting mode for all the servers is enabled or not 158
- Current host address the ip address of the currently active authenticating server 158
- Example the following shows example cli display output for the command 158
- Field description 158
- Host address the ip address of the host 158
- Message authenticator a global parameter to indicate whether the message authenticator attribute is enabled or disabled 158
- Number of retransmits the configured value of the maximum number of times a request packet is retransmitted 158
- Port the port used for communication with the authenticating server 158
- Radius accounting mode 158
- Radius attribute 4 mode a global parameter to indicate whether the nas ip address attribute has been enabled to use in radius requests 158
- Radius attribute 4 value a global parameter that specifies the ip address to be used in nas ip address attribute used in radius requests 158
- Secret configured yes or no boolean value that indicates whether this server is configured with a secret 158
- Server name the name of the authenticating server 158
- Time duration the configured timeout value in seconds for request retransmissions 158
- Type specifies whether this server is a primary or secondary type 158
- A global parameter to indicate whether the accounting mode for all the servers is enabled or not 159
- Example the following shows example cli display output for the command 159
- Field description 159
- Format 159
- Host address the ip address of the host 159
- If you do not specify any parameters then only the accounting mode and the radius accounting server details are displayed 159
- Mode privileged exec 159
- Port the port used for communication with the accounting server 159
- Radius accounting mode 159
- Secret configured yes or no boolean value indicating whether this server is configured with a secret 159
- Server name the name of the accounting server 159
- Servername an alias name to identify the server 159
- Show radius accounting 159
- Term definition 159
- This command displays a summary of configured radius accounting servers 159
- Show radius accounting statistics 160
- Example the following shows example cli display output for the command 161
- Format 161
- Mode privileged exec 161
- Show radius source interface 161
- Show radius statistics 161
- This command displays the summary statistics of configured radius authenticating servers 161
- Use this command in privileged exec mode to display the configured radius client source interface source ip address information 161
- No tacacs server host 164
- Tacacs commands 164
- Tacacs server host 164
- Tacacs server key 164
- No tacacs server key 165
- Tacacs server keystring 165
- Tacacs server source interface 165
- No tacacs server source interface 166
- No tacacs server timeout 166
- Tacacs server timeout 166
- Keystring 167
- Priority tacacs config 167
- Timeout 167
- Show tacacs 168
- Show tacacs source interface 168
- Configuration scripting commands 169
- Script apply 169
- Script delete 170
- Script list 170
- Script show 170
- Script validate 170
- Copy pre login banner 171
- Hostname 171
- Prelogin banner system prompt and host name commands 171
- Set prompt 171
- Show clibanner 171
- Example the following shows example cli display output for the command 172
- Format 172
- Line banner text where double quote is a delimiting character the banner message can be up to 2000 characters 172
- Mode global config 172
- No set clibanner 172
- Parameter description 172
- Set clibanner 172
- Use this command to configure the prelogin cli banner before displaying the login prompt 172
- Use this command to unconfigure the prelogin cli banner 172
- Section 6 utility commands 173
- Autoinstall commands 174
- Boot autoinstall 174
- Boot host retrycount 174
- Boot host autosave 175
- Boot host dhcp 175
- No boot host autosave 175
- No boot host dhcp 175
- No boot host retrycount 175
- Boot host autoreboot 176
- Erase factory defaults 176
- Erase startup config 176
- No boot host autoreboot 176
- Show autoinstall 176
- Cli output filtering commands 177
- Show xxx exclude string 177
- Show xxx include string 177
- Show xxx include string exclude string2 177
- Show xxx begin string 178
- Show xxx section string 178
- Show xxx section string include string2 178
- Show xxx section string string2 178
- Boot system 179
- Delete 179
- Dual image commands 179
- Filedescr 179
- Show bootvar 179
- Update bootcode 179
- Show arp switch 180
- Show eventlog 180
- Show hardware 180
- System information and statistics commands 180
- Show platform vpd 181
- Show version 181
- Show interface 182
- Show interfaces status 183
- Show interface counters 184
- Show interfaces traffic 184
- Example the following shows example cli display output for the command 185
- Format 185
- Inbcastpkts the total number of broadcast packets received on the interface 185
- Mode privileged exec 185
- Outbcastpkts the total number of broadcast packets transmitted by the interface 185
- Outmcastpkts the total number of multicast packets transmitted by the interface 185
- Outoctects the total number of octets transmitted by the interface 185
- Outucastpkts the total number of unicast packets transmitted by the interface 185
- Show interface ethernet 185
- Term definition 185
- This command displays detailed statistics for a specific interface or for all cpu traffic based upon the argument 185
- Show interface ethernet switchport 190
- Show fiber ports optical transceiver 191
- Show interface lag 191
- Show fiber ports optical transceiver info 192
- Br nominal the nominal bit signaling rate br nominal is specified in units of 100 mbd rounded off to the nearest 100 mbd the bit rate includes those bits necessary to encode and delimit the signal as well as those bits carrying data information a value of 0 indicates that the bit rate is not specified and must be determined from the transceiver technology the actual information transfer rate will depend on the encoding of the data as defined by the encoding value 193
- Can also be used to specify the lag interface where 193
- Can be used as an alternate way to specify the lag interface 193
- Example the following information shows an example of the command output 193
- Field description 193
- Format 193
- Instead of 193
- Is the lag port number use the 193
- Mode privileged exec 193
- Or no parameter to display the entire table enter a mac address and vlan id to display the table entry for the requested mac address on the specified vlan enter the 193
- Parameter to display information about mac addresses on a specified vlan 193
- Parameter to view summary information about the forwarding database table use the 193
- Show mac addr table 193
- Term definition 193
- The following information displays if you do not enter a parameter the keyword all or the mac address and vlan id 193
- This command displays the forwarding database entries these entries are used by the transparent bridging function to determine how to forward a received frame 193
- Unit slot port parameter to view mac addresses on a specific interface 193
- Vendor rev the vendor revision number vendor rev contains ascii characters left aligned and padded on the right with ascii spaces 20h defining the vendor s product revision number a value of all zero in this field indicates that the vendor revision is unspecified 193
- Vlan id the vlan in which the mac address is learned 193
- Process cpu threshold 194
- Show process app list 195
- Cpu share the maximum percentage of cpu utilization the process can consume 196
- Format 196
- Id the application identifier 196
- Max mem usage the maximum amount of memory the process has used at any given time since it started 196
- Memory limit the maximum amount of memory the process can consume 196
- Memory usage the amount of memory the process is currently using 196
- Mode privileged exec 196
- Name the name that identifies the process 196
- Note it is not necessarily the traffic to the cpu but different tasks that keep the cpu busy 196
- Note this command is available in linux 2 only 196
- Parameter description 196
- Pid the number the software uses to identify the process 196
- Show process app resource list 196
- Show process cpu 196
- This command displays the configured and in use resources of each application 196
- This command provides the percentage utilization of the cpu by different tasks 196
- Alloc system wide allocated memory excluding cache file system used space 197
- Example the following shows example cli display output for the command using linux 197
- Format 197
- Free system wide free memory 197
- Keyword description 197
- Mode privileged exec 197
- Name process or thread name 197
- Note this command is available in linux 2 only 197
- Pid process or thread id 197
- Secs cpu utilization sampling in 300secs interval 197
- Secs cpu utilization sampling in 5secs interval 197
- Secs cpu utilization sampling in 60secs interval 197
- Show process proc list 197
- This application displays the processes started by applications created by the process manager 197
- Total cpu utilization total cpu utilization within the specified window of 5secs 60secs and 300secs 197
- Application id name the application identifier and its associated name 198
- Child indicates whether the process has spawned a child process 198
- Example the following shows example cli display output for the command 198
- Fd count the file descriptors count for the process 198
- Format 198
- Mode privileged exec 198
- Note show running config does not display the user password even if you set one different from the default 198
- Note this command is available in linux 2 only 198
- Option 198
- Parameter description 198
- Pid the number the software uses to identify the process 198
- Process name the name that identifies the process 198
- Show running config 198
- Use this command to display or capture the current setting of different protocol packages supported on the switch this command displays or captures commands with settings and configurations that differ from the default value to display or capture the commands with settings and configurations that are equal to the default value include the 198
- Vm peak the maximum amount of virtual memory the process has used at a given time 198
- Vm size virtual memory size 198
- Show running config interface 199
- Example the following shows example cli display output for the command using the backup config parameter 201
- Example the following shows example cli display output for the command using the factory defaults parameter 202
- Format 202
- Mode privileged exec 202
- Use this command to list the files in the directory mnt switch in flash from the cli 202
- Show sysinfo 203
- Show tech support 203
- Length value 204
- No length value 204
- No terminal length 204
- Terminal length 204
- Memory free low watermark processor 205
- Show terminal length 205
- Box services commands 206
- Environment temprange 206
- Environment trap 206
- Show version bootloader 206
- Logging buffered 208
- Logging buffered wrap 208
- Logging cli command 208
- Logging commands 208
- No logging buffered 208
- No logging buffered wrap 208
- Logging console 209
- Logging host 209
- No logging cli command 209
- No logging console 209
- Logging host reconfigure 210
- Logging host remove 210
- Logging syslog 210
- No logging syslog 210
- Logging syslog port 211
- Logging syslog source interface 211
- No logging syslog port 211
- No logging syslog source interface 211
- Show logging 212
- Show logging buffered 213
- Show logging hosts 213
- Example the following shows example cli display output for the command 214
- Format 214
- Is specified 214
- Is specified the system persistent log files are displayed 214
- Mode privileged exec 214
- Parameter description 214
- Persistent log count the number of persistent log entries 214
- Persistent log files the list of persistent log files in the system only displayed if 214
- Persistent logging if persistent logging is enabled or disabled 214
- Show logging persistent 214
- Show logging traplogs 214
- This command displays snmp trap events and statistics 214
- Use the show logging persistent command to display persistent log entries if 214
- Clear logging buffered 215
- Email alerting and mail server commands 216
- Logging email 216
- Logging email message type to addr 216
- Logging email urgent 216
- No logging email 216
- No logging email urgent 216
- Logging email from addr 217
- Logging email message type subject 217
- No logging email from addr 217
- No logging email message type subject 217
- No logging email message type to addr 217
- Logging email logtime 218
- Logging email test message type 218
- Logging traps 218
- No logging email logtime 218
- No logging traps 218
- Show logging email config 218
- Clear logging email statistics 219
- Show logging email statistics 219
- Mail server 220
- No mail server 220
- Security 220
- Username mail server config 220
- Password 221
- Show mail server config 221
- System utility and clear commands 222
- Traceroute 222
- Clear config 224
- Clear counters 224
- Example traceroute failure 224
- Example traceroute ipv6 failure 224
- For all the ports or for an interface on a valn based on the argument 224
- Format 224
- Mode privileged exec 224
- This command clears the statistics for a specified unit slot por 224
- This command resets the configuration to the factory defaults without powering off the switch when you issue this command a prompt appears to confirm that the reset should proceed when you enter 224
- You automatically reset the current configuration on the switch to the default values it does not reset the switch 224
- Clear igmpsnooping 225
- Clear ip access list counters 225
- Clear ipv6 access list counters 225
- Clear mac access list counters 225
- Clear pass 225
- Clear traplog 225
- Clear vlan 226
- Command for ipv6 hosts see ping ipv6 on page 580 226
- Default the default count is 1 the default interval is 3 seconds the default size is 0 bytes 226
- Format 226
- Gvrp is restored to the factory default as a result of handling the vlan restore notify event since gvrp is disabled by default this means that gvrp should be disabled and all of its dynamic vlans should be deleted 226
- Logout 226
- Mode privileged exec 226
- Modes privileged exec user exec 226
- Note for information about the 226
- Note save configuration changes before logging out 226
- Static vlans are deleted 226
- This command closes the current telnet connection or resets the current serial connection 226
- This command resets vlan configuration parameters to the factory defaults when the vlan configuration is reset to the factory defaults there are some scenarios regarding gvrp that happen due to this 226
- Use this command to determine whether another computer is on the network ping provides a synchronous response when initiated from the cli and web interfaces 226
- Reload 228
- Copies a specified configuration script file to a server 230
- Copies the crash log to a server 230
- Copies the error log file to a server 230
- Copies the log file to a server 230
- Copies the operational log file to a server 230
- Copies the startup configuration to a server 230
- Copies the startup configuration to the backup configuration 230
- Copies the trap log file to a server 230
- Destination file name for the application file 230
- Downloads a configuration script file to the system during the download of a configuration script the copy command validates the script in case of any error the command lists all the lines at the end of the validation process and prompts you to confirm before copying the script file 230
- Downloads public key for image validation 230
- Downloads the binary config file to the system 230
- Downloads the cli banner to the system 230
- Downloads the public key for configuration script validation 230
- Saves the running configuration to nvram 230
- Saves the running configuration to nvram to the 230
- Saves the system image to a server 230
- Source destination description 230
- Table 9 copy parameters cont 230
- Uploads cpu packets capture file 230
- Uploads factory defaults file 230
- Uploads the binary config file to a server 230
- Uploads the core dump file on the local system to an external tftp ftp scp sftp server 230
- Uploads the startup log file 230
- Uploads the system and configuration information for technical support 230
- Command 231
- Copy the active image to the backup image 231
- Copy the backup image to the active image 231
- Download an image from the remote server to either image 231
- Downloads an http secure server certificate 231
- Downloads an http secure server certificate for more information see hypertext transfer protocol commands on page 111 231
- Downloads an ias users database file to the system when the ias users file is downloaded the switch ias user s database is replaced with the users and their attributes available in the downloaded file 231
- Downloads an ssh key file 231
- Downloads an ssh key file for more information see secure shell commands on page 107 231
- Downloads the file containing list of commands to be displayed using the 231
- Downloads the startup configuration file to the system 231
- Example the following shows an example of downloading and applying ias users file 231
- Source destination description 231
- Table 9 copy parameters cont 231
- Upload either image to the remote server 231
- When you use this option the copy command will not validate the downloaded script file an example of the cli command follows 231
- File verify 232
- No file verify 232
- Power over ethernet commands 232
- Write memory 232
- Flexible power management 233
- Poe high power 233
- No poe high power 234
- No power power limit 234
- Poe power limit 234
- Poe power management 234
- No poe power management 235
- No poe priority 235
- Poe priority 235
- Poe reset 235
- No poe usagethreshold 236
- Poe traps 236
- Poe usagethreshold 236
- Show poe 236
- Example 237
- Format 237
- Mode privileged exec 237
- Show poe mpsm 237
- Show poe port configuration 237
- Show poe port info 237
- Use this command to display poe port configuration information for individual ports or all ports 237
- Use this command to display poe port information 237
- Use this command to display the current mpsm and power bank values if a slot is selected only the mpsm and power bank values for that slot are displayed 237
- Can be a value from 6 to 10 238
- Default 6 238
- Example 238
- Format 238
- Mode global config 238
- Mode privileged exec 238
- No sntp broadcast client poll interval 238
- Simple network time protocol commands 238
- Sntp broadcast client poll interval 238
- This command resets the poll interval for sntp broadcast client back to the default value 238
- This command sets the poll interval for sntp broadcast clients in seconds as a power of two where 238
- This section describes the commands you use to automatically configure the system time and date by using simple network time protocol sntp 238
- No sntp client mode 239
- No sntp client port 239
- Sntp client mode 239
- Sntp client port 239
- Sntp unicast client poll interval 239
- No sntp unicast client poll interval 240
- No sntp unicast client poll retry 240
- No sntp unicast client poll timeout 240
- Sntp server 240
- Sntp unicast client poll retry 240
- Sntp unicast client poll timeout 240
- Format 241
- Loopback id configures the loopback interface the range of the loopback id is 0 to 7 241
- Mode global config 241
- No sntp server 241
- No sntp source interface 241
- Parameter description 241
- Show sntp 241
- Sntp source interface 241
- This command deletes an server from the configured sntp servers 241
- This command is used to display sntp settings and status 241
- Tunnel id configures the ipv6 tunnel interface the range of the tunnel id is 0 to 7 241
- Unit slot port the unit identifier assigned to the switch 241
- Use this command to reset the sntp source interface to the default settings 241
- Use this command to specify the physical or logical interface to use as the source interface source ip address for sntp unicast server configuration if configured the address of source interface is used for all sntp communications between the sntp server and the sntp client the selected source interface ip address is used for filling the ip header of management protocol packets this allows security devices firewalls to identify the source packets coming from the specific switch if a source interface is not specified the primary ip address of the originating outbound interface is used as the source address if the configured interface is down the sntp client falls back to its default behavior 241
- Vlan id configures the vlan interface to use as the source ip address the range of the vlan id is 1 to 4093 241
- Show sntp client 242
- Show sntp server 242
- Show sntp source interface 243
- Clock set 244
- Clock set hh mm ss 244
- Clock summer time date 244
- Time zone commands 244
- Clock summer time recurring 245
- No clock summer time 245
- Clock timezone 246
- No clock timezone 246
- Show clock 246
- Example the following shows example cli display output for the command 247
- Format show clock detail 247
- Mode privileged exec 247
- Show clock detail 247
- Use this command to display the detailed system time along with the time zone and the summertime configuration 247
- With the above configuration the output appears as below 247
- Client identifier 248
- Dhcp server commands 248
- Ip dhcp pool 248
- No client identifier 248
- No ip dhcp pool 248
- Client name 249
- Default router 249
- Dns server 249
- No client name 249
- No default router 249
- No dns server 249
- Hardware address 250
- No hardware address 250
- No host 250
- Bootfile 251
- Network dhcp pool config 251
- No bootfile 251
- No lease 251
- No network 251
- Domain name 252
- Domain name enable 252
- Netbios name server 252
- No domain name 252
- No domain name enable 252
- Netbios node type 253
- Next server 253
- No netbios name server 253
- No netbios node type 253
- No next server 253
- Ip dhcp excluded address 254
- No ip dhcp excluded address 254
- No option 254
- Option 254
- Ip dhcp bootp automatic 255
- Ip dhcp ping packets 255
- No ip dhcp bootp automatic 255
- No ip dhcp ping packets 255
- No service dhcp 255
- Service dhcp 255
- Clear ip dhcp binding 256
- Clear ip dhcp conflict 256
- Clear ip dhcp server statistics 256
- Ip dhcp conflict logging 256
- No ip dhcp conflict logging 256
- Show ip dhcp binding 257
- Show ip dhcp global configuration 257
- Show ip dhcp pool configuration 257
- Show ip dhcp server statistics 258
- Show ip dhcp conflict 259
- Dns client commands 260
- Ip domain lookup 260
- Ip domain name 260
- No ip domain lookup 260
- No ip domain name 260
- Ip domain list 261
- Ip name server 261
- Ip name source interface 261
- No ip domain list 261
- No ip name server 261
- Ip host 262
- Ipv6 host 262
- No ip host 262
- No ip name source interface 262
- No ipv6 host 262
- Clear host 263
- Ip domain retry 263
- Ip domain timeout 263
- No ip domain retry 263
- No ip domain timeout 263
- Show hosts 264
- Clear ip address conflict detect 265
- Ip address conflict commands 265
- Ip address conflict detect run 265
- Show ip address conflict 265
- Show ip name source interface 265
- Use this command to display the configured source interface details used for a dns client the ip address of the selected interface is used as source ip for all communications with the server 265
- Capture file remote line 266
- Capture start 266
- Capture stop 266
- Serviceability packet tracing commands 266
- Capture file size 267
- Capture remote port 267
- Capture line wrap 268
- Debug aaa accounting 268
- No capture line wrap 268
- No debug aaa accounting 268
- Show capture packets 268
- Debug arp 269
- Debug auto voip 269
- Debug clear 269
- No debug arp 269
- No debug auto voip 269
- Debug console 270
- Debug crashlog 270
- No debug console 270
- Debug debug config 271
- Debug dhcp packet 271
- Debug dot1x packet 271
- No debug dhcp 271
- Debug fip snooping packet 272
- No debug dot1x packet 272
- No debug fip snooping packet 272
- Debug igmpsnooping packet 273
- Debug igmpsnooping packet transmit 273
- No debug igmpsnooping packet 273
- Debug igmpsnooping packet receive 274
- No debug igmpsnooping receive 274
- No debug igmpsnooping transmit 274
- Debug ip acl 275
- Debug lacp packet 275
- Debug ping packet 275
- No debug ip acl 275
- No debug lacp packet 275
- Debug spanning tree bpdu 276
- No debug ping packet 276
- No debug spanning tree bpdu 276
- Debug spanning tree bpdu receive 277
- Debug spanning tree bpdu transmit 277
- No debug spanning tree bpdu receive 277
- Debug tacacs 278
- Debug telnetd start 278
- No debug spanning tree bpdu transmit 278
- Debug telnetd stop 279
- Debug transfer 279
- No debug transfer 279
- Show debugging 279
- Exception dump active port 280
- Exception protocol 280
- No exception protocol 280
- No show debugging 280
- Exception dump nfs 281
- Exception dump tftp server 281
- No exception dump active port 281
- No exception dump tftp server 281
- Exception core file 282
- Exception dump filepath 282
- No exception dump filepath 282
- No exception dump nfs 282
- Exception dump ftp server 283
- Exception switch chip register 283
- No exception core file 283
- Exception dump compression 284
- Exception dump stack ip address protocol 284
- No exception dump compression 284
- No exception dump ftp server 284
- No exception dump stack ip address protocol 284
- Exception dump stack ip address add 285
- Exception dump stack ip address remove 285
- Exception nmi 285
- Write core 285
- Debug exception 286
- Default none 286
- Example the following shows an example of this command 286
- Format 286
- Mode privileged exec 286
- Note this command is only available on selected linux based platforms 286
- Show exception 286
- The command displays core dump features support 286
- Use this command to display the configuration parameters for generating a core dump file 286
- Logging persistent 287
- No logging persistent 287
- Show exception core dump file 287
- Show exception log 287
- Show mbuf 288
- Show mbuf total 288
- Session start 289
- Show msg queue 289
- Session stop 290
- Cable test command 291
- Cablestatus 291
- Green ethernet commands 292
- Green mode energy detect 292
- Green mode short reach 292
- No green mode energy detect 292
- Green mode eee 293
- Green mode eee tx idle time 293
- No green mode eee 293
- No green mode eee tx idle time 293
- No green mode short reach 293
- Green mode eee lpi history sampling interval 294
- Green mode eee tx wake time 294
- No green mode eee lpi history sampling interval 294
- No green mode eee tx wake time 294
- Green mode eee lpi history max samples 295
- No green mode eee lpi history max samples 295
- Show green mode 295
- Clear green mode statistics 299
- Clears only the eee transmit receive lpi event count lpi duration and cumulative energy savings estimates of the port other status parameters that display after executing 299
- Cumulative power savings estimates 299
- Eee lpi event count and lpi duration 299
- Eee lpi history table entries 299
- Format 299
- Mode privileged exec 299
- Note executing 299
- Sampling interval interval at which eee lpi statistics is collected 299
- See show green mode on page 312 retain their data 299
- Show green mode eee lpi history 299
- Term definition 299
- Use this command to clear the following green ethernet mode statistics 299
- Use this command to display interface green mode eee lpi history 299
- You can clear the statistics for a specified port or for all ports 299
- Example the following shows example cli display output for the command on a system with the eee feature enabled 300
- Percentage lpi time per stack percentage of total time spent in lpi mode by all port in stack when compared to total time since reset 300
- Sample no sample index 300
- Sample time time since last reset 300
- Term definition 300
- Time spent in lpi mode since last reset percentage of total time spent in lpi mode on this port when compared to time since reset 300
- Time spent in lpi mode since last sample percentage of time spent in lpi mode on this port when compared to sampling interval 300
- Total no of samples to keep maximum number of samples to keep 300
- Remote monitoring commands 301
- Rmon alarm 301
- No rmon alarm 302
- Rmon hcalarm 302
- No rmon hcalarm 303
- No rmon event 304
- Rmon collection history 304
- Rmon event 304
- No rmon collection history 305
- Show rmon 305
- Example the following shows example cli display output for the command 307
- Format 307
- History control buckets granted the number of discrete sampling intervals over which data shall be saved this object is read only the default is 10 307
- History control buckets requested 307
- History control data source the source interface for which historical data is collected 307
- History control index an index that uniquely identifies an entry in the historycontrol table each such entry defines a set of samples at a particular interval for an interface on the device the range is 1 to 65535 307
- History control interval the interval in seconds over which the data is sampled the range is 1 to 3600 the default is 1800 307
- History control owner the owner string associated with the history control entry the default is monitorhistorycontrol 307
- Mode privileged exec 307
- Parameter description 307
- Show rmon collection history 307
- The requested number of discrete time intervals over which data is to be saved the range is 1 to 65535 the default is 50 307
- This command displays the entries in the rmon history control table 307
- Show rmon events 308
- Show rmon history 308
- Example the following shows example cli display output for the command 310
- Show rmon log 311
- Show rmon statistics interfaces 311
- Show rmon hcalarms 313
- Statistics application commands 316
- Stats group 316
- Dstip ip address the destination ip address 317
- Example the following shows examples of the command 317
- Format 317
- List of reporting methods report the statistics to the configured method the range is 0 none 1 console 2 syslog 3 e mail the default is none 317
- Mode global config 317
- No stats group 317
- Parameter description 317
- Rule id the flow based rule id the range is 1 to 16 the default is none 317
- Srcip ip address the source ip address 317
- Stats flow based 317
- This command configures flow based statistics rules for the given parameters over the specified time range only an ipv4 address is allowed as source and destination ip address 317
- This command deletes the configured group 317
- Time range name name of the time range for the group or the flow based rule the range is 1 to 31 alphanumeric characters the default is none 317
- No stats flow based 318
- Stats flow based reporting 318
- No stats group 319
- Stats flow based 319
- Stats group 319
- Example the following shows example cli display output for the command 320
- Example the following shows examples of the command 320
- Format 320
- Group id the unique identifier for the group 320
- Mode interface config 320
- Mode privileged exec 320
- Name the name of the group 320
- No stats flow based 320
- Parameter description 320
- Show stats group 320
- This command deletes the interface or interface range from the flow based rule specified 320
- This command displays the configured time range and the interface list for the group specified and shows collected statistics for the specified time range name on the interface list after the time range expiry 320
- Example the following shows example cli display output for the command 321
- Format 321
- Mode privileged exec 321
- Parameter description 321
- Rule id the unique identifier for the flow based rule 321
- Show stats flow based 321
- This command displays the configured time range flow based rule parameters and the interface list for the flow specified 321
- Example the following shows example cli display output for the command 322
- Port configuration commands 323
- Section 7 switching commands 323
- Auto negotiate 324
- Auto negotiate all 324
- Interface 324
- No auto negotiate 324
- Description 325
- Media type 325
- No auto negotiate all 325
- No media type 325
- No mtu 326
- No shutdown 326
- Shutdown 326
- No shutdown all 327
- Show interface media type 327
- Shutdown all 327
- Speed all 327
- Show port 328
- Example the following command shows an example of the command output for a range of ports 329
- Example the following command shows an example of the command output for all ports 329
- Lacp mode lacp is enabled or disabled on this port 329
- Link trap this object determines whether or not to send a trap when link status changes the factory default is enabled 329
- Parameter definition 329
- Show port advertise 329
- Use this command to display the local administrative link advertisement configuration local operational link advertisement and the link partner advertisement for an interface it also displays priority resolution for speed and duplex as per 802 annex 28b it displays the auto negotiation state phy master slave clock configuration and link state of the port 329
- Can also be used to specify the lag interface where 330
- Can be used as an alternate way to specify the lag interface 330
- Example the following commands show the command output with and without the optional parameter 330
- Format 330
- If the link is down the clock is displayed as no link and a dash is displayed against the oper peer advertisement and priority resolution if auto negotiation is disabled then the admin local link advertisement operational local link advertisement operational peer advertisement and priority resolution fields are not displayed 330
- If this command is executed without the optional 330
- Ifindex the interface index number associated with the port 330
- Interface unit slot port 330
- Is the lag port number 330
- Mode privileged exec 330
- Parameter then it displays the auto negotiation state and operational local link advertisement for all the ports operational link advertisement will display speed only if it is supported by both local as well as link partner if auto negotiation is disabled then operational local link advertisement is not displayed 330
- Show port description 330
- Term definition 330
- This command displays the interface description instead of 330
- No spanning tree 332
- No spanning tree auto edge 332
- Spanning tree 332
- Spanning tree auto edge 332
- Spanning tree protocol commands 332
- No spanning tree bpdufilter 333
- No spanning tree bpdufilter default 333
- No spanning tree bpduguard 333
- Spanning tree bpdufilter 333
- Spanning tree bpdufilter default 333
- Spanning tree bpduguard 333
- No spanning tree configuration name 334
- No spanning tree configuration revision 334
- Spanning tree bpdumigrationcheck 334
- Spanning tree configuration name 334
- Spanning tree configuration revision 334
- No spanning tree cost 335
- No spanning tree edgeport 335
- Spanning tree cost 335
- Spanning tree edgeport 335
- Spanning tree forceversion 335
- No spanning tree forceversion 336
- No spanning tree forward time 336
- No spanning tree max age 336
- Spanning tree forward time 336
- Spanning tree max age 336
- No spanning tree max hops 337
- Spanning tree max hops 337
- Spanning tree mst 337
- No spanning tree mst 338
- No spanning tree mst instance 338
- Spanning tree mst instance 338
- Spanning tree mst priority 338
- No spanning tree mst priority 339
- No spanning tree mst vlan 339
- Spanning tree mst vlan 339
- Spanning tree port mode 339
- No spanning tree port mode 340
- No spanning tree port mode all 340
- No spanning tree tcnguard 340
- Spanning tree port mode all 340
- Spanning tree tcnguard 340
- Show spanning tree 341
- Spanning tree transmit 341
- Show spanning tree brief 343
- Show spanning tree interface 343
- Example the following shows example cli display output for the command 345
- Format 345
- Mode privileged exec user exec 345
- Mstid a multiple spanning tree instance identifier the value is 0 4094 345
- Parameter description 345
- Show spanning tree mst detailed 345
- This command displays the detailed settings for an mst instance 345
- Show spanning tree mst port detailed 346
- Can also be used to specify the lag interface where 348
- Can be used as an alternate way to specify the lag interface 348
- Example the following shows example cli display output for the command using a lag interface number 348
- Format 348
- If you specify 0 defined as the default cist id as the 348
- Indicates a particular mst instance the parameter 348
- Indicates the desired switch port or all ports instead of 348
- Is the lag port number 348
- Mode privileged exec user exec 348
- Show spanning tree mst port summary 348
- The status summary displays for one or all ports within the common and internal spanning tree 348
- This command displays the settings of one or all ports within the specified multiple spanning tree instance the parameter 348
- Unit slot por 348
- Show spanning tree mst port summary active 349
- Show spanning tree mst summary 350
- Show spanning tree summary 350
- Show spanning tree vlan 351
- Network mgmt_vlan 353
- No network mgmt_vlan 353
- No vlan 353
- Vlan commands 353
- Vlan database 353
- No vlan acceptframe 354
- No vlan ingressfilter 354
- Vlan acceptframe 354
- Vlan ingressfilter 354
- No vlan name 355
- Vlan internal allocation 355
- Vlan makestatic 355
- Vlan name 355
- Vlan participation 355
- Vlan participation all 356
- Vlan port acceptframe all 356
- No vlan port acceptframe all 357
- No vlan port ingressfilter all 357
- Vlan port ingressfilter all 357
- Vlan port pvid all 357
- No vlan port pvid all 358
- No vlan port tagging all 358
- No vlan pvid 358
- Vlan port tagging all 358
- Vlan pvid 358
- Vlan tagging 358
- No remote span 359
- No vlan association mac 359
- No vlan tagging 359
- Remote span 359
- Vlan association mac 359
- Show vlan 360
- Show vlan brief 361
- Show vlan internal usage 361
- Show vlan port 361
- No switchport private vlan 363
- Private vlan commands 363
- Switchport mode private vlan 363
- Switchport private vlan 363
- This section describes the commands you use for private vlans private vlans provides layer 2 isolation between ports that share the same broadcast domain in other words it allows a vlan broadcast domain to be partitioned into smaller point to multipoint subdomains the ports participating in a private vlan can be located anywhere in the layer 2 network 363
- No private vlan 364
- No switchport mode private vlan 364
- Private vlan 364
- No switchport mode 365
- Switch ports 365
- Switchport mode 365
- Switchport trunk allowed vlan 365
- No switchport trunk allowed vlan 366
- No switchport trunk native vlan 366
- Switchport trunk native vlan 366
- Default 1 default vlan 367
- Example 367
- Format 367
- Mode interface config 367
- Mode privileged exec 367
- No switchport access vlan 367
- Show interfaces switchport 367
- Switchport access vlan 367
- This command resets the switch port access mode valn to its default value 367
- Use this command to configure the vlan on the access port only one vlan can be assigned to the access port access ports are members of vlan 1 by default access ports may be assigned to a vlan other than vlan 1 removing the access vlan on the switch makes the access port a member of vlan 1 configuring an access port to be a member of a vlan that does not exist results in an error and does not change the configuration 367
- Use this command to display the switchport status for all interfaces or a specified interface 367
- Example 368
- Format 368
- Mode privileged exec 368
- Show interfaces switchport 368
- Use this command to display the switchport configuration for a selected mode per interface if the interface is not specified the configuration for all interfaces is displayed 368
- No voice vlan global config 370
- Voice vlan commands 370
- Voice vlan global config 370
- Voice vlan interface config 370
- No voice vlan interface config 371
- Show voice vlan 371
- Voice vlan data priority 371
- Provisioning ieee 802 p commands 372
- Vlan port priority all 372
- Vlan priority 372
- Cut through asf commands 373
- Cut through mode 373
- No cut through mode 373
- Show cut through mode 373
- No switchport protected global config 374
- Protected ports commands 374
- Switchport protected global config 374
- Switchport protected interface config 374
- No switchport protected interface config 375
- Show interfaces switchport 375
- Show switchport protected 375
- Garp commands 376
- No set garp timer join 376
- Set garp timer join 376
- Set garp timer leave 376
- No set garp timer leave 377
- No set garp timer leaveall 377
- Set garp timer leaveall 377
- Show garp 377
- Gvrp commands 378
- No set gvrp adminmode 378
- Set gvrp adminmode 378
- Set gvrp interfacemode 378
- Gmrp commands 379
- No set gvrp interfacemode 379
- Show gvrp configuration 379
- No set gmrp adminmode 380
- No set gmrp interfacemode 380
- Set gmrp adminmode 380
- Set gmrp interfacemode 380
- Show gmrp configuration 381
- Show mac address table gmrp 381
- Aaa authentication dot1x default 382
- Clear dot1x authentication history 382
- Clear dot1x statistics 382
- Clear radius statistics 382
- Port based network access control commands 382
- Dot1x eapolflood 383
- Dot1x guest vlan 383
- Dot1x initialize 383
- No dot1x eapolflood 383
- No dot1x guest vlan 383
- Dot1x max req 384
- Dot1x max users 384
- Dot1x port control 384
- No dot1x max req 384
- No dot1x max users 384
- Dot1x port control all 385
- No dot1x port control 385
- No dot1x port control all 385
- Dot1x mac auth bypass 386
- Dot1x re authenticate 386
- Dot1x re authentication 386
- No dot1x mac auth bypass 386
- No dot1x re authentication 386
- Dot1x system auth control 387
- Dot1x system auth control monitor 387
- Dot1x timeout 387
- No dot1x system auth control 387
- No dot1x system auth control monitor 387
- Dot1x unauthenticated vlan 388
- No dot1x timeout 388
- Dot1x user 389
- No dot1x unauthenticated vlan 389
- No dot1x user 389
- Show authentication methods 389
- Show dot1x 390
- Eapol frames received the number of valid eapol frames of any type that have been received by this authenticator 393
- Eapol frames transmitted the number of eapol frames of any type that have been transmitted by this authenticator 393
- Eapol logoff frames received 393
- Eapol start frames received 393
- Example the following shows example cli display output for the command 393
- For each client authenticated on the port the 393
- If you use the optional parameter 393
- Note mac based dot1x authentication is supported on the bcm56224platform 393
- Port the interface whose statistics are displayed 393
- Term definition 393
- The number of eapol logoff frames that have been received by this authenticator 393
- The number of eapol start frames that have been received by this authenticator 393
- Unit slot port command will display the following mac based dot1x parameters if the port control mode for that specific port is mac based 393
- Unit slot port the following dot1x statistics for the specified port appear 393
- Show dot1x authentication history 394
- Show dot1x clients 395
- Show dot1x users 395
- Dot1x pae 396
- Dot1x supplicant max start 396
- Dot1x supplicant port control 396
- No dot1x supplicant port control 396
- X supplicant commands 396
- Dot1x supplicant timeout held period 397
- Dot1x supplicant timeout start period 397
- No dot1x supplicant max start 397
- No dot1x supplicant timeout held period 397
- No dot1x supplicant timeout start period 397
- Dot1x supplicant timeout auth period 398
- Dot1x supplicant user 398
- No dot1x supplicant timeout auth period 398
- Show dot1x statistics 398
- Storm control commands 399
- No storm control broadcast 400
- No storm control broadcast action 400
- Storm control broadcast 400
- Storm control broadcast action 400
- No storm control broadcast level 401
- No storm control broadcast rate 401
- Storm control broadcast level 401
- Storm control broadcast rate 401
- No storm control multicast 402
- No storm control multicast action 402
- Storm control multicast 402
- Storm control multicast action 402
- No storm control multicast level 403
- No storm control multicast rate 403
- Storm control multicast level 403
- Storm control multicast rate 403
- No storm control unicast 404
- No storm control unicast action 404
- Storm control unicast 404
- Storm control unicast action 404
- No storm control unicast level 405
- No storm control unicast rate 405
- Storm control unicast level 405
- Storm control unicast rate 405
- Show storm control 406
- Link dependency commands 408
- Link state group 408
- Link state group downstream 408
- No link state group 408
- No link state group downstream 408
- No link state track 408
- Example this example displays information for a specified link dependency groups 409
- Example this example displays information for all configured link dependency groups 409
- Format 409
- Link state group upstream 409
- Mode interface config 409
- Mode privileged exec 409
- No link state group upstream 409
- Show link state group 409
- Use this command to add interfaces to the upstream interface list note that an interface that is defined as an upstream interface cannot also be defined as a downstream interface in the same link state group or as a downstream interface in a different link state group if either configuration creates a circular dependency between groups 409
- Use this command to display information for all configured link dependency groups or a specified link dependency group 409
- Use this command to remove the selected interfaces from upstream list 409
- Format 410
- Mode privileged exec 410
- Show link state group detail 410
- Use this command to display detailed information about the state of upstream and downstream interfaces for a selected link dependency group group transitions is a count of the number of times the downstream interface has gone into its action state as a result of the upstream interfaces link state 410
- Addport 411
- Port channel 411
- Port channel lag 802 ad commands 411
- Deleteport global config 412
- Deleteport interface config 412
- Lacp admin key 412
- No lacp admin key 412
- Lacp actor admin key 413
- Lacp actor admin state individual 413
- Lacp collector max delay 413
- No lacp actor admin key 413
- No lacp collector max delay 413
- Lacp actor admin state 414
- Lacp actor admin state longtimeout 414
- Lacp actor admin state passive 414
- No lacp actor admin state individual 414
- No lacp actor admin state longtimeout 414
- No lacp actor admin state passive 414
- Lacp actor port priority 415
- No lacp actor admin state 415
- No lacp actor port priority 415
- Lacp partner admin key 416
- Lacp partner admin state individual 416
- Lacp partner admin state longtimeout 416
- No lacp partner admin key 416
- No lacp partner admin state individual 416
- Lacp partner admin state passive 417
- Lacp partner port id 417
- No lacp partner admin state longtimeout 417
- No lacp partner admin state passive 417
- Lacp partner port priority 418
- Lacp partner system id 418
- No lacp partner port id 418
- No lacp partner port priority 418
- Interface lag 419
- Lacp partner system priority 419
- No lacp partner system id 419
- No lacp partner system priority 419
- Port channel static 419
- No port channel static 420
- No port lacpmode 420
- No port lacpmode enable all 420
- Port lacpmode 420
- Port lacpmode enable all 420
- Port lacptimeout interface config 420
- No port lacptimeout 421
- Port channel adminmode 421
- Port lacptimeout global config 421
- No port channel adminmode 422
- No port channel linktrap 422
- Port channel linktrap 422
- Port channel load balance 422
- No port channel load balance 423
- No port channel local preference 423
- Port channel local preference 423
- No port channel system priority 424
- Port channel min links 424
- Port channel name 424
- Port channel system priority 424
- Show lacp actor 424
- Show lacp partner 425
- Show port channel brief 425
- Show port channel 426
- Show port channel counters 427
- Show port channel system priority 427
- Clear port channel all counters 428
- Clear port channel counters 428
- Format 428
- Mode privileged exec 428
- Use this command to clear and reset all port channel and member flap counters for the specified interface 428
- Use this command to clear and reset specified port channel and member flap counters for the specified interface 428
- Monitor session source 429
- Port mirroring commands 429
- Monitor session destination 430
- No monitor session source 430
- Monitor session filter 431
- No monitor session destination 431
- Monitor session mode 432
- No monitor session filter 432
- No monitor 433
- No monitor session 433
- No monitor session mode 433
- Admin mode indicates whether the port mirroring feature is enabled or disabled for the session identified with 434
- Example example 1 434
- Example example 3 434
- Format 434
- If no source port is configured for the session this field is blank 434
- If probe port is not set then this field is blank 434
- Mirrored port the port that is configured as a mirrored port source port for the session identified with 434
- Mode privileged exec 434
- Note th 434
- Parameter is always one 1 434
- Parameter is an integer value used to identify the session in the current version of the software the 434
- Probe port probe port destination port for the session identified wit 434
- Session id an integer value used to identify the session its value can be anything between 1 and the maximum number of mirroring sessions allowed on the platform 434
- Show monitor session 434
- Term definition 434
- The possible values are enabled and disabled 434
- This command displays the port monitoring information for a particular mirroring session 434
- Type direction in which source port configured for port mirroring types are tx for transmitted packets and rx for receiving packets 434
- Example example 4 435
- Example example 5 435
- Example example 6 435
- Show vlan remote span 435
- This command displays the configured rspan vlan 435
- Example the following shows example output for the command 436
- Format 436
- Mode privileged exec mode 436
- Macfilter 437
- Macfilter adddest 437
- No macfilter 437
- Static mac filtering commands 437
- Macfilter adddest all 438
- Macfilter addsrc 438
- No macfilter adddest 438
- No macfilter adddest all 438
- No macfilter addsrc 438
- Macfilter addsrc all 439
- No macfilter addsrc all 439
- Show mac address table static 439
- Show mac address table staticfiltering 439
- Dhcp l2 relay agent commands 441
- Dhcp l2relay 441
- Dhcp l2relay circuit id subscription 441
- No dhcp l2relay 441
- No dhcp l2relay circuit id subscription 441
- Dhcp l2relay circuit id vlan 442
- Dhcp l2relay remote id subscription 442
- No dhcp l2relay circuit id vlan 442
- No dhcp l2relay remote id subscription 442
- Dhcp l2relay remote id vlan 443
- Dhcp l2relay subscription 443
- Dhcp l2relay trust 443
- No dhcp l2relay remote id vlan 443
- No dhcp l2relay subscription 443
- Dhcp l2relay vlan 444
- No dhcp l2relay trust 444
- No dhcp l2relay vlan 444
- Show dhcp l2relay all 444
- Example the following shows example cli display output for the command 445
- Format 445
- Mode privileged exec 445
- Parameter description 445
- Show dhcp l2relay circuit id vlan 445
- Show dhcp l2relay interface 445
- Show dhcp l2relay remote id vlan 445
- This command displays dhcp circuit id vlan configuration 445
- This command displays dhcp l2 relay configuration specific to interfaces 445
- This command displays dhcp remote id vlan configuration 445
- Vlan list enter vlan ids in the range 1 4093 use a dash to specify a range or a comma to separate vlan ids in a list spaces and zeros are not permitted 445
- Example the following shows example cli display output for the command 446
- Format 446
- Mode privileged exec 446
- Parameter description 446
- Show dhcp l2relay agent option vlan 446
- Show dhcp l2relay stats interface 446
- Show dhcp l2relay subscription interface 446
- This command displays dhcp l2 relay configuration specific to a service subscription on an interface 446
- This command displays statistics specific to dhcp l2 relay configured interface 446
- This command displays the dhcp l2 relay option 82 configuration specific to vlan 446
- Vlan list enter vlan ids in the range 1 4093 use a dash to specify a range or a comma to separate vlan ids in a list spaces and zeros are not permitted 446
- Clear dhcp l2relay statistics interface 447
- Example the following shows example cli display output for the command 447
- Format 447
- Keyword to clear the counters on all ports 447
- Mode privileged exec 447
- Parameter description 447
- Show dhcp l2relay vlan 447
- This command displays dhcp vlan configuration 447
- Use this command to reset the dhcp l2 relay counters to zero specify the port with the counters to clear or use the 447
- Vlan list enter vlan ids in the range 1 4093 use a dash to specify a range or a comma to separate vlan ids in a list spaces and zeros are not permitted 447
- Dhcp client commands 448
- Dhcp client vendor id option 448
- Dhcp client vendor id option string 448
- No dhcp client vendor id option 448
- No dhcp client vendor id option string 448
- Show dhcp client vendor id option 448
- Example the following shows example cli display output for the command 449
- Dhcp snooping configuration commands 450
- Ip dhcp snooping 450
- Ip dhcp snooping verify mac address 450
- Ip dhcp snooping vlan 450
- No ip dhcp snooping 450
- No ip dhcp snooping vlan 450
- Ip dhcp snooping binding 451
- Ip dhcp snooping database 451
- Ip dhcp snooping database write delay 451
- No ip dhcp snooping binding 451
- No ip dhcp snooping database write delay 451
- No ip dhcp snooping verify mac address 451
- Ip dhcp filtering trust 452
- Ip dhcp snooping limit 452
- Ip dhcp snooping log invalid 452
- No ip dhcp filtering trust 452
- No ip dhcp snooping limit 452
- Ip dhcp snooping trust 453
- No ip dhcp snooping log invalid 453
- No ip dhcp snooping trust 453
- Show ip dhcp snooping 453
- Show ip dhcp snooping binding 454
- Show ip dhcp snooping database 454
- Agent url bindings database agent url 455
- Example the following shows example cli display output for the command 455
- Format 455
- Interface the ip address of the interface in unit slot port format 455
- Mode privileged exec 455
- Mode privileged exec user exec 455
- Show ip dhcp snooping interfaces 455
- Show ip dhcp snooping statistics 455
- Term definition 455
- Use this command to list statistics for dhcp snooping security violations on untrusted ports 455
- Use this command to show the dhcp snooping status of the interfaces 455
- Write delay the maximum write time to write the database into local or remote 455
- Clear ip dhcp snooping binding 456
- Clear ip dhcp snooping statistics 456
- Client ifc mismatch represents the number of dhcp release and deny messages received on the different ports than learned previously 456
- Dhcp server msgs rec d represents the number of dhcp server messages received on untrusted ports 456
- Example the following shows example cli display output for the command 456
- Format 456
- Mac verify failures represents the number of dhcp messages that were filtered on an untrusted interface because of source mac address and client hw address mismatch 456
- Mode privileged exec user exec 456
- Term definition 456
- Use this command to clear all dhcp snooping bindings on all interfaces or on a specific interface 456
- Use this command to clear all dhcp snooping statistics 456
- Igmp snooping configuration commands 457
- No set igmp 457
- Set igmp 457
- No set igmp header validation 458
- No set igmp interfacemode 458
- Set igmp header validation 458
- Set igmp interfacemode 458
- No set igmp fast leave 459
- No set igmp groupmembership interval 459
- Set igmp fast leave 459
- Set igmp groupmembership interval 459
- No set igmp maxresponse 460
- No set igmp mcrtrexpiretime 460
- Set igmp maxresponse 460
- Set igmp mcrtrexpiretime 460
- No set igmp mrouter 461
- No set igmp mrouter interface 461
- Set igmp mrouter 461
- Set igmp mrouter interface 461
- Set igmp report suppression 461
- No set igmp report suppression 462
- Show igmpsnooping 462
- Show igmpsnooping mrouter interface 463
- Show igmpsnooping mrouter vlan 464
- Show igmpsnooping ssm 464
- Show mac address table igmpsnooping 464
- Igmp snooping querier commands 465
- No set igmp querier 465
- Set igmp querier 465
- No set igmp querier query interval 466
- No set igmp querier timer expiry 466
- No set igmp querier version 466
- Set igmp querier query interval 466
- Set igmp querier timer expiry 466
- Set igmp querier version 466
- No set igmp querier election participate 467
- Set igmp querier election participate 467
- Show igmpsnooping querier 467
- Mld snooping commands 469
- No set mld 469
- Set mld 469
- No set mld fast leave 470
- No set mld interfacemode 470
- Set mld fast leave 470
- Set mld interfacemode 470
- No set groupmembership interval 471
- No set mld maxresponse 471
- Set mld groupmembership interval 471
- Set mld maxresponse 471
- No set mld mcrtexpiretime 472
- No set mld mrouter 472
- Set mld mcrtexpiretime 472
- Set mld mrouter 472
- Set mld mrouter interface 472
- No set mld mrouter interface 473
- Show mldsnooping 473
- Show mldsnooping mrouter interface 474
- Show mldsnooping mrouter vlan 474
- Show mldsnooping ssm entries 474
- Show mldsnooping ssm groups 475
- Show mldsnooping ssm stats 475
- Clear mldsnooping 476
- Show mac address table mldsnooping 476
- Mld snooping querier commands 477
- No set mld querier 477
- Set mld querier 477
- Set mld querier query_interval 477
- No set mld querier election participate 478
- No set mld querier query_interval 478
- No set mld querier timer expiry 478
- Set mld querier election participate 478
- Set mld querier timer expiry 478
- Show mldsnooping querier 479
- Is used the command shows the global information and the information for all querier enabled vlans 480
- When the optional argument 480
- No port security 481
- No port security max dynamic 481
- Port security 481
- Port security commands 481
- Port security max dynamic 481
- No port security mac address 482
- No port security max static 482
- Port security mac address 482
- Port security mac address move 482
- Port security max static 482
- This command sets the maximum number of statically locked mac addresses allowed on a por 482
- Can also be used to specify the lag interface where 483
- Can be used as an alternate way to specify the lag interface 483
- Is the lag port number 483
- No port security mac address sticky 483
- Port security mac address sticky 483
- Show port security 483
- This command displays the port security settings for the port s if you do not use a parameter the command displays the port security administrative mode use the optional parameters to display the settings on a specific interface or on all interfaces instead of 483
- Can also be used to specify the lag interface where 484
- Can be used as an alternate way to specify the lag interface 484
- Is the lag port number 484
- Show port security dynamic 484
- Show port security static 484
- This command displays the statically locked mac addresses for port instead of 484
- Can also be used to specify the lag interface where 485
- Can be used as an alternate way to specify the lag interface 485
- Default disabled 485
- Example the following shows example cli display output for the command 485
- Format 485
- Is the lag port number 485
- Lldp 802 ab commands 485
- Lldp transmit 485
- Mac address the source mac address of the last frame that was discarded at a locked port 485
- Mode interface config 485
- Mode privileged exec 485
- Show port security violation 485
- Sticky indicates whether the static mac address entry is added in sticky mode 485
- Term definition 485
- This command displays the source mac address of the last packet discarded on a locked port instead of 485
- This section describes the command you use to configure link layer discovery protocol lldp which is defined in the ieee 802 ab specification lldp allows stations on an 802 lan to advertise major capabilities and physical descriptions the advertisements allow a network management system nms to access and display this information 485
- Use this command to enable the lldp advertise capability on an interface or a range of interfaces 485
- Vlan id the vlan id if applicable associated with the mac address of the last frame that was discarded at a locked port 485
- Lldp receive 486
- Lldp timers 486
- No lldp receive 486
- No lldp timers 486
- No lldp transmit 486
- Lldp notification 487
- Lldp transmit mgmt 487
- Lldp transmit tlv 487
- No lldp transmit mgmt 487
- No lldp transmit tlv 487
- Clear lldp remote data 488
- Clear lldp statistics 488
- Lldp notification interval 488
- No lldp notification 488
- No lldp notification interval 488
- Show lldp 488
- Show lldp interface 489
- Show lldp statistics 489
- Show lldp remote device 490
- Show lldp remote device detail 491
- Show lldp local device 492
- Show lldp local device detail 492
- Lldp med 494
- Lldp med commands 494
- Lldp med confignotification 494
- Lldp med transmit tlv 494
- No ldp med confignotification 494
- No lldp med 494
- Lldp med all 495
- Lldp med confignotification all 495
- Lldp med faststartrepeatcount 495
- No lldp med faststartrepeatcount 495
- No lldp med transmit tlv 495
- Lldp med transmit tlv all 496
- No lldp med transmit tlv 496
- Show lldp med 496
- Show lldp med interface 496
- Example the following shows example cli display output for the command 497
- Format 497
- Mode privileged exec 497
- Show lldp med local device detail 497
- Use this command to display detailed information about the lldp med data that a specific interface transmits unit slot port indicates a specific physical interface 497
- Mode privileged exec 498
- Show lldp med remote device 498
- Use this command to display the summary information about remote devices that transmit current lldp med data to the system you can show information about lldp med remote data received on all valid lldp interfaces or on a specific physical interface format 498
- Device class device classification of the remote device 499
- Example the following shows example cli display output for the command 499
- Format 499
- Local interface the interface that received the lldpdu from the remote device 499
- Mode privileged exec 499
- Remote id an internal identifier to the switch to mark each remote device to the system 499
- Show lldp med remote device detail 499
- Term definition 499
- Use this command to display detailed information about remote devices that transmit current lldp med data to an interface on the system 499
- Denial of service commands 501
- Dos control all 501
- Dos control firstfrag 502
- Dos control sipdip 502
- No dos control all 502
- No dos control firstfrag 502
- No dos control sipdip 502
- Dos control l4port 503
- Dos control tcpflag 503
- Dos control tcpfrag 503
- No dos control tcpflag 503
- No dos control tcpfrag 503
- Dos control smacdmac 504
- Dos control tcpport 504
- No dos control l4port 504
- No dos control smacdmac 504
- Dos control tcpflagseq 505
- Dos control udpport 505
- No dos control tcpport 505
- No dos control udpport 505
- Dos control tcpoffset 506
- Dos control tcpsyn 506
- No dos control tcpflagseq 506
- No dos control tcpoffset 506
- Dos control tcpfinurgpsh 507
- Dos control tcpsynfin 507
- No dos control tcpfinurgpsh 507
- No dos control tcpsyn 507
- No dos control tcpsynfin 507
- Dos control icmpv4 508
- Dos control icmpv6 508
- No dos control icmpv4 508
- No dos control icmpv6 508
- Dos control icmpfrag 509
- No dos control icmpfrag 509
- Show dos control 509
- Bridge aging time 511
- Mac database commands 511
- No bridge aging time 511
- Show forwardingdb agetime 511
- Show mac address table multicast 511
- Show mac address table stats 512
- Section 8 routing commands 514
- Address resolution protocol commands 515
- Arp cachesize 515
- No arp 515
- No arp cachesize 515
- Arp dynamicrenew 516
- Arp purge 516
- No arp dynamicrenew 516
- Arp resptime 517
- Arp retries 517
- Arp timeout 517
- No arp resptime 517
- No arp retries 517
- Clear arp cache 518
- Clear arp switch 518
- No arp timeout 518
- Show arp 518
- Show arp brief 519
- Show arp switch 519
- Ip address 521
- Ip routing 521
- Ip routing commands 521
- No ip routing 521
- No routing 521
- Routing 521
- No ip address 522
- Ip address dhcp 523
- Ip default gateway 523
- No ip address dhcp 523
- As nexthop parameter adds a static reject route the optional 524
- Confirm that the associated link is also up 524
- Default preference 1 524
- Enable ip routing for the interface 524
- Enable ip routing globally 524
- Example the following example sets the default gateway to 10 524
- For the static routes to be visible you must perform the following steps 524
- Format 524
- Ip route 524
- Is a valid subnet mask the 524
- Mode global config 524
- Mode interface config 524
- No ip default gateway 524
- No ip route 524
- Parameter is a valid ip address and 524
- Parameter is a valid ip address of the next hop router specifying 524
- Parameter is an integer value from 1 to 255 that allows you to specify the preference value sometimes called administrative distance of an individual static route among routes to the same destination the route with the lowest preference value is the route entered into the forwarding database by specifying the preference of a static route you control whether a static route is more or less preferred than routes from dynamic routing protocols the preference also controls whether a static route is more or less preferred than other static routes to the same destination a route with a preference of 255 cannot be used to forward traffic 524
- Parameter the next hop is deleted if you use the 524
- The description parameter allows a description of the route to be entered 524
- This command configures a static route the 524
- This command deletes a single next hop to a destination static route if you use the 524
- This command removes the default gateway address from the configuration 524
- Value the preference value of the static route is reset to its default 524
- Ip netdirbcast 525
- Ip route default 525
- Ip route distance 525
- No ip route default 525
- No ip route distance 525
- Ip mtu 526
- No ip mtu 526
- No ip netdirbcast 526
- Release dhcp 526
- Encapsulation 527
- Renew dhcp 527
- Renew dhcp network port 527
- Renew dhcp service port 527
- Show dhcp lease 528
- Show ip brief 528
- Show ip interface 529
- Dhcp client identifier the client identifier is displayed in the output of the command only if dhcp is enabled with the client id option on the in band interface see ip address dhcp on page 540 530
- Example in the following example the dhcp client is enabled on a vlan routing interface 530
- Example the following shows example cli display output for the command 530
- Format 530
- Icmp redirects displays whether icmp redirects may be sent enabled or disabled 530
- Show ip interface brief 530
- Term definition 530
- This command displays summary information about ip configuration settings for all ports in the router and indicates how each ip address was assigned 530
- Show ip route 531
- Example the following shows example cli display output for the command 533
- Example the following shows example cli display output for the command to indicate a truncated route 533
- Format 533
- Keyword is given some statistics such as the number of routes from each source include counts for alternate routes an alternate route is a route that is not the most preferred route to its destination and therefore is not installed in the forwarding table to include only the number of best routes do not use the optional keyword 533
- Mode privileged exec 533
- Show ip route ecmp groups 533
- Show ip route summary 533
- This command displays a summary of the state of the routing table when the optional 533
- This command reports all current ecmp groups in the ipv4 routing table an ecmp group is a set of two or more next hops used in one or more routes the groups are numbered arbitrarily from 1 to n the output indicates the number of next hops in the group and the number of routes that use the set of next hops the output lists the ipv4 address and outgoing interface of each next hop in each group 533
- Clear ip route counters 535
- Example the following shows example cli display output for the command 535
- Format 535
- Mode privileged exec 535
- Modes privileged exec user exec 535
- Routes with n next hops the current number of routes with each number of next hops 535
- Show ip route preferences 535
- Term definition 535
- The command resets to zero the ipv4 routing table counters reported in the command show ip route summary on page 550 the command only resets event counters counters that report the current state of the routing table such as the number of routes of each type are not reset 535
- This command displays detailed information about the route preferences for each type of route route preferences are used in determining the best route lower router preference values are preferred over higher router preference values a route with a preference of 255 cannot be used to forward traffic 535
- Show ip stats 536
- Show routing heap summary 536
- Ip irdp 537
- No ip irdp 537
- Router discovery protocol commands 537
- Routing policy commands 537
- Show ip policy 537
- Ip irdp address 538
- Ip irdp holdtime 538
- Ip irdp maxadvertinterval 538
- No ip irdp address 538
- No ip irdp holdtime 538
- No ip irdp maxadvertinterval 538
- Ip irdp minadvertinterval 539
- Ip irdp multicast 539
- Ip irdp preference 539
- No ip irdp minadvertinterval 539
- No ip irdp multicast 539
- No ip irdp preference 540
- Show ip irdp 540
- No vlan routing 541
- Virtual lan routing commands 541
- Vlan routing 541
- Example in example 3 you select an interface id that is already in use in this case the cli displays an error message and does not create the vlan interface 542
- Example the show running configuration command always lists the interface id for each routing vlan as shown in example 4 below 542
- Interface vlan 543
- Show ip vlan 543
- Bootpdhcprelay cidoptmode 544
- Bootpdhcprelay maxhopcount 544
- Bootpdhcprelay minwaittime 544
- Dhcp and bootp relay commands 544
- No bootpdhcprelay cidoptmode 544
- No bootpdhcprelay maxhopcount 544
- Bootpdhcprelay enable 545
- Bootpdhcprelay serverip 545
- No bootpdhcprelay enable 545
- No bootpdhcprelay minwaittime 545
- No bootpdhcprelay serverip 545
- Show bootpdhcprelay 546
- Show ip bootpdhcprelay 546
- Ip helper commands 547
- Clear ip helper statistics 548
- Ip helper address global config 548
- No ip helper address global config 549
- Ip helper address interface config 550
- Command but affects not only relay of dhcp packets but also relay of any other protocols for which an ip helper address has been configured 551
- Command with no arguments clears all helper addresses on the interface 551
- Default 551
- Example the following shows an example of the command 551
- Example this command takes precedence over an ip helper address command given in global configuration mode with the following configuration the relay agent relays dhcp packets received on any interface other than 1 0 2 and 1 0 17 to 192 68 0 relays dhcp and dns packets received on 1 0 2 to 192 68 0 relays snmp traps port 162 received on interface 1 0 17 to 192 68 3 and drops dhcp packets received on 1 0 17 551
- Format 551
- Ip helper enable 551
- Mode global config 551
- Mode interface config 551
- No ip helper address interface config 551
- No ip helper enable 551
- Use the no form of this command to disable relay of all udp packets 551
- Use this command to delete a relay entry on an interface the 551
- Use this command to enable relay of udp packets this command can be used to temporarily disable ip helper without deleting all ip helper addresses this command replaces the 551
- Show ip helper address 552
- Show ip helper statistics 552
- Icmp throttling commands 555
- Ip icmp echo reply 555
- Ip redirects 555
- Ip unreachables 555
- No ip redirects 555
- No ip unreachables 555
- Ip icmp error interval 556
- No ip icmp echo reply 556
- No ip icmp error interval 556
- Section 9 ipv6 management commands 557
- Ipv6 management commands 558
- Network ipv6 enable 558
- No network ipv6 enable 558
- No serviceport ipv6 enable 558
- Serviceport ipv6 enable 558
- No serviceport ipv6 address 559
- Serviceport ipv6 address 559
- Serviceport ipv6 gateway 559
- Network ipv6 address 560
- No serviceport ipv6 gateway 560
- No serviceport ipv6 neighbor 560
- Serviceport ipv6 neighbor 560
- Network ipv6 gateway 561
- No network ipv6 address 561
- No network ipv6 gateway 561
- Network ipv6 neighbor 562
- No network ipv6 neighbor 562
- Show network ipv6 neighbors 562
- Ping ipv6 563
- Show serviceport ipv6 neighbors 563
- Ping ipv6 interface 564
- Interface tunnel 565
- No interface tunnel 565
- Tunnel destination 565
- Tunnel interface commands 565
- Tunnel mode ipv6ip 565
- Tunnel source 565
- Show interface tunnel 566
- Interface loopback 567
- Loopback interface commands 567
- No interface loopback 567
- Show interface loopback 567
- Dhcpv6 commands 568
- Ipv6 dhcp client pd 568
- No service dhcpv6 568
- Service dhcpv6 568
- Default prefix delegation is disabled on an interface 569
- Example the following examples enable prefix delegation on interface 1 0 1 569
- Format 569
- Ipv6 dhcp relay destination 569
- Ipv6 dhcp server 569
- Is a value used by clients to determine preference between multiple dhcpv6 servers for a particular interface dhcpv6 server and dhcpv6 relay functions are mutually exclusive 569
- Is an option that allows for an abbreviated exchange between the client and server and 569
- Is the dhcpv6 pool containing stateless and or prefix delegation parameters automatic enables the server to automatically determine which pool to use when allocating addresses for a client 569
- Is the relay agent information option remote id suboption to be added to relayed messages this can either be the special keyword 569
- Keyword to set the relay server interface the 569
- Keyword to set the relay server ipv6 address the 569
- Mode interface config 569
- No ipv6 dhcp client pd 569
- Parameter is an interface unit slot port to reach a relay server the optional 569
- Parameter is an ipv6 address of a dhcpv6 relay server use the 569
- This command disables requests for prefix delegation 569
- Use this command to configure an interface for dhcpv6 relay functionality on an interface or range of interfaces use the 569
- Use this command to configure dhcpv6 server functionality on an interface or range of interfaces the 569
- Which causes the remote id to be derived from the dhcpv6 server duid and the relay interface number or it can be specified as a user defined string 569
- Address prefix ipv6 570
- Ipv6 dhcp pool 570
- No ipv6 dhcp pool 570
- Dns server ipv6 571
- Domain name ipv6 571
- No dns server 571
- No domain name 571
- No prefix delegation 572
- Prefix delegation ipv6 572
- Show ipv6 dhcp 572
- Show ipv6 dhcp statistics 572
- Show ipv6 dhcp interface 573
- Show ipv6 dhcp binding 574
- Show ipv6 dhcp pool 574
- Show network ipv6 dhcp statistics 575
- Show serviceport ipv6 dhcp statistics 576
- Clear ipv6 dhcp 577
- Clear ipv6 dhcp binding 577
- Clear network ipv6 dhcp statistics 578
- Clear serviceport ipv6 dhcp statistics 578
- Dhcpv6 snooping configuration commands 578
- Ipv6 dhcp snooping 578
- Ipv6 dhcp snooping vlan 578
- No ipv6 dhcp snooping 578
- Ip dhcp snooping database write delay 579
- Ipv6 dhcp snooping database 579
- Ipv6 dhcp snooping verify mac address 579
- No ipv6 dhcp snooping verify mac address 579
- No ipv6 dhcp snooping vlan 579
- Ipv6 dhcp snooping binding 580
- Ipv6 dhcp snooping log invalid 580
- Ipv6 dhcp snooping trust 580
- No ip dhcp snooping database write delay 580
- No ipv6 dhcp snooping binding 580
- No ipv6 dhcp snooping trust 580
- Ipv6 dhcp snooping limit 581
- Ipv6 verify source 581
- No ipv6 dhcp snooping limit 581
- No ipv6 dhcp snooping log invalid 581
- No ipv6 verify source 581
- Example the following shows example cli display output for the command 582
- Format 582
- Interface the interface for which data is displayed 582
- Ipv6 verify binding 582
- Log invalid pkts if it is enabled dhcp snooping application logs invalid packets on the specified interface 582
- Mode global config 582
- Mode interface config 582
- Mode privileged exec user exec 582
- No ipv6 verify binding 582
- Show ipv6 dhcp snooping 582
- Term definition 582
- Trusted if it is enabled dhcp snooping considers the port as trusted the factory default is disabled 582
- Use this command to configure static ipv6 source guard ipv6sg entries 582
- Use this command to display the dhcp snooping global configurations and per port configurations 582
- Use this command to remove the ipv6sg static entry from the ipv6sg database 582
- Show ipv6 dhcp snooping binding 583
- Show ipv6 dhcp snooping database 583
- Example the following shows example cli display output for the command 584
- Show ipv6 dhcp snooping interfaces 584
- Show ipv6 dhcp snooping statistics 584
- Term definition 584
- Use this command to list statistics for ipv6 dhcp snooping security violations on untrusted ports 584
- Use this command to show the dhcp snooping status of all interfaces or a specified interface 584
- Write delay the maximum write time to write the database into local or remote 584
- Clear ipv6 dhcp snooping binding 585
- Clear ipv6 dhcp snooping statistics 585
- Example the following shows example cli display output for the command 585
- Filter type is one of two values ip v6mac user has configured mac address filtering on this interface ipv6 only ipv6 address filtering on this interface 585
- Format 585
- Interface interface address in unit slot port format 585
- Ipv6 address ipv6 address of the interface 585
- Mac address if mac address filtering is not configured on the interface the mac address field is empty if port security is disabled on the interface then the mac address field displays permit all 585
- Mode privileged exec user exec 585
- Show ipv6 verify 585
- Term definition 585
- Use this command to clear all dhcpv6 snooping bindings on all interfaces or on a specific interface 585
- Use this command to clear all dhcpv6 snooping statistics 585
- Use this command to display the ipv6 configuration on a specified unit slot port 585
- Vlan the vlan for the binding rule 585
- Show ipv6 source binding 586
- Show ipv6 verify source 586
- Example the following shows example cli display output for the command 587
- Interface ip address of the interface in unit slot port format 587
- Term definition 587
- Vlan vlan for the entry 587
- Section 10 quality of service commands 588
- Class of service commands 589
- Classofservice dot1p mapping 589
- Classofservice ip dscp mapping 589
- No classofservice dot1p mapping 589
- No classofservice ip dscp mapping 589
- Classofservice ip precedence mapping 590
- Classofservice trust 590
- No classofservice ip precedence mapping 590
- No classofservice trust 590
- Cos queue max bandwidth 591
- Cos queue min bandwidth 591
- Cos queue random detect 591
- No cos queue max bandwidth 591
- No cos queue min bandwidth 591
- Cos queue strict 592
- No cos queue random detect 592
- No cos queue strict 592
- Random detect 592
- No random detect 593
- No random detect exponential weighting constant 593
- Random detect exponential weighting constant 593
- Random detect queue parms 593
- No random detect queue parms 594
- No traffic shape 594
- Show classofservice dot1p mapping 594
- Traffic shape 594
- Show classofservice ip dscp mapping 595
- Show classofservice ip precedence mapping 595
- Show classofservice trust 595
- Show interfaces cos queue 596
- Show interfaces random detect 597
- Show interfaces tail drop threshold 597
- Differentiated services commands 598
- Diffserv 598
- Class map 599
- Diffserv class commands 599
- No diffserv 599
- Class map rename 600
- Match any 600
- Match ethertype 600
- No class map 600
- Match class map 601
- Match cos 601
- No match class map 601
- Match destination address mac 602
- Match dstip 602
- Match secondary cos 602
- Match dstl4port 603
- Match ip dscp 603
- Match ip precedence 603
- Match ip tos 604
- Match protocol 604
- Match signature 605
- Match source address mac 605
- Match srcip 605
- Match src port 606
- Match srcip6 606
- Match srcl4port 606
- Match vlan 606
- Match secondary vlan 607
- Assign queue 608
- Diffserv policy commands 608
- Mirror 608
- Conform color 609
- Redirect 609
- Mark cos 610
- Mark cos as sec cos 610
- Mark secondary cos 610
- No class 610
- Mark ip dscp 611
- Mark ip precedence 611
- Police simple 611
- Format 612
- Mode global config 612
- Mode policy class map config 612
- Note the cli mode is changed to policy map config when this command is successfully executed 612
- Parameter is a case sensitive alphanumeric string from 1 to 31 characters uniquely identifying the policy the type of policy is specific to the inbound traffic direction as indicated by the 612
- Parameter or the outbound traffic direction as indicated by the 612
- Parameter respectively 612
- Police single rate 612
- Police two rate 612
- Policy map 612
- This command establishes a new diffserv policy the 612
- This command is the single rate form of the police command and is used to establish the traffic policing style for the specified class for each outcome the only possible actions are drop set cos as sec cost set cos transmit set sec cos transmit set dscp transmit set prec transmit or transmit in this single rate form of the police command the conform action defaults to send the exceed action defaults to drop and the violate action defaults to drop these actions can be set with this command once the style has been configured 612
- This command is the two rate form of the police command and is used to establish the traffic policing style for the specified class for each outcome the only possible actions are drop set cos as sec cos set cos transmit set sec cos transmit set dscp transmit set prec transmit or transmit in this two rate form of the police command the conform action defaults to send the exceed action defaults to drop and the violate action defaults to drop these actions can be set with this command once the style has been configured 612
- No policy map 613
- Policy map rename 613
- Diffserv service commands 614
- No service policy 614
- Service policy 614
- Modes global config interface config 615
- Diffserv show commands 616
- Show class map 616
- Show diffserv 617
- Show policy map 617
- Show diffserv service 619
- Show diffserv service brief 620
- Show policy map interface 620
- Show service policy 621
- Mac access control list commands 622
- Mac access list extended 622
- Mac access list extended rename 622
- No mac access list extended 622
- Default 10 623
- Deny permit mac acl 623
- Format 623
- Increment the amount to increment the range is 1 2147483647 the default is 10 623
- Mac access list resequence 623
- Mode global config 623
- Mode mac access list config 623
- Note an implicit deny all mac rule always terminates the access list 623
- Note for bcm5630x and bcm5650x based systems assign queue redirect and mirror attributes are configurable for a deny rule but they have no operational effect 623
- Parameter description 623
- Starting sequence number the sequence number from which to start the range is 1 2147483647 the default is 10 623
- The sequence number specifies the sequence number for the acl rule the sequence number is specified by the user or is generated by device 623
- This command creates a new rule for the current mac access list a rule may either deny or permit traffic according to the specified classification fields at a minimum the source and destination mac value must be specified each of which may be substituted using the keyword any to indicate a match on any value in that field the remaining command parameters are all optional but the most frequently used parameters appear in the same relative order as shown in the command format 623
- Use this command to renumber the sequence numbers of the entries for specified mac access list with the given increment value starting from a particular sequence number the command is used to edit the sequence numbers of acl rules in the acl and change the order in which entries are applied this command is not saved in startup configuration and is not displayed in running configuration 623
- Mac access group 625
- No sequence number 625
- No mac access group 626
- Remark 626
- No remark 627
- Show mac access lists 628
- Ip access control list commands 629
- Access list 630
- Command 630
- Format 630
- Ip extended acl 630
- Ip standard acl 630
- Match on port ranges is not supported the rate limit command is not supported 630
- Mode global config 630
- Note ipv4 extended acls have the following limitations for egress acls 630
- Parameter description 630
- Table 12 acl command parameters 630
- This command creates an ip access control list acl that is identified by the access list number which is 1 99 for standard acls or 100 199 for extended acls table 12 describes the parameters for the 630
- Use the remark keyword to add a comment remark to an ip standard or ip extended acl the remarks make the acl easier to understand and scan each remark is limited to 100 characters a remark can consist of characters in the range a z a z 0 9 and special characters space hyphen underscore remarks are displayed only in show running configuration one remark per rule can be added for ip standard or ip extended acl user can remove only remarks that are not associated with a rule remarks associated with a rule are removed when the rule is removed 630
- Ip access list 634
- Ip access list rename 634
- No access list 634
- No ip access list 634
- Default 10 635
- Deny permit ip acl 635
- Format 635
- Increment the amount to increment the range is 1 2147483647 the default is 10 635
- Ip access list resequence 635
- Mode global config 635
- Mode ipv4 access list config 635
- Note an implicit deny all ip rule always terminates the access list 635
- Note for bcm5630x based systems the 635
- Parameter description 635
- Parameters are not available 635
- Starting sequence number the sequence number from which to start the range is 1 2147483647 the default is 10 635
- This command creates a new rule for the current ip access list a rule may either deny or permit traffic according to the specified classification fields at a minimum either the every keyword or the protocol source address and destination address values must be specified the source and destination ip address fields may be specified using the keyword 635
- To indicate a match on any value in that field the remaining command parameters are all optional but the most frequently used parameters appear in the same relative order as shown in the command format 635
- Use this command to renumber the sequence numbers of the entries for specified ip access list with the given increment value starting from a particular sequence number the command is used to edit the sequence numbers of acl rules in the acl and change the order in which entries are applied this command is not saved in startup configuration and is not displayed in running configuration 635
- Ip access group 639
- No sequence number 639
- Acl trapflags 640
- No ip access group 640
- No acl trapflags 641
- Show ip access lists 641
- Show access lists 643
- Show access lists vlan 643
- Ipv6 access control list commands 644
- Ipv6 access list 644
- No ipv6 access list 644
- Deny permit ipv6 645
- Ipv6 access list rename 645
- Ipv6 access list resequence 645
- For bcm5684x and bcm5644x platforms the ipv6 acl fragment keyword matches only on the first two ipv6 extension headers for the fragment header next header code 44 if the fragment header appears in the third or subsequent header it is not matched 646
- For bcm5684x platforms the ipv6 acl routing keyword is not supported when an ipv6 address is specified 646
- For the 5650x platform the 646
- Format 646
- If a time range with the specified name does not exist and the ipv6 acl containing this acl rule is applied to an interface or bound to a vlan then the acl rule is applied immediately if a time range with specified name exists and the ipv6 acl containing this acl rule is applied to an interface or bound to a vlan then the acl rule is applied when the time range with specified name becomes active the acl rule is removed when the time range with specified name becomes inactive for information about configuring time ranges see time range commands for time based acls on page 671 646
- Ipv6 acls have the following limitations 646
- Is the number of user configurable queues available for the hardware platform the 646
- Mode ipv6 access list config 646
- Note an implicit deny all ipv6 rule always terminates the access list 646
- Note the 646
- Parameter allows imposing time limitation on the ipv6 acl rule as defined by the parameter 646
- Parameter allows the traffic matching this rule to be copied to the specified unit slot port while the redirect parameter allows the traffic matching this rule to be forwarded to the specified unit slot port the 646
- Parameter is valid only for a permit rule 646
- Parameters are not available on the 5630x platform 646
- Parameters are only valid for a 646
- Port ranges are not supported for egress ipv6 acls 646
- The assign queue parameter allows specification of a particular hardware queue for handling traffic that matches this rule the allowed 646
- The permit command s optional attribute rate limit allows you to permit only the allowed rate of traffic as per the configured rate in kbps and burst size in kbytes 646
- Value is 0 n 1 where 646
- Ipv6 traffic filter 651
- No sequence number 651
- No ipv6 traffic filter 652
- Show ipv6 access lists 652
- Absolute 654
- No time range 654
- Time range 654
- Time range commands for time based acls 654
- No absolute 655
- No periodic 655
- Periodic 655
- Show time range 655
- Auto voice over ip commands 656
- Auto voip 656
- Auto voip oui 657
- Auto voip oui based priority 657
- No auto voip 657
- No auto voip oui 657
- Auto voip protocol based 659
- No auto voip oui 659
- No auto voip protocol based 659
- Auto voip vlan 660
- No auto voip vlan 660
- Show auto voip 660
- Command 661
- Example 661
- Example the following shows example cli display output for the command 661
- Format 661
- Mode privileged exec 661
- Note this command replaces the 661
- Oui description description of the oui 661
- Oui oui of the source mac address 661
- Parameter description 661
- Show auto voip oui table 661
- Status default or configured entry 661
- Use this command to display the voip oui table information 661
- This command displays mroute entries in the multicast forwarding mfc database 662
- Section 11 switch log messages 663
- Utilities 665
- Management 669
- Switching 672
- Stacking 678
- Technologies 678
- O s support 680
- Command index 683
- Symbols 683
Похожие устройства
- Qtech QSW-3580 Руководство пользователя
- Qtech QSW-2870 Руководство пользователя
- Qtech QSW-2800v2 Руководство пользователя
- Qtech QSW-3200-24T Руководство пользователя
- Qtech QSW-3200-24T Техническое описание
- Qtech QSW-3200-28T Руководство пользователя
- Qtech QSW-3200-28T Техническое описание
- Qtech QSW-3200-28FC Руководство пользователя
- Qtech QSW-3200-28FC Техническое описание
- Qtech QSW-3900-24-Т-AC Руководство пользователя v1-1
- Qtech QSW-3900-24-Т-AC Руководство пользователя v1-7
- Qtech QSW-3900-24-Т-AC Руководство пользователя
- Qtech QSW-3900-48-SFP-AC Руководство пользователя v1-1
- Qtech QSW-3900-48-SFP-AC Руководство пользователя v1-7
- Qtech QSW-3900-48-SFP-AC Руководство пользователя
- Qtech QSW-3900-48-SFP-DC Руководство пользователя v1-1
- Qtech QSW-3900-48-SFP-DC Руководство пользователя v1-7
- Qtech QSW-3900-48-SFP-DC Руководство пользователя
- Qtech QSW-3900-48-Т-AC Руководство пользователя v1-1
- Qtech QSW-3900-48-Т-AC Руководство пользователя v1-7