Documente Academic
Documente Profesional
Documente Cultură
Stackable Switches
Configuration Guide
Firmware Version 1.00.xx
P/N 9034314-02
Notice
EnterasysNetworksreservestherighttomakechangesinspecificationsandotherinformationcontainedinthisdocumentand
itswebsitewithoutpriornotice.ThereadershouldinallcasesconsultEnterasysNetworkstodeterminewhetheranysuch
changeshavebeenmade.
Thehardware,firmware,orsoftwaredescribedinthisdocumentissubjecttochangewithoutnotice.
INNOEVENTSHALLENTERASYSNETWORKSBELIABLEFORANYINCIDENTAL,INDIRECT,SPECIAL,OR
CONSEQUENTIALDAMAGESWHATSOEVER(INCLUDINGBUTNOTLIMITEDTOLOSTPROFITS)ARISINGOUTOF
ORRELATEDTOTHISDOCUMENT,WEBSITE,ORTHEINFORMATIONCONTAINEDINTHEM,EVENIFENTERASYS
NETWORKSHASBEENADVISEDOF,KNEWOF,ORSHOULDHAVEKNOWNOF,THEPOSSIBILITYOFSUCH
DAMAGES.
EnterasysNetworks,Inc.
50MinutemanRoad
Andover,MA01810
2007EnterasysNetworks,Inc.Allrightsreserved.
ENTERASYSNETWORKS,NETSIGHT,WEBVIEW,andanylogosassociatedtherewith,aretrademarksorregistered
trademarksofEnterasysNetworks,Inc.intheUnitedStatesandothercountries.
Allotherproductnamesmentionedinthismanualmaybetrademarksorregisteredtrademarksoftheirrespectivecompanies.
DocumentationURL:http://www.enterasys.com/support/manuals
DocumentacionURL:http://www.enterasys.com/support/manuals
DokumentationimInternet:http://www.enterasys.com/support/manuals
i
Enterasys Networks, Inc.
Firmware License Agreement
BEFORE OPENING OR UTILIZING THE ENCLOSED PRODUCT,
CAREFULLY READ THIS LICENSE AGREEMENT.
Thisdocumentisanagreement(Agreement)betweentheenduser(You)andEnterasysNetworks,Inc.onbehalfofitself
anditsAffiliates(ashereinafterdefined)(Enterasys)thatsetsforthYourrightsandobligationswithrespecttotheEnterasys
softwareprogram/firmwareinstalledontheEnterasysproduct(includinganyaccompanyingdocumentation,hardwareor
media)(Program)inthepackageandprevailsoveranyadditional,conflictingorinconsistenttermsandconditionsappearing
onanypurchaseorderorotherdocumentsubmittedbyYou.Affiliatemeansanyperson,partnership,corporation,limited
liabilitycompany,orotherformofenterprisethatdirectlyorindirectlythroughoneormoreintermediaries,controls,oris
controlledby,orisundercommoncontrolwiththepartyspecified.ThisAgreementconstitutestheentireunderstanding
betweentheparties,andsupersedesallpriordiscussions,representations,understandingsoragreements,whetheroralorin
writing,betweenthepartieswithrespecttothesubjectmatterofthisAgreement.TheProgrammaybecontainedinfirmware,
chipsorothermedia.
BYINSTALLINGOROTHERWISEUSINGTHEPROGRAM,YOUREPRESENTTHATYOUAREAUTHORIZEDTOACCEPT
THESETERMSONBEHALFOFTHEENDUSER(IFTHEENDUSERISANENTITYONWHOSEBEHALFYOUARE
AUTHORIZEDTOACT,YOUANDYOURSHALLBEDEEMEDTOREFERTOSUCHENTITY)ANDTHATYOU
AGREETHATYOUAREBOUNDBYTHETERMSOFTHISAGREEMENT,WHICHINCLUDES,AMONGOTHER
PROVISIONS,THELICENSE,THEDISCLAIMEROFWARRANTYANDTHELIMITATIONOFLIABILITY.IFYOUDONOT
AGREETOTHETERMSOFTHISAGREEMENTORARENOTAUTHORIZEDTOENTERINTOTHISAGREEMENT,
ENTERASYSISUNWILLINGTOLICENSETHEPROGRAMTOYOUANDYOUAGREETORETURNTHEUNOPENED
PRODUCTTOENTERASYSORYOURDEALER,IFANY,WITHINTEN(10)DAYSFOLLOWINGTHEDATEOFRECEIPT
FORAFULLREFUND.
IFYOUHAVEANYQUESTIONSABOUTTHISAGREEMENT,CONTACTENTERASYSNETWORKS,LEGAL
DEPARTMENTAT(978)6841000.
YouandEnterasysagreeasfollows:
1. LICENSE. Youhavethenonexclusiveandnontransferablerighttouseonlytheone(1)copyoftheProgramprovidedin
thispackagesubjecttothetermsandconditionsofthisAgreement.
2. RESTRICTIONS. ExceptasotherwiseauthorizedinwritingbyEnterasys,Youmaynot,normayYoupermitanythird
partyto:
(i) Reverse engineer, decompile, disassemble or modify the Program, in whole or in part, including for reasons of error correction or
interoperability, except to the extent expressly permitted by applicable law and to the extent the parties shall not be permitted by
that applicable law, such rights are expressly excluded. Information necessary to achieve interoperability or correct errors is
available from Enterasys upon request and upon payment of Enterasys applicable fee.
(ii) Incorporate the Program, in whole or in part, in any other product or create derivative works based on the Program, in whole or in
part.
(iii) Publish, disclose, copy, reproduce or transmit the Program, in whole or in part.
(iv) Assign, sell, license, sublicense, rent, lease, encumber by way of security interest, pledge or otherwise transfer the Program, in
whole or in part.
(v) Remove any copyright, trademark, proprietary rights, disclaimer or warning notice included on or embedded in any part of the
Program.
3. APPLICABLELAW. ThisAgreementshallbeinterpretedandgovernedunderthelawsandinthestateandfederalcourts
oftheCommonwealthofMassachusettswithoutregardtoitsconflictsoflawsprovisions.Youacceptthepersonal
jurisdictionandvenueoftheCommonwealthofMassachusettscourts.Noneofthe1980UnitedNationsConventionon
ContractsfortheInternationalSaleofGoods,theUnitedNationsConventionontheLimitationPeriodintheInternational
SaleofGoods,andtheUniformComputerInformationTransactionsActshallapplytothisAgreement.
ii
4. EXPORTRESTRICTIONS. YouunderstandthatEnterasysanditsAffiliatesaresubjecttoregulationbyagenciesofthe
U.S.Government,includingtheU.S.DepartmentofCommerce,whichprohibitexportordiversionofcertaintechnical
productstocertaincountries,unlessalicensetoexporttheProgramisobtainedfromtheU.S.Governmentoranexception
fromobtainingsuchlicensemayberelieduponbytheexportingparty.
IftheProgramisexportedfromtheUnitedStatespursuanttotheLicenseExceptionCIVundertheU.S.Export
AdministrationRegulations,YouagreethatYouareacivilenduseroftheProgramandagreethatYouwillusetheProgram
forcivilendusesonlyandnotformilitarypurposes.
IftheProgramisexportedfromtheUnitedStatespursuanttotheLicenseExceptionTSRundertheU.S.Export
AdministrationRegulations,inadditiontotherestrictionontransfersetforthinSections1or2ofthisAgreement,Youagree
notto(i)reexportorreleasetheProgram,thesourcecodefortheProgramortechnologytoanationalofacountryin
CountryGroupsD:1orE:2(Albania,Armenia,Azerbaijan,Belarus,Bulgaria,Cambodia,Cuba,Estonia,Georgia,Iraq,
Kazakhstan,Kyrgyzstan,Laos,Latvia,Libya,Lithuania,Moldova,NorthKorea,thePeoplesRepublicofChina,Romania,
Russia,Rwanda,Tajikistan,Turkmenistan,Ukraine,Uzbekistan,Vietnam,orsuchothercountriesasmaybedesignatedby
theUnitedStatesGovernment),(ii)exporttoCountryGroupsD:1orE:2(asdefinedherein)thedirectproductofthe
Programorthetechnology,ifsuchforeignproduceddirectproductissubjecttonationalsecuritycontrolsasidentifiedon
theU.S.CommerceControlList,or(iii)ifthedirectproductofthetechnologyisacompleteplantoranymajorcomponent
ofaplant,exporttoCountryGroupsD:1orE:2thedirectproductoftheplantoramajorcomponentthereof,ifsuchforeign
produceddirectproductissubjecttonationalsecuritycontrolsasidentifiedontheU.S.CommerceControlListorissubject
toStateDepartmentcontrolsundertheU.S.MunitionsList.
5. UNITEDSTATESGOVERNMENTRESTRICTEDRIGHTS. TheenclosedProgram(i)wasdevelopedsolelyatprivate
expense;(ii)containsrestrictedcomputersoftwaresubmittedwithrestrictedrightsinaccordancewithsection52.22719
(a)through(d)oftheCommercialComputerSoftwareRestrictedRightsClauseanditssuccessors,and(iii)inallrespectsis
proprietarydatabelongingtoEnterasysand/oritssuppliers.ForDepartmentofDefenseunits,theProgramisconsidered
commercialcomputersoftwareinaccordancewithDFARSsection227.72023anditssuccessors,anduse,duplication,or
disclosurebytheGovernmentissubjecttorestrictionssetforthherein.
6. DISCLAIMEROFWARRANTY. EXCEPTFORTHOSEWARRANTIESEXPRESSLYPROVIDEDTOYOUINWRITING
BYENTERASYS,ENTERASYSDISCLAIMSALLWARRANTIES,EITHEREXPRESSORIMPLIED,INCLUDINGBUTNOT
LIMITEDTOIMPLIEDWARRANTIESOFMERCHANTABILITY,SATISFACTORYQUALITY,FITNESSFORA
PARTICULARPURPOSE,TITLEANDNONINFRINGEMENTWITHRESPECTTOTHEPROGRAM.IFIMPLIED
WARRANTIESMAYNOTBEDISCLAIMEDBYAPPLICABLELAW,THENANYIMPLIEDWARRANTIESARE
LIMITEDINDURATIONTOTHIRTY(30)DAYSAFTERDELIVERYOFTHEPROGRAMTOYOU.
7. LIMITATIONOFLIABILITY. INNOEVENTSHALLENTERASYSORITSSUPPLIERSBELIABLEFORANY
DAMAGESWHATSOEVER(INCLUDING,WITHOUTLIMITATION,DAMAGESFORLOSSOFBUSINESS,PROFITS,
BUSINESSINTERRUPTION,LOSSOFBUSINESSINFORMATION,SPECIAL,INCIDENTAL,CONSEQUENTIAL,OR
RELIANCEDAMAGES,OROTHERLOSS)ARISINGOUTOFTHEUSEORINABILITYTOUSETHEPROGRAM,EVEN
IFENTERASYSHASBEENADVISEDOFTHEPOSSIBILITYOFSUCHDAMAGES.THISFOREGOINGLIMITATION
SHALLAPPLYREGARDLESSOFTHECAUSEOFACTIONUNDERWHICHDAMAGESARESOUGHT.
THECUMULATIVELIABILITYOFENTERASYSTOYOUFORALLCLAIMSRELATINGTOTHEPROGRAM,IN
CONTRACT,TORTOROTHERWISE,SHALLNOTEXCEEDTHETOTALAMOUNTOFFEESPAIDTOENTERASYSBY
YOUFORTHERIGHTSGRANTEDHEREIN.
8. AUDITRIGHTS. YouherebyacknowledgethattheintellectualpropertyrightsassociatedwiththeProgramareofcritical
valuetoEnterasysand,accordingly,Youherebyagreeto maintaincompletebooks,recordsandaccountsshowing(i)license
feesdueandpaid,and(ii)theuse,copyinganddeploymentoftheProgram.YoualsogranttoEnterasysanditsauthorized
representatives,uponreasonablenotice,therightto auditandexamineduringYournormalbusinesshours,Yourbooks,
records,accountsandhardwaredevicesuponwhichtheProgrammaybedeployedtoverifycompliancewiththis
Agreement,includingtheverificationofthelicensefeesdueandpaidEnterasysandtheuse,copyinganddeploymentof
theProgram.Enterasysrightofexamination shallbeexercisedreasonably,ingoodfaithandinamannercalculatedtonot
unreasonablyinterferewithYourbusiness.IntheeventsuchauditdiscoversnoncompliancewiththisAgreement,
includingcopiesoftheProgrammade,usedordeployedinbreachofthisAgreement,YoushallpromptlypaytoEnterasys
theappropriatelicensefees.Enterasys reservestheright,tobeexercisedinitssolediscretionandwithoutpriornotice,to
terminatethislicense,effectiveimmediately,forfailuretocomplywiththisAgreement.Uponanysuchtermination,You
shallimmediatelyceasealluseoftheProgramandshallreturntoEnterasystheProgramandallcopiesoftheProgram.
9. OWNERSHIP. Thisisalicenseagreementandnotanagreementforsale.YouacknowledgeandagreethattheProgram
constitutestradesecretsand/orcopyrightedmaterialofEnterasysand/oritssuppliers.Youagreetoimplementreasonable
securitymeasurestoprotectsuchtradesecretsandcopyrightedmaterial.Allright,titleandinterestinandtotheProgram
shallremainwithEnterasysand/oritssuppliers.AllrightsnotspecificallygrantedtoYoushallbereservedtoEnterasys.
iii
10. ENFORCEMENT. YouacknowledgeandagreethatanybreachofSections2,4,or9ofthisAgreementbyYoumaycause
Enterasysirreparabledamageforwhichrecoveryofmoneydamageswouldbeinadequate,andthatEnterasysmaybe
entitledtoseektimelyinjunctiverelieftoprotectEnterasysrightsunderthisAgreementinadditiontoanyandallremedies
availableatlaw.
11. ASSIGNMENT. Youmaynotassign,transferorsublicensethisAgreementoranyofYourrightsorobligationsunderthis
Agreement,exceptthatYoumayassignthisAgreementtoanypersonorentitywhichacquiressubstantiallyallofYourstock
orassets.EnterasysmayassignthisAgreementinitssolediscretion.ThisAgreementshallbebindinguponandinuretothe
benefitoftheparties,theirlegalrepresentatives,permittedtransferees,successorsandassignsaspermittedbythis
Agreement.Anyattemptedassignment,transferorsublicenseinviolationofthetermsofthisAgreementshallbevoidand
abreachofthisAgreement.
12. WAIVER. AwaiverbyEnterasysofabreachofanyofthetermsandconditionsofthisAgreementmustbeinwritingand
willnotbeconstruedasawaiverofanysubsequentbreachofsuchtermorcondition.Enterasysfailuretoenforceaterm
uponYourbreachofsuchtermshallnotbeconstruedasawaiverofYourbreachorpreventenforcementonanyother
occasion.
13. SEVERABILITY. IntheeventanyprovisionofthisAgreementisfoundtobeinvalid,illegalorunenforceable,thevalidity,
legalityandenforceabilityofanyoftheremainingprovisionsshallnotinanywaybeaffectedorimpairedthereby,andthat
provisionshallbereformed,construedandenforcedtothemaximumextentpermissible.Anysuchinvalidity,illegalityor
unenforceabilityinanyjurisdictionshallnotinvalidateorrenderillegalorunenforceablesuchprovisioninanyother
jurisdiction.
14. TERMINATION. EnterasysmayterminatethisAgreementimmediatelyuponYourbreachofanyofthetermsand
conditionsofthisAgreement.Uponanysuchtermination,YoushallimmediatelyceasealluseoftheProgramandshall
returntoEnterasystheProgramandallcopiesoftheProgram.
iv
Contents
About This Guide
Using This Guide ........................................................................................................................................... xxiii
Structure of This Guide .................................................................................................................................. xxiii
Related Documents ........................................................................................................................................ xxv
Conventions Used in This Guide .................................................................................................................... xxv
Getting Help ................................................................................................................................................... xxvi
Chapter 1: Introduction
SecureStack B3 CLI Overview ....................................................................................................................... 1-1
Switch Management Methods ........................................................................................................................ 1-2
Factory Default Settings ................................................................................................................................. 1-2
Using the Command Line Interface ................................................................................................................ 1-5
Starting a CLI Session ............................................................................................................................. 1-5
Logging In ................................................................................................................................................ 1-6
Navigating the Command Line Interface .................................................................................................. 1-6
v
show system lockout .......................................................................................................................... 3-7
set system lockout .............................................................................................................................. 3-8
Setting Basic Switch Properties ...................................................................................................................... 3-9
Purpose .................................................................................................................................................... 3-9
Commands ............................................................................................................................................... 3-9
show ip address................................................................................................................................ 3-10
set ip address ................................................................................................................................... 3-10
clear ip address ................................................................................................................................ 3-11
show ip protocol................................................................................................................................ 3-11
set ip protocol ................................................................................................................................... 3-12
show system..................................................................................................................................... 3-12
show system hardware..................................................................................................................... 3-13
show system utilization..................................................................................................................... 3-14
set system enhancedbuffermode ..................................................................................................... 3-15
show time ......................................................................................................................................... 3-15
set time ............................................................................................................................................. 3-16
show summertime ............................................................................................................................ 3-17
set summertime ................................................................................................................................ 3-17
set summertime date ........................................................................................................................ 3-18
set summertime recurring ................................................................................................................. 3-18
clear summertime ............................................................................................................................. 3-19
set prompt......................................................................................................................................... 3-19
show banner motd ............................................................................................................................ 3-20
set banner motd................................................................................................................................ 3-20
clear banner motd............................................................................................................................. 3-21
show version..................................................................................................................................... 3-21
set system name .............................................................................................................................. 3-22
set system location ........................................................................................................................... 3-24
set system contact............................................................................................................................ 3-24
set width ........................................................................................................................................... 3-25
set length .......................................................................................................................................... 3-25
show logout ...................................................................................................................................... 3-26
set logout ......................................................................................................................................... 3-26
show console .................................................................................................................................... 3-27
set console baud .............................................................................................................................. 3-28
Activating Licensed Features ....................................................................................................................... 3-29
License Key Field Descriptions .............................................................................................................. 3-29
Licensing Procedure in a Stack Environment ........................................................................................ 3-29
Adding a New Member to a Licensed Stack .......................................................................................... 3-30
Clearing, Showing, and Moving Licenses .............................................................................................. 3-30
Commands ............................................................................................................................................. 3-30
set license......................................................................................................................................... 3-31
show license ..................................................................................................................................... 3-32
clear license...................................................................................................................................... 3-33
Configuring Power over Ethernet (PoE) ....................................................................................................... 3-34
Purpose .................................................................................................................................................. 3-34
Commands ............................................................................................................................................. 3-34
show inlinepower .............................................................................................................................. 3-35
set inlinepower threshold.................................................................................................................. 3-35
set inlinepower trap .......................................................................................................................... 3-36
show port inlinepower ....................................................................................................................... 3-36
set port inlinepower .......................................................................................................................... 3-37
Downloading a New Firmware Image ........................................................................................................... 3-38
Downloading from a TFTP Server .......................................................................................................... 3-38
Downloading via the Serial Port ............................................................................................................. 3-38
vi
Reviewing and Selecting a Boot Firmware Image ........................................................................................ 3-41
Purpose .................................................................................................................................................. 3-41
Commands ............................................................................................................................................. 3-41
show boot system ............................................................................................................................. 3-41
set boot system ................................................................................................................................ 3-42
Starting and Configuring Telnet .................................................................................................................... 3-43
Purpose .................................................................................................................................................. 3-43
Commands ............................................................................................................................................. 3-43
show telnet ....................................................................................................................................... 3-43
set telnet ........................................................................................................................................... 3-44
telnet................................................................................................................................................. 3-44
Managing Switch Configuration and Files .................................................................................................... 3-45
Configuration Persistence Mode ............................................................................................................ 3-45
Purpose .................................................................................................................................................. 3-45
Commands ............................................................................................................................................. 3-45
show snmp persistmode ................................................................................................................... 3-46
set snmp persistmode ...................................................................................................................... 3-46
save config ....................................................................................................................................... 3-47
dir...................................................................................................................................................... 3-47
show config....................................................................................................................................... 3-48
configure ........................................................................................................................................... 3-49
copy .................................................................................................................................................. 3-50
delete................................................................................................................................................ 3-50
show tftp settings.............................................................................................................................. 3-51
set tftp timeout .................................................................................................................................. 3-51
clear tftp timeout ............................................................................................................................... 3-52
set tftp retry....................................................................................................................................... 3-52
clear tftp retry.................................................................................................................................... 3-53
Configuring CDP ........................................................................................................................................... 3-54
Purpose .................................................................................................................................................. 3-54
Commands ............................................................................................................................................. 3-54
show cdp .......................................................................................................................................... 3-54
set cdp state ..................................................................................................................................... 3-56
set cdp auth ...................................................................................................................................... 3-56
set cdp interval ................................................................................................................................. 3-57
set cdp hold-time .............................................................................................................................. 3-58
clear cdp ........................................................................................................................................... 3-58
show neighbors ................................................................................................................................ 3-59
Configuring Cisco Discovery Protocol .......................................................................................................... 3-60
Purpose .................................................................................................................................................. 3-60
Commands ............................................................................................................................................. 3-60
show ciscodp .................................................................................................................................... 3-60
show ciscodp port info ...................................................................................................................... 3-61
set ciscodp status ............................................................................................................................. 3-62
set ciscodp timer............................................................................................................................... 3-63
set ciscodp holdtime ......................................................................................................................... 3-63
set ciscodp port ................................................................................................................................ 3-64
clear ciscodp..................................................................................................................................... 3-65
Clearing and Closing the CLI ........................................................................................................................ 3-67
Purpose .................................................................................................................................................. 3-67
Commands ............................................................................................................................................. 3-67
cls (clear screen) .............................................................................................................................. 3-67
exit .................................................................................................................................................... 3-68
Resetting the Switch ..................................................................................................................................... 3-69
Purpose .................................................................................................................................................. 3-69
Commands ............................................................................................................................................. 3-69
vii
reset.................................................................................................................................................. 3-69
clear config ....................................................................................................................................... 3-70
Using and Configuring WebView .................................................................................................................. 3-71
Purpose .................................................................................................................................................. 3-71
Commands ............................................................................................................................................. 3-71
show webview .................................................................................................................................. 3-71
set webview ...................................................................................................................................... 3-72
show ssl............................................................................................................................................ 3-72
set ssl ............................................................................................................................................... 3-73
viii
show port trap................................................................................................................................... 4-22
set port trap ...................................................................................................................................... 4-22
show linkflap ..................................................................................................................................... 4-23
set linkflap globalstate ...................................................................................................................... 4-25
set linkflap portstate.......................................................................................................................... 4-26
set linkflap interval ............................................................................................................................ 4-26
set linkflap action .............................................................................................................................. 4-27
clear linkflap action ........................................................................................................................... 4-27
set linkflap threshold......................................................................................................................... 4-28
set linkflap downtime ........................................................................................................................ 4-28
clear linkflap down ............................................................................................................................ 4-29
clear linkflap...................................................................................................................................... 4-29
Configuring Broadcast Suppression ............................................................................................................. 4-31
Purpose .................................................................................................................................................. 4-31
Commands ............................................................................................................................................. 4-31
show port broadcast ......................................................................................................................... 4-31
set port broadcast............................................................................................................................. 4-32
clear port broadcast.......................................................................................................................... 4-32
Port Mirroring ................................................................................................................................................ 4-34
Mirroring Features .................................................................................................................................. 4-34
Remote Port Mirroring ............................................................................................................................ 4-34
Purpose .................................................................................................................................................. 4-35
Commands ............................................................................................................................................. 4-35
show port mirroring........................................................................................................................... 4-36
set port mirroring .............................................................................................................................. 4-37
clear port mirroring ........................................................................................................................... 4-38
set mirror vlan ................................................................................................................................... 4-38
clear mirror vlan ................................................................................................................................ 4-39
Link Aggregation Control Protocol (LACP) ................................................................................................... 4-40
LACP Operation ..................................................................................................................................... 4-40
LACP Terminology ................................................................................................................................. 4-41
SecureStack B3 Usage Considerations ................................................................................................. 4-41
Commands ............................................................................................................................................. 4-42
show lacp.......................................................................................................................................... 4-43
set lacp ............................................................................................................................................. 4-44
set lacp asyspri................................................................................................................................. 4-45
set lacp aadminkey........................................................................................................................... 4-45
clear lacp .......................................................................................................................................... 4-46
set lacp static.................................................................................................................................... 4-47
clear lacp static ................................................................................................................................. 4-47
set lacp singleportlag........................................................................................................................ 4-48
clear lacp singleportlag..................................................................................................................... 4-49
show port lacp .................................................................................................................................. 4-49
set port lacp ...................................................................................................................................... 4-51
clear port lacp ................................................................................................................................... 4-53
Configuring Protected Ports ......................................................................................................................... 4-54
Protected Port Operation ....................................................................................................................... 4-54
Commands ............................................................................................................................................. 4-54
set port protected.............................................................................................................................. 4-55
show port protected .......................................................................................................................... 4-55
clear port protected........................................................................................................................... 4-56
set port protected name.................................................................................................................... 4-57
show port protected name ................................................................................................................ 4-57
clear port protected name................................................................................................................. 4-58
ix
Chapter 5: SNMP Configuration
SNMP Configuration Summary ...................................................................................................................... 5-1
SNMPv1 and SNMPv2c ........................................................................................................................... 5-1
SNMPv3 ................................................................................................................................................... 5-2
About SNMP Security Models and Levels ............................................................................................... 5-2
Using SNMP Contexts to Access Specific MIBs ...................................................................................... 5-3
Configuration Considerations ................................................................................................................... 5-3
Reviewing SNMP Statistics ............................................................................................................................ 5-4
Purpose .................................................................................................................................................... 5-4
Commands ............................................................................................................................................... 5-4
show snmp engineid........................................................................................................................... 5-4
show snmp counters........................................................................................................................... 5-5
Configuring SNMP Users, Groups, and Communities .................................................................................... 5-8
Purpose .................................................................................................................................................... 5-8
Commands ............................................................................................................................................... 5-8
show snmp user ................................................................................................................................. 5-9
set snmp user ................................................................................................................................... 5-10
clear snmp user ................................................................................................................................ 5-11
show snmp group ............................................................................................................................. 5-11
set snmp group ................................................................................................................................. 5-12
clear snmp group .............................................................................................................................. 5-13
show snmp community ..................................................................................................................... 5-13
set snmp community......................................................................................................................... 5-14
clear snmp community...................................................................................................................... 5-15
Configuring SNMP Access Rights ................................................................................................................ 5-16
Purpose .................................................................................................................................................. 5-16
Commands ............................................................................................................................................. 5-16
show snmp access ........................................................................................................................... 5-16
set snmp access............................................................................................................................... 5-18
clear snmp access............................................................................................................................ 5-19
Configuring SNMP MIB Views ...................................................................................................................... 5-20
Purpose .................................................................................................................................................. 5-20
Commands ............................................................................................................................................. 5-20
show snmp view ............................................................................................................................... 5-20
show snmp context........................................................................................................................... 5-22
set snmp view................................................................................................................................... 5-23
clear snmp view................................................................................................................................ 5-24
Configuring SNMP Target Parameters ......................................................................................................... 5-25
Purpose .................................................................................................................................................. 5-25
Commands ............................................................................................................................................. 5-25
show snmp targetparams ................................................................................................................. 5-25
set snmp targetparams..................................................................................................................... 5-27
clear snmp targetparams.................................................................................................................. 5-28
Configuring SNMP Target Addresses .......................................................................................................... 5-29
Purpose .................................................................................................................................................. 5-29
Commands ............................................................................................................................................. 5-29
show snmp targetaddr ...................................................................................................................... 5-29
set snmp targetaddr.......................................................................................................................... 5-30
clear snmp targetaddr....................................................................................................................... 5-31
Configuring SNMP Notification Parameters ................................................................................................. 5-33
About SNMP Notify Filters ..................................................................................................................... 5-33
Purpose .................................................................................................................................................. 5-33
Commands ............................................................................................................................................. 5-33
show newaddrtrap ............................................................................................................................ 5-34
set newaddrtrap................................................................................................................................ 5-35
x
show snmp notify .............................................................................................................................. 5-36
set snmp notify ................................................................................................................................. 5-37
clear snmp notify .............................................................................................................................. 5-38
show snmp notifyfilter ....................................................................................................................... 5-38
set snmp notifyfilter........................................................................................................................... 5-39
clear snmp notifyfilter........................................................................................................................ 5-40
show snmp notifyprofile .................................................................................................................... 5-40
set snmp notifyprofile........................................................................................................................ 5-41
clear snmp notifyprofile..................................................................................................................... 5-42
Creating a Basic SNMP Trap Configuration ................................................................................................. 5-43
Example ................................................................................................................................................. 5-43
xi
set spantree spanguard .................................................................................................................... 6-27
clear spantree spanguard ................................................................................................................. 6-28
show spantree spanguardtimeout .................................................................................................... 6-28
set spantree spanguardtimeout ........................................................................................................ 6-29
clear spantree spanguardtimeout ..................................................................................................... 6-29
show spantree spanguardlock .......................................................................................................... 6-30
clear / set spantree spanguardlock................................................................................................... 6-30
show spantree spanguardtrapenable ............................................................................................... 6-31
set spantree spanguardtrapenable ................................................................................................... 6-31
clear spantree spanguardtrapenable ................................................................................................ 6-32
show spantree legacypathcost ......................................................................................................... 6-32
set spantree legacypathcost............................................................................................................. 6-33
clear spantree legacypathcost .......................................................................................................... 6-33
Reviewing and Setting Spanning Tree Port Parameters .............................................................................. 6-34
Purpose .................................................................................................................................................. 6-34
Commands ............................................................................................................................................. 6-34
set spantree portadmin..................................................................................................................... 6-35
clear spantree portadmin.................................................................................................................. 6-35
show spantree portadmin ................................................................................................................. 6-36
show spantree portpri ....................................................................................................................... 6-36
set spantree portpri........................................................................................................................... 6-37
clear spantree portpri........................................................................................................................ 6-37
show spantree adminpathcost .......................................................................................................... 6-38
set spantree adminpathcost ............................................................................................................. 6-39
clear spantree adminpathcost .......................................................................................................... 6-39
show spantree adminedge ............................................................................................................... 6-40
set spantree adminedge ................................................................................................................... 6-40
clear spantree adminedge ................................................................................................................ 6-41
xii
Configuring the VLAN Egress List ................................................................................................................ 7-14
Purpose .................................................................................................................................................. 7-14
Commands ............................................................................................................................................. 7-14
show port egress .............................................................................................................................. 7-15
set vlan forbidden ............................................................................................................................. 7-15
set vlan egress ................................................................................................................................. 7-16
clear vlan egress .............................................................................................................................. 7-17
show vlan dynamicegress ................................................................................................................ 7-18
set vlan dynamicegress .................................................................................................................... 7-19
Setting the Host VLAN .................................................................................................................................. 7-20
Purpose .................................................................................................................................................. 7-20
Commands ............................................................................................................................................. 7-20
show host vlan.................................................................................................................................. 7-20
set host vlan ..................................................................................................................................... 7-21
clear host vlan .................................................................................................................................. 7-22
Enabling/Disabling GVRP (GARP VLAN Registration Protocol) .................................................................. 7-23
About GARP VLAN Registration Protocol (GVRP) ................................................................................ 7-23
Purpose .................................................................................................................................................. 7-24
Commands ............................................................................................................................................. 7-24
show gvrp ......................................................................................................................................... 7-25
show garp timer ................................................................................................................................ 7-25
set gvrp............................................................................................................................................. 7-27
clear gvrp .......................................................................................................................................... 7-27
set garp timer.................................................................................................................................... 7-28
xiii
show diffserv service stats................................................................................................................ 8-18
set diffserv service............................................................................................................................ 8-19
xiv
Chapter 11: IGMP Configuration
IGMP Overview ............................................................................................................................................ 11-1
About IP Multicast Group Management ................................................................................................. 11-1
About Multicasting .................................................................................................................................. 11-1
Configuring IGMP at Layer 2 ........................................................................................................................ 11-2
Purpose .................................................................................................................................................. 11-2
Commands ............................................................................................................................................. 11-2
show igmpsnooping .......................................................................................................................... 11-3
set igmpsnooping adminmode.......................................................................................................... 11-3
set igmpsnooping interfacemode...................................................................................................... 11-4
set igmpsnooping groupmembershipinterval .................................................................................... 11-5
set igmpsnooping maxresponse ....................................................................................................... 11-5
set igmpsnooping mcrtrexpiretime.................................................................................................... 11-6
set igmpsnooping add-static ............................................................................................................. 11-7
set igmpsnooping remove-static ....................................................................................................... 11-7
show igmpsnooping static ................................................................................................................ 11-8
show igmpsnooping mfdb ................................................................................................................. 11-9
clear igmpsnooping ........................................................................................................................ 11-10
xv
clear mac agetime .......................................................................................................................... 12-23
set mac algorithm ........................................................................................................................... 12-23
show mac algorithm........................................................................................................................ 12-24
clear mac algorithm ........................................................................................................................ 12-24
set mac multicast ............................................................................................................................ 12-25
clear mac address .......................................................................................................................... 12-25
Configuring Simple Network Time Protocol (SNTP) ................................................................................... 12-27
Purpose ................................................................................................................................................ 12-27
Commands ........................................................................................................................................... 12-27
show sntp ....................................................................................................................................... 12-27
set sntp client.................................................................................................................................. 12-29
clear sntp client............................................................................................................................... 12-29
set sntp server ................................................................................................................................ 12-30
clear sntp server ............................................................................................................................. 12-30
set sntp poll-interval........................................................................................................................ 12-31
clear sntp poll-interval..................................................................................................................... 12-31
set sntp poll-retry ............................................................................................................................ 12-32
clear sntp poll-retry ......................................................................................................................... 12-32
set sntp poll-timeout ....................................................................................................................... 12-33
clear sntp poll-timeout .................................................................................................................... 12-33
Configuring Node Aliases ........................................................................................................................... 12-34
Purpose ................................................................................................................................................ 12-34
Commands ........................................................................................................................................... 12-34
show nodealias config .................................................................................................................... 12-34
set nodealias .................................................................................................................................. 12-35
clear nodealias config ..................................................................................................................... 12-36
xvi
Filter Group Commands ............................................................................................................................. 13-19
Commands ........................................................................................................................................... 13-19
show rmon channel ........................................................................................................................ 13-19
set rmon channel ............................................................................................................................ 13-20
clear rmon channel ......................................................................................................................... 13-21
show rmon filter .............................................................................................................................. 13-21
set rmon filter .................................................................................................................................. 13-22
clear rmon filter ............................................................................................................................... 13-23
Packet Capture Commands ....................................................................................................................... 13-24
Purpose ................................................................................................................................................ 13-24
Commands ........................................................................................................................................... 13-24
show rmon capture ......................................................................................................................... 13-24
set rmon capture............................................................................................................................. 13-25
clear rmon capture.......................................................................................................................... 13-26
xvii
set dhcp pool lease......................................................................................................................... 14-22
clear dhcp pool lease...................................................................................................................... 14-22
set dhcp pool default-router ............................................................................................................14-23
clear dhcp pool default-router......................................................................................................... 14-24
set dhcp pool dns-server ................................................................................................................ 14-24
clear dhcp pool dns-server ............................................................................................................. 14-25
set dhcp pool domain-name ........................................................................................................... 14-25
clear dhcp pool domain-name ........................................................................................................ 14-26
set dhcp pool netbios-name-server ................................................................................................ 14-26
clear dhcp pool netbios-name-server ............................................................................................. 14-27
set dhcp pool netbios-node-type .................................................................................................... 14-27
clear dhcp pool netbios-node-type ................................................................................................. 14-28
set dhcp pool option ....................................................................................................................... 14-28
clear dhcp pool option .................................................................................................................... 14-29
show dhcp pool configuration ......................................................................................................... 14-30
xviii
Configuring MAC Authentication ................................................................................................................ 16-23
Purpose ................................................................................................................................................ 16-23
Commands ........................................................................................................................................... 16-23
show macauthentication ................................................................................................................. 16-24
show macauthentication session .................................................................................................... 16-25
set macauthentication..................................................................................................................... 16-26
set macauthentication password .................................................................................................... 16-27
clear macauthentication password ................................................................................................. 16-27
set macauthentication port ............................................................................................................. 16-28
set macauthentication portinitialize................................................................................................. 16-28
set macauthentication portquietperiod............................................................................................ 16-29
clear macauthentication portquietperiod......................................................................................... 16-29
set macauthentication macinitialize ................................................................................................ 16-30
set macauthentication reauthentication .......................................................................................... 16-30
set macauthentication portreauthenticate.......................................................................................16-31
set macauthentication macreauthenticate ...................................................................................... 16-31
set macauthentication reauthperiod ...............................................................................................16-32
clear macauthentication reauthperiod ............................................................................................ 16-33
Configuring Multiple Authentication Methods ............................................................................................. 16-34
About Multiple Authentication Types .................................................................................................... 16-34
Configuring Multi-User Authentication (User + IP phone) .................................................................... 16-34
Commands ........................................................................................................................................... 16-34
show multiauth................................................................................................................................ 16-36
set multiauth mode ......................................................................................................................... 16-37
clear multiauth mode ...................................................................................................................... 16-37
set multiauth precedence ............................................................................................................... 16-38
clear multiauth precedence ............................................................................................................16-38
show multiauth port ........................................................................................................................ 16-39
set multiauth port ............................................................................................................................ 16-40
clear multiauth port ......................................................................................................................... 16-40
show multiauth station .................................................................................................................... 16-41
Configuring VLAN Authorization (RFC 3580) ............................................................................................. 16-42
Purpose ................................................................................................................................................ 16-42
Commands ........................................................................................................................................... 16-42
set vlanauthorization....................................................................................................................... 16-43
set vlanauthorization egress ........................................................................................................... 16-43
clear vlanauthorization.................................................................................................................... 16-44
show vlanauthorization ................................................................................................................... 16-45
Configuring MAC Locking ........................................................................................................................... 16-46
Purpose ................................................................................................................................................ 16-46
Commands ........................................................................................................................................... 16-46
show maclock ................................................................................................................................. 16-47
show maclock stations.................................................................................................................... 16-48
set maclock enable......................................................................................................................... 16-49
set maclock disable ........................................................................................................................ 16-50
set maclock..................................................................................................................................... 16-50
clear maclock.................................................................................................................................. 16-51
set maclock static ........................................................................................................................... 16-52
clear maclock static ........................................................................................................................ 16-52
set maclock firstarrival .................................................................................................................... 16-53
clear maclock firstarrival ................................................................................................................. 16-54
set maclock move ........................................................................................................................... 16-54
set maclock trap ............................................................................................................................. 16-55
Configuring Port Web Authentication (PWA) .............................................................................................. 16-56
About PWA ........................................................................................................................................... 16-56
Purpose ................................................................................................................................................ 16-56
xix
Commands ........................................................................................................................................... 16-56
show pwa........................................................................................................................................ 16-57
set pwa ........................................................................................................................................... 16-59
show pwa banner ........................................................................................................................... 16-59
set pwa banner ............................................................................................................................... 16-60
clear pwa banner ............................................................................................................................ 16-60
set pwa displaylogo ........................................................................................................................ 16-61
set pwa ipaddress........................................................................................................................... 16-61
set pwa protocol ............................................................................................................................. 16-62
set pwa guestname ........................................................................................................................ 16-62
clear pwa guestname ..................................................................................................................... 16-63
set pwa guestpassword .................................................................................................................. 16-63
set pwa gueststatus........................................................................................................................ 16-64
set pwa initialize ............................................................................................................................. 16-64
set pwa quietperiod ........................................................................................................................ 16-65
set pwa maxrequest ....................................................................................................................... 16-65
set pwa portcontrol ......................................................................................................................... 16-66
show pwa session .......................................................................................................................... 16-66
set pwa enhancedmode ................................................................................................................. 16-67
Configuring Secure Shell (SSH) ................................................................................................................. 16-68
Purpose ................................................................................................................................................ 16-68
Commands ........................................................................................................................................... 16-68
show ssh status .............................................................................................................................. 16-68
set ssh ............................................................................................................................................ 16-69
set ssh hostkey............................................................................................................................... 16-69
Index
Figures
1-1 SecureStack B3 Startup Screen ......................................................................................................... 1-5
1-2 Sample CLI Defaults Description........................................................................................................ 1-7
1-3 Performing a Keyword Lookup ........................................................................................................... 1-7
1-4 Performing a Partial Keyword Lookup ................................................................................................ 1-7
1-5 Scrolling Screen Output...................................................................................................................... 1-8
1-6 Abbreviating a Command ................................................................................................................... 1-8
7-1 Example of VLAN Propagation via GVRP ........................................................................................ 7-24
Tables
1-1 Default Settings for Basic Switch Operation ....................................................................................... 1-2
1-2 Basic Line Editing Commands............................................................................................................ 1-9
3-1 show system lockout Output Details................................................................................................... 3-7
3-2 show system Output Details ............................................................................................................. 3-13
3-3 show version Output Details ............................................................................................................. 3-22
3-4 show cdp Output Details................................................................................................................... 3-55
3-5 show ciscodp Output Details ............................................................................................................ 3-61
3-6 show ciscodp port info Output Details .............................................................................................. 3-62
4-1 show port status Output Details.......................................................................................................... 4-4
4-2 show port counters Output Details ..................................................................................................... 4-6
4-3 show linkflap parameters Output Details .......................................................................................... 4-24
4-4 show linkflap metrics Output Details................................................................................................. 4-25
4-5 LACP Terms and Definitions ............................................................................................................ 4-41
4-6 show lacp Output Details.................................................................................................................. 4-44
5-1 SNMP Security Levels........................................................................................................................ 5-2
5-2 show snmp engineid Output Details ................................................................................................... 5-4
5-3 show snmp counters Output Details ................................................................................................... 5-6
xx
5-4 show snmp user Output Details........................................................................................................ 5-10
5-5 show snmp group Output Details ..................................................................................................... 5-12
5-6 show snmp access Output Details ................................................................................................... 5-17
5-7 show snmp view Output Details ....................................................................................................... 5-21
5-8 show snmp targetparams Output Details ......................................................................................... 5-26
5-9 show snmp targetaddr Output Details .............................................................................................. 5-30
5-10 show snmp notify Output Details ...................................................................................................... 5-36
5-11 Basic SNMP Trap Configuration....................................................................................................... 5-43
6-1 show spantree Output Details ............................................................................................................ 6-6
7-1 Command Set for Creating a Secure Management VLAN ................................................................. 7-2
7-2 show vlan Output Details.................................................................................................................... 7-4
7-3 show gvrp configuration Output Details ............................................................................................ 7-26
8-1 Valid IP DSCP Numeric and Keyword Values .................................................................................... 8-7
9-1 show policy profile Output Details ...................................................................................................... 9-3
9-2 show policy rule Output Details .......................................................................................................... 9-8
9-3 Valid Values for Policy Classification Rules ..................................................................................... 9-12
12-1 show logging server Output Details.................................................................................................. 12-2
12-2 show logging application Output Details........................................................................................... 12-6
12-3 Mnemonic Values for Logging Applications...................................................................................... 12-7
12-4 show arp Output Details ................................................................................................................. 12-18
12-5 show mac Output Details................................................................................................................ 12-21
12-6 show sntp Output Details................................................................................................................ 12-28
12-7 show nodealias config Output Details ............................................................................................ 12-35
13-1 RMON Monitoring Group Functions and Commands ....................................................................... 13-1
13-2 show rmon stats Output Details........................................................................................................ 13-4
13-3 show rmon alarm Output Details .................................................................................................... 13-11
13-4 show rmon event Output Details .................................................................................................... 13-16
16-1 show radius Output Details............................................................................................................... 16-5
16-2 show eapol Output Details.............................................................................................................. 16-19
16-3 show macauthentication Output Details ......................................................................................... 16-24
16-4 show macauthentication session Output Details ............................................................................ 16-26
16-5 show vlanauthorization Output Details ........................................................................................... 16-45
16-6 show maclock Output Details ......................................................................................................... 16-47
16-7 show maclock stations Output Details............................................................................................ 16-49
16-8 show pwa Output Details................................................................................................................ 16-58
xxi
xxii
About This Guide
WelcometotheEnterasysNetworksSecureStackB3ConfigurationGuide.Thismanualexplains
howtoaccessthedevicesCommandLineInterface(CLI)andhowtouseittoconfigure
SecureStackB3switchdevices.
Important Notice
Depending on the firmware version used in your SecureStack device, some features described in
this document may not be supported. Refer to the Release Notes shipped with your device to
determine which features are supported.
Chapter 6,SpanningTreeConfiguration,describeshowtoreviewandsetSpanningTreebridge
parametersforthedevice,includingbridgepriority,hellotime,maximumagingtimeandforward
delay;andhowtoreviewandsetSpanningTreeportparameters,includingportpriorityandpath
costs.
Chapter 7,802.1QVLANConfiguration,describeshowtocreatestaticVLANs,selectthemodeof
operationforeachport,establishVLANforwarding(egress)lists,routeframesaccordingto
VLANID,displaythecurrentportsandporttypesassociatedwithaVLANandprotocol,createa
securemanagementVLAN,andconfigureportsonthedeviceasGVRPawareports.
Chapter 8,DifferentiatedServicesConfiguration,describeshowtodisplayandconfigure
Diffservparameters.DiffservwillnotbeavailableifaPolicyLicenseisactivatedonthe
SecureStackB3.WhenaPolicyLicenseisactivated,itenablesPolicythattakestheplaceof
Diffserv.
Chapter 9,PolicyClassificationConfiguration,describeshowtocreate,changeorremoveuser
rolesorprofilesbasedonbusinessspecificuseofnetworkservices;howtopermitordenyaccess
tospecificservicesbycreatingandassigningclassificationruleswhichmapuserprofilestoframe
filteringpolicies;howtoclassifyframestoaVLANorClassofService(CoS);andhowtoassignor
unassignportstopolicyprofilessothatonlyportsactivatedforaprofilewillbeallowedto
transmitframesaccordingly.
Chapter 10,PortPriorityConfiguration,describeshowtosetthetransmitpriorityofeachport
andconfigurearatelimitforagivenportandlistofpriorities.
Chapter 11,IGMPConfiguration,describeshowtoconfigureInternetGroupManagement
Protocol(IGMP)settingsformulticastfiltering.
Chapter 12,LoggingandNetworkManagement,describeshowtoconfigureSyslog,howto
managegeneralswitchsettings,howtomonitornetworkeventsandstatus,andhowtoconfigure
SNTPandnodealiases.
Chapter 13,ConfiguringRMON,describeshowtouseRMON(RemoteNetworkMonitoring),
whichprovidescomprehensivenetworkfaultdiagnosis,planning,andperformancetuning
informationandallowsforinteroperabilitybetweenSNMPmanagementstationsandmonitoring
agents.
Chapter 14,ConfiguringDHCPServer,describeshowtoreviewandconfigureDHCPserver
parameters,howtoreviewandconfigureDHCPaddresspools,andhowtodisplayDHCPserver
information.
Chapter 15,IPv6Management,describeshowtomanageIPv6atLayer2.Theseswitchlevel
commandsallowyoutoenableordisabletheIPv6managementfunction,toconfigureanddisplay
theIPv6hostaddressandIPv6gatewayfortheswitch,andtodisplayIPv6statusinformation.
Chapter 16,SecurityConfiguration,describeshowtoconfigure802.1Xauthenticationusing
EAPOL,howtoconfigureRADIUSserver,SecureShellserver,MACauthentication,MAC
locking,andPortWebAuthentication.
Related Documents
ThefollowingEnterasysNetworksdocumentsmayhelpyoutosetup,control,andmanagethe
SecureStackdevice:
EthernetTechnologyGuide
CablingGuide
SecureStackB3InstallationGuide(s)
SecureStackRedundantPowerSystemInstallationGuide
Documentslistedabove,canbeobtainedfromtheWorldWideWebinAdobeAcrobatPortable
DocumentFormat(PDF)atthefollowingwebsite:
http://www.enterasys.com/support/manuals/
Convention Description
Thefollowingiconsareusedinthisguide:
Note: Calls the readers attention to any item of information that may be of special importance.
Getting Help
Foradditionalsupportrelatedtothisswitchordocument,contactEnterasysNetworksusingone
ofthefollowingmethods:
BeforecallingEnterasysNetworks,havethefollowinginformationready:
YourEnterasysNetworksservicecontractnumber
Adescriptionofthefailure
Adescriptionofanyaction(s)alreadytakentoresolvetheproblem(forexample,changing
modeswitchesorrebootingtheunit)
TheserialandrevisionnumbersofallinvolvedEnterasysNetworksproductsinthenetwork
Adescriptionofyournetworkenvironment(forexample,layout,cabletype)
Networkloadandframesizeatthetimeoftrouble(ifknown)
Theswitchhistory(forexample,haveyoureturnedtheswitchbefore,isthisarecurring
problem?)
AnypreviousReturnMaterialAuthorization(RMA)numbers
ThischapterprovidesanoverviewoftheSecureStackB3suniquefeaturesandfunctionality,an
overviewofthetasksthatmaybeaccomplishedusingtheCLIinterface,anoverviewofwaysto
managetheswitch,factorydefaultsettings,andinformationabouthowtousetheCommandLine
Interfacetoconfiguretheswitch.
EAPOL Disabled.
GARP timer Join timer set to 20 centiseconds; leave timer set to 60 centiseconds; leaveall
timer set to 1000 centiseconds.
1-2 Introduction
Factory Default Settings
IGMP snooping Disabled. When enabled, query interval is set to 260 seconds and response
time is set to 10 seconds.
IP mask and gateway Subnet mask set to 0.0.0.0; default gateway set to 0.0.0.0.
Lockout Set to disable Read-Write and Read-Only users, and to lockout the default
admin (Super User) account for 15 minutes, after 3 failed login attempts.
Logging Syslog port set to UDP port number 514. Logging severity level set to 6
(significant conditions) for all applications.
Passwords Set to an empty string for all default user accounts. User must press ENTER
at the password prompt to access CLI.
Port broadcast suppression Enabled and set to limit broadcast packets to 14,881 per second on all switch
ports
Port duplex mode Set to half duplex, except for 100BASE-FX and 1000BASE-X, which is set to
full duplex.
Port speed Set to 10 Mbps, except for 1000BASE-X, which is set to 1000 Mbps, and
100BASE-FX, which is set to 100 Mbps.
RADIUS last resort action When the client is enabled, set to Challenge.
SNMP Enabled.
SNTP Disabled.
Spanning Tree edge port Edge port administrative status begins with the value set to false initially after
administrative status the device is powered up. If a Spanning Tree BDPU is not received on the
port within a few seconds, the status setting changes to true.
Spanning Tree port priority All ports with bridge priority are set to 128 (medium priority).
SSH Disabled.
User names Login accounts set to ro for Read-Only access; rw for Read-Write access;
and admin for Super User access.
1-4 Introduction
Using the Command Line Interface
Username:admin
Password:
Enterasys SecureStack B3
Command Line Interface
B3(su)->
RefertotheinstructionsincludedwiththeTelnetapplicationforinformationaboutestablishinga
Telnetsession.
Logging In
Bydefault,theSecureStackB3switchisconfiguredwiththreeuserloginaccountsrofor
ReadOnlyaccess,rwforReadWriteaccess,andadminforsuperuseraccesstoallmodifiable
parameters.Thedefaultpasswordissettoablankstring.Forinformationonchangingthese
defaultsettings,refertoSettingUserAccountsandPasswordsonpage 32.
Note: Users with Read-Write (rw) and Read-Only access can use the set password command
(page 3-4) to change their own passwords. Administrators with Super User (su) access can use
the set system login command (page 3-3) to create and change user accounts, and the set
password command to change any local account password.
1-6 Introduction
Using the Command Line Interface
Syntax
show port status [port-string]
Defaults
Ifportstringisnotspecified,statusinformationforallportswillbedisplayed
B3(su)->show snmp ?
Enteringaquestionmark(?)withoutaspaceafterapartialkeywordwilldisplayalistof
commandsthatbeginwiththepartialkeyword.Figure 14showshowtousethisfunctionforall
commandsbeginningwithco:
B3(rw)->co?
configure copy
B3(su)->co
Note: At the end of the lookup display, the system will repeat the command you entered without the
?.
B3(su)->show mac
B3(su)->sh net
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
----- ------ ------ --------------------- --------------------- -------
TCP 0 0 10.21.73.13.23 134.141.190.94.51246 ESTABLISHED
TCP 0 275 10.21.73.13.23 134.141.192.119.4724 ESTABLISHED
TCP 0 0 *.80 *.* LISTEN
TCP 0 0 *.23 *.* LISTEN
UDP 0 0 10.21.73.13.1030 134.141.89.113.514
UDP 0 0 *.161 *.*
UDP 0 0 *.1025 *.*
UDP 0 0 *.123 *.*
1-8 Introduction
Using the Command Line Interface
Ctrl+N Scroll to next command in command history (use the CLI history command to
display the history).
1-10 Introduction
2
Configuring Switches in a Stack
ThischapterprovidesinformationaboutconfiguringSecureStackB3switchesinastack.
Note: You can mix SecureStack B2 and B3 switches in a single stack, although only the lowest
common denominator of functionality will be supported in a mixed stack. Refer to Issues Related to
Mixed Type Stacks on page 2-5 for information about configuring a mixed stack.
Onceinstalledinastack,theswitchesbehaveandperformasasingleswitchproduct.Assuch,
youcanstartwithasingleunitandaddmoreunitsasyournetworkexpands.Youcanalsomix
differentproductsinthefamilyinasinglestacktoprovideadesiredcombinationofporttypes
andfunctionstomatchtherequirementsofindividualapplications.Inallcases,astackofunits
performsasonelargeproduct,andismanagedasasinglenetworkentity.
WhenswitchesareinstalledandconnectedasdescribedintheSecureStackB3InstallationGuides,
thefollowingoccursduringinitialization:
Theswitchthatwillmanagethestackisautomaticallyestablished.Thisisknownasthe
managerswitch.
Allotherswitchesareestablishedasmembersinthestack.
Thehierarchyoftheswitchesthatwillassumethefunctionofbackupmanagerisalso
determinedincasethecurrentmanagermalfunctions,ispowereddown,orisdisconnected
fromthestack.
Theconsoleportonthemanagerswitchremainsactiveforoutofband(local)switch
management,buttheconsoleportoneachmemberswitchisdeactivated.Thisenablesyouto
settheIPaddressandsystempasswordusingasingleconsoleport.Noweachswitchcanbe
configuredlocallyusingonlythemanagersconsoleport,orinbandusingaremotedeviceand
theCLIsetofcommandsdescribedinthissection.
Onceastackiscreated(morethanoneswitchisinterconnected),thefollowingprocedureoccurs:
1. Bydefault,unitIDsarearbitrarilyassignedonafirstcome,firstservedbasis.
2. UnitIDsaresavedagainsteachmodule.Then,everytimeaboardispowercycled,itwill
initializewiththesameunitID.Thisisimportantforportspecificinformation(forexample:
ge.4.12isthe12thGigabitEthernetportonUnit#4).
3. Themanagementelectionprocessusesthefollowingprecedencetoassignamanagement
switch:
a. Previouslyassigned/electedmanagementunit
b. Managementassignedpriority(values115)
c. Hardwarepreferencelevel
d. HighestMACAddress
Usethefollowingrecommendedprocedureswheninstallinganewstackablesystemoraddinga
newunittoanexistingstack.
Important
The following procedures assume that all units have a clean configuration from manufacturing. When adding
a new unit to an already running stack, it is also assumed that the new unit is using the same firmware image
version as other units in the stack.
Notes: Ensure that each switch is fully operational before applying power to the next switch.
Since unit IDs are assigned on a first-come, first-served basis, this will ensure that unit IDs are
ordered sequentially.
Once unit IDs are assigned, they are persistent and will be retained during a power cycle to any or
all of the units.
3. (Optional)Ifdesired,changethemanagementunitusingthesetswitchmovemanagement
commandasdescribedinsetswitchmovemanagementonpage211.
4. Oncethedesiredmasterunithasbeenselected,resetthesystemusingtheresetcommandas
describedinresetonpage369.
5. Afterthestackhasbeenconfigured,youcanusetheshowswitchunitcommand(show
switchonpage27)tophysicallyidentifyeachunit.Whenyouenterthecommandwitha
unitnumber,theMGRLEDofthespecifiedswitchwillblinkfor10seconds.Thenormalstate
ofthisLEDisoffformemberunitsandsteadygreenforthemanagerunit.
B3(su)->show switch
Management Preconfig Plugged-in Switch Code
Switch Status Model ID Model ID Status Version
------ ------------ ------------- ------------- --------------------- --------
1 Mgmt Switch B3G124-48 B3G124-48 OK 1.00.xx
2 Unassigned B3G124-24 Not Present 00.00.00
Note: If you preconfigure a virtual switch and then add a physical switch of a different type to the
stack as that unit number, any configured functionality that cannot be supported on the physical
switch will cause a configuration mismatch status for that device and the ports of the new device will
join detached. You must clear the mismatch before the new device will properly join the stack.
Feature Support
BecausetheSecureStackB2andB3switcheshavedifferenthardwarearchitectures,the
functionalitysupportedbythetwoswitchtypesisdifferent.Whenthetwotypesofswitchesare
mixedinastack,thefunctionalitysupportedwillbethelowestcommondenominatoroffeatures
supportedonallplatforms.RefertothefirmwareReleaseNotesforinformationaboutsupported
features.
Configuration
Switch Manager
ItisrecommendedthataSecureStackB3switchbemadethemanagerofamixedstack.Usetheset
switchmovemanagementcommand(page211)tochangethemanagerunit.
Purpose
Toreview,individuallyconfigureandmanageswitchesinaSecureStackB3stack.
Commands
show switch
Usethiscommandtodisplayinformationaboutoneormoreunitsinthestack.
Syntax
show switch [status] [unit]
Parameters
status (Optional)Displayspowerandadministrativestatusinformationforone
ormoreunitsinthestack.
unit (Optional)Specifiestheunit(s)forwhichinformationwilldisplay.
Defaults
Ifnotspecified,statusandotherconfigurationinformationaboutallunitswillbedisplayed.
Mode
Switchcommand,readonly.
Usage
Afterastackhasbeenconfigured,youcanusethiscommandtophysicallyconfirmtheidentityof
eachunit.Whenyouenterthecommandwithaunitnumber,theMGRLEDofthespecified
switchwillblinkfor10seconds.ThenormalstateofthisLEDisoffformemberunitsandsteady
greenforthemanagerunit.
Examples
Thisexampleshowshowtodisplayinformationaboutallswitchunitsinthestack:
B3(rw)->show switch
Management Preconfig Plugged-in Switch Code
Switch Status Model ID Model ID Status Version
------ ------------ ------------- ------------- --------------------- --------
1 Mgmt Switch B3G124-24 B3G124-24 OK 01.00.xx
2 Stack Member B3G124-24 B3G124-24 OK 01.00.xx
3 Stack Member B3G124-24 B3G124-24 OK 01.00.xx
4 Stack Member B3G124-24 B3G124-24 OK 01.00.xx
5 Stack Member B3G124-24 B3G124-24 OK 01.00.xx
6 Stack Member B3G124-24 B3G124-24 OK 01.00.xx
7 Stack Member B3G124-24 B3G124-24 OK 01.00.xx
8 Stack Member B3G124-24 B3G124-24 OK 01.00.xx
Thisexampleshowshowtodisplayinformationaboutswitchunit1inthestack:
B3(ro)->show switch 1
Switch 1
Management Status Management Switch
Hardware Management Preference Unassigned
Admin Management Preference Unassigned
Switch Type B3G124-24
Preconfigured Model Identifier B3G124-24
Plugged-in Model Identifier B3G124-24
Switch Status OK
Switch Description Enterasys Networks, Inc. B3 -- Model
B3G124-24
Detected Code Version 01.00.xx
Syntax
show switch switchtype [switchindex]
Parameters
switchindex Specifiestheswitchindex(SID)oftheswitchtypetodisplay.
Defaults
None.
Mode
Switchcommand,readonly.
Examples
Thisexampleshowshowtodisplayswitchtypeinformationaboutallswitchesinthestack:
B3(su)->show switch switchtype
Mgmt Code
SID Switch Model ID Pref Version
--- -------------------------------- ---- ---------
1 B2G124-24 1 0xa08245
2 B2G124-48 1 0xa08245
3 B2G124-48P 1 0xa08245
4 B2H124-48 1 0xa08245
5 B2H124-48P 1 0xa08245
6 B3G124-24P 1 0xa08245
7 B3G124-48P 1 0xa08245
8 B3G124-48 1 0xa08245
9 B3G124-24 1 0xa08245
ThisexampleshowshowtodisplayswitchtypeinformationaboutSID1:
B3(rw)->show switch switchtype 1
Supported Cards:
Slot........................... 0
Card Index (CID)............... 1
Model Identifier............... B2G124-24
Syntax
show switch stack-ports [unit]
Parameters
unit SpecifiestheswitchunitID,anintegerrangingfrom1to8.
Defaults
None.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplaydataanderrorinformationonstackports:
B3(ro)->show switch stack-ports
------------TX-------------- ------------RX-----------
Data Error Data Error
Stacking Rate Rate Total Rate Rate Total
Switch Port (Mb/s) (Errors/s) Errors (Mb/s) (Errors/s) Errors
------ ---------- ------ ---------- ---------- ------ ---------- --------
1 Up 0 0 0 0 0 0
Down 0 0 0 0 0 0
set switch
UsethiscommandtoassignaswitchID,tosetaswitchspriorityforbecomingthemanagement
switchifthepreviousmanagementswitchfails,ortochangetheswitchunitIDforaswitchinthe
stack.
Syntax
set switch {unit [priority value | renumber newunit]}
Parameters
unit Specifiesaunitnumberfortheswitch.Valuecanrangefrom1to8.
priorityvalue Specifiesapriorityvaluefortheunit.Validvaluesare1to15withhigher
valuesassigninghigherpriority.
renumbernewunit Specifiesanewnumberfortheunit.
Note: This number must be a previously unassigned unit ID number.
Defaults
None.
Mode
Switchcommand,readwrite.
Examples
Thisexampleshowshowtoassignpriority3toswitch5:
B3(su)->set switch 5 priority 3
Thisexampleshowshowtorenumberswitch5toswitch7:
B3(su)->set switch 5 renumber 7
Syntax
set switch copy-fw [destination-system unit]
Parameters
destinationsystem (Optional)Specifiestheunitnumberofunitonwhichtocopythe
unit managementimagefile.
Defaults
Ifdestinationsystemisnotspecified,themanagementimagefilewillbereplicatedtoallswitches
inthestack.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoreplicatethemanagementimagefiletoallswitchesinthestack:
B3(su)->set switch copy-fw
Are you sure you want to copy firmware? (y/n) y
Syntax
set switch description unit description
Parameters
unit Specifiesaunitnumberfortheswitch.
description Specifiesatextdescriptionfortheunit.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoassignthenameFirstUnittoswitchunit1inthestack:
B3(su)->set switch description 1 FirstUnit
Syntax
set switch movemanagement fromunit tounit
Parameters
fromunit Specifiestheunitnumberofthecurrentmanagementswitch.
tounit Specifiestheunitnumberofthenewlydesignatedmanagementswitch.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtomovemanagementfunctionalityfromswitch1toswitch2:
B3(su)->set switch movemenagement 1 2
Moving stack management will unconfigure entire stack including all interfaces.
Are you sure you want to move stack management? (y/n) y
Syntax
set switch member unit switch-id
Parameters
unit Specifiesaunitnumberfortheswitch.
switchid SpecifiesaswitchID(SID)fortheswitch.SIDscanbedisplayedwiththe
showswitchswitchtypecommand.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
RefertoCreatingaVirtualSwitchConfigurationonpage24formoreinformationabouthowto
addavirtualswitchtoastack.
Example
Thisexampleshowshowtospecifyaswitchasunit1withaswitchIDof1:
B3(su)->set switch member 1 1
Syntax
clear switch member unit
Parameters
unit Specifiestheunitnumberoftheswitch.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoremovetheswitch5entryfromthestack:
B3(su)->clear switch member 5
Atstartup,theSecureStackB3switchisconfiguredwithmanydefaultsandstandardfeatures.
Thischapterdescribeshowtocustomizebasicsystemsettingstoadapttoyourworkenvironment.
Purpose
Tochangetheswitchsdefaultuserloginandpasswordsettings,andtoaddnewuseraccounts
andpasswords.
Commands
Thecommandsusedtoconfigureuseraccountsandpasswordsarelistedbelow.
Syntax
show system login
Parameters
None.
Defaults
None.
Mode
Switchcommand,superuser.
Example
Thisexampleshowshowtodisplayloginaccountinformation.Inthiscase,switchdefaultshave
notbeenchanged:
B3(su)->show system login
Password history size: 0
Password aging : disabled
Table 31providesanexplanationofthecommandoutput.
Syntax
set system login username {super-user | read-write | read-only} {enable | disable}
Parameters
username Specifiesaloginnameforaneworexistinguser.Thisstringcanbea
maximumof80characters,althoughamaximumof16charactersis
recommendedforproperviewingintheshowsystemlogindisplay.
superuser| Specifiestheaccessprivilegesforthisuser.
readwrite|
readonly
enable|disable Enablesordisablestheuseraccount.
Defaults
None.
Mode
Switchcommand,superuser.
Example
Thisexampleshowshowtoenableanewuseraccountwiththeloginnamenetopswithsuper
useraccessprivileges:
B3(su)->set system login netops super-user enable
Syntax
clear system login username
Parameters
username Specifiestheloginnameoftheaccounttobecleared.
Note: The default admin (su) account cannot be deleted.
Defaults
None.
Mode
Switchcommand,superuser.
Example
Thisexampleshowshowtoremovethenetopsuseraccount:
B3(su)->clear system login netops
set password
UsethiscommandtochangesystemdefaultpasswordsortosetanewloginpasswordontheCLI.
Syntax
set password [username]
Parameters
username (Onlyavailabletouserswithsuperuseraccess.)Specifiesasystemdefault
orauserconfiguredloginaccountname.Bydefault,theSecureStackB3
switchprovidesthefollowingaccountnames:
roforReadOnlyaccess.
rwforReadWriteaccess.
adminforSuperUseraccess.(ThisaccesslevelallowsReadWriteaccess
toallmodifiableparameters,includinguseraccounts.)
Defaults
None.
Mode
Switchcommand,readwrite.
Switchcommand,superuser.
Usage
ReadWriteuserscanchangetheirownpasswords.
SuperUsers(Admin)canchangeanypasswordonthesystem.
Examples
ThisexampleshowshowasuperuserwouldchangetheReadWritepasswordfromthesystem
default(blankstring):
B3(su)->set password rw
Please enter new password: ********
Please re-enter new password: ********
Password changed.
B3(su)->
ThisexampleshowshowauserwithReadWriteaccesswouldchangehispassword:
B3(su)->set password
Please enter old password: ********
Please enter new password: ********
Please re-enter new password: ********
Password changed.
B3(su)->
Syntax
set system password length characters
Parameters
characters Specifiestheminimumnumberofcharactersforauseraccountpassword.
Validvaluesare0to40.
Defaults
None.
Mode
Switchcommand,superuser.
Example
Thisexampleshowshowtosettheminimumsystempasswordlengthto8characters:
B3(su)->set system password length 8
Syntax
set system password aging {days | disable}
Parameters
days Specifiesthenumberofdaysuserpasswordswillremainvalidbefore
agingout.Validvaluesare1to365.
disable Disablespasswordaging.
Defaults
None.
Mode
Switchcommand,superuser.
Example
Thisexampleshowshowtosetthesystempasswordagetimeto45days:
B3(su)->set system password aging 45
Syntax
set system password history size
Parameters
size Specifiesthenumberofpasswordscheckedforduplication.Validvalues
are0to10.
Defaults
None.
Mode
Switchcommand,superuser.
Example
Thisexampleshowshowtoconfigurethesystemtocheckthelast10passwordsforduplication
B3(su)->set system password history 10
Syntax
show system lockout
Parameters
None.
Defaults
None.
Mode
Switchcommand,superuser.
Example
Thisexampleshowshowtodisplayuserlockoutsettings.Inthiscase,switchdefaultshavenot
beenchanged:
B3(su)->show system lockout
Lockout attempts: 3
Lockout time: 15 minutes.
Table 31providesanexplanationofthecommandoutput.Thesesettingsareconfiguredwiththe
setsystemlockoutcommand(setsystemlockoutonpage38).
Lockout attempts Number of failed login attempts allowed before a read-write or read-only users
account will be disabled.
Lockout time Number of minutes the default admin user account will be locked out after the
maximum login attempts.
Syntax
set system lockout {[attempts attempts] [time time]}
Parameters
attemptsattempts Specifiesthenumberoffailedloginattemptsallowedbeforeareadwrite
orreadonlyusersaccountwillbedisabled.Validvaluesare1to10.
timetime Specifiesthenumberofminutesthedefaultadminuseraccountwillbe
lockedoutafterthemaximumloginattempts.Validvaluesare0to60.
Defaults
None.
Mode
Switchcommand,superuser.
Example
Thisexampleshowshowtosetloginattemptsto5andlockouttimeto30minutes:
B3(su)->set system lockout attempts 5 time 30
Purpose
TodisplayandsetthesystemIPaddressandotherbasicsystem(switch)properties.
Commands
Thecommandsusedtosetbasicsysteminformationarelistedbelow.
show ip address
UsethiscommandtodisplaythesystemIPaddressandsubnetmask.
Syntax
show ip address
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplaythesystemIPaddressandsubnetmask:
B3(su)->show ip address
Name Address Mask
---------------- ---------------- ----------------
host 10.42.13.20 255.255.0.0
set ip address
UsethiscommandtosetthesystemIPaddress,subnetmaskanddefaultgateway.
Syntax
set ip address ip-address [mask ip-mask] [gateway ip-gateway]
Parameters
ipaddress SetstheIPaddressforthesystem.ForSecureStackB3systems,thisisthe
IPaddressofthemanagementswitchasdescribedinAboutSecureStack
B3SwitchOperationinaStackonpage21.
maskipmask (Optional)Setsthesystemssubnetmask.
gatewayipgateway (Optional)Setsthesystemsdefaultgateway(nexthopdevice).
Defaults
Ifnotspecified,ipmaskwillbesettothenaturalmaskoftheipaddressandipgatewaywillbesetto
theipaddress.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtosetthesystemIPaddressto10.1.10.1withamaskof255.255.128.0and
adefaultgatewayof10.1.0.1:
B3(su)->set ip address 10.1.10.1 mask 255.255.128.0 gateway 10.1.10.1
clear ip address
UsethiscommandtoclearthesystemIPaddress.
Syntax
clearipaddress
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoclearthesystemIPaddress:
B3(rw)->clear ip address
show ip protocol
UsethiscommandtodisplaythemethodusedtoacquireanetworkIPaddressforswitch
management.
Syntax
show ip protocol
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplaythemethodusedtoacquireanetworkIPaddress:
B3(su)->show ip protocol
System IP address acquisition method: dhcp
set ip protocol
UsethiscommandtospecifytheprotocolusedtoacquireanetworkIPaddressforswitch
management.
Syntax
set ip protocol {bootp | dhcp | none}
Parameters
bootp SelectBOOTPastheprotocoltousetoacquirethesystemIPaddress.
dhcp SelectDHCPastheprotocoltousetoacquirethesystemIPaddress.
none NoprotocolwillbeusedtoacquirethesystemIPaddress.
Defaults
Thedefaultisnone.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtosetthemethodusedtoacquireanetworkIPaddresstoDHCP.
B3(su)->set ip protocol dhcp
show system
Usethiscommandtodisplaysysteminformation,includingcontactinformation,powerandfan
traystatusanduptime.
Syntax
show system
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplaysysteminformation:
B3(su)->show system
System contact:John Smith
System location:Bldg10 2nd floor East
System name:10-2-B3
Switch 1
--------
PS1-Status PS2-Status
---------- ----------
Ok Not Installed and/or Not Operating
Fan1-Status Fan2-Status
----------- -----------
Ok Ok
Table 32providesanexplanationofthecommandoutput.
System contact Contact person for the system. Default of a blank string can be changed with the
set system contact command (set system contact on page 3-24).
System location Where the system is located. Default of a blank string can be changed with the
set system location command (set system location on page 3-24).
System name Name identifying the system. Default of a blank string can be changed with the
set system name command (set system name on page 3-22).
PS1 and PS2-Status Operational status for power supply 1 and, if installed, power supply 2.
Syntax
show system hardware
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplaythesystemshardwareconfiguration.Pleasenotethatthe
informationyouseedisplayedmaydifferfromthisexample.
B3(su)->show system hardware
SLOT HARDWARE INFORMATION
--------------------
Model: B3G124-24
Serial Number: 041800129041
Vendor ID: 0x0e10
Base MAC Address: 00:01:F4:5F:1D:E0
Hardware Version: BCM56504 REV 19
FirmWare Version: 1.00.xx
Boot Code Version: 01.00.17
Syntax
show system utilization {cpu | storage | process}
Parameters
cpu Displayinformationabouttheprocessorrunningontheswitch.
storage Displayinformationabouttheoverallmemoryusageontheswitch.
process Displayinformationabouttheprocessesrunningontheswitch.
Defaults
None.
Mode
Switchcommand,readonly.
Examples
ThisexampleshowshowtodisplaythesystemsCPUutilization:
B3(ro)->show system utilization cpu
Total CPU Utilization:
Thisexampleshowshowtodisplaythesystemsoverallmemoryusage:
B3(ro)->show system utilization storage
Storage Utilization:
Type Description Size(Kb) Available (Kb)
---------------------------------------------------------------
RAM RAM device 262144 97173
Flash Images, Config, Other 31095 8094
Thisexampleshowshowtodisplayinformationabouttheprocessesrunningonthesystem.Only
partialoutputisshown.
B3(ro)->show system utilization process
TID Name 5Sec 1Min 5Min
8d45148 captureTask 0.00% 0.00% 0.00%
8e264f8 poe_monitor 0.00% 0.01% 0.05%
8ea6d38 poe_read 0.80% 0.22% 0.20%
8eb7140 vlanDynEg 0.00% 0.00% 0.00%
8f0be10 tcdpSendTask 0.00% 0.00% 0.00%
8f1c0e8 tcdpTask 0.00% 0.00% 0.00%
...
Syntax
set system enhancedbuffermode {enable | disable}
Parameters
enable|disable Enablesordisablesenhancedbuffermode.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoenableenhancedbuffermode:
B3(su)->set system enhancedbuffermode enable
Changes in the enhanced buffer mode will require reseting this unit.
Are you sure you want to continue? (y/n)
show time
Usethiscommandtodisplaythecurrenttimeofdayinthesystemclock.
Syntax
showtime
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplaythecurrenttime.Theoutputshowsthedayoftheweek,
month,day,andthetimeofdayinhours,minutes,andsecondsandtheyear:
B3(su)->show time
THU SEP 05 09:21:57 2002
set time
Usethiscommandtochangethetimeofdayonthesystemclock.
Syntax
settime[mm/dd/yyyy][hh:mm:ss]
Parameters
[mm/dd/yyyy] Setsthetimein:
[hh:mm:ss]
month,day,yearand/or
24hourformat
Atleastonesetoftimeparametersmustbeentered.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtosetthesystemclockto7:50a.m:
B3(su)->set time 7:50:00
show summertime
Usethiscommandtodisplaydaylightsavingstimesettings.
Syntax
show summertime
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplaydaylightsavingstimesettings:
B3(su)->show summertime
Summertime is disabled and set to ''
Start : SUN APR 04 02:00:00 2004
End : SUN OCT 31 02:00:00 2004
Offset: 60 minutes (1 hours 0 minutes)
Recurring: yes, starting at 2:00 of the first Sunday of April and ending at 2:00
of the last Sunday of October
set summertime
Usethiscommandtoenableordisablethedaylightsavingstimefunction.
Syntax
set summertime {enable | disable} [zone]
Parameters
enable|disable Enablesordisablesthedaylightsavingstimefunction.
zone (Optional)Appliesanametothedaylightsavingstimesettings.
Defaults
Ifazonenameisnotspecified,nonewillbeapplied.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtoenabledaylightsavingstimefunction:
B3(su)->set summertime enable
Syntax
set summertime date start_month start_date start_year start_hr_min end_month
end_date end_year end_hr_min [offset_minutes]
Parameters
start_month Specifiesthemonthoftheyeartostartdaylightsavingstime.
start_date Specifiesthedayofthemonthtostartdaylightsavingstime.
start_year Specifiestheyeartostartdaylightsavingstime.
start_hr_min Specifiesthetimeofdaytostartdaylightsavingstime.Formatishh:mm.
end_month Specifiesthemonthoftheyeartoenddaylightsavingstime.
end_date Specifiesthedayofthemonthtoenddaylightsavingstime.
end_year Specifiestheyeartoenddaylightsavingstime.
end_hr_min Specifiesthetimeofdaytoenddaylightsavingstime.Formatishh:mm.
offset_minutes (Optional)Specifiestheamountoftimeinminutestooffsetdaylight
savingstimefromthenondaylightsavingstimesystemsetting.Valid
valuesare11440.
Defaults
Ifanoffsetisnotspecified,nonewillbeapplied.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtosetadaylightsavingstimestartdateofApril4,2004at2a.m.andan
endingdateofOctober31,2004at2a.m.withanoffsettimeofonehour:
B3(su)->set summertime date April 4 2004 02:00 October 31 2004 02:00 60
Syntax
set summertime recurring start_week start_day start_month start_hr_min end_week
end_day end_month end_hr_min [offset_minutes]
Parameters
start_week Specifiestheweekofthemonthtorestartdaylightsavingstime.Valid
valuesare:first,second,third,fourth,andlast.
start_day Specifiesthedayoftheweektorestartdaylightsavingstime.
start_hr_min Specifiesthetimeofdaytorestartdaylightsavingstime.Formatis
hh:mm.
end_week Specifiestheweekofthemonthtoenddaylightsavingstime.
end_day Specifiesthedayoftheweektoenddaylightsavingstime.
end_hr_min Specifiesthetimeofdaytoenddaylightsavingstime.Formatishh:mm.
offset_minutes (Optional)Specifiestheamountoftimeinminutestooffsetdaylight
savingstimefromthenondaylightsavingstimesystemsetting.Valid
valuesare11440.
Defaults
Ifanoffsetisnotspecified,nonewillbeapplied.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowsetdaylightsavingstimetorecurstartingonthefirstSundayofAprilat
2a.m.andendingthelastSundayofOctoberat2a.m.withanoffsettimeofonehour:
B3(su)->set summertime recurring first Sunday April 02:00 last Sunday October
02:00 60
clear summertime
Usethiscommandtoclearthedaylightsavingstimeconfiguration.
Syntax
clear summertime
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoclearthedaylightsavingstimeconfiguration:
B3(su)->clear summertime
set prompt
Usethiscommandtomodifythecommandprompt.
Syntax
set prompt prompt_string
Parameters
prompt_string Specifiesatextstringforthecommandprompt.
Note: A prompt string containing a space in the text must be enclosed
in quotes as shown in the example below.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtosetthecommandprompttoSwitch1:
B3(su)->set prompt Switch 1
Switch 1(su)->
Syntax
show banner motd
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplaythebannermessageoftheday:
B3(rw)->show banner motd
O Knights of Ni, you are just and
fair, and we will return with a shrubbery
-King Arthur
Syntax
setbannermotdmessage
Parameters
message Specifiesamessageoftheday.Thisisatextstringthatneedstobein
doublequotesifanyspacesareused.Usea\nforanewlineand\tfora
tab(eightspaces).
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtosetthemessageofthedaybannertoreadOKnightsofNi,youare
justandfair,andwewillreturnwithashrubberyKingArthur:
B3(rw)->set banner motd "O Knights of Ni, you are just and \n fair, and we will
return with a shrubbery \n \t -King Arthur"
Syntax
clear banner motd
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoclearthemessageofthedaybannertoablankstring:
B3(rw)->clear banner motd
show version
Usethiscommandtodisplayhardwareandfirmwareinformation.RefertoDownloadingaNew
FirmwareImageonpage338forinstructionsonhowtodownloadafirmwareimage.
Syntax
show version
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplayversioninformation.Pleasenotethatyoumayseedifferent
informationdisplayed,dependingonthetypeofhardwareinthestack.
B3(su)->show version
Copyright (c) 2005 by Enterasys Networks, Inc.
Syntax
setsystemname[string]
Parameters
string (Optional)Specifiesatextstringthatidentifiesthesystem.
Note: A name string containing a space in the text must be enclosed in
quotes as shown in the example below.
Defaults
Ifstringisnotspecified,thesystemnamewillbecleared.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtosetthesystemnametoInformationSystems:
B3(su)->set system name Information Systems
Syntax
set system location [string]
Parameters
string (Optional)Specifiesatextstringthatindicateswherethesystemis
located.
Note: A location string containing a space in the text must be
enclosed in quotes as shown in the example below.
Defaults
Ifstringisnotspecified,thelocationnamewillbecleared.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtosetthesystemlocationstring:
B3(su)->set system location Bldg N32-04 Closet 9
Syntax
set system contact [string]
Parameters
string (Optional)Specifiesatextstringthatcontainsthenameofthepersonto
contactforsystemadministration.
Note: A contact string containing a space in the text must be enclosed
in quotes as shown in the example below.
Defaults
Ifstringisnotspecified,thecontactnamewillbecleared.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtosetthesystemcontactstring:
B3(su)->set system contact Joe Smith
set width
Usethiscommandtosetthenumberofcolumnsfortheterminalconnectedtotheswitchsconsole
port.
Syntax
set width screenwidth [default]
Parameters
screenwidth Setsthenumberofterminalcolumns.Validvaluesare50to150.
default (Optional)Makesthissettingpersistentforallfuturesessions(writtento
NVRAM).
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
ThenumberofrowsofCLIoutputdisplayedissetusingthesetlengthcommandasdescribedin
setlengthonpage325.
Example
Thisexampleshowshowtosettheterminalcolumnsto50:
B3(su)->set width 50
set length
UsethiscommandtosetthenumberoflinestheCLIwilldisplay.Thiscommandispersistent
(writtentoNVRAM).
Syntax
set length screenlength
Parameters
screenlength SetsthenumberoflinesintheCLIdisplay.Validvaluesare0,which
disablesthescrollingscreenfeaturedescribedinDisplayingScrolling
Screensonpage18,andfrom5to512.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtosettheterminallengthto50:
B3(su)->set length 50
show logout
Usethiscommandtodisplaythetime(inseconds)anidleconsoleorTelnetCLIsessionwill
remainconnectedbeforetimingout.
Syntax
show logout
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplaytheCLIlogoutsetting:
B3(su)->show logout
Logout currently set to: 10 minutes.
set logout
Usethiscommandtosetthetime(inminutes)anidleconsoleorTelnetCLIsessionwillremain
connectedbeforetimingout.
Syntax
set logout timeout
Parameters
timeout Setsthenumberofminutesthesystemwillremainidlebeforetimingout.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtosetthesystemtimeoutto10minutes:
B3(su)->set logout 10
show console
Usethiscommandtodisplayconsolesettings.
Syntax
show console [baud] [bits] [flowcontrol] [parity] [stopbits]
Parameters
baud (Optional)Displaystheinput/outputbaudrate.
bits (Optional)Displaysthenumberofbitspercharacter.
flowcontrol (Optional)Displaysthetypeofflowcontrol.
parity (Optional)Displaysthetypeofparity.
stopbits (Optional)Displaysthenumberofstopbits.
Defaults
Ifnoparametersarespecified,allsettingswillbedisplayed.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplayallconsolesettings:
B3(su)->show console
Baud Flow Bits StopBits Parity
------ ------- ---- ---------- ------
9600 Disable 8 1 none
Syntax
set console baud rate
Parameters
rate Setstheconsolebaudrate.Validvaluesare:300,600,1200,2400,4800,5760,
9600,14400,19200,38400,and115200.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtosettheconsoleportbaudrateto19200:
B3(su)->set console baud 19200
Note: All members of a stack must be licensed in order to support licensed features in a stack
environment. If the master unit in a stack has an activated license, all member units also must have
an activated license in order to operate. If the master unit in a stack does not have an activated
license, then the licensed functionality will not be available to member units, even if they have
licenses installed.
Note: Since license keys are applied to the correct stack member switch automatically, based on
the switch serial number that is part of the license string, you should know the serial numbers of the
switches in order to enable the licenses of the member switches first, before the master unit.
3. Enablethelicensesonthestackmembersfirst,beforeenablingthemasterunit,usingtheset
licensecommand(page331).Forexample:
B3(rw)->set license INCREMENT B2Policyadvrouterpolicy 2006.0127 27-jan-2011
0123456789AB 0123456789AB
4. Enablethelicenseontheswitchmasterunitlast,usingthesetlicensecommand.
Commands
Thecommandsusedtoactivateandverifylicensedfeaturesarelistedbelow.
set license
UsethiscommandtoactivatetheSecureStackB3licensedfeatures.
Syntax
set license type feature DBV expiration key hostid
Parameters
type Specifiesthetypeoflicense.FortheSecureStackB3,thevalueinthisfield
isalwaysINCREMENT.
feature Thenameofthefeaturebeinglicensed.
DBV Adaterelatedstringgeneratedaspartofthelicense.
expiration Indicateswhetherthelicenseisapermanentoranevaluationlicense.If
thelicenseisanevaluationlicense,thisfieldwillcontaintheexpiration
dateofthelicense.Ifthelicenseisapermanentlicense,thisfieldwill
containthewordpermanent.
key Thelicensekey.
hostid Theserialnumberoftheswitchtowhichthislicenseapplies.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
Ifmultipleswitchesareusedinastack,anindividuallicenseisrequiredforeachstackmember.
RefertoLicensingProcedureinaStackEnvironmentonpage329formoreinformation.
Whenactivatinglicenseswiththiscommand,EnterasysNetworksrecommendsthatyoucopyand
pastetheentirelicensecharacterstring,ratherthanenterthetextmanually.Ifyouenterthe
characterstringmanually,ensurethatyouexactlymatchthecapitalizationofthecharacterstring
senttoyou.
Everylicenseisassociatedwithaspecifichardwareplatform,basedontheserialnumberofthe
hardwareplatform.Ifyouneedtomovealicensefromonehardwareplatformtoanother,you
mustcontactEnterasysCustomerSupporttoarrangeforrehostingofthelicense.
Example
Thisexampleshowshowtoactivateapermanentlicensekeyontheswitchwithserialnumber
045100039001.Inthisexample,theswitchisastandaloneunitsoitsunitnumberis1.
B3(rw)->set license INCREMENT policy 2006.0728 permanent 31173CAC6495
045100039001
Validating license on unit 1
License successfully validated and set on unit 1
B3(rw)->
show license
Usethiscommandtodisplaylicensekeyinformationforswitcheswithactivatedlicenses.
Syntax
show license [unit number]
Parameters
unitnumber (Optional)Specifiestheswitchinastackforwhichtodisplaylicense
information.
RefertoChapter 2,ConfiguringSwitchesinaStack,formore
informationaboutstackunitIDs,ornumbers.
Defaults
Ifnounitnumberisspecified,licensekeyinformationforallswitchesinthestackisdisplayed.
Mode
Switchcommand,readonly.
Usage
Licensescanbedisplayed,applied,andclearedonlywiththelicensecommandsdescribedinthis
chapter.Generalconfigurationcommandssuchasshowconfigorclearconfigdonotaffect
licenses.
Example
Thisexampleshowshowtodisplaylicensekeyinformatioinforswitchunit1inthestack.
B3(ro)->show license unit 1
unit 1
key: INCREMENT policy 2006.0728 permanent 31173CAC6495 045100039001
status: Active
clear license
Usethiscommandtoclearthelicensekeysettings.Ifmultipleswitchesareusedinthestack,you
canusetheallparametertoclearalltheswitchesatonce.
Syntax
clear license featureId feature {all | unit number}
Parameters
featureIDfeature Thenameofthefeaturebeingcleared.
all Clearsthelicensekeysettingsonallunitsinthestack.
unitnumber Clearsthelicensekeysettingsonthespecifiedswitch.Unitnumbercan
rangefrom1to8.
RefertoChapter 2,ConfiguringSwitchesinaStackformore
informationaboutstackunitIDs,ornumbers.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
Ifyouclearalicensefromamemberunitinastackwhilethemasterunithasanactivatedlicense,
thestatusofthememberunitwillchangetoConfigMismatchanditsportswillbedetached
fromthestack(thatis,willnotpasstraffic).
Ifyouclearalicensefromthemasterunitofastack,thememberunitswillremainattachedtothe
stackbutthelicensedfunctionalitywillnolongerbeavailabletothememberunits,evenifthey
havelicensesinstalled.
Licensescanbedisplayed,applied,andclearedonlywiththelicensecommandsdescribedinthis
chapter.Generalconfigurationcommandssuchasshowconfigorclearconfigdonotaffect
licenses.
Examples
ThisexampleshowshowtoclearthePolicylicensedfeatureonstackunit3.
B3(rw)->clear license featureId policy unit 3
ThisexampleshowshowtoclearthePolicylicensedfeatureonalltheunitsinastack:
B3(rw)->clear license featureId policy all
Purpose
ToreviewandsetPoEparameters,includingthepoweravailabletothesystem,theusage
thresholdforeachmodule,whetherornotSNMPtrapmessageswillbesentwhenpowerstatus
changes,andperportPoEsettings.
Commands
ThecommandsusedtoreviewandsetPoEportparametersarelistedbelow.
show inlinepower
UsethiscommandtodisplayswitchPoEproperties.
Syntax
show inlinepower
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplayswitchPoEproperties.Inthiscase,units1,3,and5arePoE
modules,sotheirpowerconfigurationsdisplay:
B3(su)->show inlinepower
Syntax
set inlinepower threshold usage-threshold module-number
Parameters
usagethreshold SpecifiesaPoEthresholdasapercentageoftotalsystempowerusage.
Validvaluesare11to100.
modulenumber SpecifiestheunitonwhichtosetthePoEthreshold.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtosetthePoEthresholdto50onunit1:
B3(su)->set inlinepower threshold 50 1
Syntax
set inlinepower trap {disable | enable} module-number
Parameters
disable|enable DisablesorenablesPoEtrapmessaging.
modulenumber Specifiestheunitonwhichtodisableorenabletrapmessaging.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoenablePoEtrapmessagingonunit1:
B3(su)->set inlinepower trap enable 1
Syntax
show port inlinepower [port-string]
Parameters
portstring (Optional)DisplaysinformationforspecificPoEport(s).
Defaults
Ifnotspecified,informationforallPoEportswillbedisplayed.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplayPoEinformationforFastEthernetports1through6inunit1.
Inthiscase,theportsadministrativestate,PoEpriorityandclasshavenotbeenchangedfrom
defaultvalues:
Syntax
set port inlinepower port-string {[admin {off | auto}] [priority {critical | high
| low}] [type type]}
Parameters
portstring Specifiestheport(s)onwhichtoconfigurePoE.
adminoff|auto SetsthePoEadministrativestatetooff(disabled)orauto(on).
prioritycritical| Setstheport(s)priorityforthePoEallocationalgorithmtocritical
high|low (highest),highorlow.
typetype Specifiesastringdescribingthetypeofdeviceconnectedtoaport.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoenablePoEonportfe.3.1withcriticalpriority:
B3(su)->set port inlinepower fe.3.1 admin auto priority critical
Password: *************
2. Beforethebootupcompletes,type2toselectStartBootMenu.Useadministratorfor
thePassword.
Note: The above Boot Menu password administrator can be changed using boot menu option
11.
Options available
1 - Start operational code
2 - Change baud rate
3 - Retrieve event log using XMODEM (64KB).
4 - Load new operational code using XMODEM
5 - Display operational code vital product data
6 - Run Flash Diagnostics
7 - Update Boot Code
8 - Delete operational code
9 - Reset the system
10 - Restore Configuration to factory defaults (delete config files)
11 - Set new Boot Code password
[Boot Menu] 2
3. Type2.Thefollowingbaudrateselectionscreendisplays:
1 - 1200
2 - 2400
3 - 4800
4 - 9600
5 - 19200
6 - 38400
7 - 57600
8 - 115200
0 - no change
4. Type8tosettheswitchbaudrateto115200.Thefollowingmessagedisplays:
Setting baud rate to 115200, you must change your terminal baud rate.
5. Settheterminalbaudrateto115200andpressENTER.
6. Fromthebootmenuoptionsscreen,type4toloadnewoperationalcodeusingXMODEM.
WhentheXMODEMtransferiscomplete,thefollowingmessageandheaderinformationwill
display:
[Boot Menu] 4
Ready to receive the file with XMODEM/CRC....
Ready to RECEIVE File xcode.bin in binary mode
Send several Control-X characters to cCKCKCKCKCKCKCK
MD5 Checksum....................fe967970996c4c8c43a10cd1cd7be99a
Boot File Identifier............0x0517
Header Version..................0x0100
Image Type......................0x82
Image Offset....................0x004d
Image length....................0x006053b3
Ident Strings Length............0x0028
Ident Strings...................
B2G124-24
B2G124-48
B2H124-48
B2K124_24
7. Fromthebootmenuoptionsscreen,type2todisplaythebaudrateselectionscreenagain.
8. Type4settheswitchbaudrateto9600.Thefollowingmessagedisplays:
Setting baud rate to 9600, you must change your terminal baud rate.
9. Settheterminalbaudrateto9600andpressENTER.
10. Fromthebootmenuoptionsscreen,type1tostartthenewoperationalcode.Thefollowing
messagedisplays:
Operational Code Date: Tue Jun 29 08:34:05 2004
Uncompressing.....
Purpose
Todisplayandsettheimagefiletheswitchloadsatstartup.TheB3switchallowsyouto
downloadandstoreabackupimage,whichcanbeselectedasthestartupimagebyusingthe
commandsdescribedinthissection.
Commands
Thecommandsusedtoreviewandselecttheswitchsbootimagefilearelistedbelow.
Syntax
show boot system
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplaytheswitchsbootfirmwareimage:
B3(su)->show boot system
Current system image to boot: bootfile
Syntax
set boot system filename
Parameters
filename Specifiesthenameofthefirmwareimagefile.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtosetthebootfirmwareimagefiletonewimage:
B3(su)->set boot system newimage
Purpose
ToenableordisableTelnet,andtostartaTelnetsessiontoaremotehost.TheSecureStackB3
switchallowsatotaloffourinboundand/oroutboundTelnetsessiontorunsimultaneously.
Commands
Thecommandsusedtoenable,startandconfigureTelnetarelistedbelow.
telnet 3-44
show telnet
UsethiscommandtodisplaythestatusofTelnetontheswitch.
Syntax
show telnet
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplayTelnetstatus:
B3(su)->show telnet
Telnet inbound is currently: ENABLED
Telnet outbound is currently: ENABLED
set telnet
UsethiscommandtoenableordisableTelnetontheswitch.
Syntax
set telnet {enable | disable} [inbound | outbound | all]
Parameters
enable|disable EnablesordisablesTelnetservices.
inbound| (Optional)Specifiesinboundservice(theabilitytoTelnettothisswitch),
outbound|all outboundservice(theabilitytoTelnettootherdevices),orall(both
inboundandoutbound).
Defaults
Ifnotspecified,bothinboundandoutboundTelnetservicewillbeenabledordisabled.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtodisableinboundandoutboundTelnetservices:
B3(su)->set telnet disable all
Disconnect all telnet sessions and disable now (y/n)? [n]: y
All telnet sessions have been terminated, telnet is now disabled.
telnet
UsethiscommandtostartaTelnetconnectiontoaremotehost.TheSecureStackB3switchallows
atotaloffourinboundand/oroutboundTelnetsessiontorunsimultaneously.
Syntax
telnet host [port]
Parameters
host SpecifiesthenameorIPaddressoftheremotehost.
port (Optional)Specifiestheserverportnumber.
Defaults
Ifnotspecified,thedefaultportnumber23willbeused.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtostartaTelnetsessiontoahostat10.21.42.13:
B3(su)->telnet 10.21.42.13
Purpose
TosetandviewthepersistencemodeforCLIconfigurationcommands,manuallysavethe
runningconfiguration,view,manage,andexecuteconfigurationfilesandimagefiles,andsetand
viewTFTPparameters.
Commands
dir 3-47
configure 3-49
copy 3-50
delete 3-50
Syntax
show snmp persistmode
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplaytheconfigurationpersistencemodesetting.Inthiscase,
persistencemodeissettomanual,whichmeansconfigurationchangesarenotbeing
automaticallysaved.
B3(su)->show snmp persistmode
persistmode is manual
Syntax
set snmp persistmode {auto | manual}
Parameters
auto Setstheconfigurationpersistencemodetoautomatic.Thisisthedefault
state.
manual Setstheconfigurationpersistencemodetomanual.Inordertomake
configurationchangespersistent,thesaveconfigcommandmustbe
issuedasdescribedinsaveconfigonpage347.Thismodeisusefulfor
revertingbacktooldconfigurations.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtosettheconfigurationpersistencemodetomanual:
B3(su)->set snmp persistmade manual
save config
Usethiscommandtosavetherunningconfigurationonallswitchmembersinastack.
Syntax
save config
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtosavetherunningconfigurationonallswitchmembersinastack:
B3(su)->save config
dir
Usethiscommandtolistconfigurationandimagefilesstoredinthefilesystem.
Syntax
dir [filename]
Parameters
filename (Optional)Specifiesthefilenameordirectorytolist.
Defaults
Iffilenameisnotspecified,allfilesinthesystemwillbedisplayed.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtolistalltheconfigurationandimagefilesinthesystem:
B3(su)->dir
Images:
==================================================================
Filename: b3-series_01.00.29
Version: 01.00.29
Size: 8011776 (bytes)
Date: Fri Nov 17 15:39:43 2006
CheckSum: c24db8386712924dda3bf156575f0e08
Compatibility: B3G124-24, B3G124-24P, B3G124-48, B3G124-48P
Files: Size
================================ ========
configs:
b3-series_01.00.19.cfg 24677
b3-series_01.00.14.cfg 24677
b3-series_01.00.22.cfg 24677
b3-series_01.00.23.cfg 24677
b3-series_01.00.29.cfg 24677
b3-series_01.00.45.cfg 24677
logs:
current.log 142865
show config
Usethiscommandtodisplaythesystemconfigurationorwritetheconfigurationtoafile.
Syntax
show config [all | facility] [outfile {configs/filename}]
Parameters
all (Optional)Displaysdefaultandnondefaultconfigurationsettings.
facility (Optional)Exactnameofonefacilityforwhichtoshowconfiguration.For
example,enterroutertoshowrouteronlyconfiguration.
outfile (Optional)Specifiesthatthecurrentconfigurationwillbewrittentoatext
fileintheconfigs/directory.
configs/filename Specifiesafilenameintheconfigs/directorytodisplay.
Defaults
Bydefault,showconfigwilldisplayallnondefaultconfigurationinformationforallfacilities.
Mode
Switchcommand,readonly.
Usage
Theseparatefacilitiesthatcanbedisplayedbythiscommandareidentifiedinthedisplayofthe
currentconfigurationbya#precedingthefacilityname.Forexample,#portindicatesthefacility
nameport.
Examples
Thisexampleshowshowtowritethecurrentconfigurationtoafilenamedsave_config2:
B3(rw)->show config all outfile configs/save_config2
Thisexampleshowshowtodisplayconfigurationforthefacilityport:
B3(rw)->show config port
This command shows non-default configurations only.
Use 'show config all' to show both default and non-default configurations.
begin
!
#***** NON-DEFAULT CONFIGURATION *****
!
!
#port
set port jumbo disable ge.1.1
!
end
configure
Usethiscommandtoexecuteapreviouslydownloadedconfigurationfilestoredontheswitch.
Syntax
configure filename [append]
Parameters
filename Specifiesthepathandfilenameoftheconfigurationfiletoexecute.
append (Optional)Appendstheconfigurationfilecontentstothecurrent
configuration.Thisisequivalenttotypingthecontentsoftheconfigfile
directlyintotheCLIandcanbeused,forexample,tomakeincremental
adjustmentstothecurrentconfiguration.
Defaults
Ifappendisnotspecified,thecurrentrunningconfigurationwillbereplacedwiththecontentsof
theconfigurationfile,whichwillrequireanautomatedresetofthechassis.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoexecutetheJan1_2004.cfgconfigurationfile:
B3(su)->configure configs/Jan1_2004.cfg
copy
UsethiscommandtouploadordownloadanimageoraCLIconfigurationfile.
Syntax
copy source destination
Parameters
source Specifieslocationandnameofthesourcefiletocopy.Optionsarealocalfile
pathintheconfigsdirectory,ortheURLofaTFTPserver.
destination Specifieslocationandnameofthedestinationwherethefilewillbecopied.
Optionsareaslotlocationandfilename,ortheURLofaTFTPserver.
Defaults
None.
Mode
Switchcommand,readwrite.
Examples
ThisexampleshowshowtodownloadanimageviaTFTP:
B3(su)->copy tftp://10.1.192.34/version01000 system:image
Thisexampleshowshowtodownloadaconfigurationfiletotheconfigsdirectory:
B3(su)->copy tftp://10.1.192.1/Jan1_2004.cfg configs/Jan1_2004.cfg
delete
UsethiscommandtoremoveanimageoraCLIconfigurationfilefromtheSecureStackB3system.
Syntax
delete filename
Parameters
filename Specifiesthelocalpathnametothefile.Validdirectoriesare/imagesand
/configs.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
Usetheshowconfigcommandasdescribedonpage348todisplaycurrentimageand
configurationfilenames.
Example
ThisexampleshowshowtodeletetheJan1_2004.cfgconfigurationfile:
B3(su)->delete configs/Jan1_2004.cfg
Syntax
show tftp settings
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Usage
TheTFTPtimeoutvaluecanbesetwiththesettftptimeoutcommand.TheTFTPretryvaluecan
besetwiththesettftpretrycommand.
Example
Thisexampleshowstheoutputofthiscommand.
B3(ro)->show tftp settings
TFTP packet timeout (seconds): 2
TFTP max retry: 5
Syntax
set tftp timeout seconds
Parameters
seconds Specifiesthenumberofsecondstowaitforareply.Thevalidrangeis
from1to30seconds.Defaultvalueis2seconds.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexamplesetsthetimeoutperiodto4seconds.
B3(rw)->set tftp timeout 4
Syntax
clear tftp timeout
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoclearthetimeoutvaluetothedefaultof2seconds.
B3(rw)-> clear tftp timeout
Syntax
set tftp retry retry
Parameters
retry Specifiesthenumberoftimesapacketwillberesent.The
validrangeisfrom1to1000.Defaultvalueis5retries.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexamplesetstheretrycountto3.
B3(rw)->set tftp retry 3
Syntax
clear tftp retry
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtocleartheretryvaluetothedefaultof5retries.
B3(rw)-> clear tftp retry
Configuring CDP
Purpose
ToreviewandconfiguretheEnterasysCDPdiscoveryprotocol.Thisprotocolisusedtodiscover
networktopology.Whenenabled,thisprotocolallowsEnterasysdevicestosendperiodicPDUs
aboutthemselvestoneighboringdevices.
Commands
ThecommandsusedtoreviewandconfiguretheCDPdiscoveryprotocolarelistedbelow.
show cdp
UsethiscommandtodisplaythestatusoftheCDPdiscoveryprotocolandmessageintervalon
oneormoreports.
Syntax
show cdp [port-string]
Parameters
portstring (Optional)DisplaysCDPstatusforaspecificport.Foradetaileddescription
ofpossibleportstringvalues,refertoPortStringSyntaxUsedintheCLI
onpage41.
Defaults
Ifportstringisnotspecified,allCDPinformationwillbedisplayed.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplayCDPinformationforportsfe.1.1throughfe.1.9:
B3(su)->show cdp fe.1.1-9
CDP Global Status :auto-enable
CDP Version Supported :30 hex
Port Status
-----------------
fe.1.1 auto-enable
fe.1.2 auto-enable
fe.1.3 auto-enable
fe.1.4 auto-enable
fe.1.5 auto-enable
fe.1.6 auto-enable
fe.1.7 auto-enable
fe.1.8 auto-enable
fe.1.9 auto-enable
Table 34providesanexplanationofthecommandoutput.
CDP Global Status Whether CDP is globally auto-enabled, enabled or disabled. The default state of
auto-enabled can be reset with the set cdp state command. For details, refer to set
cdp state on page 3-56.
CDP Hold Time Minimum time interval (in seconds) at which CDP configuration messages can be
set. The default of 180 seconds can be reset with the set cdp hold-time command.
For details, refer to set cdp hold-time on page 3-58.
CDP Authentication Authentication code for CDP discovery protocol. The default of 00-00-00-00-00-00-
Code 00-00 can be reset using the set cdp auth command. For details, refer to set cdp
auth on page 3-56.
CDP Transmit Frequency (in seconds) at which CDP messages can be transmitted. The default of
Frequency 60 seconds can be reset with the set cdp interval command. For details, refer to set
cdp interval on page 3-57.
Port Port designation. For a detailed description of possible port-string values, refer to
Port String Syntax Used in the CLI on page 4-1.
Syntax
set cdp state {auto | disable | enable} [port-string]
Parameters
auto|disable| Autoenables,disablesorenablestheCDPprotocolonthespecifiedport(s).
enable Inautoenablemode,whichisthedefaultmodeforallports,aport
automaticallybecomesCDPenableduponreceivingitsfirstCDPmessage.
portstring (Optional)EnablesordisablesCDPonspecificport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage41.
Defaults
Ifportstringisnotspecified,theCDPstatewillbegloballyset.
Mode
Switchcommand,readwrite.
Examples
ThisexampleshowshowtogloballyenableCDP:
B3(su)->set cdp state enable
ThisexampleshowshowtoenabletheCDPforportfe.1.2:
B3(su)->set cdp state enable fe.1.2
ThisexampleshowshowtodisabletheCDPforportfe.1.2:
B3(su)->set cdp state disable fe.1.2
Syntax
set cdp auth auth-code
Parameters
authcode SpecifiesanauthenticationcodefortheCDPprotocol.Thiscanbeupto16
hexadecimalvaluesseparatedbycommas.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
TheauthenticationcodevaluedeterminesaswitchsCDPdomain.Iftwoormoreswitcheshave
thesameCDPauthenticationcode,theywillbeenteredintoeachothersCDPneighbortables.If
theyhavedifferentauthenticationcodes,theyareindifferentdomainsandwillnotbeentered
intoeachothersCDPneighbortables.
Aswitchwiththedefaultauthenticationcode(16nullcharacters)willrecognizeallswitches,no
matterwhattheirauthenticationcode,andenterthemintoitsCDPneighbortable.
Example
ThisexampleshowshowtosettheCDPauthenticationcodeto1,2,3,4,5,6,7,8:
B3(su)->set cdp auth 1,2,3,4,5,6,7,8:
Syntax
set cdp interval frequency
Parameters
frequency SpecifiesthetransmitfrequencyofCDPmessagesinseconds.Validvalues
arefrom5to900seconds.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtosettheCDPintervalfrequencyto15seconds:
B3(su)->set cdp interval 15
Syntax
set cdp hold-time hold-time
Parameters
holdtime SpecifiestheholdtimevalueforCDPmessagesinseconds.Validvaluesare
from15to600.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtosetCDPholdtimeto60seconds:
B3(su)->set cdp hold-time 60
clear cdp
UsethiscommandtoresetCDPdiscoveryprotocolsettingstodefaults.
Syntax
clear cdp {[state] [port-state port-string] [interval] [hold-time] [auth-code]}
Parameters
state (Optional)ResetstheglobalCDPstatetoautoenabled.
portstateportstring (Optional)Resetstheportstateonspecificport(s)toautoenabled.
interval (Optional)Resetsthemessagefrequencyintervalto60seconds.
holdtime (Optional)Resetstheholdtimevalueto180seconds.
authcode (Optional)Resetstheauthenticationcodeto16bytesof00(000000
0000000000).
Defaults
Atleastoneoptionalparametermustbeentered.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoresettheCDPstatetoautoenabled:
B3(su)->clear cdp state
show neighbors
ThiscommanddisplaysNeighborDiscoveryinformationforeithertheCDPorCiscoDP
protocols.
Syntax
show neighbors [port-string]
Parameters
portstring (Optional)SpecifiestheportorportsforwhichtodisplayNeighbor
Discoveryinformation.
Defaults
Ifnoportisspecified,allNeighborDiscoveryinformationisdisplayed.
Mode
Switchcommand,readonly.
Usage
ThiscommanddisplaysinformationdiscoveredbyboththeCDPandtheCiscoDPprotocols.
Example
ThisexampledisplaysNeighborDiscoveryinformationforallports.
B3(su)->show neighbors
Purpose
ToreviewandconfiguretheCiscodiscoveryprotocol.Discoveryprotocolsareusedtodiscover
networktopology.Whenenabled,theyallowCiscodevicestosendperiodicPDUsabout
themselvestoneighboringdevices.Specifically,thisfeatureenablesrecognizingPDUsfromCisco
phones.Atableofinformationaboutdetectedphonesiskeptbytheswitchandcanbequeriedby
thenetworkadministrator.
Commands
ThecommandsusedtoreviewandconfiguretheCiscodiscoveryprotocolarelistedbelow.Refer
alsotoshowneighborsonpage359.
show ciscodp
UsethiscommandtodisplayglobalCiscodiscoveryprotocolinformation.
Syntax
show ciscodp
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplayglobalCiscoDPinformation.
B3(su)->show ciscodp
CiscoDP :Enabled
Timer :5
Holdtime (TTl): 180
Device ID : 001188554A60
Last Change : WED NOV 08 13:19:56 2006
Table 35providesanexplanationofthecommandoutput.
CiscoDP Whether Cisco DP is globally enabled or disabled. Auto indicates that Cisco DP will
be globally enabled only if Cisco DP PDUs are received.
Default setting of auto-enabled can be reset with the set ciscodp status command.
Timer The number of seconds between Cisco discovery protocol PDU transmissions. The
default of 60 seconds can be reset with the set ciscodp timer command.
Holdtime Number of seconds neighboring devices wil hold PDU transmissions from the
sending device. Default value of 180 can be changed with the set ciscodp holdtime
command.
Last Change The time that the last Cisco DP neighbor was discovered.
Syntax
show ciscodp port info [port-string]
Parameters
portstring (Optional)DisplaysCiscoDPinformationforaspecificport.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage41.
Defaults
Ifportstringisnotspecified,CiscoDPinformationforallportswillbedisplayed.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplayCiscoDPinformationforGigabitEthernetport1inunit1.
B3(su)->show ciscodp port info ge.1.1
Port Port designation. For a detailed description of possible port-string values, refer to
Port String Syntax Used in the CLI on page 4-1.
State Whether Cisco DP is enabled, disabled or auto-enabled on the port. Default state of
enabled can be changed using the set ciscodp port command.
v vid Whether a voice VLAN ID has been set on this port. Default of none can be changed
using the set ciscodp port command.
trusted The trust mode of the port. Default of trusted can be changed using the set ciscodp
port command.
cos The Class of Service priority value for untrusted traffic. The default of 0 can be
changed using the set ciscodp port command.
Syntax
set ciscodp state {auto | disable | enable}
Parameters
auto GloballyenableonlyifCiscoDPPDUsarereceived.
disable GloballydisableCiscodiscoveryprotocol.
enable GloballyenableCiscodiscoveryprotocol.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtogloballyenableCiscoDP:
B3(su)->set ciscodp state enable
Syntax
set ciscodp timer seconds
Parameters
seconds SpecifiesthenumberofsecondsbetweenCiscoDPPDUtransmissions.
Validvaluesarefrom5to254seconds.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtosettheCiscoDPtimerto120seconds.
B3(su)->set ciscodp timer 120
Syntax
set ciscodp holdtime hold-time
Parameters
holdtime SpecifiesthetimetoliveforCiscoDPPDUs.Validvaluesarefrom10to255
seconds.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtosetCiscoDPholdtimeto180seconds:
B3(su)->set ciscodp hold-time 180
Syntax
set ciscodp port { [status {disable | enable}] [ vvid {vlan-id | none | dot1p |
untagged}] [trusted {yes | no}] [cos value] } port-string
Parameters
status SettheCiscoDPportoperationalstatus.
disable DonottransmitorprocessCiscoDPPDUs.
enable TransmitandprocessCiscoDPPDUs.
vvid SettheportvoiceVLANforCiscoDPPDUtransmission.
vlanid SpecifytheVLANID,range14094.
none NovoiceVLANwillbeusedinCiscoDPPDUs.Thisisthedefault.
dot1p Instructattachedphonetosend802.1ptaggedframes.
untagged Instructattachedphonetosenduntaggedframes.
trusted Settheextendedtrustmodeontheport.
yes Instructattachedphonetoallowthedeviceconnectedtoittotransmit
trafficcontaininganyCoSorLayer2802.1pmarking.Thisisthedefault
value.
no Instructattachedphonetooverwritethe802.1ptagoftraffic
transmittedbythedeviceconnectedtoitto0,bydefault,ortothevalue
configuredwiththecosparameter.
cosvalue Instructattachedphonetooverwritethe802.1ptagoftraffic
transmittedbythedeviceconnectedtoitwiththespecifiedvalue,when
thetrustmodeoftheportissettountrusted.Valuecanrangefrom0to
7,with0indicatingthelowestpriority.
portstring Specifiestheport(s)onwhichstatuswillbeset.
Defaults
Status:enabled
VoiceVLAN:none
Trustmode:trusted
CoSvalue:0
Mode
Switchmode,readwrite.
Usage
ThefollowingpointsdescribehowtheCiscoDPextendedtrustsettingsworkontheswitch.
ACiscoDPporttruststatusoftrustedoruntrustedisonlymeaningfulwhenaCiscoIPphone
isconnectedtoaswitchportandaPCorotherdeviceisconnectedtothebackoftheCiscoIP
phone.
ACiscoDPportstateoftrustedoruntrustedonlyaffectstaggedtraffictransmittedbythe
deviceconnectedtotheCiscoIPphone.Untaggedtraffictransmittedbythedeviceconnected
totheCiscoIPphoneisunaffectedbythissetting.
IftheswitchportisconfiguredtoaCiscoDPtruststateoftrusted(withthetrustedyes
parameterofthiscommand),thissettingiscommunicatedtotheCiscoIPphoneinstructingit
toallowthedeviceconnectedtoittotransmittrafficcontaininganyCoSorLayer2802.1p
marking.
IftheswitchportisconfiguredtoaCiscoDPtruststateofuntrusted(trustedno),thissetting
iscommunicatedtotheCiscoIPphoneinstructingittooverwritethe802.1ptagoftraffic
transmittedbythedeviceconnectedtoitto0,bydefault,ortothevaluespecifiedbythecos
parameterofthiscommand.
Thereisaonetoonecorrelationbetweenthevaluesetwiththecosparameterandthe802.1p
valueassignedtoingressedtrafficbytheCiscoIPphone.Avalueof0equatestoan802.1p
priorityof0.Therefore,avalueof7isgiventhehighestpriority.
Note: The Cisco Discovery Protocol must be globally enabled using the set ciscodp status
command before operational status can be set on individual ports.
Examples
ThisexampleshowshowtosettheCiscoDPportvoiceVLANIDto3onportfe.1.6andenablethe
portoperationalstate.
B3(rw)->set ciscodp port status enable vvid 3 fe.1.6
ThisexampleshowshowtosettheCiscoDPextendedtrustmodetountrustedonportfe.1.5and
settheCoSpriorityto1.
B3(rw)->set ciscodp port trusted no cos 1 fe.1.5
clear ciscodp
UsethiscommandtocleartheCiscodiscoveryprotocolbacktothedefaultvalues.
Syntax
clear ciscodp [status | timer | holdtime | port {status | vvid | trust | cos}
[port-string] } ]
Parameters
status ClearglobalCiscoDPenablestatustodefaultofauto.
timer ClearthetimebetweenCiscoDPPDUtransmissionstodefaultof60
seconds.
holdtime ClearthetimetoliveforCiscoDPPDUdatatodefaultof180seconds.
port CleartheCiscoDPportconfiguration.
status Cleartheindividualportoperationalstatustothedefaultofenabled.
vvid CleartheindividualportvoiceVLANforCiscoDPPDUtransmissionto
0.
trust Clearthetrustmodeconfigurationoftheporttotrusted.
cos CleartheCoSpriorityforuntrustedtrafficoftheportto0.
portstring (Optional)Specifiestheport(s)onwhichstatuswillbeset.
Defaults
Ifnoparametersareentered,allCiscoDPparametersareresettothedefaultsgloballyandforall
ports.
Mode
Switchmode,readwrite.
Examples
ThisexampleshowshowtoclearalltheCiscoDPparametersbacktothedefaultsettings.
B3(rw)->clear ciscodp
ThisexampleshowshowtocleartheCiscoDPstatusonportfe.1.5.
B3(rw)->clear ciscodp port status fe.1.5
Purpose
TocleartheCLIscreenortocloseyourCLIsession.
Commands
ThecommandsusedtoclearandclosetheCLIsessionarelistedbelow.
cls 3-67
exit 3-68
Syntax
cls
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtocleartheCLIscreen:
B3(su)->cls
exit
UseeitherofthesecommandstoleaveaCLIsession.
Syntax
exit
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Usage
Bydefault,switchtimeoutoccursafter15minutesofuserinactivity,automaticallyclosingyour
CLIsession.Usethesetlogoutcommand(page326)tochangethisdefault.
Example
ThisexampleshowshowtoexitaCLIsession:
B3(su)->exit
Purpose
Toresetoneormoreswitches,andtocleartheuserdefinedconfigurationparameters.
Commands
Thecommandsusedtoresettheswitchandcleartheconfigurationarelistedbelow.
reset 3-69
reset
Usethiscommandtoresettheswitchwithoutlosinganyuserdefinedconfigurationsettings.
Syntax
reset [unit]
Parameters
unit (Optional)Specifiesaunittobereset.
Defaults
If no unit ID is specified, the entire system will be reset.
Mode
Switchcommand,readwrite.
Usage
ASecureStackB3switchcanalsoberesetwiththeRESETbuttonlocatedonitsfrontpanel.For
informationonhowtodothis,refertotheSecureStackB3InstallationGuideshippedwithyour
switch.
Examples
Thisexampleshowshowtoresetthesystem:
B3(su)->reset
Are you sure you want to reload the stack? (y/n) y
Thisexampleshowshowtoresetunit1inthestack:
B3(su)->reset 1
Are you sure you want to reload the switch? (y/n) y
Reloading switch 1.
This switch is manager of the stack.
STACK: detach 3 units
clear config
Usethiscommandtocleartheuserdefinedconfigurationparameters.
Syntax
clear config [all]
Parameters
all (Optional)Clearsuserdefinedconfigurationparametersandstackunit
numbersandpriorities.
Defaults
Ifallisnotspecified,stackingconfigurationparameterswillnotbecleared.
Mode
Switchcommand,readwrite.
Usage
Whenusingtheclearconfigcommandtoclearconfigurationparametersinastack,itisimportant
torememberthefollowing:
UseclearconfigtoclearconfigurationparameterswithoutclearingstackunitIDs.This
commandWILLNOTclearstackparametersandavoidstheprocessofrenumberingthe
stack.
Useclearconfigallwhenitisnecessarytoclearallconfigurationparameters,includingstack
unitIDsandswitchpriorityvalues.
UsetheclearipaddresscommandtocleartheIPaddress.
Configurationparametersandstackinginformationcanalsobeclearedonthemasterunitonlyby
selectingoption10(restoreconfigurationtofactorydefaults)fromthebootmenuonswitch
startup.Thisselectionwillleavestackingprioritiesonallotherunits.
Example
Thisexampleshowshowtoclearconfigurationparametersincludingstackingparameters:
B3(su)->clear config all
Purpose
Bydefault,WebView(TheEnterasysNetworksembeddedwebserverforswitchconfiguration
andmanagementtasks)isenabledonTCPportnumber80ontheSecureStackB3switch.Youcan
verifyWebViewstatus,andenableordisableWebViewusingthecommandsdescribedinthis
section.WebViewcanalsobesecurelyusedoverSSLport443,ifSSLisenabledontheswitch.By
default,SSLisdisabled.
TouseWebView,typetheIPaddressoftheswitchinyourbrowser.TouseWebViewoverSSL,
typeinhttps://thentheIPaddressoftheswitch.Forexample,https://172.16.2.10.
Commands
ThecommandstoconfigureWebViewandSSLaredescribedbelow.
show webview
UsethiscommandtodisplayWebViewstatus.
Syntax
show webview
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplayWebViewstatus:
B3(rw)->show webview
WebView is Enabled.
set webview
UsethiscommandtoenableordisableWebViewontheswitch.
Syntax
set webview {enable | disable}
Parameters
enable|disable EnableordisableWebViewontheswitch.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
ItisgoodpracticeforsecurityreasonstodisableHTTPaccessontheswitchwhenfinished
configuringwithWebView,andthentoonlyenableWebViewontheswitchwhenchangesneedto
bemade.
Example
ThisexampleshowshowtodisableWebViewontheswitch:
B3(rw)->set webview disable
show ssl
UsethiscommandtodisplaySSLstatus.
Syntax
showssl
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplaySSLstatus:
B3(rw)->show ssl
SSL status: Enabled
set ssl
UsethiscommandtoenableordisabletheuseofWebViewoverSSLport443.Bydefault,SSLis
disabledontheswitch.Thiscommandcanalsobeusedtoreinitializethehostkeythatisusedfor
encryption.
Syntax
set ssl {enabled | disabled | reinitialize | hostkey reinitialize}
Parameters
enabled|disabled EnableordisabletheabilitytouseWebViewoverSSL.
reinitialize StopsandthenrestartstheSSLprocess.
hostkeyreinitialize StopsSSL,regeneratesnewkeys,andthenrestartsSSL.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoenableSSL:
B3(rw)->set ssl enabled
ThischapterdescribesthePortConfigurationsetofcommandsandhowtousethem.
Portnumbercanbe:
148fortheB3G12448andB3G12448P
124fortheB3G12424andB3G12448
Thehighestvalidportnumberisdependentonthenumberofportsinthedeviceandtheport
type.
Examples
Note: You can use a wildcard (*) to indicate all of an item. For example, fe.3.* would represent all
100Mbps Ethernet (fe) ports in unit 3 in the stack.
Thisexampleshowstheportstringsyntaxforspecifyingthe100MbpsEthernetports1through10
inunit1inthestack.
fe.1.1-10
Thisexampleshowstheportstringsyntaxforspecifyingthe1GigabitEthernetport14inunit3in
thestack.
ge.3.14
Thisexampleshowstheportstringsyntaxforspecifyingthefirst10GigabitEthernetportofunit3
inthestack.
tg.3.25
Thisexampleshowstheportstringsyntaxforspecifyingall1GigabitEthernetportsinunit3in
thestack.
ge.3.*
Thisexampleshowstheportstringsyntaxforspecifyingallports(ofanyinterfacetype)inallunits
inthestack.
*.*.*
Purpose
Todisplayoperatingstatus,duplexmode,speed,porttype,andstatisticalinformationabout
trafficreceivedandtransmittedthroughoneorallswitchportsonthedevice.
Commands
Thecommandsusedtoreviewportstatusarelistedbelow.
show port
Usethiscommandtodisplaywhetherornotoneormoreportsareenabledforswitching.
Syntax
show port [port-string]
Parameters
portstring (Optional)Displaysoperationalstatusforspecificport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage41.
Defaults
Ifportstringisnotspecified,operationalstatusinformationforallportswillbedisplayed.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplayoperationalstatusinformationforfe.3.14:
B3(su)->show port fe.3.14
Port fe.3.14 enabled
Syntax
show port status [port-string]
Parameters
portstring (Optional)Displaysstatusforspecificport(s).Foradetaileddescriptionof
possibleportstringvalues,refertoPortStringSyntaxUsedintheCLIon
page41.
Defaults
Ifportstringisnotspecified,statusinformationforallportswillbedisplayed.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplaystatusinformationforfe.3.14:
B3(su)->show port status fe.3.14
Table 41providesanexplanationofthecommandoutput.
Syntax
show port counters [port-string] [switch | mib2]
Parameters
portstring (Optional)Displayscounterstatisticsforspecificport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage41.
switch|mib2 (Optional)DisplaysswitchorMIB2statistics.Switchstatisticsdetail
performanceoftheSecureStackB3device.MIB2interfacestatisticsdetail
performanceofallnetworkdevices.
Defaults
Ifportstringisnotspecified,counterstatisticswillbedisplayedforallports.
Ifmib2orswitcharenotspecified,allcounterstatisticswillbedisplayedforthespecifiedport(s).
Mode
Switchcommand,readonly.
Examples
Thisexampleshowshowtodisplayallcounterstatistics,includingMIB2networktrafficand
trafficthroughthedeviceforfe.3.1:
B3(su)->show port counters fe.3.1
Thisexampleshowshowtodisplayallfe.3.1portcounterstatisticsrelatedtotrafficthroughthe
device.
B3(su)->show port counters fe.3.1 switch
Table 42providesanexplanationofthecommandoutput.
Purpose
Todisableandreenableoneormoreports,andtoassignanaliastoaport.Bydefault,allportsare
enabledatdevicestartup.Youmaywanttodisableportsforsecurityortotroubleshootnetwork
issues.Portsmayalsobeassignedanaliasforconvenience.
Commands
Thecommandsusedtoenable,disable,andnameportsarelistedbelow.
Syntax
set port disable port-string
Parameters
portstring Specifiestheport(s)todisable.Foradetaileddescriptionofpossibleport
stringvalues,refertoPortStringSyntaxUsedintheCLIonpage41.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtodisablefe.1.1:
B3(su)->set port disable fe.1.1
Syntax
set port enable port-string
Parameters
portstring Specifiestheport(s)toenable.Foradetaileddescriptionofpossibleport
stringvalues,refertoPortStringSyntaxUsedintheCLIonpage41.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoenablefe.1.3:
B3(su)->set port enable fe.1.3
Syntax
show port alias [port-string]
Parameters
portstring (Optional)Displaysaliasname(s)forspecificport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntax
UsedintheCLIonpage41.
Defaults
Ifportstringisnotspecified,aliasesforallportswillbedisplayed.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplayaliasinformationforports13onunit3:
B3(rw)->show port alias ge.3.1-3
Port ge.3.1 user
Port ge.3.2 user
Port ge.3.3 Admin
Syntax
set port alias port-string [name]
Parameters
portstring Specifiestheporttowhichanaliaswillbeassigned.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntax
UsedintheCLIonpage41.
name (Optional)Assignsanaliasnametotheport.Ifthealiasnamecontains
spaces,thetextstringmustbesurroundedbydoublequotes.Maximum
lengthis60characters.
Defaults
Ifnameisnotspecified,thealiasassignedtotheportwillbecleared.
Mode
Switchcommand,readwrite.
Examples
ThisexampleshowshowtoassignthealiasAdmintoge.3.3:
B3(rw)->set port alias ge.3.3 Admin
Thisexampleshowshowtoclearthealiasforge.3.3:
B3(rw)->set port alias ge.3.3
Purpose
ToreviewandsettheoperationalspeedinMbpsandthedefaultduplexmode:Half,forhalf
duplex,orFull,forfullduplexforoneormoreports.
Note: These settings only take effect on ports that have auto-negotiation disabled.
Commands
Thecommandsusedtoreviewandsetportspeedandduplexmodearelistedbelow.
Syntax
show port speed [port-string]
Parameters
portstring (Optional)Displaysdefaultspeedsetting(s)forspecificport(s).Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage41.
Defaults
Ifportstringisnotspecified,defaultspeedsettingsforallportswilldisplay.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplaythedefaultspeedsettingfor1GigabitEthernetport14in
unit 3:
B3(su)->show port speed ge.3.14
default speed is 10 on port ge.3.14.
Syntax
set port speed port-string {10 | 100 | 1000}
Parameters
portstring Specifiestheport(s)forwhichtoaspeedvaluewillbeset.Fora
detaileddescriptionofpossibleportstringvalues,refertoPort
StringSyntaxUsedintheCLIonpage41.
10|100|1000 Specifiestheportspeed.Validvaluesare:10 Mbps,100 Mbps,or
1000 Mbps.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtosetfe.3.3toaportspeedof10 Mbps:
B3(su)->set port speed fe.3.3 10
Syntax
show port duplex [port-string]
Parameters
portstring (Optional)Displaysdefaultduplexsetting(s)forspecificport(s).
Foradetaileddescriptionofpossibleportstringvalues,referto
PortStringSyntaxUsedintheCLIonpage41.
Defaults
Ifportstringisnotspecified,defaultduplexsettingsforallportswillbedisplayed.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplaythedefaultduplexsettingforGigabitEthernetport14in
unit 3:
B3(su)->show port duplex ge.3.14
default duplex mode is full on port ge.3.14.
Syntax
set port duplex port-string {full | half}
Parameters
portstring Specifiestheport(s)forwhichduplextypewillbeset.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntax
UsedintheCLIonpage41.
full|half Setstheport(s)tofullduplexorhalfduplexoperation.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtosetFastEthernetport17inunit1tofullduplex:
B3(su)->set port duplex fe.1.17 full
Purpose
Toreview,enable,anddisablejumboframesupportononeormoreports.ThisallowsGigabit
Ethernetportstotransmitframesupto10KBinsize.
Commands
Thecommandsusedtoreview,enableanddisablejumboframesupportarelistedbelow.
Syntax
show port jumbo [port-string]
Parameters
portstring (Optional)Displaysthestatusofjumboframesupportforspecific
port(s).Foradetaileddescriptionofpossibleportstringvalues,referto
PortStringSyntaxUsedintheCLIonpage41.
Defaults
Ifportstringisnotspecified,jumboframesupportstatusforallportswilldisplay.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplaythestatusofjumboframesupportforge.1.1:
B3(su)->show port jumbo ge.1.1
Syntax
set port jumbo {enable | disable} [port-string]
Parameters
enable|disable Enablesordisablesjumboframesupport.
portstring (Optional)Specifiestheport(s)onwhichtodisableorenablejumbo
framesupport.Foradetaileddescriptionofpossibleportstringvalues,
refertoPortStringSyntaxUsedintheCLIonpage41.
Defaults
Ifportstringisnotspecified,jumboframesupportwillbeenabledordisabledonallports.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoenablejumboframesupportforGigabitEthernetport14inunit3:
B3(su)->set port jumbo enable ge.3.14
Syntax
clear port jumbo [port-string]
Parameters
portstring (Optional)Specifiestheport(s)onwhichtoresetjumboframe
supportstatustoenabled.Foradetaileddescriptionofpossible
portstringvalues,refertoPortStringSyntaxUsedintheCLIon
page41.
Defaults
Ifportstringisnotspecified,jumboframesupportstatuswillberesetonallports.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoresetjumboframesupportstatusforGigabitEthernetport14in
unit 3:
B3(su)->clear port jumbo ge.3.14
Purpose
Toreview,disableorenableautonegotiation,andtoconfigureportadvertisementforspeedand
duplex.
Duringautonegotiation,theporttellsthedeviceattheotherendofthesegmentwhatits
capabilitiesandmodeofoperationare.Ifautonegotiationisdisabled,theportrevertstothe
valuesspecifiedbydefaultspeed,defaultduplex,andtheportflowcontrolcommands.
Innormaloperation,withallcapabilitiesenabled,advertisedabilityenablesaporttoadvertise
thatithastheabilitytooperateinanymode.Theusermaychoosetoconfigureaportsothatonly
aportionofitscapabilitiesareadvertisedandtheothersaredisabled.
Note: Advertised ability can be activated only on ports that have auto-negotiation enabled.
Commands
Thecommandsusedtoreviewandconfigureautonegotiationandadvertisedabilityarelisted
below:
Syntax
show port negotiation [port-string]
Parameters
portstring (Optional)Displaysautonegotiationstatusforspecificport(s).Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage41.
Defaults
Ifportstringisnotspecified,autonegotiationstatusforallportswillbedisplayed.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplayautonegotiationstatusfor1GigabitEthernetport14in
unit 3:
B3(su)->show port negotiation ge.3.14
auto-negotiation is enabled on port ge.3.14.
Syntax
set port negotiation port-string {enable | disable}
Parameters
portstring Specifiestheport(s)forwhichtoenableordisableautonegotiation.Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage41.
enable|disable Enablesordisablesautonegotiation.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtodisableautonegotiationon1GigabitEthernetport3inunit14:
B3(su)->set port negotiation ge.3.14 disable
Syntax
show port advertise [port-string]
Parameters
portstring (Optional)Displaysadvertisedabilityforspecificport(s).Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage41.
Defaults
Ifportstringisnotspecified,advertisementforallportswillbedisplayed.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplayadvertisementstatusforGigabitports13and14:
B3(su)->show port advertise ge.1.13-14
ge.1.13 capability advertised remote
-------------------------------------------------
10BASE-T yes yes yes
10BASE-TFD yes yes yes
100BASE-TX yes yes yes
100BASE-TXFD yes yes yes
1000BASE-T no no no
1000BASE-TFD yes yes yes
pause yes yes no
Syntax
set port advertise {port-string}{10t | 10tfd | 100tx | 100txfd | 1000t | 1000tfd
| pause}
Parameters
portstring Selecttheportsforwhichtoconfigureadvertisements.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage41.
10t Advertise10BASEThalfduplexmode.
10tfd Advertise10BASETfullduplexmode.
100tx Advertise100BASETXhalfduplexmode.
100txfd Advertise100BASETXfullduplexmode.
1000t Advertise1000BASEThalfduplexmode.
1000tfd Advertise1000BASETfullduplexmode.
pause AdvertisePAUSEforfullduplexlinks.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoconfigureport1toadvertise1000BASETfullduplex:
B3(su)->set port advertise ge.1.1 1000tfd
Syntax
clear port advertise {port-string}{10t | 10tfd | 100tx | 100txfd | 1000t | 1000tfd
| pause}
Parameters
portstring Clearadvertisementsforspecificport(s).Foradetaileddescriptionof
possibleportstringvalues,refertoPortStringSyntaxUsedinthe
CLIonpage41.
10t Donotadvertise10BASEThalfduplexmode.
10tfd Donotadvertise10BASETfullduplexmode.
100tx Donotadvertise100BASETXhalfduplexmode.
100txfd Donotadvertise100BASETXfullduplexmode.
1000t Donotadvertise1000BASEThalfduplexmode.
1000tfd Donotadvertise1000BASETfullduplexmode.
pause DonotadvertisePAUSEforfullduplexlinks.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoconfigureport1tonotadvertise10MBcapabilityforauto
negotiation:
B3(su)->clear port advertise ge.1.1 10t 10tfd
Purpose
Toreview,enableordisableportflowcontrol.Flowcontrolisusedtomanagethetransmission
betweentwodevicesasspecifiedbyIEEE 802.3xtopreventreceivingportsfrombeing
overwhelmedbyframesfromtransmittingdevices.
Commands
Thecommandsusedtoreviewandsetportflowcontrolarelistedbelow:
show flowcontrol
Usethiscommandtodisplaytheflowcontrolstate.
Syntax
show flowcontrol
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplaytheportflowcontrolstate:
B3(su)->show flowcontrol
Flow control status: enabled
set flowcontrol
Usethiscommandtoenableordisableflowcontrol.
Syntax
set flowcontrol {enable | disable}
Parameters
enable|disable Enablesordisablesflowcontrolsettings.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoenableflowcontrol:
B3(su)->set flowcontrol enable
Purpose
Todisableorreenablelinktraps,displaylinktrapstatus,andtoconfigurethelinkflapping
detectionfunction.Bydefault,allportsareenabledtosendSNMPtrapmessagesindicating
changestotheirlinkstatus(upordown).
Thelinkflapfunctiondetectswhenalinkisgoingupanddownrapidly(alsocalledlink
flapping)onaphysicalport,andtakestherequiredactions(disableport,andeventuallysend
notificationtrap)tostopsuchacondition.Ifleftunresolved,thelinkflappingconditioncanbe
detrimentaltonetworkstabilitybecauseitcantriggerSpanningTreeandroutingtable
recalculation.
Commands
Syntax
show port trap [port-string]
Parameters
portstring (Optional)Displayslinktrapstatusforspecificport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage41.
Defaults
Ifportstringisnotspecified,thetrapstatusforallportswillbedisplayed.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtodisplaylinktrapstatusforfe.3.1through4:
B3(su)->show port trap fe.3.1-4
Link traps enabled on port fe.3.1.
Link traps enabled on port fe.3.2.
Link traps enabled on port fe.3.3.
Link traps enabled on port fe.3.4.
Syntax
set port trap port-string {enable|disable}
Parameters
portstring Specifiestheport(s)forwhichtoenableordisableporttraps.Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage41.
enable|disable Enablesordisablessendingtrapmessageswhenlinkstatuschanges.
Defaults
Sendingtrapswhenlinkstatuschangesisenabledbydefault.
Mode
Switchcommand,readwrite.
Example
ThefollowingexampledisablessendingtraponFastEthernetport1onunit3.
B3(su)->set port trap fe.3.1 disable
show linkflap
Usethiscommandtodisplaylinkflapdetectionstateandconfigurationinformation.
Syntax
show linkflap {globalstate | portstate | parameters | metrics | portsupported |
actsupported | maximum | downports | action | operstatus | threshold | interval]
| downtime | currentcount | totalcount | timelapsed | violations [port-string]}
Parameters
globalstate Displaystheglobalenablestateoflinkflapdetection.
portstate Displaystheportenablestateoflinkflapdetection.
parameters Displaysthecurrentvalueofsettablelinkflapdetectionparameters.
metrics Displayslinkflapdetectionmetrics.
portsupported Displaysportswhichcansupportthelinkflapdetectionfunction.
actsupported Displayslinkflapdetectionactionssupportedbysystemhardware.
maximum Displaysthemaximumallowedlinkdownsper10secondssupported
bysystemhardware.
downports Displaysportsdisabledbylinkflapdetectionduetoaviolation.
action Displayslinkflapactionstakenonviolatingport(s).
operstatus Displayswhetherlinkflaphasdeactivatedport(s).
threshold Displaysthenumberofallowedlinkdowntransitionsbeforeactionis
taken.
interval Displaysthetimeperiodforcountinglinkdowntransitions.
downtime Displayshowlongviolatingport(s)aredeactivated.
currentcount Displayshowmanylinkdowntransitionsareinthecurrentinterval.
totalcount Displayshowmanylinkdowntransitionshaveoccurredsincethelast
reset.
timelapsed Displaysthetimeperiodsincethelastlinkdowneventorreset.
violations Displaysthenumberoflinkflapviolationssincethelastreset.
portstring (Optional)Displaysinformationforspecificport(s).
Defaults
Ifnotspecified,informationaboutalllinkflapdetectionsettingswillbedisplayed.
Ifportstringisnotspecified,informationforallportswillbedisplayed.
Mode
Switchmode,readonly.
Usage
Thelinkflapdefaultconditionsareshowninthefollowingtable.
Linkflap interval 5
Linkflap threshold 10
(number of allowed link down transitions before action is taken)
Examples
Thisexampleshowshowtodisplaytheglobalstatusofthelinktrapdetectionfunction:
B3(rw)->show linkflap globalstate
Linkflap feature globally disabled
Thisexampleshowshowtodisplayportsdisabledbylinkflapdetectionduetoaviolation:
B3(rw)->show linkflap downports
Ports currently held DOWN for Linkflap violations:
None.
Thisexampleshowshowtodisplaythelinkflapparameterstable:
B3(rw)->show linkflap parameters
Linkflap Port Settable Parameter Table (X means error occurred)
Port LF Status Actions Threshold Interval Downtime
-------- --------- ------- ---------- ---------- ----------
ge.1.1 disabled ....... 10 5 300
ge.1.2 enabled D..S..T 3 5 300
ge.1.3 disabled ...S..T 10 5 300
Table 43providesanexplanationoftheshowlinkflapparameterscommandoutput.
Actions Actions to be taken if the port violates allowed link flap behavior.
D = disabled, S = Syslog entry will be generated, T= SNMP trap
will be generated.
Threshold Number of link down transitions necessary to trigger the link flap
action.
Interval Time interval (in seconds) for accumulating link down transitions.
Downtime Interval (in seconds) port(s) will be held down after a link flap
violation.
Thisexampleshowshowtodisplaythelinkflapmetricstable:
B3(rw)->show linkflap metrics
Port LinkStatus CurrentCount TotalCount TimeElapsed Violations
-------- ----------- ------------ ---------- ----------- -------------
ge.1.1 operational 0 0 241437 0
ge.1.2 disabled 4 15 147 5
ge.1.3 operational 3 3 241402 0
Table 44providesanexplanationoftheshowlinkflapmetricscommandoutput.
CurrentCount Link down count accruing toward the link flap threshold.
TimeElapsed Time (in seconds) since the last link down event.
Violations Number of link flap violations on listed ports since system start.
Syntax
set linkflap globalstate {disable | enable}
Parameters
disable|enable Globallydisablesorenablesthelinkflapdetectionfunction.
Defaults
Bydefault,thefunctionisdisabledgloballyandonallports.
Mode
Switchmode,readwrite.
Usage
Bydefault,thefunctionisdisabledgloballyandonallports.Ifdisabledgloballyafterperport
settingshavebeenconfiguredusingthelinkflapcommands,perportsettingswillberetained.
Example
Thisexampleshowshowtogloballyenablethelinktrapdetectionfunction.
B3(rw)->set linkflap globalstate enable
Syntax
set linkflap portstate {disable | enable} [port-string]
Parameters
disable|enable Disablesorenablesthelinkflapdetectionfunction.
portstring (Optional)Specifiestheportorportsonwhichtodisableorenable
monitoring.
Defaults
Ifportstringisnotspecified,allportsareenabledordisabled.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoenablethelinktrapmonitoringonallports.
B3(rw)->set linkflap portstate enable
Syntax
set linkflap interval port-string interval-value
Parameters
portstring Specifiestheport(s)onwhichtosetthelinkflapinterval.
intervalvalue Specifiesanintervalinseconds.Avalueof0willsettheintervalto
forever.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtosetthelinkflapintervalonportfe.1.4to1000seconds.
B3(rw)->set linkflap interval fe.1.4 1000
Syntax
set linkflap action port-string {disableInterface | gensyslogentry | gentrap |
all}
Parameters
portstring Specifiestheport(s)onwhichtosetthelinkflapaction.
disableInterface Setsthereactionasdisablingtheinterface.
gensyslogentry Setsthereactionasgeneratingasyslogentry.
gentrap SetsthereactionasgeneratinganSNMPtrap.
all Setsthereactionasalloftheabove.
Defaults
None.
Mode
Switchmode,readwrite.
Example
Thisexampleshowshowtosetthelinkflapviolationactiononportfe.1.4togeneratingaSyslog
entry.
B3(rw)->set linkflap action fe.1.4 gensyslogentry
Syntax
clear linkflap action [port-string] {disableInterface | gensyslogentry | gentrap
| all}
Parameters
portstring (Optional)Specifiestheport(s)onwhichtoclearthelinkflapaction.
disableInterface Clearsthereactionasdisablingtheinterface.
gensyslogentry Clearsthereactionasgeneratingasyslogentry.
gentrap ClearsthereactionasgeneratinganSNMPtrap.
all Clearsthereactionasalloftheabove.
Defaults
Ifportstringisnotspecified,actionswillbeclearedonallports.
Mode
Switchmode,readwrite.
Example
Thisexampleshowshowtoclearthelinkflapviolationactiononportfe.1.4togeneratingaSyslog
entry.
B3(rw)->clear linkflap action fe.1.4 gensyslogentry
Syntax
set linkflap threshold port-string threshold-value
Parameters
portstring Specifiestheport(s)onwhichtosetthelinkflapactiontriggercount.
thresholdvalue Specifiesthenumberoflinkdowntransitionsnecessarytotriggerthe
linkflapaction.Aminimumof1mustbeconfigured.
Defaults
None.
Mode
Switchmode,readwrite.
Example
Thisexampleshowshowtosetthelinkflapthresholdonportfe.1.4to5.
B3(rw)->set linkflap threshold fe.1.4 5
Syntax
set linkflap downtime port-string downtime-value
Parameters
portstring Specifiestheport(s)onwhichtosetthelinkflapdowntime.
downtimevalue Specifiesadowntimeinseconds.Avalueof0willsetthedowntimeto
forever.
Defaults
None.
Mode
Switchmode,readwrite.
Example
Thisexampleshowshowtosetthelinkflapdowntimeonportfe.1.4to5000seconds.
B3(rw)->set linkflap downtime fe.1.4 5000
Syntax
clear linkflap down [port-string]
Parameters
portstring (Optional)Specifiestheportstomakeoperational.
Defaults
Ifportstringisnotspecified,allportsdisabledbyalinkflapviolationwillbemadeoperational.
Mode
Switchmode,readwrite.
Example
Thisexampleshowshowtomakedisabledportfe.1.4operational.
B3(rw)->clear linkflap down fe.1.4
clear linkflap
Usethiscommandtoclearalllinkflapoptionsand/orstatisticsononeormoreports.
Syntax
clear linkflap {all | stats [port-string] | parameter port-string {threshold |
interval | downtime | all}
Parameters
all|stats Clearsalloptionsandstatistics,orclearsonlystatistics.
parameter Clearslinkflapparameters.
threshold|interval| Clearslinkflapthreshold,interval,downtimeorallparameters.
downtime|all
portstring (Optionalunlessparameterisspecified)Specifiestheport(s)onwhich
toclearsettings.
Defaults
Ifportstringisnotspecified,settingsand/orstatisticswillbeclearedonallports.
Mode
Switchmode,readwrite.
Example
Thisexampleshowshowtoclearalllinkflapoptionsonportfe.1.4.
B3(rw)->clear linkflap all fe.1.4
Purpose
Toreviewandsetthebroadcastsuppressionthresholdforoneormoreports.Thisfeaturelimits
thenumberofreceivedbroadcastframestheswitchwillacceptperport.Broadcastsuppression
thresholdsapplyonlytobroadcasttrafficmulticasttrafficisnotaffected.Bydefault,abroadcast
suppressionthresholdof14881packetspersecond(pps)willbeused,regardlessofactualport
speed.BroadcastsuppressionprotectsagainstbroadcaststormsandARPsweeps.
Commands
Thecommandsusedtoreviewandconfigureportbroadcastsuppressionarelistedbelow.
Syntax
show port broadcast [port-string]
Parameters
portstring (Optional)Selecttheportsforwhichtoshowbroadcastsuppression
thresholds.Foradetaileddescriptionofpossibleportstringvalues,refer
toPortStringSyntaxUsedintheCLIonpage41.
Defaults
Ifportstringisnotspecified,broadcaststatusofallportswillbedisplayed.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplaythebroadcastsuppressionthresholdsforports1through4:
B3(su)->show port broadcast ge.1.1-4
Port Total BC Threshold
Packets (pkts/s)
----------------------------------------
ge.1.1 0 50
ge.1.2 0 50
ge.1.3 0 40
ge.1.4 0 14881
Syntax
set port broadcast port-string threshold-val
Parameters
portstring Selecttheportsforwhichtoconfigurebroadcastsuppressionthresholds.
Foradetaileddescriptionofpossibleportstringvalues,refertoPort
StringSyntaxUsedintheCLIonpage41.
thresholdval Setsthepacketspersecondthresholdonbroadcasttraffic.Maximum
valueis148810forFastEthernetportsand1488100forGigabitports.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleconfiguresports1through5withabroadcastlimitof50pps:
B3(su)->set port broadcast ge.1.1-5 50
Syntax
clear port broadcast port-string threshold
Parameters
portstring Selecttheportsforwhichtoclearbroadcastsuppressionthresholds.Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage41.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleclearsthebroadcastthresholdlimitto14881ppsforports1through5:
B3(su)->clear port broadcast ge.1.1-5 threshold
Port Mirroring
Caution: Port mirroring configuration should be performed only by personnel who are
knowledgeable about the effects of port mirroring and its impact on network operation.
TheSecureStackB3deviceallowsyoutomirror(orredirect)thetrafficbeingswitchedonaport
forthepurposesofnetworktrafficanalysisandconnectionassurance.Whenportmirroringis
enabled,oneportbecomesamonitorportforanotherportwithinthedevice.
Mirroring Features
TheSecureStackB3devicesupportsthefollowingmirroringfeatures:
Mirroringcanbeconfiguredinamanytooneconfigurationsothatonetarget(destination)
portcanmonitortrafficonuptosourceports.Onlyonemirrordestinationportcanbe
configuredperstack.
Bothtransmitandreceivetrafficwillbemirrored.
Amirroringsessionwhichisconfiguredtobeactive(enabled)willbeoperationallyactive
onlyifbothadestinationportandatleastonesourceporthavebeenconfigured.
Adestinationportwillonlyactasamirroringportwhenthesessionisoperationallyactive.If
themirroringsessionisnotoperationallyactive,thenthedestinationportwillactasanormal
portandparticipateinallnormaloperationwithrespecttotransmittingtrafficand
participatinginprotocols.
Remoteportmirroringinvolvesconfigurationofthefollowingportmirroringrelatedparameters:
1. Configurationofnormalportmirroringsourceportsandonedestinationportonallswitches,
asdescribedabove.
2. ConfigurationofamirrorVLAN,whichisauniqueVLANonwhichmirroredpackets
traverseacrossthenetwork.ThemirrorVLANhastobeconfiguredonALLswitchesacross
thenetworkalongwhichmirroredtraffictraverses,fromtheswitchwherethesourceports
residetotheswitchwherethemirroredpacketsaresniffedand/orcaptured.
Youmustensurethatswitchesinvolvedareproperlyconfiguredtofacilitatecorrectremoteport
mirroringoperation.Thefollowingpointsinparticularneedtobeobserved:
Onthesourceswitch,thecorrectdestinationportmustbechosentoensurethatthereisan
egresspathfromthatporttothedesiredremotedestination(s).
Allportsonthepathfromthesourceporttotheremotedestinationmustbemembersofthe
mirrorVLAN.
Onswitchesonthepathfromthesourceporttotheremotedestination,egresstagginghasto
beenabledonpotentialegressportsforthemirrorVLAN.
Withtheintroductionofremoteportmirroring:
ConfiguredmirrordestinationportswillNOTlosetheirswitchingorroutingpropertiesas
theydoonSecureStackA2,B2,orC2products.
OnswitcheswherethemirrorVLANhasbeenconfigured,anytrafficonthatVLANwillbe
floodedontheVLAN.Itwillneverbeunicast,evenifthesourceaddressofthetrafficasbeen
learnedontheswitch.
Purpose
Toreviewandconfigureportmirroringonthedevice.
Commands
Thecommandsusedtoreviewandconfigureportmirroringarelistedbelow.
Syntax
show port mirroring
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplayportmirroringinformation.Inthiscase,fe.1.4isconfiguredas
asourceportandfe.1.11isatargetandmirroringhasbeenenabledbetweentheseports:
B3(su)->show port mirroring
Port Mirroring
==============
Source Port = fe.1.4
Target Port = fe.1.11
Frames Mirrored = Rx and Tx
Port Mirroring status enabled.
Syntax
set port mirroring {create | disable | enable} source destination}
Parameters
create|disable| Creates,disablesorenablesmirroringsettingsonthespecifiedports.
enable
source Specifiesthesourceportdesignation.Thisistheportonwhichthetraffic
willbemonitored.Foradetaileddescriptionofpossibleportstringvalues,
refertoPortStringSyntaxUsedintheCLIonpage41.
destination Specifiesthetargetportdesignation.Thisistheportthatwillduplicateor
mirrorallthetrafficonthemonitoredport.Onlyonedestinationport
canbeconfiguredperstack.
Foradetaileddescriptionofpossibleportstringvalues,refertoPort
StringSyntaxUsedintheCLIonpage41.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
NotethatLAGportsandtheirunderlyingphysicalports,asdescribedinLinkAggregation
ControlProtocol(LACP)onpage440,cannotbemirrored.
Example
Thisexampleshowshowtocreateandenableportmirroringwithfe.1.4asthesourceport,and
fe.1.11asthetargetport:
B3(su)->set port mirroring create fe.1.4 fe.1.11
B3(su)->set port mirroring enable fe.1.4 fe.1.11
Syntax
clear port mirroring source destination
Parameters
source Specifiesthesourceportofthemirroringconfigurationtobecleared.For
adetaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage41.
destination Specifiesthetargetportofthemirroringconfigurationtobecleared.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoclearportmirroringbetweensourceportfe.1.4andtargetportfe.1.11:
B3(su)->clear port mirroring fe.1.4 fe.1.11
Syntax
set mirror vlan vlan-id
Parameters
vlanid SpecifiestheVLANtobeusedforremoteportmirroring.TheIDcan
rangefrom2to4093.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
RefertoRemotePortMirroringonpage434forinformationaboutconfiguringmirrorVLANs.
UsetheshowportmirroringcommandtodisplaytheVLANsconfiguredforremoteport
mirroring.
Example
ThefollowingexampleassignsaVLANformirroringtrafficandthenshowstheconfiguredport
mirroringwiththeshowportmirrorcommand.
B3(su)->set mirror vlan 2
Mirror Vlan = 2
Syntax
clear mirror vlan vlan-id
Parameters
vlanid SpecifiestheVLANtobecleared.TheIDcanrangefrom2to4093.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThefollowingexampleclearsVLAN2frombeingusedforremoteportmirroring.
B3(su)->clear mirror vlan 2
Usingmultiplelinkssimultaneouslytoincreasebandwidthisadesirableswitchfeature,which
canbeaccomplishedifbothsidesagreeonasetofportsthatarebeingusedasaLinkAggregation
Group(LAG).OnceaLAGisformedfromselectedports,problemswithloopingcanbeavoided
sincetheSpanningTreecantreatthisLAGasasingleport.
Enabledbydefault,theLinkAggregationControlProtocol(LACP)logicallygroupsinterfaces
togethertocreateagreaterbandwidthuplink,orlinkaggregation,accordingtotheIEEE802.3ad
standard.ThisstandardallowstheswitchtodeterminewhichportsareinLAGsandconfigure
themdynamically.SincetheprotocolisbasedontheIEEE802.3adspecification,anyswitchfrom
anyvendorthatsupportsthisstandardcanaggregatelinksautomatically.
802.3adLACPaggregationscanalsoberuntoendusers(thatis,aserver)ortoarouter.
LACP Operation
Foreachaggregatableportinthedevice,LACP:
Maintainsconfigurationinformation(reflectingtheinherentpropertiesoftheindividuallinks
aswellasthoseestablishedbymanagement)tocontrolaggregation.
ExchangesconfigurationinformationwithotherdevicestoallocatethelinktoaLink
AggregationGroup(LAG).
Note: A given link is allocated to, at most, one Link Aggregation Group (LAG) at a time. The
allocation mechanism attempts to maximize aggregation, subject to management controls.
AttachestheporttotheaggregatorusedbytheLAG,anddetachestheportfromthe
aggregatorwhenitisnolongerusedbytheLAG.
Usesinformationfromthepartnerdeviceslinkaggregationcontrolentitytodecidewhether
toaggregateports.
TheoperationofLACPinvolvesthefollowingactivities:
Checkingthatcandidatelinkscanactuallybeaggregated.
ControllingtheadditionofalinktoaLAG,andthecreationofthegroupifnecessary.
Monitoringthestatusofaggregatedlinkstoensurethattheaggregationisstillvalid.
RemovingalinkfromaLAGifitsmembershipisnolongervalid,andremovingthegroupifit
nolongerhasanymemberlinks.
InordertoallowLACPtodeterminewhetherasetoflinksconnecttothesamedevice,andto
determinewhetherthoselinksarecompatiblefromthepointofviewofaggregation,itis
necessarytobeabletoestablish
Agloballyuniqueidentifierforeachdevicethatparticipatesinlinkaggregation.
Ameansofidentifyingthesetofcapabilitiesassociatedwitheachportandwitheach
aggregator,asunderstoodbyagivendevice.
AmeansofidentifyingaLAGanditsassociatedaggregator.
LACP Terminology
Table 45defineskeyterminologyusedinLACPconfiguration.
Aggregator Virtual port that controls link aggregation for underlying physical ports. Each
SecureStack B3 module provides 6 aggregator ports, which are designated in
the CLI as lag.0.1 through lag.0.6.
LAG Link Aggregation Group. Once underlying physical ports (for example, fe.x.x,
or ge.x.x) are associated with an aggregator port, the resulting aggregation
will be represented as one LAG with a lag.x.x port designation.
SecureStack B3 LAGs can have up to associated physical ports.
LACPDU Link Aggregation Control Protocol Data Unit. The protocol exchanges
aggregation state/mode information by way of a ports actor and partner
operational states. LACPDUs sent by the first party (the actor) convey to the
second party (the actors protocol partner) what the actor knows, both about
its own state and that of its partner.
Actor and Partner An actor is the local device sending LACPDUs. Its protocol partner is the
device on the other end of the link aggregation. Each maintains current status
of the other via LACPDUs containing information about their ports LACP
status and operational state.
Admin Key Value assigned to aggregator ports and physical ports that are candidates for
joining a LAG. The LACP implementation on SecureStack B3 devices will use
this value to form an oper key and will determine which underlying physical
ports are capable of aggregating by comparing oper keys. Aggregator ports
allow only underlying ports with oper keys matching theirs to join their LAG.
On SecureStack B3 devices, the default admin key value is 32768.
System Priority Value used to build a LAG ID, which determines aggregation precedence. If
there are two partner devices competing for the same aggregator, LACP
compares the LAG IDs for each grouping of ports. The LAG with the lower
LAG ID is given precedence and will be allowed to use the aggregator.
Note: Only one LACP system priority can be set on a
SecureStack B3 device, using either the set lacp asyspri
command (page 4-45), or the set port lacp command
(page 4-51).
underlyingphysicalports(forexample,fe.x.x,orge.x.x)areassociatedwithanaggregatorport,
theresultingaggregationwillberepresentedasoneLAGwithalag.x.xportdesignation.LACP
determineswhichunderlyingphysicalportsarecapableofaggregatingbycomparingoperational
keys.AggregatorportsallowonlyunderlyingportswithkeysmatchingtheirstojointheirLAG.
LACPusesasystempriorityvaluetobuildaLAGID,whichdeterminesaggregationprecedence.
Iftherearetwopartnerdevicescompetingforthesameaggregator,LACPcomparestheLAGIDs
foreachgroupingofports.TheLAGwiththelowerLAGIDisgivenprecedenceandwillbe
allowedtousetheaggregator.
Thereareafewcasesinwhichportswillnotaggregate:
Anunderlyingphysicalportisattachedtoanotherportonthissameswitch(loopback).
ThereisnoavailableaggregatorfortwoormoreportswiththesameLAGID.Thiscan
happeniftherearesimplynoavailableaggregators,orifnoneoftheaggregatorshavea
matchingadminkeyandsystempriority.
802.1xauthenticationisenabledusingtheseteapolcommand(page 1621)andportsthat
wouldotherwiseaggregatearenot802.1Xauthorized.
TheLACPimplementationontheSecureStackB3devicewillallowuptophysicalportsintoa
LAG.ThedevicewiththelowestLAGIDdetermineswhichunderlyingphysicalportsareallowed
intoaLAGbasedontheportsLAGportpriority.PortswiththelowestLAGportpriorityvalues
areallowedintotheLAGandallotherspeedgroupingsgointoastandbystate.
WhenanexistingdynamicallycreatedLAGisreducedtooneport,theSecureStackB3removes
theLAGfromitsVLANandaddstheremainingunderlyingporttotheVLAN.Forthisreason,
youshouldensurethattheLAGandalltheportsintheLAGareassignedtotheegresslistofthe
desiredVLAN.Otherwise,whentheLAGisremoved,theremainingportmaybeassignedtothe
wrongVLAN.Theotheroptionistoenablethesingleportlagfeatureasdescribedinsetlacp
singleportlagonpage448.
Note: To aggregate, underlying physical ports must be running in full duplex mode and must be of
the same operating speed.
Commands
ThecommandsusedtoreviewandconfigureLACParelistedbelow.
show lacp
Usethiscommandtodisplayinformationaboutoneormoreaggregatorports.
Syntax
show lacp [port-string]
Parameters
portstring (Optional)DisplaysLACPinformationforspecificLAGport(s).Valid
portdesignationsarelag.0.16.
Defaults
Ifportstringisnotspecified,linkaggregationinformationforallLAGswillbedisplayed.
Mode
Switchcommand,readonly.
Usage
EachSecureStackB3moduleprovides6virtuallinkaggregatorports,whicharedesignatedinthe
CLIaslag.0.1throughlag.0.6.Onceunderlyingphysicalports(thatis,fe.x.x,ge.x.x)areassociated
withanaggregatorport,theresultingaggregationwillberepresentedasoneLinkAggregation
Group(LAG)withalag.x.xportdesignation.
Example
Thisexampleshowshowtodisplaylacpinformationforlag.0.1:
B3(su)->show lacp lag.0.1
Global Link Aggregation state: enabled
Single Port LAGs: disabled
Aggregator: lag.0.1
Actor Partner
System Identifier: 00:01:F4:5F:1E:20 00:11:88:11:74:F9
System Priority: 32768 32768
Admin Key: 32768
Oper Key: 32768 0
Attached Ports: ge.1.1
ge.1.3
Table 46providesanexplanationofthecommandoutput.
set lacp
UsethiscommandtodisableorenabletheLinkAggregationControlProtocol(LACP)onthe
device.
Syntax
set lacp {disable | enable}
Parameters
disable|enable DisablesorenablesLACP.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtodisableLACP:
B3(su)->set lacp disable
Syntax
set lacp asyspri value
Parameters
asyspri SetsthesystemprioritytobeusedincreatingaLAG(LinkAggregation
Group)ID.Validvaluesare0to65535.
value Specifiesasystempriorityvalue.Validvaluesare0to65535,with
precedencegiventolowervalues.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
LACPusesthisvaluetodetermineaggregationprecedence.Iftherearetwopartnerdevices
competingforthesameaggregator,LACPcomparestheLAGIDsforeachgroupingofports.The
LAGwiththelowerLAGIDisgivenprecedenceandwillbeallowedtousetheaggregator.
Example
ThisexampleshowshowtosettheLACPsystempriorityto1000:
B3(su)->set lacp asyspri 1000
Syntax
set lacp aadminkey port-string value
Parameters
portstring SpecifiestheLAGport(s)onwhichtoassignanadminkey.
value Specifiesanadminkeyvaluetoset.Validvaluesare0to65535.The
defaultadminkeyvalueis32768.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
LACPwillusethisvaluetoformanoperkey.Onlyunderlyingphysicalportswithoperkeys
matchingthoseoftheiraggregatorswillbeallowedtoaggregate.Thedefaultadminkeyvaluefor
allLAGportsis32768.
Example
ThisexampleshowshowtosettheLACPadminkeyto2000forLAGport6:
B3(su)->set lacp aadminkey lag.0.6 2000
clear lacp
UsethiscommandtoclearLACPsystempriorityoradminkeysettings.
Syntax
clear lacp {[asyspri] [aadminkey port-string]}
Parameters
asyspri Clearssystempriority.
aadminkeyportstring Resetsadminkeysforoneormoreportstothedefaultvalueof32768.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtocleartheactoradminkeyforLAGport6:
B3(su)->clear lacp aadminkey lag.0.6
Syntax
set lacp static {disable | enable} | lagportstring [key] port-string
Parameters
disable|enable Disablesorenablesstaticlinkaggregation.
lagportstring SpecifiestheLAGaggregatorporttowhichnewportswillbeassigned.
key (Optional)SpecifiesthenewmemberportandLAGportaggregator
adminkeyvalue.Onlyportswithmatchingkeysareallowedto
aggregate.Validvaluesare065535.
Note: This key value must be unique. If ports other than the desired
underlying physical ports share the same admin key value, aggregation
will fail or undesired aggregations will form.
portstring Specifiesthememberport(s)toaddtotheLAG.Foradetaileddescription
ofpossibleportstringvalues,refertoPortStringSyntaxUsedintheCLI
onpage41.
Defaults
Ifnotspecified,akeywillbeassignedaccordingtothespecifiedaggregator.Forexampleakeyof4
wouldbeassignedtolag.0.4.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoaddportfe.1.6totheLAGofaggregatorport6:
B3(su)->set lacp static lag.0.6 fe.1.6
Syntax
clear lacp static lagportstring port-string
Parameters
lagportstring SpecifiestheLAGaggregatorportfromwhichportswillberemoved.
portstring Specifiestheport(s)toremovefromtheLAG.Foradetaileddescriptionof
possibleportstringvalues,refertoPortStringSyntaxUsedintheCLI
onpage41.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoremovefe.1.6fromtheLAGofaggregatorport6:
B3(su)->clear lacp static lag.0.6 fe.1.6
Syntax
set lacp singleportlag {enable | disable}
Parameters
disable|enable EnablesordisablestheformationofsingleportLAGs.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
WhensingleportLAGsareenabled,LAGsaremaintainedwhenonlyoneportisreceiving
protocoltransmissionsfromapartner.IfsingleportLAGsarenotenabledandaLAGgoesdown
tooneport,theLAG(lag.x.x)willnotbeusedbutinsteadtheportssyntaxwillbeused(for
example,fe.3.24).ThiscouldcauseproblemsiftheLAGandtheporthavedifferentconfigurations
(theLAGandtheportmayhavedifferentVLANorPolicyconfigurations).
Example
ThisexampleshowshowtoenablesingleportLAGs:
B3(su)->set lacp singleportlag enable
Syntax
clear lacp singleportlag
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoresetthesingleportLAGfunctionbacktodisabled:
B3(su)->clear lacp singleportlag
Syntax
show port lacp port port-string {[status {detail | summary}] | [counters]}
Parameters
portportstring DisplaysLACPinformationforspecificport(s).Foradetaileddescription
ofpossibleportstringvalues,refertoPortStringSyntaxUsedintheCLI
onpage41.
statusdetail| DisplaysLACPstatusindetailedorsummaryinformation.
summary
counters DisplaysLACPcounterinformation.
Defaults
None.
Mode
Switchcommand,readonly.
Usage
Statedefinitions,suchasActorAdminStateandPartnerAdminState,areindicatedwithletter
abbreviations.Iftheshowportlacpcommanddisplaysoneormoreofthefollowingletters,it
meansthestateistruefortheassociatedactororpartnerports:
E=Expired
F=Defaulted
D=Distributing(txenabled)
C=Collecting(rxenabled)
S=Synchronized(actorandpartneragree)
G=Aggregationallowed
S/l=Short/LongLACPtimeout
A/p=Active/PassiveLACP
Formoreinformationaboutthesestates,refertosetportlacp(page 451)andtheIEEE802.32002
specification.
Examples
ThisexampleshowshowtodisplaydetailedLACPstatusinformationforportfe.1.12:
B3(su)-> show port lacp port fe.1.12 status detail
Port Instance: fe.1.12
ActorPort: 1411 PartnerAdminPort: 1411
ActorSystemPriority: 32768 PartnerOperPort: 1411
ActorPortPriority: 32768 PartnerAdminSystemPriority: 32768
ActorAdminKey: 32768 PartnerOperSystemPriority: 32768
ActorOperKey: 32768 PartnerAdminPortPriority: 32768
ActorAdminState: -----GlA PartnerOperPortPriority: 32768
ActorOperState: -F----lA PartnerAdminKey: 1411
ActorSystemID: 00-e0-63-9d-b5-87 PartnerOperKey: 1411
SelectedAggID: none PartnerAdminState: --DCSGlp
AttachedAggID: none PartnerOperState: --DC-Glp
MuxState: Detached PartnerAdminSystemID: 00-00-00-00-00-00
DebugRxState: port Disabled PartnerOperSystemID: 00-00-00-00-00-00
ThisexampleshowshowtodisplaysummarizedLACPstatusinformationforportfe.1.12:
B3(su)->show port lacp port fe.1.12 status summary
Port Aggr Actor System Partner System
Pri: System ID: Key: Pri: System ID: Key:
fe.1.12 none [(32768,00e0639db587,32768),(32768,000000000000, 1411)]
ThisexampleshowshowtodisplayLACPcountersforportfe.1.12:
B3(su)->show port lacp port fe.1.12 counters
Port Instance: fe.1.12
LACPDUsRx: 11067
LACPDUsTx: 0
IllegalRx: 0
UnknownRx: 0
MarkerPDUsRx: 0
MarkerPDUsTx: 0
MarkerResponsePDUsRx: 0
MarkerResponsePDUsTx: 374
Syntax
set port lacp port port-string {[aadminkey aadminkey] [aadminstate {lacpactive |
lacptimeout | lacpagg | lacpsync | lacpcollect | lacpdist | lacpdef | lacpexpire}]
[aportpri aportpri] [asyspri asyspri] [enable | [disable] [padminkey padminkey]
[padminport padminport] [padminportpri padminportpri] [padminstate {lacpactive |
lacptimeout | lacpagg | lacpsync | lacpcollect | lacpdist | lacpdef | lacpexpire}]
[padminsysid padminsysid] [padminsyspri padminsyspri]
Parameters
portportstring Specifiesthephysicalport(s)onwhichtoconfigureLACP.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage41.
aadminkey Setstheportsactoradminkey.LACPwillusethisvaluetoformanoper
aadminkey keyandwilldeterminewhichunderlyingphysicalportsarecapableof
aggregatingbycomparingoperkeys.Aggregatorportsallowonly
underlyingportswithoperkeysmatchingtheirstojointheirLAG.Valid
valuesare165535.Thedefaultkeyvalueis32768.
aadminstate SetstheportsactorLACPadministrativestatetoallowfor:
lacpactive|
lacpactiveTransmittingLACPPDUs.
lacptimeout|
lacpagg|lacpsync lacptimeoutTransmittingLACPPDUsevery1sec.vs30sec.(default).
|lacpcollect|
lacpaggAggregationonthisport.
lacpdist|lacpdef|
lacpexpire lacpsyncTransitiontosynchronizationstate.
lacpcollectTransitiontocollectionstate.
lacpdistTransitiontodistributionstate.
lacpdefTransitiontodefaultedstate.
lacpexpireTransitiontoexpiredstate.
aportpriaportpri Setstheportsactorportpriority.Validvaluesare065535,withlower
valuesdesignatinghigherpriority.
asyspriasyspri Setstheportsactorsystempriority.TheLACPimplementationonthe
SecureStackB3deviceusesthisvaluetodetermineaggregation
precedencewhentherearetwodevicescompetingforthesame
aggregator.Validvaluesare065535,withhigherprecedencegivento
lowervalues.
Note: Only one LACP system priority can be set on a SecureStack
B3 device, using either this command, or the set lacp asyspri
command (set lacp asyspri on page 4-45).
enable (Optional)EnablesLACPDUprocessingonthisport.
disable (Optional)DisablesLACPDUprocessingonthisport.
padminkey Setsadefaultvaluetouseastheportspartneradminkey.Onlyportswith
padminkey matchingadminkeysareallowedtoaggregate.Validvaluesare165535.
padminport Setsaadefaultvaluetouseastheportspartneradminvalue.Validvalues
padminport are165535.
padminportpri Setsaadefaultvaluetouseastheportspartnerportpriority.Validvalues
padminportpri are065535,withlowervaluesgivenhigherpriority.
padminstate SetsaportspartnerLACPadministrativestate.Seeaadminstateforvalid
lacpactive| options.
lacptimeout|
lacpagg|lacpsync
|lacpcollect|
lacpdist|lacpdef|
lacpexpire
padminsysid SetsadefaultvaluetouseastheportspartnersystemID.ThisisaMAC
padminsysid address.
padminsyspri Setsadefaultvaluetouseastheportspartnerpriority.Validvaluesare0
padminsyspri 65535,withlowervaluesgivenhigherpriority.
Defaults
Atleastoneparametermustbeenteredperportstring.
Ifenableordisablearenotspecified,port(s)willbeenabledwiththeLACPparametersentered.
Mode
Switchcommand,readwrite.
Usage
LACPcommandsandparametersbeginningwithana(suchasaadminkey)setactorvalues.
Correspondingcommandsandparametersbeginningwithap(suchaspadminkey)set
correspondingpartnervalues.ActorreferstothelocaldeviceparticipatinginLACPnegotiation,
whilepartnerreferstoitsremotedevicepartnerattheotherendofthenegotiation.Actorsand
partnersmaintaincurrentstatusoftheotherviaLACPDUscontaininginformationabouttheir
portsLACPstatusandoperationalstate.
Example
Thisexampleshowshowtosettheactoradminkeyto3555forportge.3.16:
B3(su)->set port lacp ge.3.16 aadminkey 3555
Syntax
clear port lacp port port-string {[aadminkey] [aportpri] [asyspri] [aadminstate
{lacpactive | lacptimeout | lacpagg | lacpsync | lacpcollect | lacpdist | lacpdef
| lacpexpire | all}] [padminsyspri] [padminsysid] [padminkey] [padminportpri]
[padminport] [padminstate {lacpactive | lacptimeout | lacpagg | lacpsync |
lacpcollect | lacpdist | lacpdef | lacpexpire | all}]}
Parameters
portportstring Specifiesthephysicalport(s)onwhichLACPsettingswillbecleared.For
adetaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage41.
aadminkey Clearsaportsactoradminkey.
aportpri Clearsaportsactorportpriority.
asyspri Clearstheportsactorsystempriority.
aadminstate Clearsaportsspecificactoradminstate,orallactoradminstate(s).For
lacpactive| descriptionsofspecificstates,refertothesetportlacpcommand(set
lacptimeout| portlacponpage451).
lacpagg|lacpsync
|lacpcollect|
lacpdist|lacpdef|
lacpexpire|all
padminsyspri Clearstheportsdefaultpartnerpriorityvalue.
padminsysid ClearstheportsdefaultpartnersystemID.
padminkey Clearstheportsdefaultpartneradminkey.
padminportpri Clearstheportsdefaultpartnerportpriority.
padminport DeletesapartnerportfromtheLACPconfiguration.
padminstate Clearstheportsspecificpartneradminstate,orallpartneradminstate(s).
lacpactive|
lacptimeout|
lacpagg|lacpsync
|lacpcollect|
lacpdist|lacpdef|
lacpexpire|all
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoclearalllinkaggregationparametersforportge.3.16:
B3(su)->clear port lacp port ge.3.16
Commands
Syntax
set port protected port-string group-id
Parameters
portstring Specifiestheportorportstobeprotected.
groupid Specifiestheidofthegrouptowhichtheportsshouldbeassigned.Idcan
rangefrom0to2.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoassignportsge.1.1throughge.1.3toprotectedportgroup1:
B3(rw)->set port protected ge.1.1-3 1
Syntax
show port protected [port-string] | [group-id]
Parameters
portstring (Optional)Specifiestheportorportsforwhichtodisplayinformation.
groupid (Optional)Specifiestheidofthegroupforwhichtodisplayinformation.
Idcanrangefrom0to2.
Defaults
Ifnoparametersareentered,informationaboutallprotectedportsisdisplayed.
Mode
Readonly.
Example
Thisexampleshowshowtodisplayinformationaboutallprotectedports:
B3(ro)->show port protected
Group id Port
----------------------
1 ge.1.1
1 ge.1.2
1 ge.1.3
Syntax
clear port protected [port-string] | [group-id]
Parameters
portstring (Optional)Specifiestheportorportstoremovefromprotectedmode.
groupid (Optional)Specifiestheidofthegrouptoremovefromprotectedmode.
Idcanrangefrom0to2.
Defaults
Ifnoparametersareentered,allprotectedportsandgroupsarecleared.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoclearprotectedportsge.1.1throughge.1.3:
B3(rw)->clear port protected ge.1.1-3
Syntax
set port protected name group-id name
Parameters
groupid Specifiestheidofthisgroup.Idcanrangefrom0to2.
name Specifiesanameforthegroup.Thenamecanbeupto32charactersin
length.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoassignthenamegroup1toprotectedportgroup1:
B3(rw)->set port protected name 1 group1
Syntax
show port protected name group-id
Parameters
groupid Specifiestheidofthegrouptodisplay.Idcanrangefrom0to2.
Defaults
None.
Mode
Readonly.
Example
Thisexampleshowshowtoshowthenameofprotectedportgroup1:
B3(ro)->show port protected name 1
Group ID Group Name
-----------------------------
1 group1
Syntax
clear port protected name group-id
Parameters
groupid Specifiestheidofthegroupforwhichtoclearthename.Idcanrange
from0to2.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoclearthenameofprotectedportgroup1:
B3(rw)->clear port protected name 1
ThischapterdescribestheSimpleNetworkManagementProtocol(SNMP)setofcommandsand
howtousethem.
SNMPnetworkmanagementapplications,suchasEnterasysNetworksNetSightAtlas,which
communicatewithagentstogetstatisticsandalertsfromthemanageddevices.
SNMPv3
SNMPv3isaninteroperablestandardsbasedprotocolthatprovidessecureaccesstodevicesby
authenticatingandencryptingframesoverthenetwork.Theadvancedsecurityfeaturesprovided
inSNMPv3areasfollows:
MessageintegrityCollectsdatasecurelywithoutbeingtamperedwithorcorrupted.
AuthenticationDeterminesthemessageisfromavalidsource.
EncryptionScramblesthecontentsofaframetopreventitfrombeingseenbyan
unauthorizedsource.
UnlikeSNMPv1andSNMPv2c,inSNMPv3,theconceptofSNMPagentsandSNMPmanagersno
longerapply.TheseconceptshavebeencombinedintoanSNMPentity.AnSNMPentityconsists
ofanSNMPengineandSNMPapplications.AnSNMPengineconsistsofthefollowingfour
components:
DispatcherThiscomponentsendsandreceivesmessages.
MessageprocessingsubsystemThiscomponentacceptsoutgoingPDUsfromthe
dispatcherandpreparesthemfortransmissionbywrappingtheminamessageheaderand
returningthemtothedispatcher.Themessageprocessingsubsystemalsoacceptsincoming
messagesfromthedispatcher,processeseachmessageheader,andreturnstheenclosedPDU
tothedispatcher.
SecuritysubsystemThiscomponentauthenticatesandencryptsmessages.
AccesscontrolsubsystemThiscomponentdetermineswhichusersandwhichoperations
areallowedaccesstomanagedobjects.
v2c NoAuthNoPriv Community string None Uses a community string match for
authentication.
Example
ThisexamplepermitsthepowergrouptomanageallMIBsviaSNMPv3:
B3(su)->set snmp access powergroup security-model usm
Configuration Considerations
CommandsforconfiguringSNMPontheSecureStackB3deviceareindependentduringthe
SNMPsetupprocess.Forinstance,targetparameterscanbespecifiedwhensettingupoptional
notificationfilterseventhoughtheseparametershavenotyetbeencreatedwiththesetsnmp
targetparamscommand.
Purpose
ToreviewSNMPstatistics.
Commands
ThecommandsusedtoreviewSNMPstatisticsarelistedbelow.
Syntax
show snmp engineid
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplaySNMPengineproperties:
B3(su)->show snmp engineid
EngineId: 80:00:15:f8:03:00:e0:63:9d:b5:87
Engine Boots = 12
Engine Time = 162181
Max Msg Size = 2048
Table 52showsadetailedexplanationofthecommandoutput.
Engine Boots Number of times the SNMP engine has been started or reinitialized.
Syntax
show snmp counters
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplaySNMPcountervalues
B3(su)->show snmp counters
snmpOutTraps = 0
snmpSilentDrops = 0
snmpProxyDrops = 0
Purpose
ToreviewandconfigureSNMPusers,groups,andv1andv2communities.Thesearedefinedas
follows:
UserApersonregisteredinSNMPv3toaccessSNMPmanagement.
GroupAcollectionofuserswhosharethesameSNMPaccessprivileges.
CommunityAnameusedtoauthenticateSNMPv1andv2users.
Commands
ThecommandsusedtoreviewandconfigureSNMPusers,groups,andcommunitiesarelisted
below.
Syntax
show snmp user [list] | [user] | [remote remote] [volatile | nonvolatile | read-
only]
Parameters
list (Optional)DisplaysalistofregisteredSNMPusernames.
user (Optional)Displaysinformationaboutaspecificuser.
remoteremote (Optional)DisplaysinformationaboutusersonaspecificremoteSNMP
engine.
volatile|nonvolatile (Optional)Displaysuserinformationforaspecifiedstoragetype.
|readonly
Defaults
Iflistisnotspecified,detailedSNMPinformationwillbedisplayed.
Ifuserisnotspecified,informationaboutallSNMPuserswillbedisplayed.
Ifremoteisnotspecified,userinformationaboutthelocalSNMPenginewillbedisplayed.
Ifnotspecified,userinformationforallstoragetypeswillbedisplayed.
Mode
Switchcommand,readonly.
Examples
ThisexampleshowshowtodisplayanSNMPuserlist:
(su)->show snmp user list
--- SNMP user information ---
--- List of registered users:
Guest
admin1
admin2
netops
ThisexampleshowshowtodisplayinformationfortheSNMPguestuser:
(su)->show snmp user guest
--- SNMP user information ---
EngineId: 00:00:00:63:00:00:00:a1:00:00:00:00
Username = Guest
Auth protocol = usmNoAuthProtocol
Privacy protocol = usmNoPrivProtocol
Storage type = nonVolatile
Row status = active
Table 54showsadetailedexplanationofthecommandoutput.
Syntax
set snmp user user [remote remoteid] [authentication {md5 | sha}] [authpassword]
[privacy privpassword] [volatile | nonvolatile]
Parameters
user SpecifiesanamefortheSNMPv3user.
remoteremoteid (Optional)RegisterstheuseronaspecificremoteSNMPengine.
authenticationmd5 (Optional)SpecifiestheauthenticationtyperequiredforthisuserasMD5
|sha orSHA.
authpassword (Optional)Specifiesapasswordforthisuserwhenauthenticationis
required.Minimumof8characters.
privacyprivpassword (Optional)Appliesencryptionandspecifiesanencryptionpassword.
Minimumof8character.s
volatile| (Optional)Specifiesastoragetypeforthisuserentry.
nonvolatile
Defaults
Ifremoteisnotspecified,theuserwillberegisteredforthelocalSNMPengine.
Ifauthenticationisnotspecified,noauthenticationwillbeapplied.
Ifprivacyisnotspecified,noencryptionwillbeapplied.
Ifstoragetypeisnotspecified,nonvolatilewillbeapplied.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtocreateanewSNMPusernamednetops.Bydefault,thisuserwillbe
registeredonthelocalSNMPenginewithoutauthenticationandencryption.Entriesrelatedtothis
userwillbestoredinpermanent(nonvolatile)memory:
B3(su)->set snmp user netops
Syntax
clear snmp user user [remote remote]
Parameters
user SpecifiesanSNMPv3usertoremove.
remoteremote (Optional)RemovestheuserfromaspecificremoteSNMPengine.
Defaults
Ifremoteisnotspecified,theuserwillberemovedfromthelocalSNMPengine.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoremovetheSNMPusernamedbill:
B3(su)->clear snmp user bill
Syntax
show snmp group [groupname groupname] [user user] [security-model {v1 | v2c | usm}]
[volatile | nonvolatile | read-only]
Parameters
groupname (Optional)DisplaysinformationforaspecificSNMPgroup.
groupname
useruser (Optional)Displaysinformationaboutuserswithinthespecifiedgroup.
securitymodelv1| (Optional)Displaysinformationaboutgroupsassignedtoaspecific
v2c|usm securitySNMPmodel.
volatile| (Optional)DisplaysSNMPgroupinformationforaspecifiedstoragetype.
nonvolatile|read
only
Defaults
Ifgroupnameisnotspecified,informationaboutallSNMPgroupswillbedisplayed.
Ifuserisnotspecified,informationaboutallSNMPuserswillbedisplayed.
Ifsecuritymodelisnotspecified,userinformationaboutallSNMPversionswillbedisplayed.
Ifnotspecified,informationforallstoragetypeswillbedisplayed.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplaySNMPgroupinformation:
B3(su)->show snmp group
--- SNMP group information ---
Security model = SNMPv1
Security/user name = public
Group name = Anyone
Storage type = nonVolatile
Row status = active
Table 55showsadetailedexplanationofthecommandoutput.
Syntax
set snmp group groupname user user security-model {v1 | v2c | usm} [volatile |
nonvolatile]
Parameters
groupname SpecifiesanSNMPgroupnametocreate.
useruser SpecifiesanSNMPv3usernametoassigntothegroup.
securitymodelv1| SpecifiesanSNMPsecuritymodeltoassigntothegroup.
v2c|usm
volatile| (Optional)SpecifiesastoragetypeforSNMPentriesassociatedwiththe
nonvolatile group.
Defaults
Ifstoragetypeisnotspecified,nonvolatilestoragewillbeapplied.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtocreateanSNMPgroupcalledanyone,assignausernamedpublic
andassignSNMPv3securitytothegroup:
B3(su)->set snmp group anyone user public security-model usm
Syntax
clear snmp group groupname user [security-model {v1 | v2c | usm}]
Parameters
groupname SpecifiestheSNMPgrouptobecleared.
user SpecifiestheSNMPusertobecleared.
securitymodelv1| (Optional)Clearsthesettingsassociatedwithaspecificsecuritymodel.
v2c|usm
Defaults
If not specified, settings related to all security models will be cleared.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoclearallsettingsassignedtothepublicuserwithintheSNMPgroup
anyone:
B3(su)->clear snmp group anyone public
Syntax
show snmp community [name]
Parameters
name (Optional)DisplaysSNMPinformationforaspecificcommunityname.
Defaults
Ifnameisnotspecified,informationwillbedisplayedforallSNMPcommunities.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplayinformationabouttheSNMPpubliccommunityname.For
adescriptionofthisoutput,refertosetsnmpcommunity(page514).
B3(su)->show snmp community public
Name = public
Security name = public
Context =
Transport tag =
Storage type = nonVolatile
Status = active
Syntax
set snmp community community [securityname securityname] [context context]
[transport transport] [volatile | nonvolatile]
Parameters
community Specifiesacommunitygroupname.
securityname (Optional)SpecifiesanSNMPsecuritynametoassociatewiththis
securityname community.
contextcontext (Optional)Specifiesasubsetofmanagementinformationthiscommunity
willbeallowedtoaccess.Validvaluesarefullorpartialcontextnames.To
reviewallcontextsconfiguredforthedevice,usetheshowsnmpcontext
commandasdescribedinshowsnmpcontextonpage 522.
transporttransport (Optional)SpecifiesthesetoftransportendpointsfromwhichSNMP
requestwiththiscommunitynamewillbeaccepted.Makesalinktoa
targetaddresstable.
volatile| (Optional)Specifiesthestoragetypefortheseentries.
nonvolatile
Defaults
Ifsecuritynameisnotspecified,thecommunitynamewillbeused.
Ifcontextisnotspecified,accesswillbegrantedforthedefaultcontext.
Iftransporttagisnotspecified,nonewillbeapplied.
Ifstoragetypeisnotspecified,nonvolatilewillbeapplied.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtosetanSNMPcommunitynamecalledvip
B3(su)->set snmp community vip
Syntax
clear snmp community name
Parameters
name SpecifiestheSNMPcommunitynametoclear.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtodeletethecommunitynamevip.
B3(su)->clear snmp community vip
Purpose
ToreviewandconfigureSNMPaccessrights,assigningviewingprivilegesandsecuritylevelsto
SNMPusergroups.
Commands
ThecommandsusedtoreviewandconfigureSNMPaccessarelistedbelow.
Syntax
show snmp access [groupname] [security-model {v1 | v2c | usm}] [noauthentication
| authentication | privacy] [context context] [volatile | nonvolatile | read-only]
Parameters
groupname (Optional)DisplaysaccessinformationforaspecificSNMPv3group.
securitymodelv1| (Optional)DisplaysaccessinformationforSNMPsecuritymodelversion
v2c|usm 1,2cor3(usm).
noauthentication| (Optional)Displaysaccessinformationforaspecificsecuritylevel.
authentication|
privacy
contextcontext (Optional)Displaysaccessinformationforaspecificcontext.Fora
descriptionofhowtospecifySNMPcontexts,refertoUsingSNMP
ContextstoAccessSpecificMIBsonpage 53.
volatile| (Optional)Displaysaccessentriesforaspecificstoragetype.
nonvolatile|read
only
Defaults
Ifgroupnameisnotspecified,accessinformationforallSNMPgroupswillbedisplayed.
Ifsecuritymodelisnotspecified,accessinformationforallSNMPversionswillbedisplayed.
Ifnoauthentication,authenticationorprivacyarenotspecified,accessinformationforall
securitylevelswillbedisplayed.
Ifcontextisnotspecified,allcontextswillbedisplayed.
Ifvolatile,nonvolatileorreadonlyarenotspecified,allentriesofallstoragetypeswillbe
displayed.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplaySNMPaccessinformation:
B3(su)->show snmp access
Group = SystemAdmin
Security model = USM
Security level = noAuthNoPriv
Read View = All
Write View =
Notify View = All
Context match = exact match
Storage type = nonVolatile
Row status = active
Group = NightOperator
Security model = USM
Security level = noAuthNoPriv
Read View = All
Write View =
Notify View = All
Context match = exact match
Storage type = nonVolatile
Row status = active
Table 56showsadetailedexplanationofthecommandoutput.
Syntax
set snmp access groupname security-model {v1 | v2c | usm} [noauthentication |
authentication | privacy] [context context] [exact | prefix] [read read] [write
write] [notify notify] [volatile | nonvolatile]
Parameters
groupname SpecifiesanameforanSNMPv3group.
securitymodelv1| SpecifiesSNMPversion1,2cor3(usm).
v2c|usm
noauthentication| (Optional)AppliesSNMPsecuritylevelasnoauthentication,
authentication| authentication(withoutprivacy)orprivacy.Privacyspecifiesthat
privacy messagessentonbehalfoftheuserareprotectedfromdisclosure.
contextcontextexact (Optional)Setsthecontextforthisaccessconfigurationandspecifiesthat
|prefix thematchmustbeexact(matchingthewholecontextstring)oraprefix
matchonly.ContextisasubsetofmanagementinformationthisSNMP
groupwillbeallowedtoaccess.Validvaluesarefullorpartialcontext
names.Toreviewallcontextsconfiguredforthedevice,usetheshow
snmpcontextcommandasdescribedinshowsnmpcontexton
page 522.
readread (Optional)Specifiesareadaccessview.
writewrite (Optional)Specifiesawriteaccessview.
notifynotify (Optional)Specifiesanotifyaccessview.
volatile| (Optional)StoresassociatedSNMPentriesastemporaryorpermanent,or
nonvolatile|read readonly.
only
Defaults
Ifsecuritylevelisnotspecified,noauthenticationwillbeapplied.
Ifcontextisnotspecified,accesswillbeenabledforthedefaultcontext.Ifcontextisspecified
withoutacontextmatch,exactmatchwillbeapplied.
Ifreadviewisnotspecifiednonewillbeapplied.
Ifwriteviewisnotspecified,nonewillbeapplied.
Ifnotifyviewisnotspecified,nonewillbeapplied.
Ifstoragetypeisnotspecified,entrieswillbestoredaspermanentandwillbeheldthroughdevice
reboot.
Mode
Switchcommand,readwrite.
Example
ThisexamplepermitsthepowergrouptomanageallMIBsviaSNMPv3:
B3(su)->set snmp access powergroup security-model usm
Syntax
clear snmp access groupname security-model {v1 | v2c | usm} [noauthentication |
authentication | privacy] [context context]
Parameters
groupname SpecifiesthenameoftheSNMPgroupforwhichtoclearaccess.
securitymodelv1| SpecifiesthesecuritymodeltobeclearedfortheSNMPaccessgroup.
v2c|usm
noauthentication| (Optional)ClearsaspecificsecuritylevelfortheSNMPaccessgroup.
authentication|
privacy
contextcontext (Optional)ClearsaspecificcontextfortheSNMPaccessgroup.Enter//
toclearthedefaultcontext.
Defaults
Ifsecuritylevelisnotspecified,alllevelswillbecleared.
Ifcontextisnotspecified,nonewillbeapplied.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoclearSNMPversion3accessforthemisgroupviathe
authenticationprotocol:
B3(su)->clear snmp access mis-group security-model usm authentication
Purpose
ToreviewandconfigureSNMPMIBviews.SNMPviewsmapSNMPobjectstoaccessrights.
Commands
ThecommandsusedtoreviewandconfigureSNMPMIBviewsarelistedbelow.
Syntax
show snmp view [viewname] [subtree oid-or-mibobject] [volatile | nonvolatile |
read-only]
Parameters
viewname (Optional)DisplaysinformationforaspecificMIBview.
subtreeoidormibobject (Optional)DisplaysinformationforaspecificMIBsubtreewhen
viewnameisspecified.
volatile|nonvolatile| (Optional)Displaysentriesforaspecificstoragetype.
readonly
Defaults
Ifnoparametersarespecified,allSNMPMIBviewconfigurationinformationwillbedisplayed.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplaySNMPMIBviewconfigurationinformation:
B3(su)->show snmp view
Table 57providesanexplanationofthecommandoutput.Fordetailsonusingthesetsnmpview
commandtoassignvariables,refertosetsnmpviewonpage 523.
Syntax
show snmp context
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Usage
AnSNMPcontextisacollectionofmanagementinformationthatcanbeaccessedbyanSNMP
agentorentity.ThedefaultcontextallowsallSNMPagentstoaccessallmanagementinformation
(MIBs).Whencreatedusingthesetsnmpaccesscommand(setsnmpaccessonpage 518),other
contextscanbeappliedtolimitaccesstoasubsetofmanagementinformation.
Example
ThisexampleshowshowtodisplayalistofallSNMPcontextsknowntothedevice:
B3(su)->show snmp context
Syntax
set snmp view viewname viewname subtree subtree [mask mask] [included | excluded]
[volatile | nonvolatile]
Parameters
viewnameviewname SpecifiesanameforaMIBview.
subtreesubtree SpecifiesaMIBsubtreename.
maskmask (Optional)Specifiesabitmaskforasubtree.
included| (Optional)Specifiessubtreeuse(default)ornosubtreeuse.
excluded
volatile| (Optional)Specifiestheuseoftemporaryorpermanent(default)storage.
nonvolatile
Defaults
Ifnotspecified,maskwillbesetto255.255.255.255
Ifnotspecified,subtreeusewillbeincluded.
Ifstoragetypeisnotspecified,nonvolatile(permanent)willbeapplied.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtosetanSNMPMIBviewtopublicwithasubtreenameof1.3.6.1
included:
B3(su)->set snmp view viewname public subtree 1.3.6.1 included
Syntax
clear snmp view viewname subtree
Parameters
viewname SpecifiestheMIBviewnametobedeleted.
subtree SpecifiesthesubtreenameoftheMIBviewtobedeleted.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtodeleteSNMPMIBviewpublic:
B3(su)->clear snmp view public 1.3.6.1
Purpose
ToreviewandconfigureSNMPtargetparameters.Thiscontrolswhereandunderwhat
circumstancesSNMPnotificationswillbesent.Atargetparameterentrycanbeboundtoatarget
IPaddressallowedtoreceiveSNMPnotificationmessageswiththesetsnmptargetaddr
command(setsnmptargetaddronpage 530).
Commands
ThecommandsusedtoreviewandconfigureSNMPtargetparametersarelistedbelow.
Syntax
show snmp targetparams [targetParams] [volatile | nonvolatile | read-only]
Parameters
targetParams (Optional)Displaysentriesforaspecifictargetparameter.
volatile|nonvolatile| (Optional)Displaystargetparameterentriesforaspecificstorage
readonly type.
Defaults
IftargetParamsisnotspecified,entriesassociatedwithalltargetparameterswillbedisplayed.
Ifnotspecified,entriesofallstoragetypeswillbedisplayed.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplaySNMPtargetparametersinformation:
B3(su)->show snmp targetparams
Table 58showsadetailedexplanationofthecommandoutput.
Syntax
set snmp targetparams paramsname user user security-model {v1 | v2c | usm} message-
processing {v1 | v2c | v3} [noauthentication | authentication | privacy] [volatile
| nonvolatile]
Parameters
paramsname SpecifiesanameidentifyingparametersusedtogenerateSNMPmessages
toaparticulartarget.
useruser SpecifiesanSNMPv1orv2communitynameoranSNMPv3username.
Maximumlengthis32bytes.
securitymodelv1| SpecifiestheSNMPsecuritymodelappliedtothistargetparameteras
v2c|usm version1,2cor3(usm).
message SpecifiestheSNMPmessageprocessingmodelappliedtothistarget
processingv1|v2c parameterasversion1,2cor3.
|v3
noauthentication| (Optional)SpecifiestheSNMPsecuritylevelappliedtothistarget
authentication| parameterasnoauthentication,authentication(withoutprivacy)or
privacy privacy.Privacyspecifiesthatmessagessentonbehalfoftheuserare
protectedfromdisclosure.
volatile| (Optional)Specifiesthestoragetypeappliedtothistargetparameter.
nonvolatile
Defaults
None.
Ifnotspecified,securitylevelwillbesettonoauthentication.
Ifnotspecified,storagetypewillbesettononvolatile.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtosetSNMPtargetparametersnamedv1ExampleParamsforauser
namedfredusingversion3securitymodelandmessageprocessing,andauthentication:
B3(su)->set snmp targetparams v1ExampleParams user fred security-model usm
message-processing v3 authentication
Syntax
clear snmp targetparams targetParams
Parameters
targetParams SpecifiesthenameoftheparameterintheSNMPtargetparameterstable
tobecleared.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoclearSNMPtargetparametersnamedv1ExampleParams:
B3(su)->clear snmp targetparams v1ExampleParams
Purpose
ToreviewandconfigureSNMPtargetaddresseswhichwillreceiveSNMPnotificationmessages.
AnaddressconfigurationcanbelinkedtooptionalSNMPtransmit,ortarget,parameters(suchas
timeout,retrycount,andUDPport)setwiththesetsnmptargetparamscommand((page527)).
Commands
ThecommandsusedtoreviewandconfigureSNMPtargetaddressesarelistedbelow.
Syntax
show snmp targetaddr [targetAddr] [volatile | nonvolatile | read-only]
Parameters
targetAddr (Optional)Displaysinformationforaspecifictargetaddressname.
volatile|nonvolatile (Optional)Whentargetaddressisspecified,displaystargetaddress
|readonly informationforaspecificstoragetype.
Defaults
IftargetAddrisnotspecified,entriesforalltargetaddressnameswillbedisplayed.
Ifnotspecified,entriesofallstoragetypeswillbedisplayedforatargetaddress.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplaySNMPtargetaddressinformation:
B3(su)->show snmp targetaddr
Target Address Name = labmachine
Tag List = v2cTrap
IP Address = 10.2.3.116
UDP Port# = 162
Target Mask = 255.255.255.255
Timeout = 1500
Retry count = 4
Parameters = v2cParams
Storage type = nonVolatile
Row status = active
Table 59showsadetailedexplanationofthecommandoutput.
Syntax
set snmp targetaddr targetaddr ipaddr param param [udpport udpport] [mask mask]
[timeout timeout] [retries retries] [taglist taglist] [volatile | nonvolatile]
Parameters
targetaddr SpecifiesauniqueidentifiertoindexthesnmpTargetAddrTable.
Maximumlengthis32bytes.
ipaddr SpecifiestheIPaddressofthetarget.
paramparam SpecifiesanentryintheSNMPtargetparameterstable,whichisused
whengeneratingamessagetothetarget.Maximumlengthis32bytes.
udpportudpport (Optional)SpecifieswhichUDPportofthetargethosttouse.
maskmask (Optional)SpecifiestheIPmaskofthetarget.
timeouttimeout (Optional)Specifiesthemaximumroundtriptimeallowedto
communicatetothistargetaddress.Thisvalueisin.01secondsandthe
defaultis1500(15seconds.)
retriesretries (Optional)Specifiesthenumberofmessageretriesallowedifaresponseis
notreceived.Defaultis3.
taglisttaglist (Optional)SpecifiesalistofSNMPnotifytagvalues.Thistagsalocation
tothetargetaddressasaplacetosendnotifications.Listmustbeenclosed
inquotesandtagvaluesmustbeseparatedbyaspace(forexample,
tag1tag2).
volatile| (Optional)Specifiestemporary(default),orpermanentstorageforSNMP
nonvolatile entries.
Defaults
Ifnotspecified,udpportwillbesetto162.
Ifnotspecified,maskwillbesetto255.255.255.255
Ifnotspecified,timeoutwillbesetto1500.
Ifnotspecified,numberofretrieswillbesetto3.
Iftaglistisnotspecified,nonewillbeset.
Ifnotspecified,storagetypewillbenonvolatile.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoconfigureatrapnotificationcalledTrapSink.Thistrapnotification
willbesenttotheworkstation192.168.190.80(whichistargetaddresstr).Itwillusesecurity
andauthorizationcriteriacontainedinatargetparametersentrycalledv2cExampleParams.For
moreinformationonconfiguringabasicSNMPtrap,refertoCreatingaBasicSNMPTrap
Configurationonpage 543:
B3(su)->set snmp targetaddr tr 192.168.190.80 param v2cExampleParams taglist
TrapSink
Syntax
clear snmp targetaddr targetAddr
Parameters
targetAddr Specifiesthetargetaddressentrytodelete.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoclearSNMPtargetaddressentrytr:
B3(su)->clear snmp targetaddr tr
Purpose
ToconfigureSNMPnotificationparametersandoptionalfilters.Notificationsareentitieswhich
handlethegenerationofSNMPv1andv2trapsorSNMPv3informsmessagestoselect
managementtargets.Optionalnotificationfiltersidentifywhichtargetsshouldnotreceive
notifications.ForasampleSNMPtrapconfigurationshowinghowSNMPnotificationparameters
areassociatedwithsecurityandauthorizationcriteria(targetparameters)andmappedtoa
managementtargetaddress,refertoCreatingaBasicSNMPTrapConfigurationonpage 543.
Commands
ThecommandsusedtoconfigureSNMPnotificationparametersandfiltersarelistedbelow.
show newaddrtrap
UsethiscommandtodisplaytheglobalandportspecificstatusoftheSNMPnewMACaddresses
trapfunction.
Syntax
show newaddrtrap [port-string]
Parameters
portstring (Optional)DisplaysthestatusofthenewMACaddressestrapfunction
onspecificports.
Defaults
Ifportstringisnotspecified,thestatusofthenewMACaddressestrapfunctionwillbedisplayed
forallports.
Mode
Switchcommand,readonly.
Usage
Bydefault,thisfunctionisdisabledgloballyandperport.
Example
ThisexampledisplaysthestatusforGigabitEthernetports1through5onunit1.
B3(ro)->show newaddrtrap ge.1.1-5
New Address Traps Globally disabled
set newaddrtrap
UsethiscommandtoenableordisableSNMPtrapmessaging,globallyorononeormoreports,
whennewsourceMACaddressesaredetected.
Syntax
set newaddrtrap [port-string] { enable | disable }
Parameters
portstring (Optional)EnableordisablethenewMACaddressestrapfunctionon
specificports.
enable|disable EnableordisablethenewMACaddressestrapfunction.Ifentered
withouttheportstringparameter,enablesordisablethefunction
globally.Whenenteredwiththeportstringparameter,enablesor
disablesthefunctiononspecificports.
Defaults
Ifportstringisnotspecified,thetrapfunctionissetglobally.
Mode
Switchmode,readwrite.
Usage
ThiscommandenablesanddisablessendingSNMPtrapmessageswhenanewsourceMAC
addressisdetectedbyaport.IftheportisaCDPport,however,trapsfornewsourceMAC
addresseswillnotbesent.
Thedefaultmodeisdisabledgloballyandperport.
Example
ThisexampleenablesthetrapfunctiongloballyandthenonGigabitEthernetports1through5on
unit1.
B3(rw)->set newaddrtrap enable
B3(rw)->set newaddrtrap ge.1.1-5 enable
Syntax
show snmp notify [notify] [volatile | nonvolatile | read-only]
Parameters
notify (Optional)Displaysnotifyentriesforaspecificnotifyname.
volatile| (Optional)Displaysnotifyentriesforaspecificstoragetype.
nonvolatile|read
only
Defaults
Ifanotifynameisnotspecified,allentrieswillbedisplayed.
Ifvolatile,nonvolatileorreadonlyarenotspecified,allstoragetypeentrieswillbedisplayed.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplaytheSNMPnotifyinformation:
B3(su)->show snmp notify
Notify name = 2
Notify Tag = TrapSink
Notify Type = trap
Storage type = nonVolatile
Row status = active
Table 510showsadetailedexplanationofthecommandoutput.
Syntax
set snmp notify notify tag tag [trap | inform] [volatile | nonvolatile]
Parameters
notify SpecifiesanSNMPnotifyname.
tagtag SpecifiesanSNMPnotifytag.ThisbindsthenotifynametotheSNMP
targetaddresstable.
trap|inform (Optional)SpecifiesSNMPv1orv2Trapmessages(default)orSNMPv3
InformRequestmessages.
volatile| (Optional)Specifiestemporary(default),orpermanentstorageforSNMP
nonvolatile entries.
Defaults
Ifnotspecified,messagetypewillbesettotrap.
Ifnotspecified,storagetypewillbesettononvolatile.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtosetanSNMPnotifyconfigurationwithanotifynameofhelloanda
notifytagofworld.Notificationswillbesentastrapmessagesandstoragetypewill
automaticallydefaulttopermanent:
B3(su)->set snmp notify hello tag world trap
Syntax
clear snmp notify notify
Parameters
notify SpecifiesanSNMPnotifynametoclear.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtocleartheSNMPnotifyconfigurationforhello:
B3(su)->clear snmp notify hello
Syntax
show snmp notifyfilter [profile] [subtree oid-or-mibobject] [volatile |
nonvolatile | read-only]
Parameters
profile (Optional)Displaysaspecificnotifyfilter.
subtreeoidor (Optional)Displaysanotifyfilterwithinaspecificsubtree.
mibobject
volatile| (Optional)Displaysnotifyfilterentriesofaspecificstoragetype.
nonvolatile|read
only
Defaults
Ifnoparametersarespecified,allnotifyfilterinformationwillbedisplayed.
Mode
Switchcommand,readonly.
Usage
SeeAboutSNMPNotifyFiltersonpage 533formoreinformationaboutnotifyfilters.
Example
ThisexampleshowshowtodisplaySNMPnotifyfilterinformation.Inthiscase,thenotifyprofile
pilot1insubtree1.3.6willnotreceiveSNMPnotificationmessages:
B3(su)->show snmp notifyfilter
Syntax
set snmp notifyfilter profile subtree oid-or-mibobject [mask mask] [included |
excluded] [volatile | nonvolatile]
Parameters
profile SpecifiesanSNMPfilternotifyname.
subtreeoidor SpecifiesaMIBsubtreeIDtargetforthefilter.
mibobject
maskmask (Optional)Appliesasubtreemask.
included| (Optional)Specifiesthatsubtreeisincludedorexcluded.
excluded
volatile| (Optional)Specifiesastoragetype.
nonvolatile
Defaults
Ifnotspecified,maskisnotset.
Ifnotspecified,subtreewillbeincluded.
Ifstoragetypeisnotspecified,nonvolatile(permanent)willbeapplied.
Mode
Switchcommand,readwrite.
Usage
SeeAboutSNMPNotifyFiltersonpage 533formoreinformationaboutnotifyfilters.
Example
ThisexampleshowshowtocreateanSNMPnotifyfiltercalledpilot1withaMIBsubtreeIDof
1.3.6:
B3(su)->set snmp notifyfilter pilot1 subtree 1.3.6
Syntax
clear snmp notifyfilter profile subtree oid-or-mibobject
Parameters
profile SpecifiesanSNMPfilternotifynametodelete.
subtreeoidor SpecifiesaMIBsubtreeIDcontainingthefiltertobedeleted.
mibobject
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtodeletetheSNMPnotifyfilterpilot1:
B3(su)->clear snmp notifyfilter pilot1 subtree 1.3.6
Syntax
show snmp notifyprofile [profile] [targetparam targetparam] [volatile |
nonvolatile | read-only]
Parameters
profile (Optional)Displaysaspecificnotifyprofile.
targetparam (Optional)Displaysentriesforaspecifictargetparameter.
targetparam
volatile| (Optional)Displaysnotifyfilterentriesofaspecificstoragetype.
nonvolatile|read
only
Defaults
Ifnoparametersarespecified,allnotifyprofileinformationwillbedisplayed.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplaySNMPnotifyinformationfortheprofilenamedarea51:
B3(su)->show snmp notifyprofile area51
Syntax
set snmp notifyprofile profile targetparam targetparam [volatile | nonvolatile]
Parameters
profile SpecifiesanSNMPfilternotifyname.
targetparam SpecifiesanassociatedentryintheSNMPTargetParamsTable.
targetparam
volatile| (Optional)Specifiesastoragetype.
nonvolatile
Defaults
If storage type is not specified, nonvolatile (permanent) will be applied.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtocreateanSNMPnotifyprofilenamedarea51andassociateatarget
parametersentry.
B3(su)->set snmp notifyprofile area51 targetparam v3ExampleParams
Syntax
clear snmp notifyprofile profile targetparam targetparam
Parameters
profile SpecifiesanSNMPfilternotifynametodelete.
targetparam SpecifiesanassociatedentryinthesnmpTargetParamsTable.
targetparam
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtodeleteSNMPnotifyprofilearea51:
B3(su)->clear snmp notifyprofile area51 targetparam v3ExampleParams
Note: This example illustrates how to configure an SNMPv2 trap notification. Creating an
SNMPv1 or v3 Trap, or an SNMPv3 Inform notification would require using the same commands
with different parameters, where appropriate. Always ensure that v1/v2 communities or v3 users
used for generating traps or informs are pre-configured with enough privileges to access
corresponding MIBs.
CompleteanSNMPv2trapconfigurationonaSecureStackB3deviceasfollows:
1. CreateacommunitynamethatwillactasanSNMPuserpassword.
2. CreateanSNMPtargetparametersentrytoassociatesecurityandauthorizationcriteriatothe
usersinthecommunitycreatedinStep1.
3. VerifyifanyapplicableSNMPnotificationentriesexist,orcreateanewone.Youwillusethis
entrytosendSNMPnotificationmessagestotheappropriatemanagementtargetscreatedin
Step 2.
4. CreateatargetaddressentrytobindamanagementIPaddressto:
ThenotificationentryandtagnamecreatedinStep3and
ThetargetparametersentrycreatedinStep2.
Table 511showsthecommandsusedtocompleteanSNMPv2trapconfigurationona
SecureStackB3device.
Create an SNMP target parameters entry. set snmp targetparams (set snmp targetparams on
page 5-27)
Verify if any applicable SNMP notification show snmp notify (show snmp notify on page 5-36)
entries exist.
Create a new notification entry. set snmp notify (set snmp notify on page 5-37)
Create a target address entry. set snmp targetaddr (set snmp targetaddr on
page 5-30)
Example
Thisexampleshowshowto:
CreateanSNMPcommunitycalledmgmt.
ConfigureatrapnotificationcalledTrapSink.
Thistrapnotificationwillbesentwiththecommunitynamemgmttotheworkstation
192.168.190.80(whichistargetaddresstr).Itwillusesecurityandauthorizationcriteriacontained
inatargetparametersentrycalledv2cExampleParams.
B3(su)->set snmp community mgmt
B3(su)->set snmp targetparams v2cExampleParams user mgmt
security-model v2c message-processing v2c
B3(su)->set snmp notify entry1 tag TrapSink
B3(su)->set snmp targetaddr tr 192.168.190.80 param v2cExampleParams taglist
TrapSink
ThischapterdescribestheSpanningTreeConfigurationsetofcommandsandhowtousethem.
Caution: Spanning Tree configuration should be performed only by personnel who are very
knowledgeable about Spanning Trees and the configuration of the Spanning Tree Algorithm.
Otherwise, the proper operation of the network could be at risk.
RSTP
TheIEEE802.1wRapidSpanningProtocol(RSTP),anevolutionof802.1D,canachievemuch
fasterconvergencethanlegacySTPinaproperlyconfigurednetwork.RSTPsignificantlyreduces
thetimetoreconfigurethenetworksactivetopologywhenphysicaltopologyorconfiguration
parameterchangesoccur.ItselectsoneswitchastherootofaSpanningTreeconnectedactive
topologyandassignsportrolestoindividualportsontheswitch,dependingonwhetherthatport
ispartoftheactivetopology.
RSTPprovidesrapidconnectivityfollowingthefailureofaswitch,switchport,oraLAN.Anew
rootportandthedesignatedportontheothersideofthebridgetransitiontoforwardingthrough
anexplicithandshakebetweenthem.Bydefault,userportsareconfiguredtorapidlytransitionto
forwardinginRSTP.
MSTP
TheIEEE802.1sMultipleSpanningTreeProtocol(MSTP)buildsupon802.1DandRSTPby
optimizingutilizationofredundantlinksbetweenswitchesinanetwork.Whenredundantlinks
existbetweenapairofswitchesrunningsingleSTP,onelinkisforwardingwhiletheothersare
blockingforalltrafficflowingbetweenthetwoswitches.Theblockinglinksareeffectivelyused
onlyiftheforwardinglinkgoesdown.MSTPassignseachVLANpresentonthenetworktoa
particularSpanningTreeinstance,allowingeachswitchporttobeinadistinctstateforeachsuch
instance:blockingforoneSpanningTreewhileforwardingforanother.Thus,trafficassociated
withonesetofVLANscantraverseaparticularinterswitchlink,whiletrafficassociatedwith
anothersetofVLANscanbeblockedonthatlink.IfVLANsareassignedtoSpanningTrees
wisely,nointerswitchlinkwillbecompletelyidle,maximizingnetworkutilization.
FordetailsoncreatingSpanningTreeinstances,refertosetspantreemstionpage 612.
FordetailsonmappingSpanningTreeinstancestoVLANs,refertosetspantreemstmapon
page 614.
Note: MSTP and RSTP are fully compatible and interoperable with each other and with legacy
STP 802.1D.
Note: The term bridge is used as an equivalent to the term switch or device in this document.
Purpose
TodisplayandsetSpanningTreebridgeparameters,includingdevicepriorities,hellotime,
maximumwaittime,forwarddelay,pathcost,andtopologychangetrapsuppression.
Commands
ThecommandsusedtoreviewandsetSpanningTreebridgeparametersarelistedbelow.
Syntax
show spantree stats [port port-string] [sid sid] [active]
Parameters
portportstring (Optional)Displaysinformationforthespecifiedport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 41.
sidsid (Optional)DisplaysinformationforaspecificSpanningTreeidentifier.If
notspecified,SID0isassumed.
active (Optional)DisplaysinformationforportsthathavereceivedSTPBPDUs
sinceboot.
Defaults
Ifportstringisnotspecified,SpanningTreeinformationforallportswillbedisplayed.
Ifsidisnotspecified,informationforSpanningTree0willbedisplayed.
Ifactiveisnotspecifiedinformationforallportswillbedisplayedregardlessofwhetherornot
theyhavereceivedBPDUs.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplaythedevicesSpanningTreeconfiguration:
B3(su)->show spantree stats
Table 61showsadetailedexplanationofcommandoutput.
sssssssss
Designated Root MacAddr MAC address of the designated Spanning Tree root bridge.
Designated Root Port Port through which the root bridge can be reached.
Root Max Age Amount of time (in seconds) a BPDU packet should be considered valid.
Root Hello Time Interval (in seconds) at which the root device sends BPDU (Bridge Protocol
Data Unit) packets.
Root Forward Delay Amount of time (in seconds) the root device spends in listening or learning
mode.
Bridge ID MAC Address Unique bridge MAC address, recognized by all bridges in the network.
Bridge ID Priority Bridge priority, which is a default value, or is assigned using the set
spantree priority command. For details, refer to set spantree priority on
page 6-18.
Bridge Max Age Maximum time (in seconds) the bridge can wait without receiving a
configuration message (bridge hello) before attempting to reconfigure.
This is a default value, or is assigned using the set spantree maxage
command. For details, refer to set spantree maxage on page 6-20.
Bridge Hello Time Amount of time (in seconds) the bridge sends BPDUs. This is a default
value, or is assigned using the set spantree hello command. For details,
refer to set spantree hello on page 6-19.
Bridge Forward Delay Amount of time (in seconds) the bridge spends in listening or learning
mode. This is a default value, or is assigned using the set spantree
fwddelay command. For details, refer to set spantree fwddelay on
page 6-21.
Topology Change Count Number of times topology has changed on the bridge.
Time Since Top Change Amount of time (in days, hours, minutes and seconds) since the last
topology change.
Max Hops Maximum number of hops information for a particular Spanning Tree
instance may traverse (via relay of BPDUs within the applicable MST
region) before being discarded.
set spantree
UsethiscommandtogloballyenableordisabletheSpanningTreeprotocolontheswitch.
Syntax
set spantree {disable | enable}
Parameters
disable|enable GloballydisablesorenablesSpanningTree.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtodisableSpanningTreeonthedevice:
B3(su)->set spantree disable
Syntax
show spantree version
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplaySpanningTreeversioninformationforthedevice:
B3(su)->show spantree version
Force Version is mstp
Syntax
set spantree version {mstp | stpcompatible | rstp}
Parameters
mstp SetstheversiontoSTP802.1scompatible.
stpcompatible SetstheversiontoSTP802.1Dcompatible.
rstp Setstheversionto802.1wcompatible.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
Inmostnetworks,SpanningTreeversionshouldnotbechangedfromitsdefaultsettingofmstp
(MultipleSpanningTreeProtocol)mode.MSTPmodeisfullycompatibleandinteroperablewith
legacySTP802.1DandRapidSpanningTree(RSTP)bridges.Settingtheversiontostpcompatible
modewillcausethebridgetotransmitonly802.1DBPDUs,andwillpreventnonedgeportsfrom
rapidlytransitioningtoforwardingstate.
Example
ThisexampleshowshowtogloballychangetheSpanningTreeversionfromthedefaultofMSTP
toRSTP:
B3(su)->set spantree version rstp
Syntax
clear spantree version
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoresettheSpanningTreeversion:
B3(su)->clear spantree version
Syntax
show spantree bpdu-forwarding
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplaytheSpanningTreeBPDUforwardingmode:
B3(su)->show spantree bpdu-forwarding
BPDU forwarding is disabled.
Syntax
set spantree bpdu-forwarding {disable | enable}
Parameters
disable|enable DisablesorenablesBPDUforwarding;.
Defaults
BydefaultBPDUforwardingisdisabled.
Mode
Switchcommand,readwrite.
Usage
TheSpanningTreeprotocolmustbedisabled(setspantreedisable)forthisfeaturetotakeeffect.
Example
ThisexampleshowshowtoenableBPDUforwarding:
B3(rw)-> set spantree bpdu-forwarding enable
Syntax
show spantree bridgeprioritymode
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplaytheSpanningTreebridgeprioritymodesetting:
B3(rw)->show spantree bridgeprioritymode
Bridge Priority Mode is set to IEEE802.1t mode.
Syntax
set spantree bridgeprioritymode {8021d | 8021t}
Parameters
8021d Setsthebridgeprioritymodetouse802.1D(legacy)values,whichare0
65535.
8021t Setsthebridgeprioritymodetouse802.1tvalues,whichare0to61440,in
incrementsof4096.Valueswillautomaticallyberoundedupordown,
dependingonthe802.1tvaluetowhichtheenteredvalueisclosest.
Thisisthedefaultbridgeprioritymode.
Defaults
None
Mode
Switchcommand,readwrite.
Usage
Themodeaffectstherangeofpriorityvaluesusedtodeterminewhichdeviceisselectedasthe
SpanningTreerootasdescribedinsetspantreepriority(setspantreepriorityonpage 618).The
defaultfortheswitchistouse802.1tbridgeprioritymode.
Example
Thisexampleshowshowtosetthebridgeprioritymodeto802.1D:
B3(rw)->set spantree bridgeprioritymode 8021d
Syntax
clear spantree bridgeprioritymode
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoresetthebridgeprioritymodeto802.1t:
B3(rw)->clear spantree bridgeprioritymode
Syntax
show spantree mstilist
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplayalistofMSTinstances.Inthiscase,SID2hasbeenconfigured:
B3(su)->show spantree mstilist
Configured Multiple Spanning Tree instances:
2
Syntax
set spantree msti sid sid {create | delete}
Parameters
sidsid SetstheMultipleSpanningTreeID.Validvaluesare14094.
SecureStackB3deviceswillsupportupto4MSTinstances.
create|delete CreatesordeletesanMSTinstance.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtocreateanMSTinstance2:
B3(su)->set spantree msti sid 2 create
Syntax
clear spantree msti [sid sid]
Parameters
sidsid (Optional)DeletesaspecificmultipleSpanningTreeID.
Defaults
Ifsidisnotspecified,allMSTinstanceswillbecleared.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtodeleteallMSTinstances:
B3(su)->clear spantree msti
Syntax
show spantree mstmap [fid fid]
Parameters
fidfid (Optional)DisplaysinformationforspecificFIDs.
Defaults
Iffidisnotspecified,informationforallassignedFIDswillbedisplayed.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplaySIDtoFIDmappinginformationforFID1.Inthiscase,no
newmappingshavebeenconfigured:
B3(su)->show spantree mstmap fid 1
FID: SID:
1 0
Syntax
set spantree mstmap fid [sid sid]
Parameters
fid SpecifiesoneormoreFIDstoassigntotheMST.Validvaluesare14093,
andmustcorrespondtoaVLANIDcreatedusingthesetvlancommand.
sidsid (Optional)SpecifiesaMultipleSpanningTreeID.Validvaluesare14094,
andmustcorrespondtoaSIDcreatedusingthesetmsticommand.
Defaults
Ifsidisnotspecified,FID(s)willbemappedtoSpanningTree0.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtomapFID3toSID2:
B3(su)->set spantree mstmap 3 sid 2
Syntax
clear spantree mstmap fid
Parameters
fid SpecifiesoneormoreFIDstoresetto0.
Defaults
Iffidisnotspecified,allSIDtoFIDmappingswillbereset.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtomapFID2backtoSID0:
B3(su)->clear spantree mstmap 2
Syntax
show spantree vlanlist [vlan-list]
Parameters
vlanlist (Optional)DisplaysSIDsassignedtospecificVLAN(s).
Defaults
Ifnotspecified,SIDassignmentwillbedisplayedforallVLANs.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplaytheSIDsmappedtoVLAN1.Inthiscase,SIDs2,16and42
aremappedtoVLAN1.Forthisinformationtodisplay,theSIDinstancemustbecreatedusingthe
setspantreemsticommandasdescribedinsetspantreemstionpage 612,andtheFIDsmust
bemappedtoSID 1usingthesetspantreemstmapcommandasdescribedinsetspantree
mstmaponpage 614:
B3(su)->show spantree vlanlist 1
The following SIDS are assigned to VLAN 1: 2 16 42
Syntax
show spantree mstcfgid
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplaytheMSTconfigurationidentifierelements.Inthiscase,the
defaultrevisionlevelof0,andthedefaultconfigurationname(astringrepresentingthebridge
MACaddress)havenotbeenchanged.Forinformationonusingthesetspantreemstcfgid
commandtochangethesesettings,refertosetspantreemstcfgidonpage 616:
B3(su)->show spantree mstcfgid
MST Configuration Identifier:
Format Selector: 0
Configuration Name: 00:01:f4:89:51:94
Revision Level: 0
Configuration Digest: ac:36:17:7f:50:28:3c:d4:b8:38:21:d8:ab:26:de:62
Syntax
set spantree mstcfgid {cfgname name | rev level}
Parameters
cfgnamename SpecifiesanMSTconfigurationname.
revlevel SpecifiesanMSTrevisionlevel.Validvaluesare065535.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtosettheMSTconfigurationnametomstconfig:
B3(su)->set spantree mstconfigid cfgname mstconfig
Syntax
clear spantree mstcfgid
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoresettheMSTconfigurationidentifierelementstodefaultvalues:
B3(su)->clear spantree mstcfgid
Syntax
set spantree priority priority [sid]
Parameters
priority Specifiesthepriorityofthebridge.Validvaluesarefrom0to61440(in
incrementsof4096),with0indicatinghighestpriorityand61440
lowestpriority.
sid (Optional)SetsthepriorityonaspecificSpanningTree.Validvalues
are04094.Ifnotspecified,SID 0isassumed.
Defaults
Ifsidisnotspecified,prioritywillbesetonSpanningTree0.
Mode
Switchcommand,readwrite.
Usage
Thedevicewiththehighestpriority(lowestnumericalvalue)becomestheSpanningTreeroot
device.Ifalldeviceshavethesamepriority,thedevicewiththelowestMACaddresswillthen
becometherootdevice.Dependingonthebridgeprioritymode(setwiththesetspantree
bridgeprioritymodecommanddescribedinsetspantreebridgeprioritymodeonpage 611,
somepriorityvaluesmayberoundedupordown.
Example
Thisexampleshowshowtosetthebridgepriorityto4096onSID1:
B3(su)->set spantree priority 4096 1
Syntax
clear spantree priority [sid]
Parameters
sid (Optional)ResetsthepriorityonaspecificSpanningTree.Validvalues
are04094.Ifnotspecified,SID 0isassumed.
Defaults
Ifsidisnotspecified,prioritywillberesetonSpanningTree0.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoresetthebridgepriorityonSID1:
B3(su)->clear spantree priority 1
Syntax
set spantree hello interval
Parameters
interval Specifiesthenumberofsecondsthesystemwaitsbeforebroadcastinga
bridgehellomessage(amulticastmessageindicatingthatthesystemis
active).Validvaluesare110.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtogloballysettheSpanningTreehellotimeto10seconds:
B3(su)->set spantree hello 10
Syntax
clear spantree hello
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtogloballyresettheSpanningTreehellotime:
B3(su)->clear spantree hello
Syntax
set spantree maxage agingtime
Parameters
agingtime Specifiesthemaximumnumberofsecondsthatthesystemretainsthe
informationreceivedfromotherbridgesthroughSTP.Validvaluesare6
40.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
Thebridgemaximumagingtimeisthemaximumtime(inseconds)adevicecanwaitwithout
receivingaconfigurationmessage(bridgehello)beforeattemptingtoreconfigure.Alldevice
ports(exceptfordesignatedports)shouldreceiveconfigurationmessagesatregularintervals.
AnyportthatagesoutSTPinformationprovidedinthelastconfigurationmessagebecomesthe
designatedportfortheattachedLAN.Ifitisarootport,anewrootportisselectedfromamong
thedeviceportsattachedtothenetwork.
Example
Thisexampleshowshowtosetthemaximumagingtimeto25seconds:
B3(su)->set spantree maxage 25
Syntax
clear spantree maxage
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtogloballyresetthemaximumagingtime:
B3(su)->clear spantree maxage
Syntax
set spantree fwddelay delay
Parameters
delay Specifiesthenumberofsecondsforthebridgeforwarddelay.Validvalues
are430.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
Theforwarddelayisthemaximumtime(inseconds)therootdevicewillwaitbeforechanging
states(i.e.,listeningtolearningtoforwarding).Thisdelayisrequiredbecauseeverydevicemust
receiveinformationabouttopologychangesbeforeitstartstoforwardframes.Inaddition,each
portneedstimetolistenforconflictinginformationthatwouldmakeitreturntoablockingstate;
otherwise,temporarydataloopsmightresult.
Example
Thisexampleshowshowtogloballysetthebridgeforwarddelayto16seconds:
B3(su)->set spantree fwddelay 16
Syntax
clear spantree fwddelay
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtogloballyresetthebridgeforwarddelay:
B3(su)->clear spantree fwddelay
Syntax
show spantree backuproot [sid]
Parameters
sid (Optional)DisplaybackuprootstatusforaspecificSpanningTree
identifier.Validvaluesare04094.Ifnotspecified,SID0isassumed.
Defaults
IfaSIDisnotspecified,thenstatuswillbeshownforSpanningTreeinstance0.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplaythestatusofthebackuprootfunctiononSID0:
Syntax
set spantree backuproot sid {disable | enable}
Parameters
sid SpecifiestheSpanningTreeinstanceonwhichtoenableordisablethe
backuprootfunction.Validvaluesare04094.
disable|enable Enablesordisablesthebackuprootfunction.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
TheSpanningTreebackuprootfunctionisdisabledbydefaultontheSecureStackB3.Whenthis
featureisenabledandtheswitchisdirectlyconnectedtotherootbridge,staleSpanningTree
informationispreventedfromcirculatingiftherootbridgeislost.Iftherootbridgeislost,the
backuprootwilldynamicallyloweritsbridgeprioritysothatitwillbeselectedasthenewroot
overthelostrootbridge.
Example
ThisexampleshowshowtoenablethebackuprootfunctiononSID2:
B3(rw)->set spantree backuproot 2 enable
Syntax
clear spantree backuproot sid
Parameters
sid SpecifiestheSpanningTreeonwhichtoclearthebackuproot
function.Validvaluesare04094.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoresetthebackuprootfunctiontodisabledonSID2:
B3(rw)->clear spantree backuproot 2
Syntax
show spantree tctrapsuppress
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplaythestatusoftopologychangetrapsuppression:
B3(rw)->show spantree tctrapsuppress
Topology change Trap Suppression is set to enabled
Syntax
set spantree tctrapsuppress {disable | enable}
Parameters
disable|enable Disablesorenablestopologychangetrapsuppression.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
Bydefault,RSTPnonedge(bridge)portsthattransitiontoforwardingorblockingcausethe
switchtoissueatopologychangetrap.Whentopologychangetrapsuppressionisenabled,which
isthedevicedefault,edgeports(suchasendstationPCs)arepreventedfromsendingtopology
changetraps.Thisisbecausethereisusuallynoneedfornetworkmanagementtomonitoredge
portSTPtransitionstates,suchaswhenPCsarepoweredon.Whentopologychangetrap
suppressionisdisabled,allports,includingedgeandbridgeports,willtransmittopologychange
traps.
Example
ThisexampleshowshowtoallowRapidSpanningTreeedgeportstotransmittopologychange
traps:
B3(rw)->set spantree tctrapsuppress disable
Syntax
clear spantree tctrapsuppress
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtocleartopologychangetrapsuppressionsetting:
B3(rw)->clear spantree tctrapsuppress
Syntax
set spantree protomigration <port-string>
Parameters
portstring Resettheprotocolstatemigrationmachineforspecificport(s).Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 41.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoresettheprotocolstatemigrationmachineonport20:
B3(su)->set spantree protomigration ge.1.20
Syntax
show spantree spanguard
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplaythespanguardfunctionstatus:
B3(su)->show spantree spanguard
Spanguard is disabled
Syntax
set spantree spanguard {enable | disable}
Parameters
enable|disable Enablesordisablesthespanguardfunction.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
Spanguardisdesignedtodisable,orlockoutanedgeportwhenanunexpectedBPDUis
received.Theportcanbeconfiguredtobereenabledafterasettimeperiod,oronlyaftermanual
intervention.
Aportcanbedefinedasanedge(user)portusingthesetspantreeadminedgecommand,
describedinsetspantreeadminedgeonpage 640.Aportdesignatedasanedgeportis
expectedtobeconnectedtoaworkstationorotherendusertypeofdevice,andnottoanother
switchinthenetwork.WhenSpanguardisenabled,ifanonloopbackBPDUisreceivedonan
edgeport,theSpanningTreestateofthatportwillbechangedtoblockingandwillnolonger
forwardtraffic.Theportwillremaindisableduntiltheamountoftimedefinedbysetspantree
spanguardtimeout(setspantreespanguardtimeoutonpage 629)haspassedsincethelastseen
BPDU,theportismanuallyunlocked(setorclearspantreespanguardlock,clear/setspantree
spanguardlockonpage 630),theconfigurationoftheportischangedsoitisnotlongeranedge
port,orthespanguardfunctionisdisabled.
Spanguardisenabledanddisabledonlyonaglobalbasisacrossthestack.Bydefault,spanguard
isdisabledandspanguardtrapsareenabled.
Example
Thisexampleshowshowtoenablethespanguardfunction:
B3(rw)->set spantree spanguard enable
Syntax
clear spantree spanguard
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoresetthestatusofthespanguardfunctiontodisabled:
B3(rw)->clear spantree spanguard
Syntax
show spantree spanguardtimeout
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplaythespanguardtimeoutsetting:
B3(su)->show spantree spanguardtimeout
Spanguard timeout: 300
Syntax
set spantree spanguardtimeout timeout
Parameters
timeout Specifiesatimeoutvalueinseconds.Validvaluesare0to65535.
Avalueof0willkeeptheportlockeduntilmanuallyunlocked.Thedefault
valueis300seconds.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtosetthespanguardtimeoutto600seconds:
B3(su)->set spantree spanguardtimeout 600
Syntax
clear spantree spanguardtimeout
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoresetthespanguardtimeoutto300seconds:
B3(rw)->clear spantree spanguardtimeout
Syntax
show spantree spanguardlock [port-string]
Parameters
portstring (Optional)Specifiestheport(s)forwhichtoshowspanguardlockstatus.
Foradetaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 41.
Defaults
Ifnoportstringisspecified,thespanguardlockstatusforallportsisdisplayed.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplaythespanguardlockstatusforge.1.1:
B3(su)->show spantree spanguardlock ge.1.1
Port ge.1.1 is Unlocked
Syntax
clear spantree spanguardlock port-string
set spantree spanguardlock port-string
Parameters
portstring Specifiesport(s)tounlock.Foradetaileddescriptionofpossibleportstring
values,refertoPortStringSyntaxUsedintheCLIonpage 41.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtounlockportge.1.16:
B3(rw)->clear spantree spanguardlock ge.1.16
Syntax
show spantree spanguardtrapenable
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplaythestateofthespanguardtrapfunction:
B3(ro)->show spantree spanguardtrapenable
Spanguard SNMP traps are enabled
Syntax
set spantree spanguardtrapenable {disable | enable}
Parameters
disable|enable Disablesorenablessendingspanguardtraps.Bydefault,sendingtraps
isenabled.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtodisablethespanguardtrapfunction:
B3(su)->set spantree spanguardtrapenable disable
Syntax
clear spantree spanguardtrapenable
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoresetthespanguardtrapfunctiontoenabled:
B3(rw)->clear spantree spanguardtrapenable
Syntax
show spantree legacypathcost
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplaythedefaultSpanningTreepathcostsetting.
B3(su)->show spantree legacypathcost
Legacy Path Cost is disabled.
Syntax
set spantree legacypathcost {disable | enable}
Parameters
disable Use802.1t2001valuestocalculatepathcost.
enable Use802.1d1998valuestocalculatepathcost.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
Bydefault,legacypathcostisdisabled.Enablingthedevicetocalculatelegacypathcostsaffects
therangeofvalidvaluesthatcanbeenteredinthesetspantreeadminpathcostcommand.
Example
Thisexampleshowshowtosetthedefaultpathcostvaluesto802.1D.
B3(rw)->set spantree adminpathcost enable
Syntax
clear spantree legacypathcost
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleclearsthelegacypathcostto802.1tvalues.
B3(rw)->clear spantree legacypathcost
Purpose
TodisplayandsetSpanningTreeportparameters.
Commands
ThecommandsusedtoreviewandsetSpanningTreeportparametersarelistedbelow.
Syntax
set spantree portadmin port-string {disable | enable}
Parameters
portstring Specifiestheport(s)forwhichtoenableordisableSpanningTree.Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 41.
disable|enable DisablesorenablesSpanningTree.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtodisableSpanningTreeonfe.1.5:
B3(rw)->set spantree portadmin fe.1.5 disable
Syntax
clear spantree portadmin port-string
Parameters
portstring Resetsthedefaultadminstatusonspecificport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 41.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoresetthedefaultSpanningTreeadminstatetoenableonfe.1.12:
B3(rw)->clear spantree portadmin fe.1.12
Syntax
show spantree portadmin [port port-string]
Parameters
portportstring (Optional)Displaysstatusforspecificport(s).Foradetaileddescriptionof
possibleportstringvalues,refertoPortStringSyntaxUsedintheCLI
onpage 41.
Defaults
Ifportstringisnotspecified,statuswillbedisplayedforallports.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplayportadminstatusforge.1.1:
B3(ro)->show spantree portadmin port ge.1.1
Port ge.1.1 has portadmin set to enabled
Syntax
show spantree portpri [port port-string] [sid sid]
Parameters
portportstring (Optional)Specifiestheport(s)forwhichtodisplaySpanningTreepriority.
Foradetaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 41.
sidsid (Optional)DisplaysportpriorityforaspecificSpanningTreeidentifier.
Validvaluesare04094.Ifnotspecified,SID0isassumed.
Defaults
Ifportstringisnotspecified,portprioritywillbedisplayedforallSpanningTreeports.
Ifsidisnotspecified,portprioritywillbedisplayedforSpanningTree0.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplaytheportpriorityforfe.2.7:
B3(su)->show spantree portpri port fe.2.7
Port fe.2.7 has a Port Priority of 128 on SID 0
Syntax
set spantree portpri port-string priority [sid sid]
Parameters
portstring Specifiestheport(s)forwhichtosetSpanningTreeportpriority.Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 41.
priority SpecifiesanumberthatrepresentsthepriorityofalinkinaSpanningTree
bridge.Validvaluesarefrom0to240(inincrementsof16)with0
indicatinghighpriority.
sidsid (Optional)SetsportpriorityforaspecificSpanningTreeidentifier.Valid
valuesare04094.Ifnotspecified,SID0isassumed.
Defaults
Ifsidisnotspecified,portprioritywillbesetforSpanningTree0.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtosetthepriorityoffe.1.3to240onSID1
B3(su)->set spantree portpri fe.1.3 240 sid 1
Syntax
clear spantree portpri port-string [sid sid]
Parameters
portstring Specifiestheport(s)forwhichtosetSpanningTreeportpriority.Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 41.
sidsid (Optional)ResetstheportpriorityforaspecificSpanningTreeidentifier.
Validvaluesare04094.Ifnotspecified,SID0willbeassumed.
Defaults
If sid is not specified, port priority will be set for Spanning Tree 0.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoresetthepriorityoffe.1.3to128onSID1
B3(su)->clear spantree portpri fe.1.3 sid 1
Syntax
show spantree adminpathcost [port port-string] [sid sid]
Parameters
portportstring (Optional)Displaystheadminpathcostvalueforspecificport(s).Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 41.
sidsid (Optional)DisplaystheadminpathcostforaspecificSpanningTree
identifier.Validvaluesare04094.Ifnotspecified,SID0willbeassumed.
Defaults
Ifportstringisnotspecified,adminpathcostforallSpanningTreeportswillbedisplayed.
Ifsidisnotspecified,adminpathcostforSpanningTree0willbedisplayed.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplaytheadminpathcostforfe.3.4onSID1:
B3(su)->show spantree adminpathcost port fe.3.4 sid 1
Port fe.3.4 has a Port Admin Path Cost of 0 on SID 1
Syntax
set spantree adminpathcost port-string cost [sid sid]
Parameters
portstring Specifiestheport(s)onwhichtosetanadminpathcost.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 41.
cost Specifiestheportpathcost.Va1idvaluesare0200000000.
sidsid (Optional)SetstheadminpathcostforaspecificSpanningTreeidentifier.
Validvaluesare04094.Ifnotspecified,SID0willbeassumed.
Defaults
Ifsidisnotspecified,adminpathcostwillbesetforSpanningTree0.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtosettheadminpathcostto200forfe.3.2onSID1:
B3(su)->set spantree adminpathcost fe.3.2 200 sid 1
Syntax
clear spantree adminpathcost port-string [sid sid]
Parameters
portstring Specifiestheport(s)forwhichtoresetadminpathcost.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntax
UsedintheCLIonpage 41.
sidsid (Optional)ResetstheadminpathcostforspecificSpanningTree(s).
Validvaluesare04094.Ifnotspecified,SID0isassumed.
Defaults
Ifsidisnotspecified,adminpathcostwillberesetforSpanningTree0.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoresettheadminpathcostto0forfe.3.2onSID1:
B3(su)->clear spantree adminpathcost fe.3.2 sid 1
Syntax
show spantree adminedge [port port-string]
Parameters
portstring (Optional)Displaysedgeportadministrativestatusforspecific
port(s).Foradetaileddescriptionofpossibleportstringvalues,
refertoPortStringSyntaxUsedintheCLIonpage 41.
Defaults
IfportstringisnotspecifiededgeportadministrativestatuswillbedisplayedforallSpanningTree
ports.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplaytheedgeportstatusforfe.3.2:
B3(su)->show spantree adminedge port fe.3.2
Port fe.3.2 has a Port Admin Edge of Edge-Port
Syntax
set spantree adminedge port-string {true | false}
Parameters
portstring Specifiestheedgeport.Foradetaileddescriptionofpossibleportstring
values,refertoPortStringSyntaxUsedintheCLIonpage 41.
true|false Enables(true)ordisables(false)thespecifiedportasaSpanningTreeedge
port.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
Thedefaultbehavioroftheedgeportadministrativestatusbeginswiththevaluesettofalse
initiallyafterthedeviceispoweredup.IfaSpanningTreeBDPUisnotreceivedontheportwithin
afewseconds,thestatussettingchangestotrue.
Example
Thisexampleshowshowtosetfe.1.11asanedgeport:
B3(su)->set spantree adminedge fe.1.11 true
Syntax
clear spantree adminedge port-string
Parameters
portstring Specifiesport(s)onwhichtoresetedgeportstatus.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 41.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoresetfe.1.11asanonedgeport:
B3(su)->clear spantree adminedge fe.1.11
ThischapterdescribestheSecureStackB3systemscapabilitiestoimplement802.1QvirtualLANs
(VLANs).
Note: The device can support up to 1024 802.1Q VLANs. The allowable range for VLAN IDs is 1
to 4093. As a default, all ports on the device are assigned to VLAN ID 1, untagged.
IftheSecureStackB3deviceistobeconfiguredformultipleVLANs,itmaybedesirableto
configureamanagementonlyVLAN.ThisallowsastationconnectedtothemanagementVLAN
tomanagethedevice.Italsomakesmanagementsecurebypreventingconfigurationviaports
assignedtootherVLANs.
TocreateasecuremanagementVLAN,youmust:
2. Set the PVID for the desired switch port to the VLAN created in Step 1. 7-9
3. Add the desired switch port to the egress list for the VLAN created in 7-16
Step 1.
ThecommandsusedtocreateasecuremanagementVLANarelistedinTable 71.Thisexample
assumesthemanagementstationisattachedtofe.1.1andwantsuntaggedframes.
Theprocessdescribedherewouldberepeatedoneverydevicethatisconnectedinthenetworkto
ensurethateachdevicehasasecuremanagementVLAN.
Create a new VLAN and confirm settings. set vlan create 2 (set vlan on page 7-5)
Set the PVID to the new VLAN. set port vlan fe.1.1 2 (set port vlan on page 7-9)
Add the port to the new VLANs egress list. set vlan egress 2 fe.1.1 untagged (set vlan egress on
page 7-16)
Remove the port from the default VLANs clear vlan egress 1 fe.1.1 (clear vlan egress on
egress list. page 7-17)
Assign host status to the VLAN. set host vlan 2 (set host vlan on page 7-21)
Set a private community name and access set snmp community private (set snmp community
policy and confirm settings. on page 5-14)
Viewing VLANs
Purpose
TodisplayalistofVLANscurrentlyconfiguredonthedevice,todeterminehowoneormore
VLANswerecreated,theportsallowedanddisallowedtotransmittrafficbelongingtoVLAN(s),
andifthoseportswilltransmitthetrafficwithaVLANtagincluded.
Commands
ThecommandusedtoviewVLANsislistedbelow.
show vlan
UsethiscommandtodisplayallinformationrelatedtooneormoreVLANs.
Syntax
show vlan [static] [vlan-list] [portinfo [vlan vlan-list | vlan-name] [port port-
string]]
Parameters
static (Optional)DisplaysinformationrelatedtostaticVLANs.StaticVLANsare
manuallycreatedusingthesetvlancommand(setvlanonpage 75),
SNMPMIBs,ortheWebViewmanagementapplication.ThedefaultVLAN,
VLAN1,isalwaysstaticallyconfiguredandcantbedeleted.Onlyports
thatuseaspecifiedVLANastheirdefaultVLAN(PVID)willbedisplayed.
vlanlist (Optional)DisplaysinformationforaspecificVLANorrangeofVLANs.
portinfo (Optional)DisplaysVLANattributesrelatedtooneormoreports.
vlanvlanlist| (Optional)DisplaysportinformationforoneormoreVLANs.
vlanname
portportstring (Optional)Displaysportinformationforoneormoreports.
Defaults
Ifnooptionsarespecified,allinformationrelatedtostaticanddynamicVLANswillbedisplayed.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplayinformationforVLAN1.Inthiscase,VLAN1isnamed
DEFAULTVLAN.PortsallowedtotransmitframesbelongingtoVLAN1arelistedasegress
ports.PortsthatwontincludeaVLANtagintheirtransmittedframesarelistedasuntagged
ports.Therearenoforbiddenports(preventedfromtransmittedframes)onVLAN1:
B3(su)->show vlan 1
VLAN: 1 NAME: DEFAULT VLAN
VLAN Type: Default
Egress Ports
fe.1.1-10, ge.2.1-4, fe.3.1-7,
Forbidden Egress Ports
None.
Untagged Ports
fe.1.1-10, ge.2.1-4, fe.3.1-7,
Table 72providesanexplanationofthecommandoutput.
Forbidden Egress Ports prevented from transmitted frames for this VLAN.
Ports
Untagged Ports Ports configured to transmit untagged frames for this VLAN.
Purpose
TocreateanewstaticVLAN,ortoenableordisableexistingVLAN(s).
Commands
ThecommandsusedtocreateandnamestaticVLANsarelistedbelow.
set vlan
UsethiscommandtocreateanewstaticIEEE802.1QVLAN,ortoenableordisableanexisting
VLAN.
Syntax
set vlan {create | enable | disable} vlan-list
Parameters
create|enable| Creates,enablesordisablesVLAN(s).
disable
vlanlist SpecifiesoneormoreVLANIDstobecreated,enabledordisabled.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
OnceaVLANiscreated,youcanassignitanameusingthesetvlannamecommanddescribedin
setvlannameonpage 76.
EachVLANIDmustbeunique.IfaduplicateVLANIDisentered,thedeviceassumesthatthe
AdministratorintendstomodifytheexistingVLAN.
EntertheVLANIDusingauniquenumberbetween1and4093.TheVLANIDsof0and4094and
highermaynotbeusedforuserdefinedVLANs.
Examples
ThisexampleshowshowtocreateVLAN3:
B3(su)->set vlan create 3
ThisexampleshowshowtodisableVLAN3:
B3(su)->set vlan disable 3
Syntax
set vlan name vlan-list vlan-name
Parameters
vlanlist SpecifiestheVLANIDoftheVLAN(s)tobenamed.
vlanname SpecifiesthestringusedasthenameoftheVLAN(1to32characters).
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtosetthenameforVLAN7togreen:
B3(su)->set vlan name 7 green
clear vlan
UsethiscommandtoremoveastaticVLANfromthelistofVLANsrecognizedbythedevice.
Syntax
clear vlan vlan-list
Parameters
vlanlist SpecifiestheVLANIDoftheVLAN(s)toberemoved.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoremoveastaticVLAN9fromthedevicesVLANlist:
B3(su)->clear vlan 9
Syntax
clear vlan name vlan-list
Parameters
vlanlist SpecifiestheVLANIDoftheVLAN(s)forwhichthenamewillbecleared.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoclearthenameforVLAN9:
B3(su)->clear vlan name 9
Purpose
ToassigndefaultVLANIDstountaggedframesononeormoreports,toconfigureVLANingress
filteringandconstraints,andtosettheframediscardmode.
Commands
ThecommandsusedtoconfigureportVLANIDsandingressfilteringarelistedbelow.
Syntax
show port vlan [port-string]
Parameters
portstring (Optional)DisplaysPVIDinformationforspecificport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 41.
Defaults
Ifportstringisnotspecified,portVLANinformationforallportswillbedisplayed.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplayPVIDsassignedtoFastEthernetports1through6inunit2.In
thiscase,untaggedframesreceivedontheseportswillbeclassifiedtoVLAN1:
B3(su)->show port vlan fe.2.1-6
fe.2.1 is set to 1
fe.2.2 is set to 1
fe.2.3 is set to 1
fe.2.4 is set to 1
fe.2.5 is set to 1
fe.2.6 is set to 1
Syntax
set port vlan port-string pvid [modify-egress | no-modify-egress]
Parameters
portstring Specifiestheport(s)forwhichtoconfigureaVLANidentifier.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 41.
pvid SpecifiestheVLANIDoftheVLANtowhichport(s)willbeadded.
modifyegress (Optional)Addsport(s)toVLANsuntaggedegresslistandremovesthem
fromotheruntaggedegresslists.
nomodifyegress (Optional)Doesnotpromptforormakeegresslistchanges.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
ThePVIDisusedtoclassifyuntaggedframesastheyingressintoagivenport.Ifthespecified
VLANhasnotalreadybeencreated,thiscommandwillcreateit.Itwillprompttheusertoaddthe
VLANtotheportsegresslistasuntagged,andtoremovethedefaultVLANfromtheportsegress
list.
Example
ThisexampleshowshowtoaddFastEthernetport10inunit1totheportVLANlistofVLAN4
(PVID4).SinceVLAN4isanewVLAN,itiscreated.Thenportfe.1.10isaddedtoVLAN4s
untaggedegresslist.TheportmustthenbeclearedfromtheegresslistofVLAN1(thedefault
VLAN)asshown:
B3(su)->set port vlan fe.1.10 4
B3(su)->set vlan 4 create
B3(su)->set vlan egress 4 fe.1.10 untagged
B3(su)->clear vlan egress 1 fe.1.10
Syntax
clear port vlan port-string
Parameters
portstring Specifiestheport(s)toberesettothehostVLANID1.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 41.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoresetportsfe.1.3through11toaVLAN IDof1(HostVLAN):
B3(su)->clear port vlan fe.1.3-11
Syntax
show port ingress-filter [port-string]
Parameters
portstring (Optional)Specifiestheport(s)forwhichtodisplayingressfilteringstatus.
Foradetaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 41.
Defaults
Ifportstringisnotspecified,ingressfilteringstatusforallportswillbedisplayed.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplaytheportingressfilterstatusforFastEthernetports10through
15inunit1.Inthiscase,theportsaredisabledforingressfiltering:
Syntax
set port ingress-filter port-string {disable | enable}
Parameters
portstring Specifiestheport(s)onwhichtoenableofdisableingressfiltering.Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 41.
disable|enable Disablesorenablesingressfiltering.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
Wheningressfilteringisenabledonaport,theVLANIDsofincomingframesarecomparedtothe
portsegresslist.IfthereceivedVLANIDdoesnotmatchaVLANIDontheportsegresslist,then
theframeisdropped.
IngressfilteringisimplementedaccordingtotheIEEE802.1Qstandard.
Example
Thisexampleshowshowtoenableportingressfilteringonfe.1.3:
B3(su)->set port ingress-filter fe.1.3 enable
Syntax
show port discard [port-string]
Parameters
portstring (Optional)Displaystheframediscardmodeforspecificport(s).Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 41.
Defaults
If port-string is not specified, frame discard mode will be displayed for all
ports.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplaytheframediscardmodeforFastEthernetport7inunit2.In
thiscase,theporthasbeensettodiscardalltaggedframes:
B3(su)->show port discard fe.2.7
Port Discard Mode
------------ -------------
fe.2.7 tagged
Syntax
set port discard port-string {tagged | untagged | both | none}
Parameters
portstring Specifiestheport(s)forwhichtosetframediscardmode.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 41.
tagged| TaggedDiscardallincoming(received)taggedpacketsonthedefined
untagged|both| port(s).
none
UntaggedDiscardallincominguntaggedpackets.
BothAlltrafficwillbediscarded(taggedanduntagged).
NoneNopacketswillbediscarded.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
Theoptionsaretodiscardallincomingtaggedframes,allincominguntaggedframes,neither
(essentiallyallowalltraffic),orboth(essentiallydiscardingalltraffic).
Acommonpracticeistodiscardalltaggedpacketonuserports.TypicallyanAdministratordoes
notwanttheendusersdefiningwhatVLANtheyuseforcommunication.
Example
Thisexampleshowshowtodiscardalltaggedframesreceivedonportge.3.3:
B3(su)->set port discard ge.3.3 tagged
Purpose
ToassignorremoveportsontheegresslistofaparticularVLAN.Thisdetermineswhichportson
theswitchwillbeeligibletotransmitframesforaparticularVLAN.Forexample,ports1,5,7,8
couldbeallowedtotransmitframesbelongingtoVLAN20andports7,8,9,10couldbeallowedto
transmitframestaggedwithVLAN30(aportcanbelongtomultipleVLANEgresslists).Note
thatthePortEgresslistforports7and8wouldcontainbothVLAN20and30.
Theportegresstypeforallportscanbesettotagged,forbidden,oruntagged.Ingeneral,VLANs
havenoegress(exceptforVLAN1)untiltheyareconfiguredbystaticadministration,orthrough
dynamicmechanismssuchasGVRP.
SettingaporttoforbiddenpreventsitfromparticipatinginthespecifiedVLANandensuresthat
anydynamicrequests(eitherthroughGVRPordynamicegress)fortheporttojointheVLANwill
beignored.Settingaporttountaggedallowsittotransmitframeswithoutatagheader.This
settingisusuallyusedtoconfigureaportconnectedtoanenduserdevice.Framessentbetween
VLANawareswitchesaretypicallytagged.
ThedefaultVLANdefaultsitsegresstountaggedforallports.
Commands
ThecommandsusedtoconfigureVLANegressanddynamicVLANegressarelistedbelow.
Syntax
show port egress [port-string]
Parameters
portstring (Optional)DisplaysVLANmembershipforspecificport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 41.
Defaults
Ifportstringisnotspecified,VLANmembershipwillbedisplayedforallports.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowsyouhowtoshowVLANegressinformationforfe.1.1through3.Inthiscase,
allthreeportsareallowedtotransmitVLAN1framesastaggedandVLAN10framesas
untagged.BotharestaticVLANs:
B3(su)->show port egress fe.1.1-3
Port Vlan Egress Registration
Number Id Status Status
-------------------------------------------------------
fe.1.1 1 tagged static
fe.1.1 10 untagged static
fe.1.2 1 tagged static
fe.1.2 10 untagged static
fe.1.3 1 tagged static
fe.1.3 10 untagged static
Syntax
set vlan forbidden vlan-id port-string
Parameters
vlanid SpecifiestheVLANforwhichtosetforbiddenport(s).
portstring Specifiestheport(s)tosetasforbiddenforthespecifiedvlanid.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowsyouhowtosetfe.1.3toforbiddenforVLAN6:
B3(su)->set vlan forbidden 6 fe.1.3
Syntax
set vlan egress vlan-list port-string [untagged | forbidden | tagged]
Parameters
vlanlist Specifies the VLAN where a port(s) will be added to the egress list.
portstring SpecifiesoneormoreportstoaddtotheVLANegresslistofthespecified
vlanlist.Foradetaileddescriptionofpossibleportstringvalues,referto
PortStringSyntaxUsedintheCLIonpage 41.
untagged| (Optional)Addsthespecifiedportsas:
forbidden|
untaggedCausestheport(s)totransmitframeswithoutanIEEE
tagged
802.1Qheadertag.
forbiddenInstructsthedevicetoignoredynamicrequests(either
throughGVRPordynamicegress)fromtheport(s)tojointheVLAN
anddisallowsegressonthatport.
taggedCausestheport(s)totransmit802.1Qtaggedframes.
Defaults
Ifuntagged,forbiddenortaggedisnotspecified,theportwillbeaddedtotheVLANegresslist
astagged.
Mode
Switchcommand,readwrite.
Examples
Thisexampleshowshowtoaddfe.1.5through10totheegresslistofVLAN7.Thismeansthat
theseportswilltransmitVLAN7framesastagged:
B3(su)->set vlan egress 7 fe.1.5-10
ThisexampleshowshowtoforbidFastEthernetports13through15inunit1fromjoiningVLAN
7anddisallowegressonthoseports:
B3(su)->set vlan egress 7 fe.1.13-15 forbidden
ThisexampleshowshowtoallowFastEthernetport2inunit1totransmitVLAN7framesas
untagged:
B3(su)->set vlan egress 7 fe.1.2 untagged
Syntax
clear vlan egress vlan-list port-string [forbidden]
Parameters
vlanlist SpecifiesthenumberoftheVLANfromwhichaport(s)willberemoved
fromtheegresslist.
portstring SpecifiesoneormoreportstoberemovedfromtheVLANegresslistofthe
specifiedvlanlist.Foradetaileddescriptionofpossibleportstringvalues,
refertoPortStringSyntaxUsedintheCLIonpage 41.
forbidden (Optional)Clearstheforbiddensettingfromthespecifiedport(s)andresets
theport(s)asabletoegressframesifsoconfiguredbyeitherstaticor
dynamicmeans.
Defaults
Ifforbiddenisnotspecified,taggedanduntaggedsettingswillbecleared.
Mode
Switchcommand,readwrite.
Examples
Thisexampleshowshowtoremovefe.3.14fromtheegresslistofVLAN 9:
B3(su)->clear vlan egress 9 fe.3.14
ThisexampleshowshowtoremoveallFastEthernetportsinunit2fromtheegresslistofVLAN
4:
B3(su)->clear vlan egress 4 fe.2.*
Syntax
show vlan dynamicegress [vlan-list]
Parameters
vlanlist (Optional)DisplaysdynamicegressstatusforspecificVLAN(s).
Defaults
Ifvlanlistisnotspecified,thedynamicegressstatusforallVLANswillbedisplayed.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtodisplaythedynamicegressstatusforVLANs5055:
B3(rw)->show vlan dynamicegress 50-55
VLAN 50 is disabled
VLAN 51 is disabled
VLAN 52 is disabled
VLAN 53 is enabled
VLAN 54 is enabled
VLAN 55 is enabled
Syntax
set vlan dynamicegress vlan-list {enable | disable}
Parameters
vlanlist SpecifytheVLANsbyIDtoenableordisabledynamicegress.
enable|disable Enablesordisablesdynamicegress.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
IfdynamicegressisenabledforaparticularVLAN,whenaportreceivesaframetaggedwiththat
VLANsID,theswitchwilladdthereceivingporttothatVLANsegresslist.Dynamicegressis
disabledontheSecureStackB3bydefault.
Forexample,assumeyouhave20AppleTalkusersonyournetworkwhoaremobileusers(thatis,
usedifferentportseveryday),butyouwanttokeeptheAppleTalktrafficisolatedinitsown
VLAN.YoucancreateanAppleTalkVLANwithaVLANIDof55withaclassificationrulethatall
AppleTalktrafficgetstaggedwithVLANID55.Then,youenabledynamicegressforVLAN55.
Now,whenanAppleTalkuserplugsintoportge.3.5andsendsanAppleTalkpacket,theswitch
willtagthepackettoVLAN55andalsoaddportge.3.5toVLAN55segresslist,whichallowsthe
AppleTalkusertoreceiveAppleTalktraffic.
Example
ThisexampleshowshowtoenabledynamicegressonVLAN55:
B3(rw)->set vlan dynamicegress 55 enable
Purpose
ToconfigureahostVLANthatonlyselectdevicesareallowedtoaccess.Thissecuresthehostport
formanagementonlytasks.
Note: The host port is the management entity of the device. Refer to Creating a Secure
Management VLAN on page 7-1 for more information.
Commands
ThecommandsneededtoconfigurehostVLANsarelistedbelow.
Syntax
show host vlan
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplaythehostVLAN:
B3(su)->show host vlan
Host vlan is 7.
Syntax
set host vlan vlan-id
Parameters
vlanid SpecifiesthenumberoftheVLANtosetasthehostVLAN.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
ThehostVLANshouldbeasecureVLANwhereonlydesignatedusersareallowedaccess.For
example,ahostVLANcouldbespecificallycreatedfordevicemanagement.Thiswouldallowa
managementstationconnectedtothemanagementVLANtomanageallportsonthedeviceand
makemanagementsecurebypreventingmanagementviaportsassignedtootherVLANs.
Note: Before you can designate a VLAN as the host VLAN, you must create a VLAN using the set
of commands described in Creating and Naming Static VLANs on page 7-5.
Example
ThisexampleshowshowtosetVLAN7asthehostVLAN:
B3(su)->set host vlan 7
Syntax
clear host vlan
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtosetthehostVLANtothedefaultsetting:
B3(su)->clear host vlan
Overview
ThepurposeofGVRPistodynamicallycreateVLANsacrossaswitchednetwork.WhenaVLAN
isdeclared,theinformationistransmittedoutGVRPconfiguredportsonthedeviceinaGARP
formattedframeusingtheGVRPmulticastMACaddress.Aswitchthatreceivesthisframe,
examinestheframe,andextractstheVLANIDs.GVRPthencreatestheVLANsandaddsthe
receivingporttoitstaggedmemberlistfortheextractedVLANID(s).Theinformationisthen
transmittedouttheotherGVRPconfiguredportsofthedevice.Figure 71showsanexampleof
howVLANbluefromendstationAwouldbepropagatedacrossaswitchnetwork.
How It Works
InFigure 71onpage 724,Switch4,port1isregisteredasbeingamemberofVLANBlueand
thendeclaresthisfactoutallitsports(2and3)toSwitch1andSwitch 2.Thesetwodevices
registerthisintheportegresslistsoftheports(Switch1,port1andSwitch2,port1)thatreceived
theframeswiththeinformation.Switch2,whichisconnectedtoSwitch3andSwitch5declares
thesameinformationtothosetwodevicesandtheportegresslistofeachportisupdatedwiththe
newinformation,accordingly.
ConfiguringaVLANonan802.1QswitchcreatesastaticVLANentry.Theentrywillalways
remainregisteredandwillnottimeout.However,dynamicentrieswilltimeoutandtheir
registrationswillberemovedfromthememberlistiftheendstationAisremoved.Thisensures
that,ifswitchesaredisconnectedorifendstationsareremoved,theregisteredinformation
remainsaccurate.
TheendresultisthattheportegresslistofaportisupdatedwithinformationaboutVLANsthat
resideonthatport,eveniftheactualstationontheVLANisseveralhopsaway.
Switch 2 Switch 3
1 R 2D 3 D 1 R
Switch 1
1 R
2 D 3 D Switch 4 1 R Switch 5
End
Station A 1 R
Purpose
TodynamicallycreateVLANsacrossaswitchednetwork.TheGVRPcommandsetisusedto
displayGVRPconfigurationinformation,thecurrentglobalGVRPstatesetting,individualport
settings(enableordisable)andtimersettings.Bydefault,GVRPisenabledgloballyonthedevice,
butdisabledonallports.
Commands
ThecommandsusedtoconfigureGVRParelistedbelow.
show gvrp
UsethiscommandtodisplayGVRPconfigurationinformation.
Syntax
show gvrp [port-string]
Parameters
portstring (Optional)DisplaysGVRPconfigurationinformationforspecificport(s).For
adetaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 41.
Defaults
Ifportstringisnotspecified,GVRPconfigurationinformationwillbedisplayedforallportsand
thedevice.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplayGVRPstatusforthedeviceandforfw.2.1:
B3(su)->show gvrp fe.2.1
Global GVRP status is enabled.
Syntax
show garp timer [port-string]
Parameters
portstring (Optional)DisplaysGARPtimerinformationforspecificport(s).Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 41.
Defaults
Ifportstringisnotspecified,GARPtimerinformationwillbedisplayedforallports.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplayGARPtimerinformationonFastEthernetports1through10
inunit1:
Note: For a functional description of the terms join, leave, and leaveall timers, refer to the
standard IEEE 802.1Q documentation, which is not supplied with this device.
Table 73providesanexplanationofthecommandoutput.Fordetailsonusingthesetgvrp
commandtoenableordisableGVRP,refertosetgvrponpage 727.Fordetailsonusingtheset
garptimercommandtochangedefaulttimervalues,refertosetgarptimeronpage 728.
Port Number Port designation. For a detailed description of possible port-string values, refer to
Port String Syntax Used in the CLI on page 4-1.
set gvrp
UsethiscommandtoenableordisableGVRPgloballyonthedeviceorononeormoreports.
Syntax
set gvrp {enable | disable} [port-string]
Parameters
disable| DisablesorenablesGVRPonthedevice.
enable
portstring (Optional)DisablesorenablesGVRPonspecificport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsedin
theCLIonpage 41.
Defaults
Ifportstringisnotspecified,GVRPwillbedisabledorenabledforallports.
Mode
Switchcommand,readwrite.
Examples
ThisexampleshowshowtoenableGVRPgloballyonthedevice:
B3(su)->set gvrp enable
ThisexampleshowshowtodisableGVRPgloballyonthedevice:
B3(su)->set gvrp disable
ThisexampleshowshowtoenableGVRPonfe.1.3:
B3(su)->set gvrp enable fe.1.3
clear gvrp
UsethiscommandtoclearGVRPstatusorononeormoreports.
Syntax
clear gvrp [port-string]
Parameters
portstring (Optional)ClearsGVRPstatusonspecificport(s).Foradetaileddescriptionof
possibleportstringvalues,refertoPortStringSyntaxUsedintheCLIon
page 41.
Defaults
Ifportstringisnotspecified,GVRPstatuswillbeclearedforallports.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoclearGVRPstatusgloballyonthedevice:
B3(su)->clear gvrp
Syntax
set garp timer {[join timer-value] [leave timer-value] [leaveall timer-value]}
port-string
Parameters
jointimervalue SetstheGARPjointimerincentiseconds(Referto802.1Qstandard.)
leavetimervalue SetstheGARPleavetimerincentiseconds(Referto802.1Qstandard.)
leavealltimer SetstheGARPleavealltimerincentiseconds(Referto802.1Qstandard.)
value
portstring Specifiestheport(s)onwhichtoconfigureGARPtimersettings.Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 41.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
Thesettingofthesetimersiscriticalandshouldonlybechangedbypersonnelfamiliarwiththe
802.1Qstandardsdocumentation,whichisnotsuppliedwiththisdevice.
Examples
ThisexampleshowshowtosettheGARPjointimervalueto100centisecondsforallports:
B3(su)->set garp timer join 100 *.*.*
Thisexampleshowshowtosettheleavetimervalueto300centisecondsforallports:
B3(su)->set garp timer leave 300 *.*.*
Thisexampleshowshowtosettheleavealltimervalueto20000centisecondsforallports:
B3(su)->set garp timer leaveall 20000 *.*.*
ThischapterdescribestheDifferentiatedServices(Diffserv)setofcommandsandhowtouse
them.
Note: Diffserv will not be available if a Policy License is activated on the SecureStack B3. When a
Policy License is activated, it enables Policy that takes the place of Diffserv. Refer to Activating
Licensed Features on page 3-29 for more information on Licensing.
SecureStackB3devicessupportDiffservpolicybasedprovisioningofnetworkresourcesby
allowingITadministratorsto:
Create,changeorremoveDiffservpoliciesbasedonbusinessspecificuseofnetworkservices.
Prioritizeandpolicetrafficaccordingtoassignedpoliciesandconditions.
AssignorunassignportstoDiffservpoliciessothatonlyportsactivatedforapolicywillbe
allowedtotransmitframesaccordingly.
Purpose
TogloballyenableordisableDiffservonthedevice.
Command
ThecommandusedtogloballyenableordisableDiffservonthedeviceislistedbelowand
describedintheassociatedsectionasshown.
Syntax
set diffserv adminmode {enable | disable}
Parameters
enable|disable EnablesordisablesDiffserv.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoenableDiffserv:
B3(rw)->set diffserv adminmode enable
Purpose
Toreview,create,andconfigureDiffservclassesandmatchingconditions.
Commands
Thecommandsusedtoreview,create,andconfigureDiffservclassesandmatchingconditionsare
listedbelowanddescribedintheassociatedsectionasshown.
Syntax
show diffserv info
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplaygeneralDiffservstatusinformation:
B3(rw)->show diffserv info
Syntax
show diffserv class {summary | detailed classname}
Parameters
summary DisplaysasummaryofDiffservclassinformation.
detailedclassname DisplaysdetailedDiffservinformationforaspecificclass.
Defaults
None.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplayasummaryofDiffservclassinformation.Inthiscase,there
aretwoclassesconfigured,namedguestandadmin:
B3(rw)->show diffserv class summary
Syntax
set diffserv class create {all classname}
Parameters
all Specifiesthatallmatchconditionsmustbemetbeforetheassociatedpolicy
isexecuted.
classname SpecifiesaclassnameforthisnewDiffservclass.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtocreateaDiffservclasscalledadmin:
B3(rw)->set diffserv class create all admin
Syntax
set diffserv class delete classname
Parameters
classname Specifiestheclassnametobedeleted.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
Youcannotusethiscommandtodeleteaclassthathasbeenassignedtoapolicy.Beforedeletinga
classwithanassignedpolicyandserviceport(s),youmustfirst:
Removetheserviceport(s)assignedtothepolicyusingthesetdiffservserviceremove
command(page 819),then
Removethespecifiedclassusingthesetdiffservpolicyclassremovecommand(page 812).
Example
ThisexampleshowshowtodeletetheDiffservadminclass:
B3(rw)->set diffserv class delete admin
Parameters
everyclassname Matchesallpacketstoaspecificclass.
dstmac|scrmacclassname MatchestoaspecificclassbasedondestinationorsourceMAC
macaddrmacmask address.
dstip|srcipclassname MatchestoaspecificclassbasedondestinationorsourceIP
ipaddripmask address.
dstl4port|srcl4port Matchestoaspecificclassbasedondestinationorsourcelayer4
keywordclassname portnumberorkeyword.Validkeywordvaluesare:
keyword|number
domain
classnameportnumber
echo
ftp
ftpdata
http
smtp
snmp
telnet
tftp
www
Validportnumbervaluesare065535.
ipdscpclassnamedscpval MatchestoaspecificclassbasedonthevalueoftheIPDiffserv
CodePoint.Validnumericorkeywordvaluescanbeenteredas
listedinTable 81below.
ipprecedenceclassname MatchestoaspecificclassbasedonthevalueoftheIPprecedence
precedencenumber field.Validprecedencenumbervaluesare:07.
iptosclassnametosbits MatchestoaspecificclassbasedonthevalueoftheIPtypeof
tosmask service(TOS)field.Validtosbitsvaluesare0255.Validtosmask
valuesare18
protocolkeyword MatchestoaspecificclassbasedonnumberorkeywordintheIP
classnameprotocolname| protocolfield.Validprotocolnamekeywordare:
numberclassnameprotocol
icmp
number
igmp
ip
tcp
udp
Validprotocolnumbervaluesare0255.
refclassadd|remove Addsorremovesasetofalreadydefinedmatchconditionstoa
classnamerefclassname specificclass.
vlanclassnamevlanid MatchestoaspecificclassbasedonVLANID.Validvaluesare1
4094.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
Anypolicythatisappliedmustbecomposedofrulesthatcomefromonlyoneofthefollowing
fourgroups.
Layer3:
DestinationIPaddress(dstip)
DestinationLayer4port(dstl4port)
IPDiffservCodePoint(ipdscp)
IPprecedencefield(ipprecedence)
IPtypeofservice(TOS)field(iptos)
IPprotocolfield(protocol)
SourceIPaddress(srcip)
SourceLayer4port(srcl4port)
Layer2:
DestinationMACaddress(dstmac)
SourceMACaddress(scrmac)
VLANID(vlan)
Layer2Layer3source:
SourceMACaddress(scrmac)
SourceIPaddress(srcip)
VLANID(vlan)
Layer2Layer3destination:
DestinationMACaddress(dstmac)
DestinationIPaddress(dstip)
VLANID(vlan)
Note: The match type every will work with any group.
Youcannotcreateandaddaclasstoapolicybeforeaddinganyrules(matchconditions)tothe
class.Onceaclassisaddedtoapolicy,youcannotaddanymorerules(matchconditions)tothe
class.Youcannotcreateoutboundpolicies.
Youcanonlyaddrulesthatfitintothesamecategory(showninthegroupingsabove)toaclass.
Forexample,ifyoucreateaclassandaddthematchconditionsdstipanddstl4port,youwillonly
beabletoaddotherrulesfromtheL3group.
Classmatchesoflayer4destinationorsourcemustbesequencedbeforethecorresponding
protocolmatch,asillustratedinthethirdexamplebelow.
Youcanonlyaddclassesofthesamecategorytoapolicy.
Examples
ThisexampleshowshowtomatchtheadminclasstosourceIPaddress130.10.0.32andonly
thatIPaddresstype:
B3(rw)->set diffserv class match srcip admin 130.10.0.32 255.255.255.255
ThisexampleshowshowtomatchtheadminclasstoVLAN10:
B3(rw)->set diffserv class match vlan admin 10
ThisexampleshowshowtomatchthehttpclasstoTCPpacketswithadestinationportof80
(HTTP).Thelayer4portmatchmustprecedetheprotocoltype.
B3(rw)->set diffserv class match dstl4port keyword http http
B3(rw)->set diffserv class match protocol keyword http tcp
Syntax
set diffserv class rename classname newclassname
Parameters
classname SpecifiestheclassnamepreviouslysetforthisnewDiffservclass.
newclassname Specifiesanewclassname.
Defaults
None.
Mode
Switchcommand,ReadWrite.
Example
ThisexampleshowshowtorenametheDiffservadminclasstosystem:
B3(rw)->set diffserv class rename admin system
Purpose
Toreview,create,andconfigureDiffservpoliciesandassignclasses.
Commands
Thecommandsusedtoreview,create,andconfigureDiffservpoliciesandassignclassesarelisted
belowanddescribedintheassociatedsectionasshown.
Syntax
show diffserv policy {summary | detailed policyname}
Parameters
summary DisplaysDiffservpolicysummaryinformation.
detailed DisplaysdetailedDiffservinformationforaspecificpolicy.
policyname
Defaults
None.
Mode
Switchcommand.ReadOnly.
Example
ThisexampleshowshowtodisplayasummaryofDiffservpolicyinformation.Inthiscase,there
isonepolicynamedadmin,towhichmembersoftheadminclasshavebeenassigned.This
policyisappliedtoincomingtrafficonitsassignedserviceports:
B3(rw)->show diffserv policy summary
Syntax
set diffserv policy create policyname {in}
Parameters
policyname Specifiesapolicyname.
in Appliesthispolicytoincomingpackets.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtocreateaDiffservpolicycalledadminandapplyittoincoming
packets:
B3(rw)->set diffserv policy create admin in
Syntax
set diffserv policy delete policyname
Parameters
policyname Specifiesapolicynametobedeleted.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
Inordertodeleteapolicyyoumustfirstremovetheserviceport(s)assignedtothepolicyusing
thesetdiffservserviceremovecommandasdescribedinsetdiffservserviceonpage819.
Example
ThisexampleshowshowtodeletetheDiffservadminpolicy:
B3(rw)->set diffserv policy delete admin
Syntax
set diffserv policy class {add | remove} policyname classname
Parameters
add|remove Addsorremovesthespecifiedclass.
policyname Specifiesthepolicynametobeassociatedwiththeclass.
classname Specifiesaclassnametoaddorremove.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
Classmustbeaddedtoapolicyusingthiscommandbeforepolicyparameters,suchas
bandwidth,marking,andpolicing,canbeconfigured.
Example
Thisexampleshowshowtoaddthesystemclasstotheadminpolicy:
B3(rw)->set diffserv policy class add admin system
Syntax
set diffserv policy mark {ipdscp | ipprecedence policyname classname value}
Parameters
ipdscp| SpecifiesthatpacketswillbemarkedwitheitheranIPDSCPorprecedence
ipprecedence value.
policyname Specifiesthepolicynamebeingconfigured.
classname SpecifiesaDiffservclasstoassociatetothispolicy.
value SpecifiesanIPDSCPorprecedencevalue.ValidnumericorkeywordDCSP
valuescanbeenteredaslistedinSection 81.Validprecedencevaluesare:
07.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtomarkpacketsmatchingtheadminpolicyinthesystemclassfor
DSCPexpeditedforwardingprecedence:
B3(rw)->set diffserv policy mark ipdscp admin system ef
Syntax
set diffserv policy police style simple policyname classname bandwidth burstsize
Parameters
policyname Specifiesthepolicynamebeingconfigured.
classname SpecifiesaDiffservclasstoassociatetothispolicy.
bandwidth Specifiesabandwidthvalue.Validvaluesare14294967295.
burstsize Specifiesaburstsizevalue.Validvaluesare1128.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoconfigureabandwidthbasedpolicingstylefortheadminDiffserv
policy:
B3(rw)->set diffserv policy police style simple admin system 1000 128
Syntax
set diffserv policy police action conform {drop | send policyname classname} |
{markdscp | markprec policyname classname value}
Parameters
drop|send Specifieswhetherthepolicingactionforpacketsconformingtothe
classificationparameterswillbetodroporsendpackets.
policyname Specifiesthepolicynamebeingconfigured.
classname SpecifiesaDiffservclasstoassociatetothispolicingaction.
markdscp|markprec SpecifiesapolicingactionbasedonIPDHCPorprecedence.
value SpecifiesanIPDHCPorprecedencevaluesetwiththesetdiffserv
policymarkcommand(page813).
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtosetthepolicingactiontosendforpacketsconformingtoDiffserv
policyadmin,classsystem.
B3(rw)->set diffserv policy police action conform send admin system
Syntax
set diffserv policy police action nonconform {drop | send policyname classname} |
{markdscp | markprec policyname classname value}
Parameters
drop|send Specifieswhetherthepolicingactionforpacketsnotconformingtothe
classificationparameterswillbetodroporsendpackets.
policyname Specifiesthepolicynamebeingconfigured.
classname SpecifiesaDiffservclasstoassociatetothispolicingaction.
markdscp|markprec SpecifiesapolicingactionbasedonIPDHCPorprecedence.
value SpecifiesanIPDHCPorprecedencevaluesetwiththesetdiffserv
policymarkcommand(page813).
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtosetthepolicyingactiontodropforpacketsnotconformingtothe
Diffservpolicyadmin,classsystem.
B3(rw)->set diffserv policy police action nonconform drop admin system
Syntax
set diffserv policy rename policyname newpolicyname
Parameters
policyname SpecifiesthepolicynamepreviouslysetforthisnewDiffservclass.
newpolicyname Specifiesanewpolicyname.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtorenametheadminDiffservpolicytosystem:
B3(rw)->set diffserv policy rename admin system
Purpose
ToreviewandassignDiffservpoliciesandtheirassociatedclassestoserviceports.
Commands
ThecommandsusedtoreviewandassignDiffservpoliciestoserviceportsarelistedbelowand
describedintheassociatedsectionasshown.
Syntax
show diffserv service info {summary | detailed port-string} {in}
Parameters
summary DisplaysDiffservserviceportsummaryinformation.
detailedportstring Displaysdetailedinformationforaspecificport(s).
in Displaysinformationaboutincomingtraffic.
Defaults
None.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplayasummaryofincomingDiffservserviceporttraffic:
B3(rw)->show diffserv service info summary in
Syntax
show diffserv service stats {summary | detailed port-string} {in}
Parameters
summary DisplaysDiffservasummaryofservicestatistics.
detailedportstring Displaysdetailedstatisticsforaspecificport.
in Displaysinformationaboutincomingtraffic.
Defaults
None.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplayadetailedincomingtrafficstatisticsaboutserviceportge.1.1:
B3(rw)->show diffserv service stats detailed ge.1.1 in
Interface...................................... ge.1.1
Direction...................................... In
Operational Status............................. Up
Policy Name.................................... admin
Syntax
set diffserv service {add | remove} {in} port-string policyname
Parameters
add|remove Addsorremovesthespecifiedpolicy.
in Addsorremovesthespecifiedpolicytoincomingtraffic.
portstring Specifiestheport(s)towhichthispolicyconfigurationwillbeapplied.
policyname Specifiesthepolicynametobeaddedtoorremovedfromporttraffic.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoapplytheDiffservpolicynamedadmintoincomingtrafficonports
ge1.110:
B3(rw)->set diffserv service add in ge.1.5 admin
ThischapterdescribesthePolicyClassificationsetofcommandsandhowtousethem.
Note: A license is required to enable Policy on the SecureStack B2 and B3. Refer to Activating
Licensed Features on page 3-29 for more information.
Note: It is recommended that you use Enterasys Networks NetSight Policy Manager as an
alternative to CLI for configuring policy classification on the SecureStack B3 devices.
Purpose
Toreview,create,changeandremoveuserprofilesthatrelatetobusinessdrivenpoliciesfor
managingnetworkresources.
Commands
Thecommandsusedtoreviewandconfigurepolicyprofilesarelistedbelow.
Syntax
show policy profile {all | profile-index [consecutive-pids] [-verbose]}
Parameters
all|profileindex Displayspolicyinformationforallprofileindexesoraspecificprofileindex.
consecutivepids (Optional)Displaysinformationforspecifiedconsecutiveprofileindexes.
verbose (Optional)Displaysdetailedinformation.
Defaults
Ifoptionalparametersarenotspecified,summaryinformationwillbedisplayedforthespecified
indexorallindices.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplaypolicyinformationforprofile11:
B3(su)->show policy profile 11
Profile Index : 11
Profile Name : MacAuth1
Row Status : active
Port VID Status : Enable
Port VID Override : 11
CoS : 0
CoS Status : Disable
Egress Vlans : none
Forbidden Vlans : none
Table 91providesanexplanationofthecommandoutput.
t
Row Status Whether or not the policy profile is enabled (active) or disabled.
Port VID Status Whether or not PVID override is enabled or disabled for this profile. If all
classification rules associated with this profile are missed, then this parameter, if
specified, determines default behavior.
Port VID Override The PVID assigned to packets, if PVID override is enabled.
CoS Status Whether or not Class of Service override is enabled or disabled for this profile. If all
classification rules associated with this profile are missed, then this parameter, if
specified, determines default behavior.
Egress VLANs VLAN(s) that ports to which the policy profile is assigned can use for tagged egress.
Forbidden VLANs VLAN(s) forbidden to ports to which the policy profile is assigned.
Untagged VLANs VLAN(s) that ports to which the policy profile is assigned can use for untagged
egress.
Replace TCI Status Whether or not the TCI overwrite function is enabled or disabled for this profile.
Admin Profile Usage Ports administratively assigned to use this policy profile.
Oper Profile Usage Ports currently assigned to use this policy profile.
Syntax
set policy profile profile-index [name name] [pvid-status {enable | disable}]
[pvid pvid] [cos-status {enable | disable}] [cos cos] [egress-vlans egress-vlans]
[forbidden-vlans forbidden-vlans] [untagged-vlans untagged-vlans] [append]
[clear] [tci-overwrite {enable | disable}] [precedence precedence-list]
Parameters
profileindex Specifiesanindexnumberforthepolicyprofile.Validvaluesare1255.
namename (Optional)Specifiesanameforthepolicyprofile.Thisisastringfrom1to
64characters.
pvidstatus (Optional)EnablesordisablesPVIDoverrideforthisprofile.Ifall
enable|disable classificationrulesassociatedwiththisprofilearemissed,thenthis
parameter,ifspecified,determinesdefaultbehavior.
pvidpvid (Optional)SpecifiesthePVIDtopackets,ifPVIDoverrideisenabledand
invokedasdefaultbehavior.
cosstatusenable (Optional)EnablesordisablesClassofServiceoverrideforthisprofile.Ifall
|disable classificationrulesassociatedwiththisprofilearemissed,thenthis
parameter,ifspecified,determinesdefaultbehavior.
coscos (Optional)SpecifiesaCoSvaluetoassigntopackets,ifCoSoverrideis
enabledandinvokedasdefaultbehavior.Validvaluesare0to7.
egressvlans (Optional)Specifiesthattheporttowhichthispolicyprofileisapplied
egressvlans shouldbeaddedtotheegresslistoftheVLANsdefinedbyegressvlans.
Packetswillbeformattedastagged.
forbiddenvlans (Optional)Specifiesthattheporttowhichthispolicyprofileisapplied
forbiddenvlans shouldbeaddedasforbiddentotheegresslistoftheVLANsdefinedby
forbiddenvlans.Packetsfromthisportwillnotbeallowedtoparticipatein
thelistedVLANs.
untaggedvlans (Optional)Specifiesthattheporttowhichthispolicyprofileisapplied
untaggedvlans shouldbeaddedtotheegresslistoftheVLANsdefinedbyuntaggedvlans.
Packetswillbeformattedasuntagged.
append (Optional)Appendsthispolicyprofilesettingtosettingspreviously
specifiedforthispolicyprofilebytheegressvlans,forbiddenvlans,or
untaggedvlansparameters.
Ifappendisnotused,previousVLANsettingsarereplaced.
clear (Optional)Appendsthispolicyprofilesettingfromsettingspreviously
specifiedforthispolicyprofilebytheegressvlans,forbiddenvlans,or
untaggedvlansparameters.
tcioverwrite (Optional)EnablesordisablesTCI(tagcontrolinformation)overwritefor
enable|disable thisprofile.Whenenabled,rulesconfiguredforthisprofileareallowedto
overwriteuserpriorityandotherclassificationinformationintheVLAN
tagsTCIfield.
precedence (Optional)Assignsaruleprecedencetothisprofile.Lowervalueswillbe
precedencelist givenhigherprecedence.
Defaults
Ifoptionalparametersarenotspecified,nonewillbeapplied.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtocreateapolicyprofile1namednetadminwithPVIDoverride
enabledforPVID10,andClassofServiceoverrideenabledforCoS5.ThisprofilecanuseVLAN
10foruntaggedegress:
B3(su)->set policy profile 1 name netadmin pvid-status enable pvid 10 cos-status
enable cos 5 untagged-vlans 10
Syntax
clear policy profile profile-index
Parameters
profileindex Specifiestheindexnumberoftheprofileentrytobedeleted.Validvalues
are1to255.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtodeletepolicyprofile8:
B3(su)->clear policy profile 8
Purpose
Toreview,create,assign,andunassignclassificationrulestopolicyprofiles.Thismapsuser
profilestoprotocolbasedframefilteringpolicies.
Commands
Thecommandsusedtoreview,assignandunassignclassificationrulestouserprofilesandports
arelistedbelow.
Syntax
show policy rule [all | admin-profile | profile-index] [ ipproto | ipdestsocket |
ipsourcesocket | iptos | port | tcpdestport | tcpsourceport | udpdestport |
udpsourceport] [data] [mask mask] [port-string port-string] [rule-status {active
| not-in-service | not-ready}] [storage-type {non-volatile | volatile}] [vlan
vlan] | [drop | forward] [dynamic-pid dynamic-pid] [cos cos] [admin-pid admin-pid]
[-verbose] [usage-list] [display-if-used]
Parameters
all|admin Displayspolicyclassificationrulesforallprofiles,profileID0(admin
profile|profile profile),orforaspecificprofileindexnumber.Validvaluesare11023.
index
ipproto DisplaysIPprotocolfieldinIPpacketrules.
ipdestsocket DisplaysIPdestinationaddressrules.
ipsourcesocket DisplaysIPsourceaddressrules.
iptos DisplaysTypeofServicerules.
port Displaysportrelatedrules.
tcpdestport DisplaysTCPdestinationportrules.
tcpsourceport DisplaysTCPsourceportrules.
udpdestport DisplaysUDPdestinationportrules.
udpsourceport DisplaysUDPsourceportrules.
data Displaysrulesforapredefinedclassifier.Thisvalueisdependentonthe
classificationtypeentered.RefertoTable 93forvalidvaluesforeach
classificationtype.
maskmask (Optional)Displaysrulesforaspecificdatamask.RefertoTable 93for
validvaluesforeachclassificationtypeanddatavalue.
portstringport (Optional)Displaysrulesrelatedtoaspecificingressport.
string
rulestatusactive (Optional)Displaysrulesrelatedtoaspecificrulesstatus.
|notinservice|
notready
storagetypenon (Optional)Displaysrulesconfiguredforeithernonvolatileorvolatile
volatile|volatile storage.
vlanvlan (Optional)DisplaysrulesforaspecificVLANID.
drop|forward Displaysrulesbasedonwhethermatchingpacketswillbedroppedor
forwarded.
dynamicpid DisplaysrulesassociatedwithaspecificdynamicpolicyID.
dynamicpid
coscos (Optional)DisplaysrulesforaClassofServicevalue.
adminpid DisplaysrulesassociatedwithaspecificadministrativepolicyID[1..1023].
adminpid
verbose (Optional)Displaysdetailedinformation.
usagelist (Optional)Ifselected,eachrulesusagelistshallbecheckedandshall
displayonlythoseportswhichhaveappliedthisrule.
displayifused (Optional)Displaysrule(s)onlyiftheyareappliedtoatleastoneport.
Defaults
Ifverboseisnotspecified,summaryinformationwillbedisplayed.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplaypolicyclassificationinformationforadministrativerule1
B3(su)->show policy rule admin-pid 1
|Admin|Rule Type |Rule Data |Mk|PortStr |RS|ST|dPID|aPID|U|
|admin|Port |ge.1.1 |16|ge.1.1 | A|NV| | 1|?|
|admin|Port |ge.1.2 |16|ge.1.2 | A|NV| | 1|?|
|admin|Port |ge.1.3 |16|ge.1.3 | A|NV| | 1|?|
|admin|Port |ge.1.4 |16|ge.1.4 | A|NV| | 1|?|
|admin|Port |ge.1.5 |16|ge.1.5 | A|NV| | 1|?|
|admin|Port |ge.1.6 |16|ge.1.6 | A|NV| | 1|?|
|admin|Port |ge.1.7 |16|ge.1.7 | A|NV| | 1|?|
|admin|Port |ge.1.8 |16|ge.1.8 | A|NV| | 1|?|
|admin|Port |ge.1.9 |16|ge.1.9 | A|NV| | 1|?|
|admin|Port |ge.1.10 |16|ge.1.10 | A|NV| | 1|?|
|admin|Port |ge.1.11 |16|ge.1.11 | A|NV| | 1|?|
|admin|Port |ge.1.12 |16|ge.1.12 | A|NV| | 1|?|
Table 92providesanexplanationofthecommandoutput.
PID Profile index number. Assigned to this classification rule with the set policy profile
command (set policy profile on page 9-4).
Rule Type Type of classification rule. Refer to Table 9-3 for valid types.
Rule Data Rule data value. Refer to Table 9-3 for valid values for each classification type.
Mk Rule data mask. Refer to Table 9-3 for valid values for each classification data value.
RS Whether or not the status of this rule is active (A), not in service or not ready.
ST Whether or not this rules storage type is non-volatile (NV) or volatile (V).
VLAN VLAN ID to which this rule applies and whether or not matching packets will be
dropped or forwarded.
Syntax
show policy capability
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Usage
Usethiscommandtodisplaydetailedpolicyclassificationcapabilitiessupportedbyyour
SecureStackB3device.Theoutputofthiscommandshowsatablelistingclassifiabletraffic
attributesandthetypeofactions,byruletype,thatcanbeexecutedrelativetoeachattribute.
Abovethetableisalistofalltheactionspossibleonthisdevice.
Theleftmostcolumnofthetablelistsallpossibleclassifiabletrafficattributes.Thenexttwo
columnsfromtheleftindicatehowpolicyprofilesmaybeassigned,eitheradministrativelyor
dynamically.Thenextfourcolumnsfromtheleftindicatetheactionsthatmaybeperformed.The
lastthreecolumnsindicateauditingoptions.
Anxinanactioncolumnforatrafficattributerowindicatesthatyoursystemhasthecapabilityto
performthatactionfortrafficclassifiedbythatattribute.
Example
Thisexampleshowshowtodisplaythedevicespolicyclassificationcapabilities.Refertoset
policyruleonpage 911foradescriptionoftheparametersdisplayed:
B3(su)->show policy capability
Syntax
Thiscommandhastwoformsofsyntaxonetocreateanadminrule(forpolicyID0),andthe
othertocreateaclassificationruleandattachittoapolicyprofile.
set policy rule admin-profile {vlantag data [mask mask] admin-pid profile-index}
[port-string port-string]
Parameters
Thefollowingparametersapplytocreatinganadminrule.
adminprofile SpecifiesthatthisisanadminruleforpolicyID0.
vlantagdata ClassifiesbasedonVLANtagspecifiedbydata.Valueofdatacanrange
from1to4094or0xFFF.
maskmask (Optional)Specifiesthenumberofsignificantbitstomatch,dependent
onthedatavalueentered.Valueofmaskcanrangefrom1to12.
RefertoTable 93forvalidvaluesforeachclassificationtypeanddata
value.
adminpid Associatesthisadminrulewithapolicyprofile,identifiedbyitsindex
profileindex number.Policyprofilesareconfiguredwiththesetpolicyprofile
commandasdescribedinsetpolicyprofileonpage 94.
Validprofileindexvaluesare1255.
portstringportstring (Optional)Assignsthisruletothespecifiedpolicyprofileonspecific
ingressport(s).Rulewouldnotbeuseduntilpolicyisassignedtothe
specifiedport(s)usingthesetpolicyportcommandasdescribedinset
policyportonpage 915.
Thefollowingparametersapplytocreatingaclassificationrule.
profileindex Specifiesapolicyprofilenumbertowhichthisrulewillbeassigned.
Policyprofilesareconfiguredwiththesetpolicyprofilecommandas
describedinsetpolicyprofileonpage 94.Validprofileindexvaluesare
1255.
ipproto ClassifiesbasedonProtocolfieldinIPpacket.
ipdestsocket ClassifiesbasedondestinationIPaddresswithoptionalpostfixedport.
ipsourcesocket ClassifiesbasedonsourceIPaddress,withoptionalpostfixedport.
iptos ClassifiesbasedonTypeofServicefieldinIPpacket.
tcpdestport ClassifiesbasedonTCPdestinationport.
tcpsourceport ClassifiesbasedonTCPsourceport.
udpdestport ClassifiesbasedonUDPdestinationport.
udpsourceport ClassifiesbasedonUDPsourceport.
data Specifiesthecodeforapredefinedclassifier.Thisvalueisdependenton
theclassificationtypeentered.RefertoTable 93forvalidvaluesforeach
classificationtype.
maskmask (Optional)Specifiesthenumberofsignificantbitstomatch,dependenton
thedatavalueentered.RefertoTable 93forvalidvaluesforeach
classificationtypeanddatavalue.
vlanvlan ClassifiestoaVLANID.
coscos SpecifiesthatthisrulewillclassifytoaClassofServiceID.Validvalues
are04095.Avalueof1indicatesthatnoCoSforwardingbehavior
modificationisdesired.
drop|forward Specifiesthatpacketswithinthisclassificationwillbedroppedor
forwarded.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
Table 93providesthesetpolicyruledatavaluesthatcanbeenteredforaparticularclassification
type,andthemaskbitsthatcanbeenteredforeachclassifierassociatedwiththatparameter.
Examples
ThisexampleshowshowtouseTable 93toassignaruletopolicyprofile5thatwillforwardUDP
framesfromsourceport45:
B3(su)->set policy rule 5 udpportsource 45 forward
ThisexampleshowshowtouseTable 93toassignaruletopolicyprofile1thatwilldropIP
sourcetrafficfromIPaddress1.2.3.4.Ifmask32isnotspecifiedasshown,adefaultmaskof48bits
(IPaddress+port)wouldbeapplied:
B3(su)->set policy rule 1 ipsourcesocket 1.2.3.4 mask 32 drop
Syntax
Thiscommandhastwoformsofsyntaxonetoclearanadminrule(forpolicyID0),andtheother
toclearaclassificationrule.
clear policy rule admin-profile {vlantag data [mask mask]
Parameters
Thefollowingparametersapplytodeletinganadminrule.
adminprofile SpecifiesthattheruletobedeletedisanadminruleforpolicyID0.
vlantagdata DeletestherulebasedonVLANtagspecifiedbydata.Valueofdatacan
rangefrom1to4094or0xFFF.
maskmask (Optional)Specifiesthenumberofsignificantbitstomatch,dependent
onthedatavalueentered.Valueofmaskcanrangefrom1to12.
RefertoTable 93forvalidvaluesforeachclassificationtypeanddata
value.
Thefollowingparametersapplytodeletingaclassificationrule.
profileindex Specifiesapolicyprofileforwhichtodeleteclassificationrules.Valid
profileindexvaluesare1255.
allpidentries Deletesallentriesassociatedwiththespecifiedpolicyprofile.
ipproto DeletesassociatedIPprotocolclassificationrule.
ipdestsocket DeletesassociatedIPdestinationclassificationrule.
ipsourcesocket DeletesassociatedIPsourceclassificationrule.
iptos DeletesassociatedIPTypeofServiceclassificationrule.
tcpdestport DeletesassociatedTCPdestinationportclassificationrule.
tcpsourceport DeletesassociatedTCPsourceportclassificationrule.
udpdestport DeletesassociatedUDPdestinationportclassificationrule.
udpsourceport DeletesassociatedUDPsourceportclassificationrule.
Defaults
Whenapplicable,dataandmaskmustbespecifiedforindividualrulestobecleared.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoremovearulefrompolicyprofile5thatwillforwardUDPframes
fromsourceport45:
B3(su)->clear policy rule 5 udpportsource 45 forward
Syntax
clear policy all-rules
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoremovealladministrativeandpolicyindexrules:
B3(su)->clear policy all-rules
Purpose
Toassignandunassignportstopolicyprofiles.
Commands
Thecommandsusedtoassignportstopolicyprofilesarelistedbelow.
Syntax
set policy port port-string profile-index
Parameters
portstring Specifiestheport(s)toaddtothepolicyprofile.Foradetaileddescription
ofpossibleportstringvalues,refertoPortStringSyntaxUsedintheCLI
onpage 41.
profileindex SpecifiestheIDofthepolicyprofile(role)towhichtheport(s)willbe
added.Thisvaluemustmatchtheprofileindexvalueassignedusingthe
setpolicyprofilecommand(setpolicyprofileonpage 94)inorderfor
apolicyprofiletobeactiveonthespecifiedport.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoallowGigabitEthernetports5through15inslot1totransmitframes
accordingtopolicyprofile1:
B3(su)->set policy port ge.1.5-15 1
Syntax
clear policy port port-string profile-index
Parameters
portstring Specifiestheport(s)fromwhichtoremovethepolicyprofile.Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 41.
profileindex SpecifiestheIDofthepolicyprofile(role)towhichtheport(s)willbe
added.Thisvaluemustmatchtheprofileindexvalueassignedusingthe
setpolicyprofilecommand(setpolicyprofileonpage 94)inorderfor
apolicyprofiletobeactiveonthespecifiedport.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoremovepolicyprofile10fromFastEthernetport21inslot1:
B3(rw)->clear policy port fe.1.21 10
Note: It is recommended that you use Enterasys Networks NetSight Policy Manager as an
alternative to CLI for configuring policy-based CoS on the switches.
TheSecureStackB3supportsClassofService(CoS),whichallowsyoutoassignmissioncritical
datatoahigherprioritythroughthedevicebydelayinglesscriticaltrafficduringperiodsof
congestion.Thehigherprioritytrafficgoingthroughthedeviceisservicedfirst(beforelower
prioritytraffic).TheClassofServicecapabilityofthedeviceisimplementedbyapriority
queueingmechanism.ClassofServiceisbasedontheIEEE802.1D(802.1p)standardspecification,
andallowsyoutodefineeightpriorities(07,with7grantedhighestpriority)andupto8transmit
queues(07)foreachport.
Bydefault,policybasedCoSisdisabledonthedevice,anddefaultoruserassignedportbased
802.1D(802.1p)settingsareusedtodeterminetransmitqueues.WhenpolicybasedCoSis
enabled,thedefaultanduserassignedpolicybasedsettingswilloverrideportbasedsettings
describedinChapter 10.
Commands
ThecommandsusedtoconfigurepolicybasedClassofServicearelistedbelow.
Syntax
set cos state {enable | disable}
Parameters
enable|disable EnablesordisablesClassofServiceontheswitch.Defaultstateis
disabled.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
TheCoSstateisaglobalsettingwhichissettodisabledbydefault.WhenCoSisenabled,controls
configuredforCoSwillsupersedeportlevelcontrolforpriorityqueuemapping,portrate
limiting,andtransmitqueuemapping.Althoughportlevelsettingscanbeconfigured,theywill
havenoeffectwhileCoSisenabled.DisablingCoSwillrestoreanyexistingportlevelsettings.
Example
ThisexampleshowshowtoenableClassofService:
B3(rw)->set cos state enable
Syntax
show cos state
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtoshowtheClassofServiceenablestate:
B3(rw)->show cos state
Class-of-Service application is enabled
Syntax
clear cos state
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtocleartheCoSstatebacktoitsdefaultsettingofdisabled:
B3(su)->clear cos state
Syntax
set cos settings cos-index priority priority [tos-value tos-value]
Parameters
cosindex SpecifiesaClassofServiceentry.Validvaluesare0to255.
prioritypriority Specifiesan802.1dpriorityvalue.Validvaluesare0to7,with0beingthe
lowestpriority.SeeUsagesectionbelowformoreinformation.
tosvaluetosvalue (Optional)SpecifiesaTypeofServicevalue.Validvaluesare0to255.See
Usagesectionbelowformoreinformation.
Defaults
Ifnooptionalparametersarespecified,nonewillbeapplied.
Mode
Switchcommand,readwrite.
Usage
TheCoSsettingstabletakesindividualclassofservicefeaturesanddisplaysthemasbelongingto
aCoSentry.Essentially,itisusedforCoSfeatureassignment.Eachclassofserviceentryconsists
ofanindex,802.1ppriority,anoptionalToSvalue.
CoSIndex
IndexesareuniqueidentifiersforeachCoSsetting.CoSindexes0through7arecreatedby
defaultandmappeddirectlyto802.1ppriorityforbackwardscompatibility.Theseentries
cannotberemoved,and802.1ppriorityvaluescannotbechanged.WhenCoSisenabled,
indexesareassigned.Upto256CoSindexesorentriescanbeconfigured.
Priority
802.1pprioritycanbeappliedperCoSindex.ForeachnewCoSindexcreated,theuserhas
theoptiontoassignan802.1ppriorityvalue0to7fortheclassofservice.CoSindexes0
through7mapdirectlyto802.1pprioritiesandcannotbechangedastheyexistforbackward
compatibility.
ToS
Thisvaluecanbesetperclassofservice,butisnotrequired.Whenaframeisassignedtoa
classofserviceforwhichthisvalueisconfigured,theToSfieldoftheincomingIPpacketwill
beoverwrittentotheuserdefinedvalue.ToSbits0255canbeset,makingtheentireToSfield
rewritable.ToScanbesetforCoSindexes0through7.
Example
ThisexampleshowshowtocreateCoSentry8withapriorityvalueof3:
B3(rw)->set cos settings 8 priority 3
Syntax
clear cos settings cos-list {[all] | [priority] [tos-value]}
Parameters
coslist SpecifiesaClassofServiceentrytoclear.
all Clearsallsettingsassociatedwiththisentry.
priority Clearsthepriorityvalueassociatedwiththisentry.
tosvalue ClearstheTypeofServicevalueassociatedwiththisentry.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoclearthepriorityforCoSentry8:
B3(rw)->clear cos settings 8 priority
Syntax
show cos settings [cos-list]
Parameters
coslist (Optional)SpecifiesaClassofServiceentrytodisplay.
Defaults
Ifnotspecified,allCoSentrieswillbedisplayed.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtoshowallCoSsettings:
B3(su)->show cos settings
CoS Index Priority ToS IRL
--------- ---------- ------- -----
0 0 * *
1 1 * *
2 2 * *
3 3 * *
4 4 * *
5 5 * *
6 6 * *
7 7 * *
Syntax
clear cos all-entries
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtocleartheCoSconfigurationforallentriesexceptentries07:
B3(su)->clear cos all-entries
ThischapterdescribesthePortPrioritysetofcommandsandhowtousethem.
Note: When CoS override is enabled using the set policy profile command as described in set
policy profile on page 9-4, CoS-based classification rules will take precedence over priority
settings configured with the set port priority command described in this section.
Purpose
Tovieworconfigureportprioritycharacteristicsasfollows:
DisplayorchangetheportdefaultClassofService(CoS)transmitpriority(0through7)of
eachportforframesthatarereceived(ingress)withoutpriorityinformationintheirtag
header.
Displaythecurrenttrafficclassmappingtopriorityofeachport.
Seteachporttotransmitframesaccordingto802.1D(802.1p)prioritysetintheframeheader.
Commands
Thecommandstoconfigureportpriorityarelistedbelow.
Syntax
show port priority [port-string]
Parameters
portstring (Optional)Displayspriorityinformationforaspecificport.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 41.
Defaults
If port-string is not specified, priority for all ports will be displayed.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplaytheportpriorityforthefe.2.1through5.
B3(su)->show port priority fe.2.1-5
fe.2.1 is set to 0
fe.2.2 is set to 0
fe.2.3 is set to 0
fe.2.4 is set to 0
fe.2.5 is set to 0
Syntax
set port priority port-string priority
Parameters
portstring Specifiestheportforwhichtosetpriority.Foradetaileddescriptionof
possibleportstringvalues,refertoPortStringSyntaxUsedintheCLIon
page 41.
priority Specifiesavalueof0to7tosettheCoSpriorityfortheportenteredinthe
portstring.Priorityvalueof0isthelowestpriority.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtosetadefaultpriorityof6onfe.1.3.Framesreceivedbythisport
withoutpriorityinformationintheirframeheaderaresettothedefaultsettingof6:
B3(su)->set port priority fe.1.3 6
Syntax
clear port priority port-string
Parameters
portstring Specifiestheportforwhichtoclearpriority.Foradetaileddescriptionof
possibleportstringvalues,refertoPortStringSyntaxUsedintheCLIon
page 41.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoresetfe.1.11tothedefaultpriority:
B3(rw)->clear port priority fe.1.11
Purpose
Toperformthefollowing:
Viewthecurrentprioritytotransmitqueuemappingofeachphysicalport.
Configureeachporttoeithertransmitframesaccordingtotheportpriority,setusingtheset
portprioritycommanddescribedinsetportpriorityonpage 103,oraccordingtoapriority
basedonapercentageofporttransmissioncapacity,assignedtotransmitqueuesusingtheset
porttxqcommanddescribedinsetporttxqonpage 109.
Clearcurrentportpriorityqueuesettingsforoneormoreports.
Note: Priority to transmit queue mapping on an individual port basis can only be configured on
Gigabit Ethernet ports (ge.x.x). When you use the set port priority-queue command to configure
a Fast Ethernet port (fe.x.x), the mapping values are applied globally to all Fast Ethernet ports on
the stack.
Commands
Thecommandsusedinconfiguringtransmitpriorityqueuesarelistedbelow.
Syntax
show port priority-queue [port-string]
Parameters
portstring (Optional)Displaysthemappingofprioritiestotransmitqueuesforone
ormoreports.
Defaults
If port-string is not specified, priority queue information for all ports will be
displayed.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplaypriorityqueueinformationforge.1.1.Inthiscase,frameswith
apriorityof0areassociatedwithtransmitqueue1;frameswith1or2priority,areassociatedwith
transmitqueue0;andsoforth:
B3(su)->show port priority-queue ge.1.1
Port P0 P1 P2 P3 P4 P5 P6 P7
--------- -- -- -- -- -- -- -- --
ge.1.1 1 0 0 2 3 4 5 5
Syntax
set port priority-queue port-string priority queue
Parameters
portstring Specifiestheport(s)forwhichtosetprioritytoqueuemappings.Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 41.
priority Specifiesavalueof0through7(0isthelowestlevel)thatdetermines
whatpriorityframeswillbetransmittedonthetransmitqueueenteredin
thiscommand.
queue Specifiesavalueof0through5(0isthelowestlevel)thatdeterminesthe
queueonwhichtotransmittheframeswiththeportpriorityenteredin
thiscommand.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
Althoughthereareeightqueuesimplementedintheswitchhardware,onlysixareavailablefor
useinprioritizingvariousdataandcontroltraffic.The7thand8thqueuesarereservedfor
stackingandnetworkcontrolrelatedcommunications.RefertoConfiguringQualityofService
(QoS)onpage 108formoreinformationaboutconfiguringtheprioritymodeandweightfor
thesequeues.
PrioritytotransmitqueuemappingonanindividualportbasiscanonlybeconfiguredonGigabit
Ethernetports(ge.x.x).WhenyouusethesetportpriorityqueuecommandtoconfigureaFast
Ethernetport(fe.x.x),themappingvaluesareappliedgloballytoallFastEthernetportsonthe
stack.
Example
Thisexampleshowshowtosetpriority5framesreceivedonge.2.12totransmitonqueue0.
B3(su)->set port priority-queue ge.2.12 5 0
Syntax
clear port priority-queue port-string
Parameters
portstring Specifiestheportforwhichtoclearprioritytoqueuemappings.Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 41.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoclearthepriorityqueuesettingsonge.2.12:
B3(su)->clear port priority-queue ge.2.12
Purpose
Eighttransmitqueuesareimplementedintheswitchhardwareforeachport,butonlysixare
availableforuseinprioritizingvariousdataandcontroltraffic.Theseventhandeighthqueuesare
reservedforstackingandnetworkcontrolrelatedcommunications.
Thecommandsinthissectionallowyoutosettheprioritymodeandweightforeachofthe
availablesixqueues(queues0through5)foreachphysicalportontheswitch.Prioritymodeand
weightcannotbeconfiguredonLAGs,onlyonthephysicalportsthatmakeuptheLAG.
Command Descriptions
ThecommandstoconfiguretheQualityofServicearelistedbelow.
Syntax
show port txq [port-string]
Parameters
portstring (Optional)Specifiesport(s)forwhichtodisplayQoSsettings.Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 41.
Onlyphysicalportswillbedisplayed.LAGportshavenotransmitqueue
information.
Defaults
Iftheportstringisnotspecified,theQoSsettingofallphysicalportswillbedisplayed.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplaythecurrentalgorithmandtransmitqueueweightsconfigured
onportsge.1.10through24:
B3(su)->show port txq ge.1.10-24
Port Alg Q0 Q1 Q2 Q3 Q4 Q5 Q6 Q7
----- --- --- --- --- --- --- --- --- ---
ge.1.10 WRR 2 10 15 20 24 29 SP SP
ge.1.11 WRR 2 10 15 20 24 29 SP SP
ge.1.12 WRR 2 10 15 20 24 29 SP SP
ge.1.13 WRR 2 10 15 20 24 29 SP SP
ge.1.14 WRR 2 10 15 20 24 29 SP SP
ge.1.15 WRR 2 10 15 20 24 29 SP SP
ge.1.16 WRR 2 10 15 20 24 29 SP SP
ge.1.17 WRR 2 10 15 20 24 29 SP SP
ge.1.18 WRR 2 10 15 20 24 29 SP SP
ge.1.19 WRR 2 10 15 20 24 29 SP SP
ge.1.20 WRR 2 10 15 20 24 29 SP SP
ge.1.21 WRR 2 10 15 20 24 29 SP SP
ge.1.22 WRR 2 10 15 20 24 29 SP SP
ge.1.23 WRR 2 10 15 20 24 29 SP SP
ge.1.24 WRR 2 10 15 20 24 29 SP SP
Syntax
set port txq port-string value0 value1 value2 value3 value4 value5
Parameters
portstring Specifiesport(s)onwhichtosetqueuearbitrationvalues.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 41.
Onlyphysicalportscanbeconfiguredwiththiscommand.LAGports
cannotbeconfigured.
value0value5 Specifiespercentagetoallocatetoaspecifictransmitqueue.Thevalues
musttotal100percent.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
Eighttransmitqueuesareimplementedintheswitchhardwareforeachphysicalport,butonlysix
areavailableforuseinprioritizingvariousdataandcontroltraffic.Theseventhandeighthqueues
arereservedforstackingandnetworkcontrolrelatedcommunicationsandcannotbeconfigured.
Queuescanbesetforstrictpriority(SP)orweightedroundrobin(WRR).IfsetforWRRmode,
weightsmaybeassignedtothosequeueswiththiscommand.Weightsarespecifiedintherange
of0to100percent.Weightsspecifiedforqueues0through5onanyportmusttotal100percent.
Queues0through5canbechangedtostrictprioritybyconfiguringqueues0through4at0
percentandqueue5at100percent.QueuescanbechangedbacktoWRRbychangingtheweight
ofqueues0through5,orbyissuingtheclearporttxqcommand.
Examples
Thisexampleshowshowtochangethearbitrationvaluesforthesixtransmitqueuesbelongingto
ge.1.1:
B3(su)->set port txq ge.1.1 17 17 17 17 16 16
Thisexampleshowshowtochangethealgorithmtostrictpriorityforthesixtransmitqueues
belongingtoge.1.1:
B3(su)->set port txq ge.1.1 0 0 0 0 0 100
B3(su)->show port txq ge.1.1
Port Alg Q0 Q1 Q2 Q3 Q4 Q5 Q6 Q7
----- --- --- --- --- --- --- --- --- ---
ge.1.1 STR SP SP SP SP SP SP SP SP
Syntax
clear port txq port-string
Parameters
portstring Clearstransmitqueuevaluesonspecificport(s)backtotheirdefault
values.Foradetaileddescriptionofpossibleportstringvalues,referto
PortStringSyntaxUsedintheCLIonpage 41.
Onlyphysicalportscanbeconfiguredwiththiscommand.LAGports
cannotbeconfigured.
Defaults
Bydefault,transmitqueuesaredefinedasfollows:
0 WRR 1 4 WRR 5
1 WRR 2 5 WRR 6
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtocleartransmitqueuevaluesonge.1.1:
B3(su)->clear port txq ge.1.1
ThischapterdescribestheIGMPConfigurationsetofcommandsandhowtousethem.
IGMP Overview
About Multicasting
Multicastingisusedtosupportrealtimeapplicationssuchasvideoconferencesorstreaming
audio.Amulticastserverdoesnothavetoestablishaseparateconnectionwitheachclient.It
merelybroadcastsitsservicetothenetwork,andanyhoststhatwanttoreceivethemulticast
registerwiththeirlocalmulticastswitch/router.Althoughthisapproachreducesthenetwork
overheadrequiredbyamulticastserver,thebroadcasttrafficmustbecarefullyprunedatevery
multicastswitch/routeritpassesthroughtoensurethattrafficisonlypassedtothehoststhat
subscribedtothisservice.
Purpose
ToconfigureIGMPsnoopingfromtheswitchCLI.
Commands
ThecommandsusedtoconfigureswitchrelatedIGMPsnoopingarelistedbelow.
show igmpsnooping
UsethiscommandtodisplayIGMPsnoopinginformation.
Syntax
show igmpsnooping
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Usage
ConfiguredinformationisdisplayedwhetherornotIGMPsnoopingisenabled.Status
informationisdisplayedonlywhenthefunctionisenabled.ForinformationonenablingIGMPon
thesystem,refertosetigmpsnoopingadminmodeonpage 113.Forinformationonenabling
IGMPononeormoreports,refertosetigmpsnoopinginterfacemodeonpage 114.
Example
ThisexampleshowshowtodisplayIGMPsnoopinginformation:
B3(su)->show igmpsnooping
Admin Mode..................................... Enable
Group Membership Interval...................... 260
Max Response Time.............................. 100
Multicast Router Present Expiration Time....... 0
Interfaces Enabled for IGMP Snooping........... fe.1.1,fe.1.2,fe.1.3
fe.1.4,fe.1.5,fe.1.6
Multicast Control Frame Count..................0
Data Frames Forwarded by the CPU...............0
Syntax
set igmpsnooping adminmode {enable | disable}
Parameters
enable|disable EnablesordisablesIGMPsnoopingonthesystem.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
InorderforIGMPsnoopingtobeenabledononeorallports,itmustbegloballyenabledonthe
devicewiththiscommand,andthenenabledonaport(s)usingthesetigmpsnoopinginterface
modecommandasdescribedinsetigmpsnoopinginterfacemodeonpage 114.
Example
ThisexampleshowshowtoenableIGMPonthesystem:
B3(su)->set igmpsnooping adminmode enable
Syntax
set igmpsnooping interfacemode port-string {enable | disable}
Parameters
portstring SpecifiesoneormoreportsonwhichtoenableordisableIGMP.
enable|disable EnablesordisablesIGMP.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
InorderforIGMPsnoopingtobeenabledononeorallports,itmustbegloballyenabledonthe
deviceusingthesetigmpsnoopingadminmodecommandasdescribedinsetigmpsnooping
adminmodeonpage 113,andthenenabledonaport(s)usingthiscommand.
Example
ThisexampleshowshowtoenableIGMPonportsge.110:
B3(su)->set igmpsnooping interfacemode ge.1-10 enable
Syntax
set igmpsnooping groupmembershipinterval time
Parameters
time SpecifiestheIGMPgroupmembershipinterval.Validvaluesare23600
seconds.
Thisvalueworkstogetherwiththesetigmpsnoopingmaxresponsetime
commandtoremoveportsfromanIGMPgroupandmustbegreaterthan
themaxresponsetimevalue.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
TheIGMPgroupmembershipintervaltimesetsthefrequencyofhostqueryframetransmissions
andmustbegreaterthantheIGMPmaximumresponsetimeasdescribedinsetigmpsnooping
maxresponseonpage 115.
Example
ThisexampleshowshowtosettheIGMPgroupmembershipintervalto250seconds:
B3(su)->set igmpsnooping groupmembershipinterval 250
Syntax
set igmpsnooping maxresponse time
Parameters
time SpecifiestheIGMPmaximumqueryresponsetime.Validvaluesare100
255seconds.Thedefaultvalueis100seconds.
Thisvalueworkstogetherwiththesetigmpsnooping
groupmembershipintervalcommandtoremoveportsfromanIGMPgroup
andmustbelesserthanthegroupmembershipintervalvalue.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
ThisvaluemustbelessthantheIGMPmaximumresponsetimedescribedinsetigmpsnooping
groupmembershipintervalonpage 115.
Example
ThisexampleshowshowtosettheIGMPmaximumresponsetimeto100seconds:
B3(su)->set igmpsnooping maxresponse 100
Syntax
set igmpsnooping mcrtrexpire time
Parameters
time SpecifiestheIGMPmulticastrouterexpirationtime.Validvaluesare0
3600seconds.Avalueof0willconfigurethesystemwithaninfinite
expirationtime.Thedefaultvalueis0.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
Thistimerisforexpiringtheswitchfromthemulticastdatabase.Ifthetimerexpires,andtheonly
addressleftisthemulticastswitch,thentheentrywillberemoved.
Example
ThisexampleshowshowtosettheIGMPmulticastrouterexpirationtimetoinfinity:
B3(su)->set igmpsnooping mcrtrexpiretime 0
Syntax
set igmpsnooping add-static group vlan-list [modify] [port-string]
Parameters
group SpecifiesthemulticastgroupIPaddressfortheentry.
vlanlist SpecifiestheVLANsonwhichtoconfiguretheentry.
modify (Optional)Addsthespecifiedportorportstoanexistingentry.
portstring (Optional)Specifiestheportorportstoaddtotheentry.
Defaults
Ifnoportsarespecified,allportsareaddedtotheentry.
Ifmodifyisnotspecified,anewentryiscreated.
Mode
Switchcommand,readwrite.
Usage
UsethiscommandtocreateandconfigureLayer2IGMPentries.
Example
ThisexamplecreatesanIGMPentryforthemulticastgroupwithIPaddressof233.11.22.33
configuredonVLAN20configuredwiththeportge.1.1.
B3(su)->set igmpsnooping add-static 233.11.22.33 20 ge.1.1
Syntax
set igmpsnooping remove-static group vlan-list [modify] [port-string]
Parameters
group SpecifiesthemulticastgroupIPaddressoftheentry.
vlanlist SpecifiestheVLANsonwhichtheentryisconfigured.
modify (Optional)Removesthespecifiedportorportsfromanexistingentry.
portstring (Optional)Specifiestheportorportstoremovefromtheentry.
Defaults
Ifnoportsarespecified,allportsareremovedfromtheentry.
Mode
Switchcommand,readwrite.
Example
Thisexampleremovesportge.1.1fromtheentryforthemulticastgroupwithIPaddressof
233.11.22.33configuredonVLAN20.
B3(su)->set igmpsnooping remove-static 233.11.22.33 20 ge.1.1
Syntax
show igmpsnooping static vlan-list [group group]
Parameters
vlanlist SpecifiestheVLANforwhichtodisplaystaticIGMPports.
groupgroup (Optional)SpecifiestheIGMPgroupforwhichtodisplaystaticIGMP
ports.
Defaults
Ifnogroupisspecified,informationforallgroupsisdisplayed.
Mode
Switchcommand,readonly.
Example
ThisexampledisplaysthestaticIGMPportsforVLAN20.
120.8.10.1(su)->show igmpsnooping static 20
--------------------------------------------------------------------------------
Vlan Id = 20 Static Multicast Group Address = 233.11.22.33 Type = IGMP
IGMP Port List = ge.1.1
Syntax
show igmpsnooping mfdb [stats]
Parameters
stats (Optional)DisplaysMFDBstatistics.
Defaults
Ifstatsisnotspecified,allMFDBtableentrieswillbedisplayed.
Mode
Switchcommand,readonly.
Examples
Thisexampleshowshowtodisplaymulticastforwardingdatabaseentries:
B3(su)->show igmpsnooping mfdb
MAC Address Type Description Interfaces
----------------------- ------- ---------------- -------------------------
00:14:01:00:5E:02:CD:B0 Dynamic Network Assist Fwd: ge.1.1,ge.3.1,ge.4.1,
ge.5.1,ge.6.2,ge.6.3, ge.7.1,ge.8.1
00:32:01:00:5E:37:96:D0 Dynamic Network Assist Fwd: ge.4.7
00:32:01:00:5E:7F:FF:FA Dynamic Network Assist Fwd: ge.4.7
Thisexampleshowshowtodisplaymulticastforwardingdatabasestatistics:
B3(su)->show igmpsnooping mfdb stats
Max MFDB Table Entries......................... 256
Most MFDB Entries Since Last Reset............. 1
Current Entries................................ 0
clear igmpsnooping
UsethiscommandtoclearallIGMPsnoopingentries.
Syntax
clear igmpsnooping
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoclearallIGMPsnoopingentries:
B3(su)->clear igmpsnooping
Are you sure you want to clear all IGMP snooping entries? (y/n)y
Thischapterdescribesswitchrelatedloggingandnetworkmanagementcommandsandhowto
usethem.
Note: The commands in this chapter pertain to network management of the SecureStack B3
device from the switch CLI only. For information on router-related network management tasks,
including reviewing router ARP tables and IP traffic, refer to Chapter 15.
Purpose
Todisplayandconfiguresystemlogging,includingSyslogserversettings,Syslogdefaultsettings,
andtheloggingbuffer.
Commands
Commandstoconfiguresystemloggingarelistedbelow.
Syntax
show logging server [index]
Parameters
index (Optional)DisplaysSysloginformationpertainingtoaspecificserver
tableentry.Validvaluesare18.
Defaults
Ifindexisnotspecified,allSyslogserverinformationwillbedisplayed.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplaySyslogserverconfigurationinformation:
B3(ro)->show logging server
Table 121providesanexplanationofthecommandoutput.
IP Address Syslog servers IP address. For details on setting this using the set logging server
command, refer to set logging server on page 12-3.
Facility Syslog facility that will be encoded in messages sent to this server. Valid values are:
local0 to local7.
Syntax
set logging server index [ip-addr ip-addr] [facility facility] [severity severity]
[descr descr] [port port] [state {enable | disable}]
Parameters
index Specifiestheservertableindexnumberforthisserver.Validvaluesare1
8.
ipaddripaddr (Optional)SpecifiestheSyslogmessageserversIPaddress.
facilityfacility (Optional)Specifiestheserversfacilityname.Validvaluesare:local0to
local7.
severityseverity (Optional)Specifiestheseveritylevelatwhichtheserverwilllog
messages.Validvaluesandcorrespondinglevelsare:
1emergencies(systemisunusable)
2alerts(immediateactionrequired)
3criticalconditions
4errorconditions
5warningconditions
6notifications(significantconditions)
7informationalmessages
8debuggingmessages
descrdescr (Optional)Specifiesatextualstringdescriptionofthisfacility/server.
portport (Optional)SpecifiesthedefaultUDPporttheclientusestosendtothe
server.
stateenable| (Optional)Enablesordisablesthisfacility/serverconfiguration.
disable
Defaults
Ifipaddrisnotspecified,anentryintheSyslogservertablewillbecreatedwiththespecified
indexnumberandamessagewilldisplayindicatingthatnoIPaddresshasbeenassigned.
Ifnotspecified,facility,severityandportwillbesettodefaultsconfiguredwiththesetlogging
defaultcommand(setloggingdefaultonpage 125).
Ifstateisnotspecified,theserverwillnotbeenabledordisabled.
Mode
Switchcommand,readwrite.
Example
ThiscommandshowshowtoenableaSyslogserverconfigurationforindex1,IPaddress
134.141.89.113,facilitylocal4,severitylevel3onport514:
B3(su)->set logging server 1 ip-addr 134.141.89.113 facility local4 severity 3
port 514 state enable
Syntax
clear logging server index
Parameters
index Specifiestheservertableindexnumberfortheservertoberemoved.
Validvaluesare18.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThiscommandshowshowtoremovetheSyslogserverwithindex1fromtheservertable:
B3(su)->clear logging server 1
Syntax
show logging default
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
ThiscommandshowshowtodisplaytheSyslogserverdefaultvalues.Foranexplanationofthe
commandoutput,referbacktoTable 121.
B3(su)->show logging default
Syntax
set logging default {[facility facility] [severity severity] port port]}
Parameters
facilityfacility Specifiesthedefaultfacilityname.Validvaluesare:local0tolocal7.
severityseverity Specifiesthedefaultloggingseveritylevel.Validvaluesand
correspondinglevelsare:
1emergencies(systemisunusable)
2alerts(immediateactionrequired)
3criticalconditions
4errorconditions
5warningconditions
6notifications(significantconditions)
7informationalmessages
8debuggingmessages
portport SpecifiesthedefaultUDPporttheclientusestosendtotheserver.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtosettheSyslogdefaultfacilitynametolocal2andtheseveritylevelto4
(errorlogging):
B3(su)->set logging default facility local2 severity 4
Syntax
show logging application [mnemonic | all]
Parameters
mnemonic (Optional)Displaysseveritylevelforoneapplicationconfiguredfor
logging.Mnemonicswillvarydependingonthenumberandtypesof
applicationsrunningonyoursystem.Samplemnemonicsandtheir
correspondingapplicationsarelistedinTable 123.
Note: Mnemonic values are case sensitive and must be typed as they appear in
Table 12-3.
all (Optional)Displaysseveritylevelforallapplicationsconfiguredfor
logging.
Defaults
Ifnoparameterisspecified,informationforallapplicationswillbedisplayed.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplaysystemlogginginformationpertainingtotheSNMP
application.Table 122describestheoutputofthiscommand.
B3(ro)->show logging application SNMP
Current Severity Level Severity level at which the server is logging messages for the
listed application. This range (from 1 to 8) and its associated
severity list is shown in the CLI output. For a description of these
entries, which are set using the set logging application
command, refer to set logging application on page 12-7.
Syntax
set logging application {[mnemonic | all]} [level level]
Parameters
mnemonic Specifiesacasesensitivemnemonicabbreviationofanapplicationtobe
logged.Thisparameterwillvarydependingonthenumberandtypesof
applicationsrunningonyoursystem.Todisplayacompletelist,usethe
showloggingapplicationcommandasdescribedinshowlogging
applicationonpage 126.Samplemnemonicsandtheircorresponding
applicationsarelistedinTable 123.
Note: Mnemonic values are case sensitive and must be typed as they appear in
Table 12-3
all Setstheloggingseveritylevelforallapplications.
levellevel (Optional)Specifiestheseveritylevelatwhichtheserverwilllog
messagesforapplications.Validvaluesandcorrespondinglevelsare:
1emergencies(systemisunusable)
2alerts(immediateactionrequired)
3criticalconditions
4errorconditions
5warningconditions
6notifications(significantconditions)
7informationalmessages
8debuggingmessages
Mnemonic Application
Router Router
Defaults
Iflevelisnotspecified,nonewillbeapplied.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtosettheseveritylevelforSNMPto4sothaterrorconditionswillbe
loggedforthatapplication.
B3(rw)->set logging application SNMP level 4
Syntax
clear logging application {mnemonic | all}
Parameters
mnemonic Resetstheseveritylevelforaspecificapplicationto6.Validmnemonic
valuesandtheircorrespondingapplicationsarelistedinTable 123.
all Resetstheseveritylevelforallapplicationsto6.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoresettheloggingseveritylevelto6forSNMP.
B3(rw)->clear logging application SNMP
Syntax
clear logging default {[facility] [severity] [port]}
Parameters
facility (Optional)Resetsthedefaultfacilitynametolocal4.
severity (Optional)Resetsthedefaultloggingseveritylevelto6(notificationsof
significantconditions).
port (Optional)ResetsthedefaultUDPporttheclientusestosendtotheserver
to514.
Defaults
Atleastoneoptionalparametermustbeentered.
Allthreeoptionalkeywordsmustbeenteredtoresetallloggingvaluestodefaults.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoresettheSyslogdefaultseveritylevelto6:
B3(su)->clear logging default severity
Syntax
show logging local
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplaythestateofmessagelogging.Inthiscase,loggingtothe
consoleisenabledandloggingtoapersistentfileisdisabled.
B3(su)->show logging local
Syslog Console Logging enabled
Syslog File Logging disabled
Syntax
set logging local console {enable | disable} file {enable | disable}
Parameters
consoleenable|disable Enablesordisablesloggingtotheconsole.
fileenable|disable Enablesordisablesloggingtoapersistentfile.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thiscommandshowshowtoenableloggingtotheconsoleanddisableloggingtoapersistentfile:
B3(su)->set logging local console enable file disable
Syntax
clear logging local
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoclearlocallogging:
B3(su)->clear logging local
Syntax
show logging buffer
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
Thisexampleshowsaportionoftheinformationdisplayedwiththeshowloggingbuffer
command:
B3(su)->show logging buffer
<165>Sep 4 07:43:09 10.42.71.13 CLI[5]User:rw logged in from 10.2.1.122 (telnet)
<165>Sep 4 07:43:24 10.42.71.13 CLI[5]User: debug failed login from 10.4.1.100
(telnet)
Purpose
Todisplayswitcheventsandcommandhistory,tosetthesizeofthehistorybuffer,andtodisplay
anddisconnectcurrentusersessions.
Commands
Commandstomonitorswitchnetworkeventsandstatusarelistedbelow.
history 12-12
ping 12-14
disconnect 12-15
history
Usethiscommandtodisplaythecontentsofthecommandhistorybuffer.Thecommandhistory
bufferincludesalltheswitchcommandsentereduptoamaximumof100,asspecifiedintheset
historycommand(sethistoryonpage 1213).
Syntax
history
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplaythecontentsofthecommandhistorybuffer.Itshowsthereare
fivecommandsinthebuffer:
B3(su)->history
1 hist
2 show gvrp
3 show vlan
4 show igmp
5 show ip address
show history
Usethiscommandtodisplaythesize(inlines)ofthehistorybuffer.
Syntax
showhistory
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplaythesizeofthehistorybuffer:
B3(su)->show history
History buffer size: 20
set history
Usethiscommandtosetthesizeofthehistorybuffer.
Syntax
sethistorysize[default]
Parameters
size Specifiesthesizeofthehistorybufferinlines.Validvaluesare1to100.
default (Optional)Makesthissettingpersistentforallfuturesessions.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtosetthesizeofthecommandhistorybufferto30lines:
B3(su)->set history 30
ping
UsethiscommandtosendICMPechorequestpacketstoanothernodeonthenetworkfromthe
switchCLI.
Syntax
pinghost
Parameters
host SpecifiestheIPaddressofthedevicetowhichthepingwillbesent.
Defaults
None.
Mode
Switchcommand,readwrite.
Examples
ThisexampleshowshowtopingIPaddress134.141.89.29.Inthiscase,thishostisalive:
B3(su)->ping 134.141.89.29
134.141.89.29 is alive
Inthisexample,thehostatIPaddressisnotresponding:
B3(su)->ping 134.141.89.255
no answer from 134.141.89.255
show users
UsethiscommandtodisplayinformationabouttheactiveconsoleportorTelnetsession(s)logged
intotheswitch.
Syntax
showusers
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtousetheshowuserscommand.Inthisoutput,therearetwoTelnet
usersloggedinwithReadWriteaccessprivilegesfromIPaddresses134.141.192.119and
134.141.192.18:
B3(su)->show users
Session User Location
-------- ----- --------------------------
* telnet rw 134.141.192.119
telnet rw 134.141.192.18
disconnect
UsethiscommandtocloseanactiveconsoleportorTelnetsessionfromtheswitchCLI.
Syntax
disconnect{ipaddr|console}
Parameters
ipaddr SpecifiestheIPaddressoftheTelnetsessiontobedisconnected.This
addressisdisplayedintheoutputshowninshowusersonpage 1215.
console Closesanactiveconsoleport.
Defaults
None.
Mode
Switchcommand,readwrite.
Examples
ThisexampleshowshowtocloseaTelnetsessiontohost134.141.192.119:
B3(su)->disconnect 134.141.192.119
Thisexampleshowshowtoclosethecurrentconsolesession:
B3(su)->disconnect console
Purpose
TodisplayordeleteswitchARPtableentries,andtodisplayMACaddressinformation.
Commands
Commandstomanageswitchnetworkaddressesandroutesarelistedbelow.
traceroute 12-19
show arp
UsethiscommandtodisplaytheswitchsARPtable.
Syntax
showarp
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplaytheARPtable:
B3(su)->show arp
set arp
UsethiscommandtoaddmappingentriestotheswitchsARPtable.
Syntax
set arp ip-address mac-address
Parameters
ipaddress SpecifiestheIPaddresstomaptotheMACaddressandaddtotheARP
table.
macaddress SpecifiestheMACaddresstomaptotheIPaddressandaddtotheARP
table.TheMACaddresscanbeformattedasxx:xx:xx:xx:xx:xxorxxxx
xxxxxxxx.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtomapIPaddress192.168.219.232toMACaddress00000c400fbc:
B3(su)->set arp 192.168.219.232 00-00-0c-40-0f-bc
clear arp
UsethiscommandtodeleteaspecificentryorallentriesfromtheswitchsARPtable.
Syntax
cleararp{ipaddress|all}
Parameters
ipaddress|all SpecifiestheIPaddressintheARPtabletobecleared,orclearsallARP
entries.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtodeleteentry10.1.10.10fromtheARPtable:
B3(su)->clear arp 10.1.10.10
traceroute
UsethiscommandtodisplayahopbyhoppaththroughanIPnetworkfromthedevicetoa
specificdestinationhost.ThreeUDPorICMPprobeswillbetransmittedforeachhopbetweenthe
sourceandthetraceroutedestination.
traceroute [-w waittime] [-f first-ttl] [-m max-ttl] [-p port] [-q nqueries] [-r]
[-d] [-n] [-v] host
Parameters
wwaittime (Optional)Specifiestimeinsecondstowaitforaresponsetoaprobe.
ffirstttl (Optional)Specifiesthetimetolive(TTL)ofthefirstoutgoingprobe
packet.
mmaxttl (Optional)Specifiesthemaximumtimetolive(TTL)usedinoutgoing
probepackets.
pport (Optional)SpecifiesthebaseUDPportnumberusedinprobes.
qnqueries (Optional)Specifiesthenumberofprobeinquiries.
r (Optional)Bypassesthenormalhostroutingtables.
d (Optional)Setsthedebugsocketoption.
n (Optional)Displayshopaddressesnumerically.(Supportedinafuture
release.)
v (Optional)Displaysverboseoutput,includingthesizeanddestinationof
eachresponse.
host SpecifiesthehosttowhichtherouteofanIPpacketwillbetraced.
Defaults
Ifnotspecified,waittimewillbesetto5seconds.
Ifnotspecified,firstttlwillbesetto1second.
Ifnotspecified,maxttlwillbesetto30seconds.
Ifnotspecified,portwillbesetto33434.
Ifnotspecified,nquerieswillbesetto3.
Ifrisnotspecified,normalhostroutingtableswillbeused.
Ifdisnotspecified,thedebugsocketoptionwillnotbeused.
Ifvisnotspecified,summaryoutputwillbedisplayed.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtousetraceroutetodisplayaroundtrippathtohost192.167.252.17.In
thiscase,hop1istheSecureStackB3switch,hop2is14.1.0.45,andhop3isbacktothehostIP
address.RoundtriptimesforeachofthethreeUDPprobesaredisplayednexttoeachhop:
B3(su)->traceroute 192.167.252.17
traceroute to 192.167.252.17 (192.167.252.17), 30 hops max, 40 byte packets
1 matrix.enterasys.com (192.167.201.40) 20.000 ms 20.000 ms 20.000 ms
2 14.1.0.45 (14.1.0.45) 40.000 ms 10.000 ms 20.000 ms
3 192.167.252.17 (192.167.252.17) 50.000 ms 0.000 ms 20.000 ms
show mac
UsethiscommandtodisplayMACaddressesintheswitchsfilteringdatabase.Theseare
addresseslearnedonaportthroughtheswitchingprocess.
Syntax
showmac[addressmacaddress][fidfid][portportstring][type{other|learned|self|mgmt}]
Parameters
addressmacaddress (Optional)DisplaysaspecificMACaddress(ifitisknownbythe
device).
fidfid (Optional)DisplaysMACaddressesforaspecificfilterdatabase
identifier.
portportstring (Optional)DisplaysMACaddressesforspecificport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntax
UsedintheCLIonpage 41.
typeother|learned| (Optional)Displaysinformationrelatedtoother,learned,selfor
self|mgmt mgmt(management)addresstype.
Defaults
Ifnoparametersarespecified,allMACaddressesforthedevicewillbedisplayed.
Mode
Switchcommand,readonly.
Examples
ThisexampleshowshowtodisplayMACaddressinformationforge.3.1:
B3(su)->show mac port ge.3.1
Table 125providesanexplanationofthecommandoutput.
Egress Ports The ports which have been added to the egress ports list.
Syntax
show mac agetime
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplaytheMACtimeoutperiod:
B3(su)->show mac agetime
Aging time: 300 seconds
Syntax
set mac agetime time
Parameters
time SpecifiesthetimeoutperiodinsecondsforagoninglearnedMAC
addresses.Validvaluesare10to1,000,000seconds.Defaultvalueis300
seconds.
Defaults
None.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtosettheMACtimeoutperiod:
B3(su)->set mac agetime 250
Syntax
clear mac agetime
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtoresettheMACtimeoutperiodtothedefaultvalueof300seconds.
B3(su)->clear mac agetime
Syntax
set mac algorithm {mac-crc16-lowerbits | mac-crc16-upperbits |
mac-crc32-lowerbits | mac-crc32-upperbits}
Parameters
maccrc16lowerbits SelecttheMACCRC16lowerbitsalgorithmforhashing.
maccrc16upperbits SelecttheMACCRC16upperbitsalgorithmforhashing.
maccrc32lowerbits SelecttheMACCRC32lowerbitsalgorithmforhashing.
maccrc32upperbits SelecttheMACCRC32upperbitsalgorithmforhashing.
Defaults
ThedefaultMACalgorithmismaccrc16upperbits.
Mode
Switchcommand,readwrite.
Usage
EachalgorithmisoptimizedforadifferentspreadofMACaddresses.Whenchangingthismode,
theswitchwilldisplayawarningmessageandpromptyoutorestartthedevice.
ThedefaultMACalgorithmismaccrc16upperbits.
Example
Thisexamplesetsthehashingalgorithmtomaccrc32upperbits.
B3(rw)->set mac algorithm mac-crc32-upperbits
Syntax
show mac algorithm
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
Thisexampleshowstheoutputofthiscommand.
B3(su)->show mac algorithm
Mac hashing algorithm is mac-crc16-upperbits.
Syntax
clear mac algorithm
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleresetstheMAChashingalgorithmtothedefaultvalue.
B3(su)->clear mac algorithm
Syntax
set mac multicast mac-address vlan-id [port-string] [{append | clear} port-string]
Parameters
macaddress SpecifythemulticastMACaddress.TheMACaddresscanbeformatted
asxx:xx:xx:xx:xx:xxorxxxxxxxxxxxx.
vlanid SpecifytheVLANIDcontainingtheports.
portstring SpecifytheportorrangeofportsthemulticastMACaddresscanbe
learnedonorfloodedto.
append|clear Appendorcleartheportorrangeofportsfromtheegressportlist.
Defaults
Ifnoportstringisdefined,thecommandwillapplytoallports.
Mode
Switchcommand,readwrite.
Example
ThisexampleconfiguresmulticastMACaddress010122334455forVLAN24.
B3(su)->set mac multicast 01-01-22-33-44-55 24
Syntax
clear mac address mac-address [vlan-id]
Parameters
macaddress SpecifythemulticastMACaddresstobecleared.TheMACaddresscan
beformattedasxx:xx:xx:xx:xx:xxorxxxxxxxxxxxx.
vlanid (Optional)SpecifytheVLANIDfromwhichtoclearthestaticmulticast
MACaddress..
Defaults
Ifnovlanidisspecified,themulticastMACaddressisclearedfromallVLANs.
Mode
Switchcommand,readwrite.
Example
ThisexampleclearsmulticastMACaddress010122334455fromVLAN24.
B3(su)->clear mac multicast 01-01-22-33-44-55 24
Purpose
ToconfiguretheSimpleNetworkTimeProtocol(SNTP),whichsynchronizesdeviceclocksina
network.
Commands
show sntp
UsethiscommandtodisplaySNTPclientsettings.
Syntax
show sntp
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplaySNTPclientsettings:
B3(su)->show sntp
SNTP Version: 3
Current Time: TUE SEP 09 16:13:33 2003
Table 126providesanexplanationofthecommandoutput.
Timezone Time zone name and amount it is offset from UTC (Universal Time).
Client Mode Whether SNTP client is operating in unicast or broadcast mode. Set using set sntp
client command (set sntp client on page 12-29).
Poll Interval Interval between SNTP unicast requests. Default of 512 seconds can be reset using
the set sntp poll-interval command (set sntp poll-interval on page 12-31).
Poll Retry Number of poll retries to a unicast SNTP server. Default of 1 can be reset using the
set sntp poll-retry command (set sntp poll-retry on page 12-32).
Poll Timeout Timeout for a response to a unicast SNTP request. Default of 5 seconds can be
reset using set sntp poll-timeout command (clear sntp poll-timeout on
page 12-33).
Last SNTP Update Date and time of most recent SNTP update.
Last SNTP Request Date and time of most recent SNTP request.
Last SNTP Status Whether or not broadcast reception or unicast transmission and reception was
successful.
Precedence Precedence level of SNTP server in relation to its peers. Highest precedence is 1
and lowest is 10. Default of 1 can be reset using the set sntp server command (set
sntp server on page 12-30).
Syntax
set sntp client {broadcast | unicast | disable}
Parameters
broadcast EnablesSNTPinbroadcastclientmode.
unicast EnablesSNTPinunicast(pointtopoint)clientmode.Inthismode,the
clientmustsupplytheIPaddressfromwhichtoretrievethecurrenttime.
disable DisablesSNTP.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoenableSNTPinbroadcastmode:
B3(su)->set sntp client broadcast
Syntax
clear sntp client
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtocleartheSNTPclientsoperationalmode:
B3(su)->clear sntp client
Syntax
set sntp server ip-address [precedence]
Parameters
ipaddress SpecifiestheSNTPserversIPaddress.
precedence (Optional)SpecifiesthisSNTPserversprecedenceinrelationtoitspeers.
Validvaluesare1(highest)to10(lowest).
Defaults
Ifprecedenceisnotspecified,1willbeapplied.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtosettheserveratIPaddress10.21.1.100 asan SNTPserver:
B3(su)->set sntp server 10.21.1.100
Syntax
clear sntp server {ip-address | all}
Parameters
ipaddress SpecifiestheIPaddressofaservertoremovefromtheSNTPserverlist.
all RemovesallserversfromtheSNTPserverlist.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoremovetheserveratIPaddress10.21.1.100 fromtheSNTPserverlist:
B3(su)->clear sntp server 10.21.1.100
Syntax
set sntp poll-interval interval
Parameters
interval Specifiesthepollintervalinseconds.Validvaluesare16to16284.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtosettheSNTPpollintervalto30seconds:
B3(su)->set sntp poll-interval 30
Syntax
clear sntp poll-interval
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtocleartheSNTPpollinterval:
B3(su)->clear sntp poll-interval
Syntax
set sntp poll-retry retry
Parameters
retry Specifiesthenumberofretries.Validvaluesare0to10.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtosetthenumberofSNTPpollretriesto5:
B3(su)->set sntp poll-retry 5
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoclearthenumberofSNTPpollretries:
B3(su)->clear sntp poll-retry
Parameters
timeout Specifiesthepolltimeoutinseconds.Validvaluesare1to30.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtosettheSNTPpolltimeoutto10seconds:
B3(su)->set sntp poll-timeout 10
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtocleartheSNTPpolltimeout:
B3(su)->clear sntp poll-timeout
Purpose
Toreview,disable,andreenablenode(port)aliasfunctionality,which determineswhatnetwork
protocolsarerunningononeormoreports.
Commands
Syntax
show nodealias config [port-string]
Parameters
portstring (Optional)Displaysnodealiasconfigurationsettingsforspecificport(s).For
adetaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 41.
Defaults
Ifportstringisnotspecified,nodealiasconfigurationswillbedisplayedforallports.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplaynodealiasconfigurationsettingsforportsfe.2.1through9:
B3(rw)->show nodealias config fe.2.1-9
Port Number Max Entries Used Entries Status
----------- ----------- ------------ ------
fe.2.1 16 0 Enable
fe.2.2 47 0 Enable
fe.2.3 47 2 Enable
fe.2.4 47 0 Enable
fe.2.5 47 0 Enable
fe.2.6 47 2 Enable
fe.2.7 47 0 Enable
fe.2.8 47 0 Enable
fe.2.9 4000 1 Enable
Table 127providesanexplanationofthecommandoutput.
Max Entries Maximum number of alias entries configured for this port.
Used Entries Number of alias entries (out of the maximum amount configured) already used by
this port.
Status Whether or not a node alias agent is enabled (default) or disabled on this port.
set nodealias
Usethiscommandtoenableordisableanodealiasagentononeormoreports,orsetthe
maximumnumberofaliasentriesperport.
Syntax
set nodealias {enable | disable | maxentries maxentries} port-string
Parameters
enable|disable Enablesordisablesanodealiasagent.
maxentriesmaxentries Setthemaximumnumberofaliasentriesperports.Validrangeis0to
4096.Thedefaultvalueis32.
portstring Specifiestheport(s)onwhichtoenable/disablenodealiasagentorset
amaximumnumberofentries.Foradetaileddescriptionofpossible
portstringvalues,refertoPortStringSyntaxUsedintheCLIon
page 41.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
Uponpacketreception,nodealiasesaredynamicallyassignedtoportsenabledwithanalias
agent,whichisthedefaultsettingonSecureStackB3devices.Nodealiasescannotbestatically
created,butcanbedeletedusingtheclearnodealiascommandasdescribedinclearnodealias
configonpage 1236.
Example
Thisexampleshowshowtodisablethenodealiasagentonfe.1.3:
B3(su)->set nodealias disable fe.1.3
Syntax
clear nodealias config port-string
Parameters
portstring Specifiestheport(s)onwhichtoresetthenodealiasconfiguration.Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 41.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoresetthenodealiasconfigurationonfe.1.3:
B3(su)->clear nodealias config fe.1.3
ThischapterdescribesthecommandsusedtoconfigureRMONonaSecureStackB3switch.
RMON
Group What It Does... What It Monitors... CLI Command(s)
RMON
Group What It Does... What It Monitors... CLI Command(s)
History Records periodic statistical Sample period, number of show rmon history on
samples from a network. samples and item(s) sampled. page 13-7
set rmon history on
page 13-8
clear rmon history on
page 13-9
Alarm Periodically gathers Alarm type, interval, starting show rmon alarm on
statistical samples from threshold, stop threshold. page 13-10
variables in the probe and set rmon alarm properties
compares them with on page 13-11
previously configured
thresholds. If the monitored set rmon alarm status on
variable crosses a page 13-13
threshold, an event is clear rmon alarm on
generated. page 13-14
Event Controls the generation and Event type, description, last show rmon event on
notification of events from time event was sent. page 13-15
the device. set rmon event properties
on page 13-16
set rmon event status on
page 13-17
clear rmon event on
page 13-18
Filter Allows packets to be Packets matching the filter show rmon channel on
matched by a filter configuration. page 13-19
equation. These matched set rmon channel on
packets form a data stream page 13-20
or channel that may be
captured. clear rmon channel on
page 13-21
show rmon filter on
page 13-21
set rmon filter on
page 13-22
clear rmon filter on
page 13-23
Packet Allows packets to be Packets matching the filter show rmon capture on
Capture captured upon a filter configuration. page 13-24
match.
set rmon capture on
page 13-25
clear rmon capture on
page 13-26
Purpose
Todisplay,configure,andclearRMONstatistics.
Commands
Syntax
show rmon stats [port-string]
Parameters
portstring (Optional)DisplaysRMONstatisticsforspecificport(s).
Defaults
Ifportstringisnotspecified,RMONstatswillbedisplayedforallports.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplayRMONstatisticsforGigabitEthernetport1inswitch1.
Port: ge.1.1
-------------------------------------
Index = 1
Owner = monitor
Data Source = ifIndex.1
Fragments = 0
Table 132providesanexplanationofthecommandoutput.
Owner Name of the entity that configured this entry. Monitor is default.
Drop Events Total number of times that the switch was forced to discard frames due to lack of
available switch device resources. This does not display the number of frames
dropped, only the number of times the switch was forced to discard frames.
Jabbers Total number of frames that were greater than 1518 bytes and had either a bad FCS
or a bad CRC.
Packets Total number of frames (including bad frames, broadcast frames, and multicast
frames) received on this interface.
Broadcast Pkts Total number of good frames that were directed to the broadcast address. This value
does not include multicast frames.
Multicast Pkts Total number of good frames that were directed to the multicast address. This value
does not include broadcast frames.
CRC Errors Number of frames with bad Cyclic Redundancy Checks (CRC) received from the
network. The CRC is a 4-byte field in the data frame that ensures that the data
received is the same as the data that was originally sent.
Undersize Pkts Number of frames received containing less than the minimum Ethernet frame size of
64 bytes (not including the preamble) but having a valid CRC.
Oversize Pkts Number of frames received that exceeded 1518 data bytes (not including the
preamble) but had a valid CRC.
Fragments Number of received frames that are not the minimum number of bytes in length, or
received frames that had a bad or missing Frame Check Sequence (FCS), were less
than 64 bytes in length (excluding framing bits, but including FCS bytes) and had an
invalid CRC. It is normal for this value to increment since fragments are a normal
result of collisions in a half-duplex network.
Octets Total number of octets (bytes) of data, including those in bad frames, received on this
interface.
0 64 Octets Total number of frames, including bad frames, received that were 64 bytes in length
(excluding framing bits, but including FCS bytes).
65 127 Octets Total number of frames, including bad frames, received that were between 65 and
127 bytes in length (excluding framing bits, but including FCS bytes).
128 255 Octets Total number of frames, including bad frames, received that were between 128 and
255 bytes in length (excluding framing bits, but including FCS bytes).
256 511 Octets Total number of frames, including bad frames, received that were between 256 and
511 bytes in length (excluding framing bits, but including FCS bytes).
512 1023 Octets Total number of frames, including bad frames, received that were between 512 and
1023 bytes in length (excluding framing bits, but including FCS bytes).
Syntax
set rmon stats index port-string [owner]
Parameters
index Specifiesanindexforthisstatisticsentry.
portstring Specifiesport(s)towhichthisentrywillbeassigned.
owner (Optional)Assignsanownerforthisentry.
Defaults
Ifownerisnotspecified,monitorwillbeapplied.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoconfigureRMONstatisticsentry2forge.1.20:
B3(rw)->set rmon stats 2 ge.1.20
Syntax
clear rmon stats {index-list | to-defaults}
Parameters
indexlist Specifiesoneormorestatsentriestobedeleted,causingthemtodisappear
fromanyfutureRMONqueries.
todefaults Resetsallhistoryentriestodefaultvalues.Thiswillcauseentriesto
reappearinRMONqueries.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtodeleteRMONstatisticsentry2:
B3(rw)->clear rmon stats 2
Purpose
Todisplay,configure,andclearRMONhistorypropertiesandstatistics.
Commands
Syntax
show rmon history [port-string]
Parameters
portstring (Optional)DisplaysRMONhistoryentriesforspecificport(s).
Defaults
Ifportstringisnotspecified,informationaboutallRMONhistoryentrieswillbedisplayed.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplayRMONhistoryentriesforGigabitEthernetport1inswitch1.
Acontrolentrydisplaysfirst,followedbyactualentriescorrespondingtothecontrolentry.Inthis
case,thedefaultsettingsforentryowner,samplinginterval,andmaximumnumberofentries.
(buckets)havenotbeenchangedfromtheirdefaultvalues.Foradescriptionofthetypesof
statisticsshown,refertoTable 132.
Port: ge.1.1
-------------------------------------
Index 1
Owner = monitor
Status = valid
Data Source = ifIndex.1
Interval = 30
Buckets Requested = 50
Buckets Granted = 10
Syntax
set rmon history index [port-string] [buckets buckets] [interval interval] [owner
owner]
Parameters
indexlist Specifiesanindexnumberforthisentry.
portstring (Optional)Assignsthisentrytoaspecificport.
bucketsbuckets (Optional)Specifiesthemaximumnumberofentriestomaintain.
intervalinterval (Optional)Specifiesthesamplingintervalinseconds.
ownerowner (Optional)Specifiesanownerforthisentry.
Defaults
Ifbucketsisnotspecified,themaximumnumberofentriesmaintainedwillbe50.
Ifnotspecified,intervalwillbesetto30seconds.
Ifownerisnotspecified,monitorwillbeapplied.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowconfigureRMONhistoryentry1onportfe.2.1tosampleevery20
seconds:
B3(rw)->set rmon history 1 fe.2.1 interval 20
Syntax
clear rmon history {index-list | to-defaults}
Parameters
indexlist Specifiesoneormorehistoryentriestobedeleted,causingthemto
disappearfromanyfutureRMONqueries.
todefaults Resetsallhistoryentriestodefaultvalues.Thiswillcauseentriesto
reappearinRMONqueries.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtodeleteRMONhistoryentry1:
B3(rw)->clear rmon history 1
Purpose
Todisplay,configure,andclearRMONalarmentriesandproperties.
Commands
Syntax
show rmon alarm [index]
Parameters
index (Optional)DisplaysRMONalarmentriesforaspecificentryindexID.
Defaults
Ifindexisnotspecified,informationaboutallRMONalarmentrieswillbedisplayed.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplayRMONalarmentry3:
B3(rw)->show rmon alarm 3
Index 3
---------------------
Owner = Manager
Status = valid
Variable = 1.3.6.1.4.1.5624.1.2.29.1.2.1.0
Sample Type = delta Startup Alarm = rising
Interval = 30 Value = 0
Rising Threshold = 1 Falling Threshold = 0
Rising Event Index = 2 Falling Event Index = 0
Table 133providesanexplanationofthecommandoutput.
Startup Alarm Whether alarm generated when this entry is first enabled is rising, falling, or either.
Rising Event Index Index number of the RMON event to be triggered when the rising threshold is
crossed.
Falling Event Index Index number of the RMON event to be triggered when the falling threshold is
crossed.
Syntax
set rmon alarm properties index [interval interval] [object object] [type
{absolute | delta}] [startup {rising | falling | either}] [rthresh rthresh]
[fthresh fthresh] [revent revent] [fevent fevent] [owner owner]
Parameters
index Specifiesanindexnumberforthisentry.Maximumnumberorentriesis
50.Maximumvalueis65535.
intervalinterval (Optional)Specifiesaninterval(inseconds)forRMONtoconductsample
monitoring.
objectobject (Optional)SpecifiesaMIBobjecttobemonitored.
Note: This parameter is not mandatory for executing the command, but
must be specified in order to enable the alarm entry configuration.
typeabsolute| (Optional)Specifiesthemonitoringmethodas:samplingtheabsolute
delta valueoftheobject,orthedifference(delta)betweenobjectsamples.
startuprising| (Optional)Specifiesthetypeofalarmgeneratedwhenthiseventisfirst
falling|either enabledas:
RisingSendsalarmwhenanRMONeventreachesamaximum
thresholdconditionisreached,forexample,morethan30collisions
persecond.
FallingSendsalarmwhenRMONeventfallsbelowaminimum
thresholdcondition,forexamplewhenthenetworkisbehaving
normallyagain.
EitherSendsalarmwheneitherarisingorfallingthresholdis
reached.
rthreshrthresh (Optional)Specifiesaminimumthresholdforcausingarisingalarm.
fthreshfthresh Specifiesamaximumthresholdforcausingafallingalarm.
reventrevent SpecifiestheindexnumberoftheRMONeventtobetriggeredwhenthe
risingthresholdiscrossed.
feventfevent SpecifiestheindexnumberoftheRMONeventtobetriggeredwhenthe
fallingthresholdiscrossed.
ownerowner (Optional)Specifiesthenameoftheentitythatconfiguredthisalarm
entry.
Defaults
interval3600seconds
typeabsolute
startuprising
rthresh0
fthresh0
revent0
fevent0
ownermonitor
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoconfigurearisingRMONalarm.Thisentrywillconductmonitoring
ofthedeltabetweensamplesevery30seconds:
B3(rw)->set rmon alarm properties 3 interval 30 object
1.3.6.1.4.1.5624.1.2.29.1.2.1.0 type delta rthresh 1 revent 2 owner Manager
Syntax
set rmon alarm status index enable
Parameters
index Specifiesanindexnumberforthisentry.Maximumnumberorentriesis
50.Maximumvalueis65535.
enable Enablesthisalarmentry.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
AnRMONalarmentrycanbecreatedusingthiscommand,configuredusingthesetrmonalarm
propertiescommand(setrmonalarmpropertiesonpage 1311),thenenabledusingthis
command.AnRMONalarmentrycanbecreatedandconfiguredatthesametimebyspecifying
anunusedindexwiththesetrmonalarmpropertiescommand.
Example
ThisexampleshowshowtoenableRMONalarmentry3:
B3(rw)->set rmon alarm status 3 enable
Syntax
clear rmon alarm index
Parameters
index Specifiestheindexnumberofentrytobecleared.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoclearRMONalarmentry1:
B3(rw)->clear rmon alarm 1
Purpose
TodisplayandclearRMONevents,andtoconfigureRMONeventproperties.
Commands
Syntax
show rmon event [index]
Parameters
index (Optional)DisplaysRMONpropertiesandlogentriesforaspecificentry
indexID.
Defaults
Ifindexisnotspecified,informationaboutallRMONentrieswillbedisplayed.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplayRMONevententry3:
B3(rw)->show rmon event 3
Index 3
----------------
Owner = Manager
Status = valid
Description = STP Topology change
Type = log-and-trap
Community = public
Last Time Sent = 0 days 0 hours 0 minutes 37 seconds
Table 134providesanexplanationofthecommandoutput.
Type Whether the event notification will be a log entry, and SNMP trap, both, or none.
Last Time Sent When an event notification matching this entry was sent.
Syntax
set rmon event properties index [description description] [type {none | log | trap
| both}] [community community] [owner owner]
Parameters
index Specifiesanindexnumberforthisentry.Maximumnumberofentriesis
100.Maximumvalueis65535.
description (Optional)Specifiesatextstringdescriptionofthisevent.
description
typenone|log| (Optional)SpecifiesthetypeofRMONeventnotificationas:none,alog
trap|both tableentry,anSNMPtrap,orbothalogentryandatrapmessage.
community (Optional)SpecifiesanSNMPcommunitynametouseifthemessage
community typeissettotrap.FordetailsonsettingSNMPtrapsandcommunity
names,refertoCreatingaBasicSNMPTrapConfigurationon
page 543.
ownerowner (Optional)Specifiesthenameoftheentitythatconfiguredthisentry.
Defaults
Ifdescriptionisnotspecified,nonewillbeapplied.
Ifnotspecified,typenonewillbeapplied.
Ifownerisnotspecified,monitorwillbeapplied.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtocreateandenableanRMONevententrycalledSTPtopology
changethatwillsendbothalogentryandanSNMPtrapmessagetothepubliccommunity:
B3(rw)->set rmon event properties 2 description "STP topology change" type both
community public owner Manager
Syntax
set rmon event status index enable
Parameters
index Specifiesanindexnumberforthisentry.Maximumnumberofentriesis
100.Maximumvalueis65535.
enable Enablesthisevententry.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
AnRMONevententrycanbecreatedusingthiscommand,configuredusingthesetrmonevent
propertiescommand(setrmoneventpropertiesonpage 1316),thenenabledusingthis
command.AnRMONevententrycanbecreatedandconfiguredatthesametimebyspecifyingan
unusedindexwiththesetrmoneventpropertiescommand.
Example
ThisexampleshowshowtoenableRMONevententry1:
B3(rw)->set rmon event status 1 enable
Syntax
clear rmon event index
Parameters
index Specifiestheindexnumberoftheentrytobecleared.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoclearRMONevent1:
B3(rw)->clear rmon event 1
Note: Packet capture filter is sampling only and does not guarantee receipt of back to back
packets.
Onechannelatatimecanbesupported,withuptothreefilters.Configuredchannel,filter,and
buffercontrolinformationwillbesavedacrossresets,butcapturedframeswillnot.
Thisfunctioncannotbeusedconcurrentlywithportmirroring.Thesystemwillchecktoprevent
concurrentlyenablingbothfunctions,andawarningwillbegeneratedintheCLIifattempted.
Commands
Syntax
show rmon channel [port-string]
Parameters
portstring (Optional)DisplaysRMONchannelentriesforaspecificport(s).
Defaults
Ifportstringisnotspecified,informationaboutallchannelswillbedisplayed.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplayRMONchannelinformationforfe.2.12:
Syntax
set rmon channel index port-string [accept {matched | failed}] [control {on | off}]
[description description] [owner owner]
Parameters
index Specifiesanindexnumberforthisentry.Anentrywillautomaticallybe
createdifanunusedindexnumberischosen.Maximumnumberof
entriesis2.Maximumvalueis65535.
portstring Specifiestheportonwhichtrafficwillbemonitored.
acceptmatched| (Optional)Specifiestheactionofthefiltersonthischannelas:
failed
matchedPacketswillbeacceptedonfiltermatches
failedPacketswillbeacceptediftheyfailamatch
controlon|off (Optional)Enablesordisablescontroloftheflowofdatathroughthe
channel.
description (Optional)Specifiesadescriptionforthischannel.
description
ownerowner (Optional)Specifiesthenameoftheentitythatconfiguredthisentry.
Defaults
Ifanactionisnotspecified,packetswillbeacceptedonfiltermatches.
Ifnotspecified,controlwillbesettooff.
Ifadescriptionisnotspecified,nonewillbeapplied.
Ifownerisnotspecified,itwillbesettomonitor.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtocreateanRMONchannelentry:
B3(rw)->set rmon channel 54313 fe.2.12 accept failed control on description
"capture all"
Syntax
clear rmon channel index
Parameters
index Specifiesthechannelentrytobecleared.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoclearRMONchannelentry2:
B3(rw)->clear rmon channel 2
Syntax
show rmon filter [index index | channel channel]
Parameters
indexindex| (Optional)Displaysinformationaboutaspecificfilterentry,oraboutall
channelchannel filterswhichbelongtoaspecificchannel.
Defaults
Ifnooptionsarespecified,informationforallfilterentrieswillbedisplayed.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplayallRMONfilterentriesandchannelinformation:
B3(rw)->show rmon filter
Index= 55508 Channel Index= 628 EntryStatus= valid
----------------------------------------------------------
Data Offset 0 PktStatus 0
PktStatusMask 0 PktStatusNotMask 0
Owner ETS,NAC-D
-----------------------------
Data
ff ff ff ff ff ff
-----------------------------
DataMask
ff ff ff ff ff ff
-----------------------------
DataNotMask
00 00 00 00 00 00
Syntax
set rmon filter index channel-index [offset offset] [status status] [smask smask]
[snotmask snotmask] [data data] [dmask dmask] [dnotmask dnotmask] [owner owner]
Parameters
index Specifiesanindexnumberforthisentry.Anentrywillautomaticallybe
createdifanunusedindexnumberischosen.Maximumnumberof
entriesis10.Maximumvalueis65535.
channelindex Specifiesthechanneltowhichthisfilterwillbeapplied.
offsetoffset (Optional)Specifiesanoffsetfromthebeginningofthepackettolookfor
matches.
statusstatus (Optional)Specifiespacketstatusbitsthataretobematched.
smasksmask (Optional)Specifiesthemaskappliedtostatustoindicatewhichbitsare
significant.
snotmasksnotmask (Optional)Specifiestheinversionmaskthatindicateswhichbitsshould
besetornotset
datadata (Optional)Specifiesthedatatobematched.
dmaskdmask (Optional)Specifiesthemaskappliedtodatatoindicatewhichbitsare
significant.
dnotmaskdnotmask (Optional)Specifiestheinversionmaskthatindicateswhichbitsshould
besetornotset.
owner (Optional)Specifiesthenameoftheentitythatconfiguredthisentry.
Defaults
Ifownerisnotspecified,itwillbesettomonitor.
Ifnootheroptionsarespecified,none(0)willbeapplied.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtocreateRMONfilter1andapplyittochannel9:
B3(rw)->set rmon filter 1 9 offset 30 data 0a154305 dmask ffffffff
Syntax
clear rmon filter {index index | channel channel}
Parameters
indexindex| Clearsaspecificfilterentry,orallentriesbelongingtoaspecificchannel.
channelchannel
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoclearRMONfilterentry1:
B3(rw)->clear rmon filter index 1
Purpose
TodisplayRMONcaptureentries,configure,enable,ordisablecaptureentries,andclearcapture
entries.
Commands
Syntax
show rmon capture [index [nodata]]
Parameters
index (Optional)Displaysthespecifiedbuffercontrolentryandallcaptured
packetsassociatedwiththatentry.
nodata (Optional)Displaysonlythebuffercontrolentryspecifiedbyindex.
Defaults
Ifnooptionsarespecified,allbuffercontrolentriesandassociatedcapturedpacketswillbe
displayed.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplayRMONcaptureentriesandassociatedbufferentries:
B3(rw)->show rmon capture
Buf.control= 28062 Channel= 38283 EntryStatus= valid
----------------------------------------------------------
FullStatus avail FullAction lock
Captured packets 251 Capture slice 1518
Download size 100 Download offset 0
Max Octet Requested 50000 Max Octet Granted 50000
Start time 1 days 0 hours 51 minutes 15 seconds
Owner monitor
Syntax
set rmon capture index {channel [action {lock}] [slice slice] [loadsize loadsize]
[offset offset] [asksize asksize] [owner owner]}
Parameters
index Specifiesabuffercontrolentry.
channel Specifiesthechanneltowhichthiscaptureentrywillbeapplied.
actionlock (Optional)Specifiestheactionofthebufferwhenitisfullas:
lockPacketswillceasetobeaccepted
sliceslice (Optional)Specifiesthemaximumoctetsfromeachpackettobesavedin
abuffer.(default:1518)
loadsizeloadsize (Optional)Specifiesthemaximumoctetsfromeachpackettobe
downloadedfromthebuffer(default:100)
offsetoffset (Optional)Specifiesthatthefirstoctetfromeachpacketthatwillbe
retrieved.
asksizeasksize (Optional)Specifiestherequestedmaximumoctetstobesavedinthis
buffer.
owner (Optional)Specifiesthenameoftheentitythatconfiguredthisentry.
Defaults
Ifnotspecified,actiondefaultstolock.
Ifnotspecified,offsetdefaultsto0.
Ifnotspecified,asksizedefaultsto1(whichwillrequestasmanyoctetsaspossible)
Ifsliceisnotspecified,1518willbeapplied.
Ifloadsizeisnotspecified,100willbeapplied.
Ifownerisnotspecified,itwillbesettomonitor.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtocreateRMONcaptureentry1tolistenonchannel628:
B3(rw)->set rmon capture 1 628
Syntax
clear rmon capture index
Parameters
index Specifiesthecaptureentrytobecleared.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoclearRMONcaptureentry1:
B3(rw)->clear rmon capture 1
ThischapterdescribesthecommandstoconfiguretheIPv4DHCPserverfunctionalityona
SecureStackB3switch.
DHCP Overview
DynamicHostConfigurationProtocol(DHCP)forIPv4isanetworklayerprotocolthat
implementsautomaticormanualassignmentofIPaddressesandotherconfigurationinformation
toclientdevicesbyservers.ADHCPservermanagesauserconfiguredpoolofIPaddressesfrom
whichitcanmakeassignmentsuponclientrequests.ArelayagentpassesDHCPmessages
betweenclientsandserverswhichareondifferentphysicalsubnets.
DHCP Server
DHCPserverfunctionalityallowstheSecureStackB3switchtoprovidebasicIPconfiguration
informationtoaclientonthenetworkwhorequestssuchinformationusingtheDHCPprotocol.
DHCPprovidesthefollowingmechanismsforIPaddressallocationbyaDHCPserver:
AutomaticDHCPserverassignsanIPaddresstoaclientforalimitedperiodoftime(or
untiltheclientexplicitlyrelinquishestheaddress)fromadefinedpoolofIPaddresses
configuredontheserver.
ManualAclientsIPaddressisassignedbythenetworkadministrator,andDHCPisused
simplytoconveytheassignedaddresstotheclient.Thisismanagedbymeansofstatic
addresspoolsconfiguredontheserver.
TheamountoftimethataparticularIPaddressisvalidforasystemiscalledalease.The
SecureStackB3maintainsaleasedatabasewhichcontainsinformationabouteachassignedIP
address,theMACaddresstowhichitisassigned,theleaseexpiration,andwhethertheaddress
assignmentisdynamic(automatic)orstatic(,manual).TheDHCPleasedatabaseisstoredinflash
memory.
InadditiontoassigningIPaddresses,theDHCPservercanalsobeconfiguredtoassignthe
followingtorequestingclients:
Defaultrouter(s)
DNSserver(s)anddomainname
NetBIOSWINSserver(s)andnodename
Bootfile
DHCPoptionsasdefinedbyRFC2132
Note: A total of 16 address pools, dynamic and/or static, can be configured on the SecureStack B3.
Purpose
ToconfigureDHCPserverparameters,andtodisplayandclearaddressbindinginformation,
serverstatistics,andconflictinformation.
Commands
CommandstoconfigureDHCPserverparametersandtodisplayandclearDHCPserver
informationarelistedbelow.
set dhcp
UsethiscommandtoenableordisabletheDHCPserverfunctionalityontheSecureStackB3.
Syntax
set dhcp {enable | disable}
Parameters
enable|disable EnableordisableDHCPserverfunctionality.Bydefault,DHCPserveris
disabled.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleenablesDHCPserverfunctionality.
B3(rw)->set dhcp enable
Syntax
set dhcp bootp {enable | disable}
Parameters
enable|disable EnableordisableaddressallocationforBOOTPclients.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleenablesaddressallocationforBOOTPclients.
B3(rw)->set dhcp bootp enable
Syntax
set dhcp conflict logging
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleenablesDHCPconflictlogging.
B3(rw)->set dhcp conflict logging
Syntax
show dhcp conflict [address]
Parameters
address [Optional]Specifiestheaddressforwhichtodisplayconflictinformation.
Defaults
Ifnoaddressisspecified,conflictinformationforalladdressesisdisplayed.
Mode
Readonly.
Example
Thisexampledisplaysconflictinformationforalladdresses.Notethatpingistheonlydetection
methodused.
B3(ro)->show dhcp conflict
Syntax
clear dhcp conflict {logging | ip-address| *}
Parameters
logging Disableconflictlogging.
ipaddress CleartheconflictinformationforthespecifiedIPaddress.
* CleartheconflictinformationforallIPaddresses.
Defaults
None.
Mode
Switchcommand,readwrite.
Examples
ThisexampledisablesDHCPconflictlogging.
B3(rw)->clear dhcp conflict logging
ThisexampleclearstheconflictinformationfortheIPaddress192.0.0.2.
B3(rw)->clear dhcp conflict 192.0.0.2
Syntax
set dhcp exclude low-ipaddr [high-ipaddr]
Parameters
lowipaddr SpecifiesthefirstIPaddressintheaddressrangetobeexcludedfrom
assignment.
highipaddr (Optional)SpecifiesthelastIPaddressintheaddressrangetobe
excluded.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexamplefirstconfigurestheaddresspoolnamedauto1with255addressesfortheClassC
network172,20.28.0,withthesetdhcppoolnetworkcommand.Then,theexamplelimitsthe
scopeoftheaddressesthatcanbeassignedbyaDHCPserverbyexcludingaddresses172.20.28.80
100,withthesetdhcpexcludecommand.
B3(rw)set dhcp pool auto1 network 172.20.28.0 24
B3(rw)->set dhcp exclude 172.20.28.80 172.20.28.100
Syntax
clear dhcp exclude low-ipaddr [high-ipaddr]
Parameters
lowipaddr SpecifiesthefirstIPaddressintheaddressrangetobecleared.
highipaddr (Optional)SpecifiesthelastIPaddressintheaddressrangetobecleared.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleclearsthepreviouslyexcludedrangeofIPaddressesbetween192.168.1.88through
192.168.1.100.
B3(rw)->clear dhcp exclude 192.168.1.88 192.168.1.100
Syntax
set dhcp ping packets number
Parameters
packetsnumber Specifiesthenumberofpingpacketstobesent.Thevalueofnumbercan
be0,orrangefrom2to10.Entering0disablesthisfunction.Thedefault
valueis2packets.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexamplesetsthenumberofpingpacketssentto3.
B3(rw)->set dhcp ping packets 3
Syntax
clear dhcp ping packets
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleresetsthenumberofpingpacketssentbacktothedefaultvalue.
B3(rw)->clear dhcp ping packets
Syntax
show dhcp binding [ip-address]
Parameters
ipaddress (Optional)SpecifiestheIPaddressforwhichtodisplaybinding
information.
Defaults
IfnoIPaddressisspecified,bindinginformationforalladdressesisdisplayed.
Mode
Readonly.
Example
Thisexampledisplaysbindinginformationaboutalladdresses.
B3(rw)->show dhcp binding
IP address Hardware Address Lease Expiration Type
----------- ----------------- ----------------- -----
192.0.0.6 00:33:44:56:22:39 00:11:02 Automatic
192.0.0.8 00:33:44:56:22:33 00:10:22 Automatic
192.0.0.10 00:33:44:56:22:34 00:09:11 Automatic
192.0.0.11 00:33:44:56:22:35 00:10:05 Automatic
192.0.0.12 00:33:44:56:22:36 00:10:30 Automatic
Syntax
clear dhcp binding {ip-addr | *}
Parameters
ipaddr SpecifiestheIPaddressforwhichtoclear/deletetheDHCPbinding.
* Deletealladdressbindings.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampledeletestheDHCPaddressbindingforIPaddress192.168.1.1.
B3(rw)->clear dhcp binding 192.168.1.1
Syntax
show dhcp server statistics
Parameters
None.
Defaults
None.
Mode
Readonly.
Example
Thisexampledisplaysserverstatistics.
B3(ro)->show dhcp server statistics
Automatic Bindings 36
Expired Bindings 6
Malformed Bindings 0
Messages Received
---------- ----------
DHCP DISCOVER 382
DHCP REQUEST 3855
DHCP DECLINE 0
DHCP RELEASE 67
DHCP INFORM 1
Messages Sent
---------- ------
DHCP OFFER 381
DHCP ACK 727
DHCP NACK 2
Syntax
clear dhcp server statistics
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleclearsallDHCPservercounters.
B3(rw)->clear dhcp server statistics
Purpose
ToconfigureandclearDHCPaddresspoolparameters,andtodisplayaddresspoolconfiguration
information.
Note: A total of 16 address pools, dynamic and/or static, can be configured on the SecureStack B3.
Commands
CommandstoconfigureDHCPdynamic(automatic)andstatic(manual)addresspoolsandto
displayDHCPaddresspoolconfigurationsarelistedbelow.
Syntax
set dhcp pool poolname
Parameters
poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexamplecreatesanaddresspoolnamedauto1.
B3(rw)->set dhcp pool auto1
Syntax
clear dhcp pool poolname
Parameters
poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampledeletestheaddresspoolnamedauto1.
B3(rw)->clear dhcp pool auto1
Syntax
set dhcp pool poolname network number {mask | prefix-length}
Parameters
poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.
number SpecifiesanIPsubnetfortheaddresspool.
mask Specifiesthesubnetmaskindottedquadnotation.
prefixlength Specifiesthesubnetmaskasaninteger.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
UsethiscommandtoconfigureasetofIPaddressestobeassignedbytheDHCPserverusingthe
specifiedaddresspool.Inordertolimitthescopeoftheaddressesconfiguredwiththiscommand,
usethesetdhcpexcludecommanddescribedonpage146.
Examples
ThisexampleconfigurestheIPsubnet172.20.28.0withaprefixlengthof24fortheautomatic
DHCPpoolnamedauto1.Alternatively,themaskcouldhavebeenspecifiedas255.255.255.0.
B3(rw)set dhcp pool auto1 network 172.20.28.0 24
Thisexamplelimitsthescopeof255addressescreatedfortheClassCnetwork172,20.28.0bythe
previousexample,byexcludingaddresses172.20.28.80100.
B3(rw)set dhcp exclude 172.20.28.80 172.20.28.100
Syntax
clear dhcp pool poolname network
Parameters
poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampledeletesthenetworkandmaskfromtheaddresspoolnamedauto1.
B3(rw)->clear dhcp pool auto1 network
Syntax
set dhcp pool poolname hardware-address hw-addr [type]
Parameters
poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.
hwaddr SpecifiestheMACaddressoftheclientshardwareplatform.Thisvalue
canbeenteredusingdottedhexadecimalnotationorcolons.
type (Optional)Specifiestheprotocolofthehardwareplatform.Validvalues
are1forEthernetor6forIEEE802.Defaultvalueis1,Ethernet.
Defaults
Ifnotypeisspecified,Ethernetisassumed.
Mode
Switchcommand,readwrite.
Example
Thisexamplespecifies0001.f401.2710astheEthernetMACaddressforthemanualaddresspool
namedmanual1.Alternatively,theMACaddresscouldhavebeenteredas00:01:f4:01:27:10.
B3(rw)->set dhcp pool manual1 hardware-address 0001.f401.2710
Syntax
clear dhcp pool poolname hardware-address
Parameters
poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampledeletestheclienthardwareaddressfromtheaddresspoolnamedmanual1.
B3(rw)->clear dhcp pool manual1 hardware-address
Syntax
set dhcp pool poolname host ip-address [mask | prefix-length]
Parameters
poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.
ipaddress SpecifiestheIPaddressformanualbinding.
mask (Optional)Specifiesthesubnetmaskindottedquadnotation.
prefixlength (Optional)Specifiesthesubnetmaskasaninteger.
Defaults
Ifamaskorprefixisnotspecified,theclassA,B,orCnaturalmaskwillbeused.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoconfiguretheminimumrequirementsforamanualbindingaddress
pool.First,thehardwareaddressoftheclientshardwareplatformisconfigured,followedby
configurationoftheaddresstobeassignedtothatclientmanually.
Syntax
clear dhcp pool poolname host
Parameters
poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampledeletesthehostIPaddressfromtheaddresspoolnamedmanual1.
B3(rw)->clear dhcp pool manual1 host
Syntax
set dhcp pool poolname client-identifier id
Parameters
poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.
id Specifiestheuniqueclientidentifierforthisclient.Thevaluemustbe
enteredinxx:xx:xx:xx:xx:xxformat.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
TheclientidentifierisformedbyconcatenatingthemediatypeandtheMACaddress.For
example,iftheclienthardwaretypeisEthernetandtheclientMACaddressis00:01:22:33:44:55,
thentheclientidentifierconfiguredwiththiscommandmustbe01:00:01:22:33:44:55.
Example
Thisexampleshowshowtoconfiguretheminimumrequirementsforamanualbindingaddress
pool,usingaclientidentifierratherthanthehardwareaddressoftheclientshardwareplatform.
B3(rw)->set dhcp pool manual2 client-identifier 01:00:01:22:33:44:55
B3(rw)->set dhcp pool manual2 host 10.12.1.10 255.255.255.0
Syntax
clear dhcp pool poolname client-identifier
Parameters
poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampledeletestheclientidentifierfromtheaddresspoolnamedmanual1.
B3(rw)->clear dhcp pool manual1 client-identifier
Syntax
set dhcp pool poolname client-name name
Parameters
poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.
name Specifiesthenametobeassignedtothisclient.Clientnamesmaybeupto
31charactersinlength.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleconfigurestheclientnameappsvr1tothemanualbindingpoolmanual2.
B3(rw)->set dhcp pool manual2 client-identifier 01:22:33:44:55:66
B3(rw)->set dhcp pool manual2 host 10.12.1.10 255.255.255.0
B3(rw)->set dhcp pool manual2 client-name appsvr1
Syntax
clear dhcp pool poolname client-name
Parameters
poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampledeletestheclientnamefromthemanualbindingpoolmanual2.
B3(rw)->clear dhcp pool manual2 client-name
Syntax
set dhcp pool poolname bootfile filename
Parameters
poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.
filename Specifiesthebootimagefilename.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexamplesetsthebootimagefilenameforaddresspoolnamedauto1.
B3(rw)->set dhcp pool auto1 bootfile image1.img
Syntax
clear dhcp pool poolname bootfile
Parameters
poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleremovesthebootimagefilenamefromaddresspoolnamedauto1.
B3(rw)->clear dhcp pool auto1 bootfile
Syntax
set dhcp pool poolname next-server ip-address
Parameters
poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.
ipaddress SpecifiestheIPaddressofthefileservertheDHCPclientshouldcontact
toloadthedefaultbootimage.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexamplespecifiesthefileserverfromwhichclientsbeingservedbyaddresspoolauto1
shoulddownloadthebootimagefileimage1.img.
B3(rw)->set dhcp pool auto1 bootfile image1.img
B3(rw)->set dhcp pool auto1 next-server 10.1.1.10
Syntax
clear dhcp pool poolname next-server
Parameters
poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleremovesthefileserverfromaddresspoolauto1.
B3(rw)->clear dhcp pool auto1 next-server
Syntax
set dhcp pool poolname lease {days [hours [minutes]] | infinite}
Parameters
poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.
days Specifiesthenumberofdaysanaddressleasewillremainvalid.Valuecan
rangefrom0to59.
hours (Optional)Whenadaysvaluehasbeenassigned,specifiesthenumberof
hoursanaddressleasewillremainvalid.Valuecanrangefrom0to1439.
minutes (Optional)Whenadaysvalueandanhoursvaluehavebeenassigned,
specifiesthenumberofminuteanaddressleasewillremainvalid.Value
canrangefrom0to86399.
infinite Specifiesthatthedurationoftheleasewillbeunlimited.
Defaults
Ifnoleasetimeisspecified,aleasedurationof1dayisconfigured.
Mode
Switchcommand,readwrite.
Example
Thisexampleconfiguresaleasedurationof12hoursfortheaddresspoolbeingconfigured.Note
thattoconfigurealeasetimelessthanoneday,enter0fordays,thenthenumberofhoursand
minutes.
B3(rw)->set dhcp pool auto1 lease 0 12
Syntax
clear dhcp pool poolname lease
Parameters
poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.
Defaults
Clearstheleasetimeforthisaddresspooltothedefaultvalueofoneday.
Mode
Switchcommand,readwrite.
Example
Thisexamplerestoresthedefaultleasedurationofonedayforaddresspoolauto1.
B3(rw)->clear dhcp pool auto1 lease
Syntax
set dhcp pool poolname default-router address [address2 ... address8]
Parameters
poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.
address SpecifiestheIPaddressofadefaultrouter.
address2...address8 (Optional)Specifies,inorderofpreference,upto7additionaldefault
routeraddresses.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleassignsadefaultrouterat10.10.10.1totheaddresspoolnamedauto1.
B3(rw)->set dhcp pool auto1 default-router 10.10.10.1
Syntax
clear dhcp pool poolname default-router
Parameters
poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleremovesthedefaultrouterfromtheaddresspoolauto1.
B3(rw)->clear dhcp pool auto1 default-router
Syntax
set dhcp pool poolname dns-server address [address2 ... address8]
Parameters
poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.
address SpecifiestheIPaddressofaDNSserver.
address2...address8 (Optional)Specifies,inorderofpreference,upto7additionalDNS
serveraddresses.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleassignsaDNSserverat10.14.10.1totheaddresspoolauto1.
B3(rw)->set dhcp pool auto1 dns-server 10.14.10.1
Syntax
clear dhcp pool poolname dns-server
Parameters
poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleremovestheDNSserverlistfromtheaddresspoolauto1.
B3(rw)->clear dhcp pool auto1 dns-server
Syntax
set dhcp pool poolname domain-name domain
Parameters
poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.
domain Specifiesthedomainnamestring.Thedomainnamecanbeupto255
charactersinlength.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleassignsthemycompany.comdomainnametotheaddresspoolauto1.
B3(rw)->set dhcp pool auto1 domain-name mycompany.com
Syntax
clear dhcp pool poolname domain-name
Parameters
poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleremovesthedomainnamefromtheaddresspoolauto1.
B3(rw)->clear dhcp pool auto1 domain-name
Syntax
set dhcp pool poolname netbios-name-server address [address2 ... address8]
Parameters
poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.
address SpecifiestheIPaddressofaNetBIOSnameserver.
address2...address8 (Optional)Specifies,inorderofpreference,upto7additionalNetBIOS
nameserveraddresses.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleassignsaNetBIOSnameserverat10.15.10.1totheaddresspoolbeingconfigured.
B3(rw)->set dhcp pool auto1 netbios-name-server 10.15.10.1
Parameters
poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleremovestheNetBIOSnameserverlistfromtheaddresspoolauto1.
B3(rw)->clear dhcp pool auto1 netbios-name-server
Syntax
set dhcp pool poolname netbios-node-type {b-node | h-node | p-node | m-node}
Parameters
poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.
bnode SpecifiestheNetBIOsnodetypetobebroadcast(noWINS).
hnode SpecifiestheNetBIOsnodetypetobehybrid(WINS,thenbroadcast).
pnode SpecifiestheNetBIOsnodetypetobepeer(WINSonly).
mnode SpecifiestheNetBIOsnodetypetobemixed(broadcast,thenWINS).
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexamplespecifieshybridastheNetBIOSnodetypefortheaddresspoolauto1.
B3(rw)->set dhcp pool auto1 netbios-node-type h-node
Syntax
clear dhcp pool poolname netbios-node-type
Parameters
poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleremovestheNetBIOSnodetypefromtheaddresspoolauto1.
B3(rw)->clear dhcp pool auto1 netbios-node-type
Syntax
set dhcp pool poolname option code {ascii string | hex string-list | ip address-
list}
Parameters
poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.
code SpecifiestheDHCPoptioncode,asdefinedinRFC2132.Valuecanrange
from1to254.
asciistring SpecifythedatainASCIIformat.AnASCIIcharacterstringcontaininga
spacemustbeenclosedinquotations.
hexstringlist SpecifythedatainHEXformat.Upto8HEXstringscanbeentered.
ipaddresslist SpecifythedatainIPaddressformat.Upto8IPaddressescanbeentered.
Defaults
None.
Mode
Switchcommand,readwrite.
Examples
ThisexampleconfiguresDHCPoption19,whichspecifieswhethertheclientshouldconfigureits
IPlayerforpacketforwarding.Inthiscase,IPforwardingisenabledwiththe01value.
B3(rw)->set dhcp pool auto1 option 19 hex 01
ThisexampleconfiguresDHCPoption72,whichassignsoneormoreWebserversforDHCP
clients.Inthiscase,twoWebserveraddressesareconfigured.
B3(rw)->set dhcp pool auto1 option 72 ip 168.24.3.252 168.24.3.253
Syntax
clear dhcp pool poolname option code
Parameters
poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.
code SpecifiestheDHCPoptioncode,asdefinedinRFC2132.Valuecanrange
from1to254.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleremovesoption19fromaddresspoolauto1.
B3(rw)->clear dhcp pool auto1 option 19
Syntax
show dhcp pool configuration {poolname | all}
Parameters
poolname Specifiesthenameoftheaddresspool.Poolnamesmaybeupto31
charactersinlength.
Defaults
None.
Mode
Readonly.
Example
Thisexampledisplaysconfigurationinformationforalladdresspools.
B3(rw)->show dhcp pool configuration all
Pool: Atg_Pool
Pool Type Dynamic
Network 192.0.0.0 255.255.255.0
Lease Time 1 days 0 hrs 0 mins
Default Routers 192.0.0.1
Pool: static1
Pool Type Manual
Client Name appsvr1
Client Identifier 01:00:01:f4:01:27:10
Host 10.1.1.1 255.0.0.0
Lease Time infinite
Option 19 hex 01
Pool: static2
Pool Type Manual
Hardware Address 00:01:f4:01:27:10
Hardware Address Type ieee802
Host 192.168.10.1 255.255.255.0
Lease Time infinite
ThischapterdescribestheswitchmodesetofcommandsusedtomanageIPv6.
Purpose
ToenableordisabletheIPv6managementfunction,toconfigureanddisplaytheIPv6host
addressandIPv6gatewayfortheswitch,andtodisplayIPv6statusinformation.
Commands
Syntax
show ipv6 status
Parameters
None.
Defaults
None.
Mode
Switchmode,readonly.
Example
ThisexampleshowshowtodisplayIPv6managementfunctionstatus.
B3(ro)->show ipv6 status
IPv6 Administrative Mode: Disabled
set ipv6
UsethiscommandtogloballyenableordisabletheIPv6managementfunction.
Syntax
set ipv6 {enable|disable}
Parameters
enable|disable EnableordisabletheIPv6managementfunction.
Defaults
Bydefault,IPv6managementisdisabled.
Mode
Switchmode,readwrite.
Usage
WhenyouenableIPv6managementontheswitch,thesystemautomaticallygeneratesalinklocal
hostaddressfortheswitchfromthehostMACaddress.YoucansetadifferenthostIPv6address
withthesetipv6addresscommand.
Example
ThisexampleshowshowtoenableIPv6management.
B3(su)-> set ipv6 enable
Syntax
set ipv6 address ipv6-addr/prefix-length [eui64]
Parameters
ipv6addr TheIPv6addressorprefixtobeconfigured.Thisparametermustbeinthe
formdocumentedinRFC4291,withtheaddressspecifiedinhexadecimal
using16bitvaluesbetweencolons.
prefixlength ThelengthoftheIPv6prefixforthisaddress.Thevalueofprefixlengthisa
decimalnumberindicatingthenumberofhighordercontiguousbitsofthe
addressthatcomprisethenetworkportionoftheaddress.
eui64 (Optional)FormulatetheIPv6addressusinganEUI64IDinthelower
order64bitsoftheaddress.
Defaults
NoglobalunicastIPv6addressisdefinedbydefault.
Mode
Switchmode,readwrite.
Usage
UsethiscommandtomanuallyconfigureaglobalunicastIPv6addressforIPv6management.You
canspecifytheaddresscompletely,oryoucanusetheoptionaleui64parametertoallowthe
switchtogeneratethelowerorder64bitsoftheaddress.
Whenusingtheeui64parameter,youspecifyonlythenetworkprefixandlength.
Examples
ThisexampleshowshowtocompletelyspecifyanIPv6addressbyenteringall128bitsandthe
prefix:
B3(su)->set ipv6 address 2001:0db8:1234:5555::9876:2/64
Syntax
show ipv6 address
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Usage
ThiscommanddisplaystheIPv6addressesconfiguredautomaticallyandwiththesetipv6
addressandsetipv6gatewaycommands.
Example
ThisexampledisplaysthreeIPv6managementaddressesconfiguredfortheswitch.
B3(su)->show ipv6 address
Name IPv6 Address
------------ ----------------------------------------
host FE80::201:F4FF:FE5C:2880/64
host 2001:DB8:1234:5555:201:F4FF:FE5C:2880/64
gateway FE80::201:F4FF:FE5D:1234
Syntax
clear ipv6 [address {all|ipv6-addr/prefix-length}]
Parameters
ipv6addr TheIPv6addresstobecleared.Thisparametermustbeintheform
documentedinRFC4291,withtheaddressspecifiedinhexadecimalusing
16bitvaluesbetweencolons.
prefixlength ThelengthoftheIPv6prefixforthisaddress.Thevalueofprefixlengthisa
decimalnumberindicatingthenumberofhighordercontiguousbitsofthe
addressthatcomprisethenetworkportionoftheaddress.
all DeletesallIPv6globaladdresses.
Defaults
Ifaddressisnotentered,allmanuallyconfiguredglobalIPv6addressesarecleared.
Mode
Switchmode,readwrite.
Usage
Thiscommandclearsaddressesmanuallyconfiguredwiththesetipv6addresscommand.Usethe
clearipv6gatewaycommandtocleartheIPv6gatewayaddress.
Example
ThisexampleillustratesthatthiscommandclearsonlythoseIPv6addressesconfiguredwiththe
setipv6addresscommand.Thelinklocaladdressforthehostinterfaceandthegatewayaddress
arenotremovedwiththiscommand.
B3(su)->show ipv6 address
Name IPv6 Address
------------ ----------------------------------------
host FE80::201:F4FF:FE5C:2880/64
host 2001:DB8:1234:5555:201:F4FF:FE5C:2880/64
host 2001:DB8:1234:5555::9876:2/64
gateway FE80::201:F4FF:FE5D:1234
Syntax
set ipv6 gateway ipv6-addr
Parameters
ipv6addr TheIPv6addresstobeconfigured.Theaddresscanbeaglobalunicastor
linklocalIPv6address,intheformdocumentedinRFC4291,withthe
addressspecifiedinhexadecimalusing16bitvaluesbetweencolons.
Defaults
None.
Mode
Switchmode,readwrite.
Usage
ThiscommandconfigurestheIPv6gatewayaddress.OnlyoneIPv6gatewayaddresscanbe
configuredfortheswitch,soexecutingthiscommandwhenagatewayaddresshasalreadybeen
configuredwilloverwritethepreviouslyconfiguredaddress.
Usetheshowipv6addresscommandtodisplayaconfiguredIPv6gatewayaddress.
Example
ThisexampleshowshowtoconfigureanIPv6gatewayaddressusingalinklocaladdress.
B3(su)->set ipv6 gateway fe80::201:f4ff:fe5d:1234
B3(su)->show ipv6 address
Name IPv6 Address
------------ ----------------------------------------
host FE80::201:F4FF:FE5C:2880/64
gateway FE80::201:F4FF:FE5D:1234
Syntax
clear ipv6 gateway
Parameters
None.
Defaults
None.
Mode
Switchmode,readwrite.
Example
ThisexampleshowshowtoremoveaconfiguredIPv6gatewayaddress.
B3(su)->show ipv6 address
Name IPv6 Address
------------ ----------------------------------------
host FE80::201:F4FF:FE5C:2880/64
gateway FE80::201:F4FF:FE5D:1234
Syntax
show ipv6 neighbors
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
Thisexampleshowsexampleoutputofthiscommand.
Syntax
show ipv6 netstat
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
Thisexampleshowstheoutputofthiscommand.
B3(su)->show ipv6 netstat
Prot Local Address State
Foreign Address
---- -------------------------------------------- -----------
TCP 3333::211:88FF:FE59:4424.22 ESTABLISHED
2020::D480:1384:F58C:B114.1049
TCP 3333::211:88FF:FE59:4424.443 TIME_WAIT
2020::D480:1384:F58C:B114.1056
TCP ::.23 LISTEN
::.*
TCP 3333::211:88FF:FE59:4424.22 ESTABLISHED
2020::D480:1384:F58C:B114.1050
TCP 3333::211:88FF:FE59:4424.22 ESTABLISHED
3333::2117:F1C0:90B:910D.1045
TCP ::.80 LISTEN
::.*
TCP ::.22 LISTEN
::.*
TCP 3333::211:88FF:FE59:4424.80 ESTABLISHED
2020::D480:1384:F58C:B114.1053
TCP 3333::211:88FF:FE59:4424.80 ESTABLISHED
2020::D480:1384:F58C:B114.1054
TCP ::.443 LISTEN
::.*
TCP 3333::211:88FF:FE59:4424.22 ESTABLISHED
2020::D480:1384:F58C:B114.1048
TCP 3333::211:88FF:FE59:4424.443 TIME_WAIT
2020::D480:1384:F58C:B114.1055
ping ipv6
UsethiscommandtotestroutingnetworkconnectivitybysendingIPpingrequests.
Syntax
ping ipv6-addr [size num]
Parameters
ipv6addr SpecifiestheIPv6addressofthesystemtoping.Entertheaddressinthe
formdocumentedinRFC4291,withtheaddressspecifiedinhexadecimal
using16bitvaluesbetweencolons.
sizenum (Optional)Specifiesthesizeofthedatagrampacket.Thevalueofnumcan
rangefrom48to2048bytes.
Defaults
None.
Mode
Switchmode,readwrite.
Usage
Thiscommandisalsoavailableinroutermode.
Examples
ThisexampleshowsoutputfromasuccessfulpingtoIPv6address2001:0db8:1234:5555::1234:1.
B3(su)->ping ipv6 2001:0db8:1234:5555::1234:1
2001:DB8:1234:5555::1234:1 is alive
ThisexampleshowsoutputfromanunsuccessfulpingtoIPv6address
2001:0db8:1234:5555::1234:1.
B3(su)->ping ipv6 2001:0db8:1234:5555::1234:1
no answer from 2001:DB8:1234:5555::1234:1
traceroute ipv6
Usethiscommandtodiscovertheroutesthatpacketsactuallytakewhentravelingtotheir
destinationthroughthenetworkonahopbyhopbasis.
Syntax
traceroute ipv6 ipv6-addr [port]
Parameters
ipv6addr SpecifiesahosttowhichtherouteofanIPv6packetwillbetraced.Enterthe
addressintheformdocumentedinRFC4291,withtheaddressspecifiedin
hexadecimalusing16bitvaluesbetweencolons.
port (Optional)SpecifiestheUDPportusedasthedestinationofpacketssentas
partofthetraceroute.Thisportshouldbeanunusedportonthedestination
system.Thevalueofportcanrangefrom0to65535.Defaultvalueis33434.
Defaults
None.
Mode
Switchmode,readwrite.
Usage
Thiscommandisalsoavailableinroutermode.
Example
Thisexampleshowshowtousetraceroutetodisplayaroundtrippathtohost
2001:0db8:1234:5555::1.
B3(su)->router#traceroute ipv6 2001:0db8:1234:5555::1
Traceroute to 2001:0db8:1234:5555::1, 30 hops max, 40 byte packets
1 2001:0db8:1234:5555::1 1.000000e+00 ms 1.000000e+00 ms 1.000000e+00 ms
ThischapterdescribestheSecurityConfigurationsetofcommandsandhowtousethem.
802.1XPortBasedNetworkAccessControlusingEAPOL(ExtensibleAuthenticationProtocol)
providesamechanismviaaRADIUSserverforadministratorstosecurelyauthenticateand
grantappropriateaccesstoenduserdevicescommunicatingwithSecureStackB3ports.For
detailsonusingCLIcommandstoconfigure802.1X,refertoConfiguring802.1X
Authenticationonpage 1612.
Note: To configure EAP pass-through, which allows client authentication packets to be forwarded
through the switch to an upstream device, 802.1X authentication must be globally disabled with the
set dot1x command.
MACAuthenticationprovidesamechanismforadministratorstosecurelyauthenticate
sourceMACaddressesandgrantappropriateaccesstoenduserdevicescommunicatingwith
SecureStackB3ports.Fordetails,refertoConfiguringMACAuthenticationonpage 1623.
MultipleAuthenticationMethodsallowsuserstoauthenticateusingmultiplemethodsof
authenticationonthesameport.Fordetails,refertoConfiguringMultipleAuthentication
Methodsonpage 1634.
MultiUserAuthenticationOntheSecureStackB3,theonlytypeofmultipleuser
authenticationsupportedisUser+IPPhone.TheUser+IPPhoneauthenticationfeature
supportsauthenticationandauthorizationoftwodevices,specificallyaPCcascadedwithan
IPphone,onasingleportontheB3.TheIPphonemustauthenticateusingMAC
authentication,buttheusermayauthenticatebyanymethod.Thisfeatureallowsboththe
usersPCandIPphonetosimultaneouslyauthenticateonasingleportandeachreceivea
uniquelevelofnetworkaccess.Fordetails,refertoConfiguringMultiUserAuthentication
(User+IPphone)onpage 1634.
RFC3580TunnelAttributesprovideamechanismtocontainan802.1Xauthenticatedusertoa
VLANregardlessofthePVID.RefertoConfiguringVLANAuthorization(RFC3580)on
page 1642.
MACLockinglocksaporttooneormoreMACaddresses,preventingtheuseof
unauthorizeddevicesandMACspoofingontheportFordetails,refertoConfiguringMAC
Lockingonpage 1646.
PortWebAuthentication(PWA)locksdownaportauserisattachedtountilaftertheuser
logsinusingawebbrowsertoaccesstheswitch.Theswitchwillpassalllogininformation
fromtheendstationtoaRADIUSserverforauthenticationbeforeturningtheporton.PWAis
analternativeto802.1XandMACauthentication.Fordetails,refertoConfiguringPortWeb
Authentication(PWA)onpage 1656.
SecureShell(SSH)providessecureTelnet.Fordetails,refertoConfiguringSecureShell
(SSH)onpage 1668.
Configuring RADIUS
Purpose
Toperformthefollowing:
ReviewtheRADIUSclient/serverconfigurationontheswitch.
EnableordisabletheRADIUSclient.
Setlocalandremoteloginoptions.
Setprimaryandsecondaryserverparameters,includingIPaddress,timeoutperiod,
authenticationrealm,andnumberofuserloginattemptsallowed.
ResetRADIUSserversettingstodefaultvalues.
ConfigureaRADIUSaccountingserver.
Commands
ThecommandsusedtoreviewandconfigureRADIUSarelistedbelow:
show radius
UsethiscommandtodisplaythecurrentRADIUSclient/serverconfiguration.
show radius [status | retries | timeout | server [index | all]]
Parameters
status (Optional)DisplaystheRADIUSserversenablestatus.
retries (Optional)DisplaysthenumberofretryattemptsbeforetheRADIUSserver
timesout.
timeout (Optional)Displaysthemaximumamountoftime(inseconds)toestablish
contactwiththeRADIUSserverbeforeretryattemptsbegin.
server (Optional)DisplaysRADIUSserverconfigurationinformation.
index|all Forusewiththeserverparametertoshowserverconfigurationforall
serversoraspecificRADIUSserverasdefinedbyanindex.
Defaults
Ifnoparametersarespecified,allRADIUSconfigurationinformationwillbedisplayed.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplayRADIUSconfigurationinformation:
B3(rw)->show radius
RADIUS status: Enabled
RADIUS retries: 3
RADIUS timeout: 20 seconds
RADIUS Server IP Address Auth-Port Realm-Type
-------------- ---------- --------- -----------------
10 172.16.20.10 1812 management-access
Table 161providesanexplanationofthecommandoutput.
RADIUS retries Number of retry attempts before the RADIUS server times out. The default value of 3
can be reset using the set radius command as described in set radius on
page 16-6.
RADIUS timeout Maximum amount of time (in seconds) to establish contact with the RADIUS server
before retry attempts begin. The default value of 20 can be reset using the set
radius command as described in set radius on page 16-6.
RADIUS Server RADIUS servers index number, IP address, and UDP authentication port.
Realm-Type Realm defines who has to go through the RADIUS server for authentication.
Management-access: This means that anyone trying to access the switch (Telnet,
SSH, Local Management) has to authenticate through the RADIUS server.
Network-access: This means that all the users have to authenticate to a RADIUS
server before they are allowed access to the network.
Any-access: Means that both Management-access and Network-access have
been enabled.
set radius
Usethiscommandtoenable,disable,orconfigureRADIUSauthentication.
Syntax
set radius {enable | disable} | {retries number-of-retries} | {timeout timeout} |
{server index ip-address port [secret-value] [realm {management-access | any |
network-access}} | {realm {management-access | any | network-access} {index| all}}
Parameters
enable|disable EnablesordisablestheRADIUSclient.
retriesnumberof SpecifiesthenumberofretryattemptsbeforetheRADIUSservertimesout.
retries Validvaluesarefrom1to10.Defaultis3.
timeouttimeout Specifiesthemaximumamountoftime(inseconds)toestablishcontact
withtheRADIUSserverbeforeretryattemptsbegin.Validvaluesarefrom1
to30.Defaultis20seconds.
serverindex Specifiestheindexnumber,IPaddressandtheUDPauthenticationportfor
ip_addressport theRADIUSserver.
secretvalue (Optional)Specifiesanencryptionkeytobeusedforauthentication
betweentheRADIUSclientandserver.
realm RealmallowsyoutodefinewhohastogothroughtheRADIUSserverfor
management authentication.
access|any|
managementaccess:Thismeansthatanyonetryingtoaccesstheswitch
networkaccess
(Telnet,SSH,LocalManagement)hastoauthenticatethroughthe
RADIUSserver.
networkaccess:Thismeansthatalltheusershavetoauthenticatetoa
RADIUSserverbeforetheyareallowedaccesstothenetwork.
any:Meansthatbothmanagementaccessandnetworkaccesshave
beenenabled.
Note: If the management-access or any access realm has been configured, the
local admin account is disabled for access to the switch using the console, Telnet,
or Local Management. Only the network-access realm allows access to the local
admin account.
index|all Appliestherealmsettingtoaspecificserverortoallservers.
Defaults
Ifsecretvalueisnotspecified,nonewillbeapplied.
Ifrealmisnotspecified,theanyaccessrealmwillbeused.
Mode
Switchcommand,readwrite.
Usage
TheSecureStackB3deviceallowsupto10RADIUSaccountingserverstobeconfigured,withup
totwoserversactiveatanygiventime.
TheRADIUSclientcanonlybeenabledontheswitchonceaRADIUSserverisonline,anditsIP
address(es)hasbeenconfiguredwiththesamepasswordtheRADIUSclientwilluse.
Examples
ThisexampleshowshowtoenabletheRADIUSclientforauthenticatingwithRADIUSserver1at
IPaddress192.168.6.203,UDPauthenticationport1812,andanauthenticationpasswordof
pwsecret.Aspreviouslynoted,theserversecretpasswordenteredheremustmatchthat
alreadyconfiguredastheReadWrite(rw)passwordontheRADIUSserver:
B3(su)->set radius server 1 192.168.6.203 1812 pwsecret
ThisexampleshowshowtosettheRADIUStimeoutto5seconds:
B3(su)->set radius timeout 5
ThisexampleshowshowtosetRADIUSretriesto10:
B3(su)->set radius retries 10
Thisexampleshowshowtoforceanymanagementaccesstotheswitch(Telnet,web,SSH)to
authenticatethroughaRADIUSserver.Theallparameterattheendofthecommandmeansthat
anyofthedefinedRADIUSserverscanbeusedforthisAuthentication.
B3(rw)->set radius realm management-access all
clear radius
UsethiscommandtoclearRADIUSserversettings.
Syntax
clear radius [retries] | [timeout] | [server {index | all | realm {index | all}}]
Parameters
retries ResetsthemaximumnumberofattemptsausercancontacttheRADIUS
serverbeforetimingoutto3.
timeout ResetsthemaximumamountoftimetoestablishcontactwiththeRADIUS
serverbeforetimingoutto20seconds.
server Deletesserversettings.
index|all Forusewiththeserverparametertocleartheserverconfigurationforall
serversoraspecificRADIUSserverasdefinedbyanindex.
realm ResetstherealmsettingforallserversoraspecificRADIUSserveras
definedbyanindex.
Mode
Switchcommand,readwrite.
Defaults
None.
Examples
ThisexampleshowshowtoclearallsettingsonallRADIUSservers:
B3(su)->clear radius server all
ThisexampleshowshowtoresettheRADIUStimeouttothedefaultvalueof20seconds:
B3(su)->clear radius timeout
Syntax
show radius accounting [server] | [counter ip-address] | [retries] | [timeout]
Parameters
server (Optional)DisplaysoneorallRADIUSaccountingserverconfigurations.
counteripaddress (Optional)DisplayscountersforaRADIUSaccountingserver.
retries (Optional)Displaysthemaximumnumberofattemptstocontactthe
RADIUSaccountingserverbeforetimingout.
timeout (Optional)Displaythemaximumamountoftimebeforetimingout.
Mode
Switchcommand,readonly.
Defaults
Ifnoparametersarespecified,allRADIUSaccountingconfigurationinformationwillbe
displayed.
Example
ThisexampleshowshowtodisplayRADIUSaccountingconfigurationinformation.Inthiscase,
RADIUSaccountingisnotcurrentlyenabledandglobaldefaultsettingshavenotbeenchanged.
Oneserverhasbeenconfigured.
FordetailsonenablingandconfiguringRADIUSaccounting,refertosetradiusaccountingon
page 1610:
B3(ro)->show radius accounting
Syntax
set radius accounting {[enable | disable][retries retries] [timeout timeout]
[server ip_address port [server-secret]
Parameters
enable|disable EnablesordisablestheRADIUSaccountingclient.
retriesretries SetsthemaximumnumberofattemptstocontactaspecifiedRADIUS
accountingserverbeforetimingout.Validretryvaluesare110.
timeouttimeout Setsthemaximumamountoftime(inseconds)toestablishcontactwitha
specifiedRADIUSaccountingserverbeforetimingout.Validtimeout
valuesare130.
serverip_address Specifiestheaccountingservers:
portserversecret
IPaddress
UDPauthenticationport(065535)
serversecret(ReadWritepasswordtoaccessthisaccountingserver.
Devicewillpromptforthisentryuponcreatingaserverinstance,as
shownintheexamplebelow.)
Mode
Switchcommand,readwrite.
Defaults
None.
Examples
ThisexampleshowshowtoenabletheRADIUSaccountingclientforauthenticatingwiththe
accountingserveratIPaddress10.2.4.12,UDPauthenticationport1800.Aspreviouslynoted,the
serversecretpasswordenteredheremustmatchthatalreadyconfiguredastheReadWrite(rw)
passwordontheRADIUSaccountingserver:
B3(su)->set radius accounting server 10.2.4.12 1800
Enter secret:
Re-enter secret:
ThisexampleshowshowtosettheRADIUSaccountingtimeoutto30seconds:
B3(su)->set radius accounting timeout 30
ThisexampleshowshowtosetRADIUSaccountingretriesto10:
B3(su)->set radius accounting retries 10
Syntax
clear radius accounting {server ip-address | retries | timeout | counter}
Parameters
serveripaddress Clearstheconfigurationononeormoreaccountingservers.
retries Resetstheretriestothedefaultvalueof2.
timeout Resetsthetimeoutto5seconds.
counter Clearscounters.
Mode
Switchcommand,readwrite.
Defaults
None.
Example
ThisexampleshowshowtoresettheRADIUSaccountingtimeoutto5seconds.
B3(su)->clear radius accounting timeout
Purpose
Toreviewandconfigure802.1XauthenticationforoneormoreportsusingEAPOL(Extensible
AuthenticationProtocol).802.1Xcontrolsnetworkaccessbyenforcinguserauthorizationon
selectedports,whichresultsinallowingordenyingnetworkaccessaccordingtoRADIUSserver
configuration.
Notes: One user per EAPOL-configured port can be authenticated on SecureStack B3 devices.
Only one method of authentication can be deployed per port.
To configure EAP pass-through, which allows client authentication packets to be forwarded through
the switch to an upstream device, 802.1X authentication must be globally disabled with the set
dot1x command (set dot1x on page 16-16).
Commands
Thecommandsusedtoreviewandconfigure802.1Xarelistedbelow:
show dot1x
Usethiscommandtodisplay802.1Xstatus,diagnostics,statistics,andreauthenticationor
initializationcontrolinformationforoneormoreports.
Syntax
show dot1x [auth-diag] [auth-stats] [port [init | reauth]] [port-string]
Parameters
authdiag (Optional)Displaysauthenticationdiagnosticsinformation.
authstats (Optional)Displaysauthenticationstatistics.
portinit|reauth (Optional)Displaysthestatusofportinitializationandreauthentication
controlfortheport.
portstring (Optional)Displaysinformationforspecificport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 41.
Defaults
Ifnoparametersarespecified,802.1Xstatuswillbedisplayed.
Ifportstringisnotspecified,informationforallportswillbedisplayed.
Mode
Switchcommand,readonly.
Examples
Thisexampleshowshowtodisplay802.1Xstatus:
B3(su)->show dot1x
DOT1X is disabled.
Thisexampleshowshowtodisplayauthenticationdiagnosticsinformationforfe.1.1:
B3(su)->show dot1x auth-diag fe.1.1
Port : 1 Auth-Diag
Enter Connecting: 0
EAP Logoffs While Connecting: 0
Enter Authenticating: 0
Success While Authenticating 0
Timeouts While Authenticating: 0
Fails While Authenticating: 0
ReAuths While Authenticating: 0
EAP Starts While Authenticating: 0
EAP logoff While Authenticating: 0
Backend Responses: 0
Backend Access Challenges: 0
Backend Others Requests To Supp: 0
Backend NonNak Responses From: 0
Backend Auth Successes: 0
Backend Auth Fails: 0
Thisexampleshowshowtodisplayauthenticationstatisticsforfe.1.1:
B3(su)->show dot1x auth-stats fe.1.1
Port: 1 Auth-Stats
EAPOL Frames Rx: 0
EAPOL Frames Tx: 0
EAPOL Start Frames Rx: 0
EAPOL Logoff Frames Rx: 0
EAPOL RespId Frames Rx: 0
EAPOL Resp Frames Rx: 0
EAPOL Req Frames Tx: 0
EAP Length Error Frames Rx: 0
Last EAPOL Frame Version: 0
Last EAPOL Frame Source: 00:00:00:00:00:00
Thisexampleshowshowtodisplaythestatusofportreauthenticationcontrolforfe.1.1through
fe.1.6:
B3(su)->show dot1x port reauth fe.1.1-6
Port 1: Port reauthenticate: FALSE
Port 2: Port reauthenticate: FALSE
Port 3: Port reauthenticate: FALSE
Port 4: Port reauthenticate: FALSE
Port 5: Port reauthenticate: FALSE
Port 6: Port reauthenticate: FALSE
Syntax
show dot1x auth-config [authcontrolled-portcontrol] [maxreq] [quietperiod]
[reauthenabled] [reauthperiod] [servertimeout] [supptimeout] [txperiod] [port-
string]
Parameters
authcontrolled (Optional)DisplaysthecurrentvalueofthecontrolledPortcontrol
portcontrol parameterfortheport.
maxreq (Optional)Displaysthevaluesetformaximumrequestscurrentlyinuseby
thebackendauthenticationstatemachine.
quietperiod (Optional)Displaysthevaluesetforquietperiodcurrentlyinusebythe
authenticatorPAEstatemachine.
reauthenabled (Optional)Displaysthestateofreauthenticationcontrolusedbythe
ReauthenticationTimerstatemachine.
reauthperiod (Optional)Displaysthevalue,inseconds,setforthereauthentication
periodusedbythereauthenticationtimerstatemachine.
servertimeout (Optional)Displaystheservertimeoutvalue,inseconds,currentlyinuse
bythebackendauthenticationstatemachine.
supptimeout (Optional)Displaystheauthenticationsupplicanttimeoutvalue,in
seconds,currentlyinusebythebackendauthenticationstatemachine.
txperiod (Optional)Displaysthetransmissionperiodvalue,inseconds,currentlyin
usebytheauthenticatorPAEstatemachine.
portstring (Optional)Limitsthedisplayofdesiredinformationinformationtospecific
port(s).Foradetaileddescriptionofpossibleportstringvalues,referto
PortStringSyntaxUsedintheCLIonpage 41.
Defaults
Ifnoparametersarespecified,all802.1Xsettingswillbedisplayed.
Ifportstringisnotspecified,informationforallportswillbedisplayed.
Mode
Switchcommand,readonly.
Examples
ThisexampleshowshowtodisplaytheEAPOLportcontrolmodeforfe.1.1:
B3(su)->show dot1x auth-config authcontrolled-portcontrol fe.1.1
Port 1: Auth controlled port control: Auto
Thisexampleshowshowtodisplaythe802.1Xquietperiodsettingsforfe.1.1:
B3(su)->show dot1x auth-config quietperiod fe.1.1
Port 1: Quiet period: 30
Thisexampleshowshowtodisplayall802.1Xauthenticationconfigurationsettingsforge.1.1:
B3(ro)->show dot1x auth-config ge.1.1
Port : 1 Auth-Config
PAE state: Initialize
Backend auth state: Initialize
Admin controlled directions: Both
Oper controlled directions: Both
Auth controlled port status: Authorized
Auth controlled port control: Auto
Quiet period: 60
Transmission period: 30
Supplicant timeout: 30
Server timeout: 30
Maximum requests: 2
Reauthentication period: 3600
Reauthentication control: Disabled
set dot1x
Usethiscommandtoenableordisable802.1Xauthentication,toreauthenticateoneormoreaccess
entities,ortoreinitializeoneormoresupplicants.
Syntax
set dot1x {enable | disable | port {init | reauth} {true | false} [port-string]}
Parameters
enable|disable Enablesordisables802.1X.
port Enableordisable802.1Xreauthenticationorinitializationcontrolononeor
moreports.
init|reauth Configureinitializationorreauthenticationcontrol.
true|false Enable(true)ordisable(false)reinitialization/reauthentication.
portstring (Optional)Specifiestheport(s)toreinitializeorreauthenticate.
Defaults
Ifnoportsarespecified,thereinitializationorreauthenticationsettingwillbeappliedtoallports.
Mode
Switchcommand,readwrite.
Usage
Disabling802.1Xauthenticationglobally,bynotenteringaspecificportstringvalue,willenable
theEAPpassthroughfeature.EAPpassthroughallowsclientauthenticationpacketstobe
forwardedunmodifiedthroughtheswitchtoanupstreamdevice.
Examples
Thisexampleshowshowtoenable802.1X:
B3(su)->set dot1x enable
Thisexampleshowshowtoreinitializege.1.2:
B3(rw)->set dot1x port init true ge.1.2
Syntax
set dot1x auth-config {[authcontrolled-portcontrol {auto | forced-auth |
forced-unauth}] [maxreq value] [quietperiod value] [reauthenabled {false | true}]
[reauthperiod value] [servertimeout timeout] [supptimeout timeout] [txperiod
value]} [port-string]
Parameters
authcontrolled Specifiesthe802.1Xportcontrolmode.
portcontrol
autoSetportcontrolmodetoautocontrolledportcontrol.This
auto|forcedauth|
isthedefaultvalue.
forcedunauth
forcedauthSetportcontrolmodetoForcedAuthorized
controlledportcontrol.
forcedunauthSetportcontrolmodetoForcedUnauthorized
controlledportcontrol.
maxreqvalue Specifiesthemaximumnumberofauthenticationrequestsallowed
bythebackendauthenticationstatemachine.Validvaluesare110.
Defaultvalueis2.
quietperiodvalue Specifiesthetime(inseconds)followingafailedauthentication
beforeanotherattemptcanbemadebytheauthenticatorPAEstate
machine.Validvaluesare065535.Defaultvalueis60seconds.
reauthenabledfalse| Enables(true)ordisables(false)reauthenticationcontrolofthe
true reauthenticationtimerstatemachine.Defaultvalueisfalse.
reauthperiodvalue Specifiesthetimelapse(inseconds)betweenattemptsbythe
reauthenticationtimerstatemachinetoreauthenticateaport.Valid
valuesare065535.Defaultvalueis3600seconds.
servertimeouttimeout Specifiesatimeoutperiod(inseconds)fortheauthenticationserver,
usedbythebackendauthenticationstatemachine.Validvaluesare1
300.Defaultvalueis30seconds.
supptimeouttimeout Specifiesatimeoutperiod(inseconds)fortheauthentication
supplicantusedbythebackendauthenticationstatemachine.Valid
valuesare1300.Defaultvalueis30seconds.
txperiodvalue Specifiestheperiod(inseconds)whichpassesbetweenauthenticator
PAEstatemachineEAPtransmissions.Validvaluesare065535.
Defaultvalueis30seconds.
portstring (Optional)Limitstheconfigurationofdesiredsettingstospecified
port(s).Foradetaileddescriptionofpossibleportstringvalues,refer
toPortStringSyntaxUsedintheCLIonpage 41.
Defaults
Ifportstringisnotspecified,authenticationparameterswillbesetonallports.
Mode
Switchcommand,readwrite.
Examples
Thisexampleshowshowtoenablereauthenticationcontrolonportsfe.1.13:
B3(su)->set dot1x auth-config reauthenabled true fe.1.1-3
Thisexampleshowshowtosetthe802.1Xquietperiodto120secondsonportsfe.1.13:
B3(su)->set dot1x auth-config quietperiod 120 fe.1.1-3
Syntax
clear dot1x auth-config [authcontrolled-portcontrol] [maxreq] [quietperiod]
[reauthenabled] [reauthperiod] [servertimeout] [supptimeout] [txperiod] [port-
string]
Parameters
authcontrolled (Optional)Resetsthe802.1Xportcontrolmodetoauto.
portcontrol
maxreq (Optional)Resetsthemaximumrequestsvalueto2.
quietperiod (Optional)Resetsthequietperiodvalueto60seconds.
reauthenabled (Optional)Resetsthereauthenticationcontrolstatetodisabled(false).
reauthperiod (Optional)Resetsthereauthenticationperiodvalueto3600seconds.
servertimeout (Optional)Resetstheservertimeoutvalueto30seconds.
supptimeout (Optional)Resetstheauthenticationsupplicanttimeoutvalueto30
seconds.
txperiod (Optional)Resetsthetransmissionperiodvalueto30seconds.
portstring (Optional)Resetssettingsonspecificport(s).Foradetaileddescriptionof
possibleportstringvalues,refertoPortStringSyntaxUsedintheCLIon
page 41.
Defaults
Ifnoparametersarespecified,allauthenticationparameterswillbereset.
Ifportstringisnotspecified,parameterswillbesetonallports.
Mode
Switchcommand,readwrite.
Examples
Thisexampleshowshowtoresetthe802.1Xportcontrolmodetoautoonallports:
B3(su)->clear dot1x auth-config authcontrolled-portcontrol
Thisexampleshowshowtoresetreauthenticationcontroltodisabledonportsfe.1.13:
B3(su)->clear dot1x auth-config reauthenabled fe.1.1-3
Thisexampleshowshowtoresetthe802.1Xquietperiodto60secondsonportsfe.1.13:
B3(su)->clear dot1x auth-config quietperiod fe.1.1-3
show eapol
UsethiscommandtodisplayEAPOLstatusorsettingsforoneormoreports.
Syntax
show eapol [port-string]
Parameters
portstring (Optional)DisplaysEAPOLstatusforspecificport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 41.
Defaults
Ifportstringisnotspecified,onlyEAPOLenablestatuswillbedisplayed.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplayEAPOLstatusforportsfe.1.13:
B3(su)->show eapol fe.1.1-3
EAPOL is disabled.
Table 162providesanexplanationofthecommandoutput.Fordetailsonusingtheseteapol
commandtoenabletheprotocolandassignanauthenticationmode,refertoseteapolon
page 1621.
Port Port designation. For a detailed description of possible port-string values, refer to
Port String Syntax Used in the CLI on page 4-1.
Authentication State Current EAPOL authentication state for each port. Possible internal states for the
authenticator (switch) are:
initialized: A port is in the initialize state when:
authentication is disabled,
authentication is enabled and the port is not linked, or
authentication is enabled and the port is linked. (In this case very
little time is spent in this state, it immediately transitions to the
connecting state, via disconnected.
disconnected: The port passes through this state on its way to connected
whenever the port is reinitialized, via link state change, reauthentication failure, or
management intervention.
connecting: While in this state, the authenticator sends request/ID messages to
the end user.
authenticating: The port enters this state from connecting after receiving a
response/ID from the end user. It remains in this state until the entire
authentication exchange between the end user and the authentication server
completes.
authenticated: The port enters this state from authenticating state after the
exchange completes with a favorable result. It remains in this state until linkdown,
logoff, or until a reauthentication begins.
aborting: The port enters this state from authenticating when any event occurs
that interrupts the login exchange.
held: After any login failure the port remains in this state for the number of
seconds equal to quietPeriod (can be set using MIB).
forceAuth: Management is allowing normal, unsecured switching on this port.
forceUnauth: Management is preventing any frames from being forwarded to or
from this port.
Authentication Mode Mode enabling network access for each port. Modes include:
Auto: Frames are forwarded according to the authentication state of each port.
Forced Authorized Mode: Meant to disable authentication on a port. It is
intended for ports that support ISLs and devices that cannot authenticate, such
as printers and file servers. If a default policy is applied to the port via the policy
profile MIB, then frames are forwarded according to the configuration set by that
policy, otherwise frames are forwarded according to the current configuration for
that port. Authentication using 802.1X is not possible on a port in this mode.
Forced Unauthorized Mode: All frames received on the port are discarded by a
filter. Authentication using 802.1X is not possible on a port in this mode.
set eapol
UsethiscommandtoenableordisableEAPOLportbaseduserauthenticationwiththeRADIUS
serverandtosettheauthenticationmodeforoneormoreports.
Syntax
set eapol [enable | disable] [auth-mode {auto | forced-auth | forced-unauth} port-
string]
Parameters
enable|disable EnablesordisablesEAPOL.
authmode Specifiestheauthenticationmodeas:
auto| autoAutoauthorizationmode.Thisisthedefaultmodeandwill
forcedauth| forwardframesaccordingtotheauthenticationstateoftheport.For
forcedunauth detailsonthismode,refertoTable 162.
forcedauthForcedauthorizedmode,whichdisablesauthentication
ontheport.
forcedunauthForcedunauthorizedmode,whichfiltersanddiscards
allframesreceivedontheport.
portstring Specifiestheport(s)onwhichtosetEAPOLparameters.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 41.
Defaults
None.
Mode
Switchcommand,readwrite.
Examples
ThisexampleshowshowtoenableEAPOL:
B3(su)->set eapol enable
ThisexampleshowshowtoenableEAPOLwithforcedauthorizedmodeonportfe.1.1:
B3(su)->set eapol auth-mode forced-auth fe.1.1
clear eapol
UsethiscommandtogloballycleartheEAPOLauthenticationmode,ortoclearsettingsforoneor
moreports.
Syntax
clear eapol [auth-mode port-string] [port-string]
Parameters
authmode (Optional)GloballyclearstheEAPOLauthenticationmode.
portstring Specifiestheport(s)onwhichtoclearEAPOLparameters.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 41.
Defaults
Ifauthmodeisnotspecified,allEAPOLsettingswillbecleared.
Ifnotspecified,settingswillbeclearedforallports.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtocleartheEAPOLauthenticationmodeforportge.1.3:
B3(su)->clear eapol auth-mode ge.1.3
Purpose
Toreview,disable,enableandconfigureMACauthentication.Thisallowsthedeviceto
authenticatesourceMACaddressesinanexchangewithanauthenticationserver.The
authenticator(switch)selectsasourceMACseenonaMACauthenticationenabledportand
submitsittoabackendclientforauthentication.ThebackendclientusestheMACaddressstored
password,ifrequired,ascredentialsforanauthenticationattempt.Ifaccepted,astring
representinganaccesspolicymaybereturned.Ifpresent,theswitchappliestheassociatedpolicy
rules.
Commands
Thecommandsneededtoreview,enable,disable,andconfigureMACauthenticationarelisted
below:
show macauthentication
UsethiscommandtodisplayMACauthenticationinformationforoneormoreports.
Syntax
show macauthentication [port-string]
Parameters
portstring (Optional)DisplaysMACauthenticationinformationforspecificport(s).
Foradetaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 41.
Defaults
Ifportstringisnotspecified,MACauthenticationinformationwillbedisplayedforallports.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplayMACauthenticationinformationforge.2.1through8:
B3(su)->show macauthentication ge.2.1-8
MAC authentication: - enabled
MAC user password: - NOPASSWORD
Port username significant bits - 48
MAC authentication Whether MAC authentication is globally enabled or disabled. Set using the set
macauthentication command as described in set macauthentication on
page 16-26.
MAC user password User password associated with MAC authentication on the device. Set using the set
macauthentication password command as described in set macauthentication
password on page 16-27.
Port username Number of significant bits in the MAC addresses to be used starting with the left-most
significant bits bit of the vendor portion of the MAC address. The significant portion of the MAC
address is sent as a user-name credential when the primary attempt to authenticate
the full MAC address fails. Any other failure to authenticate the full address, (i.e.,
authentication server timeout) causes the next attempt to start once again with a full
MAC authentication. Default is 48 and cannot be reset.
Port Port designation. For a detailed description of possible port-string values, refer to
Port String Syntax Used in the CLI on page 4-1.
Port State Whether or not MAC authentication is enabled or disabled on this port.
Reauth Period Reauthentication period for this port. Default value of 30 can be changed using the
set macauthentication reauthperiod command described in set
macauthentication reauthperiod on page 16-32.
Auth Allowed Number of concurrent authentications supported on this port. Default is 1 and cannot
be reset.
Auth Allocated Maximum number of MAC authentications permitted on this port. Default is 1 and
cannot be reset
Reauthentications Whether or not reauthentication is enabled or disabled on this port. Set using the set
macauthentication reauthentication command described in set
macauthentication reauthentication on page 16-30.
Syntax
show macauthentication session
Parameters
None.
Defaults
Ifportstringisnotspecified,MACsessioninformationwillbedisplayedforallMAC
authenticationports.
Mode
Switchcommand,readonly.
Usage
ChangingtheReauthPeriodwiththesetmacauthenticationreauthperiodcommanddoesnot
affectcurrentsessions.Newsessionsdisplaythecorrectperiod.
Example
ThisexampleshowshowtodisplayMACsessioninformation:
B3(su)->show macauthentication session
Port MAC Address Duration Reauth Period Reauthentications
----- ----------------- ---------- ------------- -----------------
ge.1.2 00:60:97:b5:4c:07 0,00:52:31 3600 disabled
Table 164providesanexplanationofthecommandoutput.
Port Port designation. For a detailed description of possible port-string values, refer to
Port String Syntax Used in the CLI on page 4-1.
Reauth Period Reauthentication period for this port, set using the set macauthentication
reauthperiod command described in set macauthentication reauthperiod on
page 16-32.
Reauthentications Whether or not reauthentication is enabled or disabled on this port. Set using the set
macauthentication reauthentication command described in set
macauthentication reauthentication on page 16-30.
set macauthentication
UsethiscommandtogloballyenableordisableMACauthentication.
Syntax
set macauthentication {enable | disable}
Parameters
enable|disable GloballyenablesordisablesMACauthentication.
Mode
Switchcommand,readwrite.
Defaults
None.
Example
ThisexampleshowshowtogloballyenableMACauthentication:
B3(su)->set macauthentication enable
Syntax
set macauthentication password password
Parameters
password SpecifiesatextstringMACauthenticationpassword.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtosettheMACauthenticationpasswordtomacauth:
B3(su)->set macauthentication password macauth
Syntax
clear macauthentication password
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtocleartheMACauthenticationpassword:
B3(su)->clear macauthentication password
Syntax
set macauthentication port {enable | disable} port-string
Parameters
enable|disable EnablesordisablesMACauthentication.
portstring Specifiesport(s)onwhichtoenableordisableMACauthentication.Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 41.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
Enablingport(s)forMACauthenticationrequiresgloballyenablingMACauthenticationonthe
switchasdescribedinsetmacauthenticationonpage 1626,andthenenablingitonaportby
portbasis.Bydefault,MACauthenticationisgloballydisabledanddisabledonallports.
Example
ThisexampleshowshowtoenableMACauthenticationonge.2.1though5:
B3(su)->set macauthentication port enable ge.2.1-5
Syntax
set macauthentication portinitialize port-string
Parameters
portstring SpecifiestheMACauthenticationport(s)toreinitialize.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 41.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoforcege.2.1through5toinitialize:
B3(su)->set macauthentication portinitialize ge.2.1-5
Syntax
set macauthentication portquietperiod time port-string
Parameters
time Periodinsecondstowaitafterafailedauthentication
portstring Specifiestheportsforwhichthequitperiodistobeapplied.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 41.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexamplesetsport1towait5secondsafterafailedauthenticationattemptbeforeanew
attemptcanbemade:
B3(su)->set macauthentication portquietperiod 5 ge.1.1
Syntax
clear macauthentication portquietperiod port-string
Parameters
portstring (Optional)Specifiestheportsforwhichthequietperiodistobereset.Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 41.
Defaults
Ifaportstringisnotspecifiedthenallportswillbesettothedefaultportquietperiod.
Mode
Switchcommand,readwrite.
Example
Thisexampleresetsthedefaultquitperiodonport1:
B3(su)->clear macauthentication portquietperiod ge.1.1
Syntax
set macauthentication macinitialize mac_addr
Parameters
mac_addr SpecifiestheMACaddressofthesessiontoreinitialize.
Mode
Switchcommand,readwrite.
Defaults
None.
Example
ThisexampleshowshowtoforcetheMACauthenticationsessionforaddress006097b54c07
toreinitialize:
B3(su)->set macauthentication macinitialize 00-60-97-b5-4c-07
Syntax
set macauthentication reauthentication {enable | disable} port-string
Parameters
enable|disable EnablesordisablesMACreauthentication.
portstring Specifiesport(s)onwhichtoenableordisableMACreauthentication.Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 41.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoenableMACreauthenticationonge.4.1though5:
B3(su)->set macauthentication reauthentication enable ge.4.1-5
Syntax
set macauthentication portreauthenticate port-string
Parameters
portstring SpecifiesMACauthenticationport(s)tobereauthenticated.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 41.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoforcege.2.1though5toreauthenticate:
B3(su)->set macauthentication portreauthentication ge.2.1-5
Syntax
set macauthentication macreauthenticate mac_addr
Parameters
mac_addr SpecifiestheMACaddressofthesessiontoreauthenticate.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoforcetheMACauthenticationsessionforaddress006097b54c07
toreauthenticate:
B3(su)->set macauthentication macreauthenticate 00-60-97-b5-4c-07
Syntax
set macauthentication reauthperiod time port-string
Parameters
time Specifiesthenumberofsecondsbetweenreauthenticationattempts.Valid
valuesare14294967295.
portstring Specifiestheport(s)onwhichtosettheMACreauthenticationperiod.Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 41.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
ChangingtheReauthPeriodwiththesetmacauthenticationreauthperiodcommanddoesnot
affectcurrentsessions.Newsessionswillusethecorrectperiod.
Example
ThisexampleshowshowtosettheMACreauthenticationperiodto7200seconds(2hours)on
ge.2.1through5:
B3(su)->set macauthentication reauthperiod 7200 ge.2.1-5
Syntax
clear macauthentication reauthperiod [port-string]
Parameters
portstring (Optional)ClearstheMACreauthenticationperiodonspecificport(s).Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 41.
Defaults
Ifportstringisnotspecified,thereauthenticationperiodwillbeclearedonallports.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtogloballycleartheMACreauthenticationperiod:
B3(su)->clear macauthentication reauthperiod
Note: The only Multi-User Authentication supported on the B3 is User + IP phone. The IP phone
and the user may authenticate using 802.1x or MAC authentication.
User+IPPhoneAuthenticationontheSecureStackB3isimplementedbyassigninganingressed
packetreceivedonaporttoapolicyrolebasedontheVLANthepacketwasassignedto,andnot
thepacketssourceMACaddress.Therefore,onaportconfiguredforUser+IPPhone
Authentication,thereexiststwodifferentVLANtopolicyrolemappings.
ThepolicyrolefortheIPphoneisstaticallymappedusingtheVLANtopolicymappingfeature
whichassignsanypacketsreceivedwithaVLANtagsettoaspecificVID(forexample,Voice
VLAN)toanindicatedpolicyrole(forexample,IPPhonepolicyrole).Therefore,itisrequiredthat
IPphoneisconfiguredtosendVLANtaggedpacketstotheVoiceVLAN.
Thesecondpolicyrole,fortheuser,caneitherbestaticallyconfiguredwiththedefaultpolicyrole
ontheportordynamicallyassignedthroughauthenticationtothenetwork.Whenthedefault
policyroleisassignedonaport,theVLANsetastheportsPVIDismappedtothedefaultpolicy
role.Whenapolicyroleisdynamicallyappliedtoaportastheresultofasuccessfully
authenticatedsession,theauthenticatedVLANismappedtothepolicyrolesetintheFilterID
returnedfromtheRADIUSserver.TheauthenticatedVLANmayeitherbethePVIDoftheport,
ifthePVIDOverrideforthepolicyprofileisdisabled,ortheVLANspecifiedinthePVIDOverride
ifthePVIDOverrideisenabled.
Commands
Thecommandsneededtoreview,enable,disable,andconfiguremultipleauthenticationarelisted
below:
show multiauth
Usethiscommandtodisplaymultipleauthenticationsystemconfiguration.
Syntax
show multiauth
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplaymultipleauthenticationsystemconfiguration:
B3(rw)->show multiauth
Syntax
set multiauth mode {multi | strict}
Parameters
multi Allowthesystemtousemultipleauthenticatorssimultaneously(802.1xand
MACAuthentication)onaport.Thisisthedefaultmode.
strict Usermustauthenticateusing802.1xauthenticationbeforenormaltraffic
(anythingotherthanauthenticationtraffic)canbeforwarded.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
MultiauthmultimoderequiresthatMACand802.1Xauthenticationbeenabledglobally,and
configuredappropriatelyonthedesiredportsaccordingtotheircorrespondingcommandsets
describedinthischapter.RefertoConfiguring802.1XAuthenticationonpage 1612and
ConfiguringMACAuthenticationonpage 1623.
Example
Thisexampleshowshowtoenablesimultaneousmultipleauthentications:
B3(rw)->set multiauth mode multi
Syntax
clear multiauth mode
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoclearthesystemauthenticationmode:
B3(rw)->clear multiauth mode
Syntax
set multiauth precedence {[dot1x] [mac]}
Parameters
dot1x Setsprecedencefor802.1Xauthentication.
mac SetsprecedenceforMACauthentication.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
Whenauserissuccessfullyauthenticatedbymorethanonemethodatthesametime,the
precedenceoftheauthenticationmethodswilldeterminewhichRADIUSreturnedfilterIDwillbe
processedandresultinanappliedtrafficpolicyprofile.
Example
ThisexampleshowshowtosetprecedenceforMACauthentication:
B3(rw)->set multiauth precedence mac dot1x
Syntax
clear multiauth precedence
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoclearthemultipleauthenticationprecedence:
B3(rw)->clear multiauth precedence
Syntax
show multiauth port [port-string]
Parameters
portstring (Optional)Displaysmultipleauthenticationinformationforspecificport(s).
Defaults
Ifportstringisnotspecified,multipleauthenticationinformationwillbedisplayedforallports.
Mode
Switchcommand,readonly.
Example
Thisexampleshowshowtodisplaymultipleauthenticationinformationforportsge.3.14:
B3(rw)->show multiauth port ge.3.1-4
Syntax
set multiauth port mode {auth-opt | auth-reqd | force-auth | force-unauth} |
numusers numusers port-string
Parameters
mode Specifiestheport(s)multipleauthenticationmodeas:
authopt|
authoptAuthenticationoptional(nonstrictbehavior).Ifauser
authreqd|
doesnotattempttoauthenticateusing802.1x,orif802.1x
forceauth|
authenticationfails,theportwillallowtraffictobeforwarded
forceunauth
accordingtothedefineddefaultVLAN.
authreqdAuthenticationisrequired.
forceauthAuthenticationconsidered.
forceunauthAuthenticationdisabled.
numusers Specifiesthenumberofusersallowedauthenticationonport(s).
numusers
portstring Specifiestheport(s)onwhichtosetmultipleauthenticationproperties.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtosettheportmultipleauthenticationmodetorequiredonge.3.14:
B3(rw)->set multiauth port mode auth-reqd ge.3.14
Syntax
clear multiauth port {mode | numusers} port-string
Parameters
mode Clearsthespecifiedportsmultipleauthenticationmode.
numusers Clearsthevaluesetforthenumberofusersallowedauthenticationonthe
specifiedport.
portstring Specifiestheportorportsonwhichtoclearmultipleauthentication
properties.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtocleartheportmultipleauthenticationmodeonportge.3.14:
B3(rw)->clear multiauth port mode ge.3.14
Thisexampleshowshowtoclearthenumberofusersonportge.3.14:
B3(rw)->clear multiauth port numusers ge.3.14
Syntax
show multiauth station [mac address] [port port-string]
Parameters
macaddress (Optional)DisplaysmultipleauthenticationstationentriesforspecificMAC
address(es).
portportstring (Optional)Displaysmultipleauthenticationstationentriesforspecific
port(s).
Mode
Switchcommand,readonly.
Defaults
Ifnooptionsarespecified,multipleauthenticationstationentrieswillbedisplayedforallMAC
addressesandports.
Example
Thisexampleshowshowtodisplaymultipleauthenticationstationentries.Inthiscase,twoend
userMACaddressesareshown:
B3(rw)->show multiauth station
Port Address type Address
------------ ------------ ------------------------
fe.1.20 mac 00-10-a4-9e-24-87
fe.2.16 mac 00-b0-d0-e5-0c-d0
Purpose
Pleaseseesection331ofRFC3580fordetailsonconfiguringaRADIUSservertoreturnthe
desiredtunnelattributes.FromRFC3580,...itmaybedesirabletoallowaporttobeplacedintoa
particularVirtualLAN(VLAN),definedin[IEEE8021Q],basedontheresultofthe
authentication.
TheRADIUSservertypicallyindicatesthedesiredVLANbyincludingtunnelattributeswithin
theAccessAccept.However,theIEEE802.1XAuthenticatormayalsoprovideahintastothe
VLANtobeassignedtotheSupplicantbyincludingTunnelattributeswithintheAccessRequest.
ForuseinVLANassignment,thefollowingtunnelattributesareused:
TunnelType=VLAN(13)
TunnelMediumType=802
TunnelPrivateGroupID=VLANID
Commands
ThecommandsusedtoconfigureRADIUStunnelattributesarelistedbelow.
set vlanauthorization
EnableordisabletheuseoftheRADIUSVLANtunnelattributetoputaportintoaparticular
VLANbasedontheresultofauthentication.
Syntax
set vlanauthorization {enable | disable} [port-string]
Parameters
enable|disable Enablesordisablesvlanauthorization/tunnelattributes
portstring (Optional)SpecifieswhichportstoenableordisabletheuseofVLAN
tunnelattributes/authorization.Foradetaileddescriptionofpossibleport
stringvalues,refertoPortStringSyntaxUsedintheCLIonpage 41.
Defaults
VLANauthenticationisdisabledbydefault.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoenableVLANauthenticationforallFastEthernetports:
B3(rw)-> set vlanauthorization enable fe.*.*
ThisexampleshowshowtodisableVLANauthenticationforallFastEthernetportsonstack
unit 3:
B3(rw)-> set vlanauthorization disable fe.3.*
Syntax
set vlanauthorization egress {none | tagged | untagged} port-string
Parameters
none Noegressmanipulationwillbemade.
tagged Theauthenticatingportwillbeaddedtothecurrenttaggedegressforthe
VLANIDreturned.
untagged Theauthenticatingportwillbeaddedtothecurrentuntaggedegressfor
theVLANIDreturned(default).
portstring Theportorlistofports.towhichthiscommandwillapply.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntax
UsedintheCLIonpage 41.
Defaults
Bydefault,administrativeegressissettountagged.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoenabletheinsertionoftheRADIUSassignedVLANtoan802.1qtag
foralloutboundframesforports10through15onunitnumber3.
B3(rw)->set vlanauthorization egress tagged ge.3.10-15
clear vlanauthorization
Usethiscommandtoreturnport(s)tothedefaultconfigurationofVLANauthorizationdisabled,
egressuntagged.
Syntax
clear vlanauthorization [port-string]
Parameters
portstring (Optional)Specifieswhichportsaretoberestoredtodefault
configuration.Ifnoportstringisentered,theactionwillbeaglobal
setting.Foradetaileddescriptionofpossibleportstringvalues,referto
PortStringSyntaxUsedintheCLIonpage 41.
Defaults
Ifnoportstringisentered,allportsacrossthestackwillberesettodefaultconfigurationwith
VLANauthorizationdisabledandegressframesuntagged.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowhowtoclearVLANauthorizationforallportsonslots3,4,and5:
B3(rw)->clear vlanauthorization ge.3-5.*
show vlanauthorization
DisplaystheVLANauthenticationstatusandconfigurationinformationforthespecifiedports.
Syntax
show vlanauthorization [port-string]
Parameters
portstring (Optional)DisplaysVLANauthenticationstatusforthespecifiedports.If
noportstringisentered,thentheglobalstatusofthesettingisdisplayed.
Foradetaileddescriptionofpossibleportstringvalues,refertoPort
StringSyntaxUsedintheCLIonpage 41.
Defaults
Ifnoportstringisentered,thestatusforallportswillbedisplayed.
Mode
Switchcommand,readonly.
Example
ThiscommandshowshowtodisplayVLANauthorizationstatusforFastEthernetport1on
unit 1:
B3(rw)-> show vlanauthorization fe.1.1
Table 165providesanexplanationofcommandoutput.Fordetailsonenablingandassigning
protocolandegressattributes,refertosetvlanauthorizationonpage 1643andset
vlanauthorizationegressonpage 1643.
operational egress If authentication has succeeded, displays the VLAN id assigned for egress.
vlan id If authentication has succeeded, displays the assigned VLAN id for ingress.
Purpose
Toreview,disable,enable,andconfigureMAClocking.ThisfeaturelocksaMACaddresstoone
ormoreports,preventingconnectionofunauthorizeddevicesthroughtheport(s).Whensource
MACaddressesarereceivedonspecifiedports,theswitchdiscardsallsubsequentframesnot
containingtheconfiguredsourceaddresses.Theonlyframesforwardedonalockedportare
thosewiththelockedMACaddress(es)forthatport.
Whenproperlyconfigured,MAClockingisanexcellentsecuritytoolasitpreventsMACspoofing
onconfiguredports.AlsoifaMACweretobesecuredbysomethinglikeDragonDynamic
IntrusionDetection,MAClockingwouldmakeitmoredifficultforahackertosendpacketsinto
thenetworkbecausethehackerwouldhavetochangetheirMACaddressandmovetoanother
port.Inthemeantimethesystemadministratorwouldbereceivingamaclocktrapnotification.
Commands
ThecommandsneededtoconfigureMAClockingarelistedbelow:
show maclock
UsethiscommandtodisplaythestatusofMAClockingononeormoreports.
Syntax
show maclock [port-string]
Parameters
portstring (Optional)DisplaysMAClockingstatusforspecifiedport(s).Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 41.
Defaults
Ifportstringisnotspecified,MAClockingstatuswillbedisplayedforallports.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplayMAClockinginformationforge.1.1through5:
B3(su)->show maclock ge.1.1-5
Table 166providesanexplanationofthecommandoutput.
Port Number Port designation. For a detailed description of possible port-string values, refer to
Port String Syntax Used in the CLI on page 4-1.
Port Status Whether MAC locking is enabled or disabled on the port. MAC locking is globally
disabled by default. For details on enabling MAC locking on the switch and on one or
more ports, refer to set maclock enable on page 16-49 and set maclock on
page 16-50.
Trap Status Whether MAC lock trap messaging is enabled or disabled on the port. For details
on setting this status using the set maclock trap command, refer to set maclock
trap on page 16-55.
Max Static Allocated The maximum static MAC addresses allowed locked to the port. For details on
setting this value using the set maclock static command, refer to set maclock
static on page 16-52.
Max FirstArrival The maximum end station MAC addresses allowed locked to the port. For details on
Allocated setting this value using the set maclock firstarrival command, refer to set maclock
firstarrival on page 16-53.
Violating MAC Most recent MAC address(es) violating the maximum static and first arrival value(s)
Address set for the port.
Syntax
show maclock stations [firstarrival | static] [port-string]
Parameters
firstarrival (Optional)DisplaysMAClockinginformationaboutendstationsfirst
connectedtoMAClockedports.
static (Optional)DisplaysMAClockinginformationaboutstatic(management
defined)endstationsconnectedtoMAClockedports.
portstring (Optional)Displaysendstationinformationforspecifiedport(s).Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 41.
Defaults
Ifnoparametersarespecified,MAClockinginformationwillbedisplayedforallendstations.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplayMAClockinginformationfortheendstationsconnectedtoall
FastEthernetportsinunit2:
B3(su)->show maclock stations fe.2.*
Port Number MAC Address Status State
------------ ----------------- -------------- --------------
fe.2.3 00-10-a4-e5-08-4e active first learned
fe.2.3 08-00-20-7c-e0-db active first learned
fe.2.6 00-60-08-14-4b-15 active first learned
fe.2.6 08-00-20-20-32-4b active first learned
fe.2.9 08-00-20-77-aa-80 active first learned
fe.2.12 00-03-ba-08-4c-f0 active first learned
fe.2.14 00-01-f4-2c-ad-b4 active first learned
Table 167providesanexplanationofthecommandoutput.
Port Number Port designation. For a detailed description of possible port-string values, refer to
Port String Syntax Used in the CLI on page 4-1.
MAC address MAC address of the end station(s) locked to the port.
State Whether the end station locked to the port is a first learned, first arrival or static
connection.
Syntax
setmaclockenable[portstring]
Parameters
portstring (Optional)EnablesMAClockingonspecificport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 41.
Defaults
Ifportstringisnotspecified,MAClockingwillbeenabledonallports.
Mode
Switchcommand,readwrite.
Usage
WhenenabledandconfiguredforaspecificMACaddressandportstring,thislocksaportsothat
onlyoneendstationaddressisallowedtoparticipateinframerelay.
MAClockingisdisabledbydefaultatdevicestartup.ConfiguringoneormoreportsforMAC
lockingrequiresgloballyenablingitonthedeviceandthenenablingitonthedesiredports.
Example
ThisexampleshowshowtoenableMAClockingonfe.2.3:
B3(su)->set maclock enable fe.2.3
Syntax
setmaclockdisable[portstring]
Parameters
portstring (Optional)DisablesMAClockingonspecificport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 41.
Defaults
Ifportstringisnotspecified,MAClockingwillbedisabledonallports.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtodisableMAClockingonfe.2.3:
B3(su)->set maclock disable fe.2.3
set maclock
UsethiscommandtocreateastaticMACaddressandenableordisableMAClockingforthe
specifiedMACaddressandport.Whencreatedandenabled,thespecifiedMACaddressisthe
onlyMACthatwillbepermittedtocommunicateontheport.
Syntax
set maclock mac_address port-string {create | enable | disable}
Parameters
mac_address SpecifiestheMACaddressforwhichMAClockingwillbecreated,
enabledordisabled.
portstring Specifiestheportonwhichtocreate,enableordisableMAClockingfor
thespecifiedMAC.Foradetaileddescriptionofpossibleportstring
values,refertoPortStringSyntaxUsedintheCLIonpage 41.
create EstablishesaMAClockingassociationbetweenthespecifiedMAC
addressandport.CreateautomaticallyenablesMAClockingbetweenthe
specifiedMACaddressandport.
enable|disable EnablesordisablesMAClockingbetweenthespecifiedMACaddressand
port.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
ConfiguringoneormoreportsforMAClockingrequiresgloballyenablingitontheswitchfirst
usingthesetmaclockenablecommandasdescribedinsetmaclockenableonpage 1649.
Example
ThisexampleshowshowtocreateaMAClockingassociationbetweenMACaddress0e03efd8
4455andportge.3.2:
B3(rw)->set maclock 0e-03-ef-d8-44-55 ge.3.2 create
clear maclock
UsethiscommandtoremoveastaticMACaddressentry.
Syntax
clear maclock mac_address port-string
Parameters
mac_address SpecifiestheMACaddressthatwillberemovedfromthelistofstatic
MACsallowedtocommunicateontheport.
portstring SpecifiestheportonwhichtocleartheMACaddress.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 41.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
TheMACaddressthatisclearedwillnolongerbeabletocommunicateontheportunlessthefirst
arrivallimithasbeensettoavaluegreaterthan0andthislimithasnotyetbeenmet.
Forexample,ifuserBsMACisremovedfromthestaticMACaddresslistandthefirstarrival
limithasbeensetto0,thenuserBwillnotbeabletocommunicateontheport.IfuserAsMACis
removedfromthestaticMACaddresslistandthefirstarrivallimithasbeensetto10,butonlyhas
7entries,userAwillbecomethe8thentryandallowedtocommunicateontheport.
Example
ThisexampleshowshowtoremoveaMACfromthelistofstaticMACsallowedtocommunicate
onportge.3.2:
B3(rw)->clear maclock 0e-03-ef-d8-44-55 ge.3.2
Syntax
set maclock static port-string value
Parameters
portstring SpecifiestheportonwhichtosetthemaximumnumberofstaticMACs
allowed.Foradetaileddescriptionofpossibleportstringvalues,referto
PortStringSyntaxUsedintheCLIonpage 41.
value SpecifiesthemaximumnumberofstaticMACaddressesallowedper
port.Validvaluesare0to20.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtosetthemaximumnumberofallowablestaticMACsto2onge.3.1:
B3(rw)->set maclock static ge.3.1 2
Syntax
clear maclock static port-string
Parameters
portstring SpecifiestheportonwhichtoresetnumberofstaticMACaddresses
allowed.Foradetaileddescriptionofpossibleportstringvalues,referto
PortStringSyntaxUsedintheCLIonpage 41.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoresetthenumberofallowablestaticMACsonfe.2.3:
B3(rw)->clear maclock static fe.2.3
Syntax
set maclock firstarrival port-string value
Parameters
portstring SpecifiestheportonwhichtolimitMAClocking.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 41.
value SpecifiesthenumberoffirstarrivalendstationMACaddressestobe
allowedconnectionstotheport.Validvaluesare0to600.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
Themaclockfirstarrivalcountresetswhenthelinkgoesdown.Thisfeatureisbeneficialifyou
haveroamingusersthefirstarrivalcountwillbereseteverytimeausermovestoanotherport,
butwillstillprotectagainstconnectingmultipledevicesonasingleportandwillprotectagainst
MACaddressspoofing.
IfyouwishtohaveonlystaticallysetMACs,setaportsfirstarrivallimitto0.
Example
ThisexampleshowshowtorestrictMAClockingto6MACaddressesonfe.2.3:
B3(su)->set maclock firstarrival fe.2.3 6
Syntax
clear maclock firstarrival port-string
Parameters
portstring Specifiestheportonwhichtoresetthefirstarrivalvalue.Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 41.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoresetMACfirstarrivalsonfe.2.3:
B3(su)->clear maclock firstarrival fe.2.3
Syntax
set maclock move port-string
Parameters
portstring SpecifiestheportonwhichMACwillbemovedfromfirstarrivalMACs
tostaticentries.Foradetaileddescriptionofpossibleportstringvalues,
refertoPortStringSyntaxUsedintheCLIonpage 41.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
IftherearemorefirstarrivalMACsthantheallowedmaximumstaticMACs,thenonlythelatest
firstarrivalMACswillbemovedtostaticentries.Forexample,ifyousetthemaximumnumberof
staticMACsto2withthesetmaclockstaticcommand,andthenexecutedthesetmaclockmove
command,eventhoughtherewerefiveMACsinthefirstarrivaltable,onlythetwomostrecent
MACentrieswouldbemovedtostaticentries.
Example
ThisexampleshowshowtomoveallcurrentfirstarrivalMACstostaticentriesonportsge.3.140:
B3(rw)->set maclock move ge.3.1-40
Syntax
set maclock trap port-string {enable | disable}
Parameters
portstring SpecifiestheportonwhichMAClocktrapmessagingwillbeenabledor
disabled.Foradetaileddescriptionofpossibleportstringvalues,referto
PortStringSyntaxUsedintheCLIonpage 41.
enable|disable EnablesordisablesMAClocktrapmessaging.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
Whenenabled,thisfeatureauthorizestheswitchtosendanSNMPtrapmessageifanendstation
isconnectedthatexceedsthemaximumvaluesconfiguredusingthesetmaclockfirstarrivaland
setmaclockstaticcommands.ViolatingMACaddressesaredroppedfromthedevicesrouting
table.
Example
ThisexampleshowshowtoenableMAClocktrapmessagingonfe.2.3:
B3(su)->set maclock trap fe.2.3 enable
About PWA
PWAprovidesawayofauthenticatingusersbeforeallowinggeneralaccesstothenetwork.A
PWAusersaccesstothenetworkisrestricteduntilaftertheusersuccessfullylogsinviaaweb
browserusingtheEnterasysNetworkswebbasedsecurityinterface.TheSecureStackB3device
willvalidatealllogincredentialsfromtheuserwithaRADIUSserverbeforeallowingnetwork
access.
PWAisanalternativeto802.1XandMACauthentication.Itallowsonlytheessentialprotocols
andservicesrequiredbytheauthenticationprocessbetweentheendstationandthenetwork.All
othertrafficisdiscarded.Whenauserisintheunauthenticatedstate,anyusertrafficrequesting
networkresourceswillnotbeallowed.
TologonusingPWA,theusermakesarequestviaawebbrowserforthePWAwebpageoris
automaticallyredirectedtothisloginpageafterrequestingaURLinabrowser.
Dependingupontheauthenticatedstateoftheuser,aloginpageoralogoutpagewilldisplay.
Whenausersubmitsusernameandpassword,theswitchthenauthenticatestheuserviaa
preconfiguredRADIUSserver.Iftheloginissuccessful,thentheuserwillbegrantedfullnetwork
accessaccordingtotheuserspolicyconfigurationontheswitch.
Note: One user per PWA-configured port can be authenticated on SecureStack B3 devices. Only
one method of authentication can be deployed per port.
Purpose
Toreview,enable,disable,andconfigurePortWebAuthentication(PWA).
Commands
ThecommandsneededtoreviewandconfigurePWAarelistedbelow:
show pwa
Usethiscommandtodisplayportwebauthenticationinformationforoneormoreports.
Syntax
show pwa [port-string]
Parameters
portstring (Optional)DisplaysPWAinformationforspecificport(s).
Defaults
Ifportstringisnotspecified,PWAinformationwillbedisplayedforallports.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplayPWAinformationforge.2.1:
B3(su)->show pwa ge.2.1
PWA Status - enabled
PWA IP Address - 192.168.62.99
PWA Protocol - PAP
PWA Enhanced Mode - N/A
PWA Logo - enabled
PWA Guest Networking Status - disabled
PWA Guest Name - guest
PWA Redirect Time - N/A
Table 168providesanexplanationofthecommandoutput.
PWA Status Whether or not port web authentication is enabled or disabled. Default state of
disabled can be changed using the set pwa command as described in set pwa on
page 16-59.
PWA IP Address IP address of the end station from which PWA will prevent network access until the
user is authenticated. Set using the set pwa ipaddress command as described in
set pwa ipaddress on page 16-61.
PWA Protocol Whether PWA protocol is CHAP or PAP. Default setting of PAP can be changed
using the set pwa protocol command as described in set pwa protocol on
page 16-62.
PWA Enhanced Whether PWA enhanced mode is enabled or disabled. Default state of disabled can
Mode be changed using the set pwa enhancedmode command as described in set pwa
enhancedmode on page 16-67.
PWA Logo Whether the Enterasys Networks logo will be displayed or hidden at user login.
Default state of enabled (displayed) can be changed using the set pwa displaylogo
command as described in set pwa displaylogo on page 16-61.
PWA Guest Whether PWA guest user status is disabled or enabled with RADIUS or no
Networking Status authentication. Default state of disabled can be changed using the set pwa
gueststatus command as described in set pwa gueststatus on page 16-64.
PWA Guest Name Guest user name for PWA enhanced mode networking. Default value of guest can
be changed using the set pwa guestname command as described in set pwa
guestname on page 16-62.
PWA Guest Guest users password. Default value of an empty string can be changed using the
Password set pwa guestpassword command as described in set pwa guestpassword on
page 16-63.
PWA Redirect Time Time in seconds after login success before the user is redirected to the PWA home
page.
Auth Status Whether or not the port state is disconnected, authenticating, authenticated, or held
(authentication has failed).
Quiet Period Amount of time a port will be in the held state after a user unsuccessfully attempts to
log on to the network. Default value of 60 can be changed using the set pwa
quietperiod command as described in set pwa quietperiod on page 16-65.
MaxReq Maximum number of log on attempts allowed before transitioning the port to a held
state. Default value of 2 can be changed using the set pwa maxrequests command
as described in set pwa maxrequest on page 16-65.
set pwa
Usethiscommandtoenableordisableportwebauthentication.
Syntax
set pwa {enable | disable}
Parameters
enable|disable Enablesordisablesportwebauthentication.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoenableportwebauthentication:
B3(su)->set pwa enable
Syntax
show pwa banner
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplaythePWAloginbanner:
B3(su)->show pwa banner
Welcome to Enterasys Networks
Syntax
set pwa banner string
Parameters
string SpecifiesthePWAloginbanner.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtosetthePWAloginbannertoWelcometoEnterasysNetworks:
B3(su)->set pwa banner Welcome to Enterasys Networks
Syntax
clear pwa banner
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoresetthePWAloginbannertoablankstring
B3(su)->clear pwa banner
Syntax
set pwa displaylogo {display | hide}
Parameters
display|hide DisplaysorhidestheEnterasysNetworkslogowhenthePWAwebsite
displays.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtohidetheEnterasysNetworkslogo:
B3(su)->set pwa displaylogo hide
Syntax
set pwa ipaddress ip-address
Parameters
ipaddress SpecifiesagloballyuniqueIPaddress.Thissamevaluemustbe
configuredintoeveryauthenticatingswitchinthedomain.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtosetaPWAIPaddressof1.2.3.4:
B3(su)->set pwa ipaddress 1.2.3.4
Syntax
set pwa protocol {chap | pap}
Parameters
chap|pap SetsthePWAprotocolto:
CHAP(PPPChallengeHandshakeProtocol)encryptstheusername
andpasswordbetweentheendstationandtheswitchport.
PAP(PasswordAuthenticationProtocoldoesnotprovideany
encryptionbetweentheendstationtheswitchport.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtosetathePWAprotocoltoCHAP:
B3(su)->set pwa protocol chap
Syntax
set pwa guestname name
Parameters
name Specifiesaguestusername.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtosetthePWAguestusernametoguestuser:
B3(su)->set pwa guestname guestuser
Syntax
clear pwa guestname
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoclearthePWAguestusername
B3(su)->clear pwa guestname
Syntax
set pwa guestpassword
Parameters
None.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
PWAwillusethispasswordandtheguestusernametograntnetworkaccesstoguestswithout
establishedloginnamesandpasswords.
Example
ThisexampleshowshowtosetthePWAguestuserpasswordname:
B3(su)->set pwa guestpasword
Guest Password: *********
Retype Guest Password: *********
Syntax
set pwa gueststatus {authnone | authradius | disable}
Parameters
authnone Enablesguestnetworkingwithnoauthenticationmethod.
authradius EnablesguestnetworkingwithRADIUSauthentication.Uponsuccessful
authenticationfromRADIUS,PWAwillapplythepolicyreturnedfrom
RADIUStothePWAport.
disable Disablesguestnetworking.
Defaults
None.
Mode
Switchcommand,readwrite.
Usage
PWAwilluseaguestpasswordandguestusernametograntnetworkaccesswithdefaultpolicy
privilegestouserswithoutestablishedloginnamesandpasswords.
Example
ThisexampleshowshowtoenablePWAguestnetworkingwithRADIUSauthentication:
B3(su)->set pwa guestnetworking authradius
Syntax
set pwa initialize [port-string]
Parameters
portstring (Optional)Initializesspecificport(s).Foradetaileddescriptionofpossible
portstringvalues,refertoPortStringSyntaxUsedintheCLIon
page 41.
Defaults
Ifportstringisnotspecified,allportswillbeinitialized.
Mode
Switchcommand,readwrite.
Example
Thisexampleshowshowtoinitializeportsfe.1.57:
B3(su)->set pwa initialize fe.1.5-7
Syntax
set pwa quietperiod time [port-string]
Parameters
time Specifiesquiettimeinseconds.
portstring (Optional)Setsthequietperiodforspecificport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 41.
Defaults
Ifportstringisnotspecified,quietperiodwillbesetforallports.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtosetthePWAquietperiodto30secondsforportsfe.1.57:
B3(su)->set pwa quietperiod 30 fe.1.5-7
Syntax
set pwa maxrequests requests [port-string]
Parameters
maxrequests Specifiesthemaximumnumberoflogonattempts.
portstring (Optional)Setsthemaximumrequestsforspecificport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 41.
Defaults
Ifportstringisnotspecified,maximumrequestswillbesetforallports.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtosetthePWAmaximumrequeststo3forallports:
B3(su)->set pwa maxrequests 3
Syntax
set pwa portcontrol {enable | disable} [port-string]
Parameters
enable|disable EnableordissablePWAonspecifiedports.
portstring (Optional)Setsthecontrolmodeonspecificport(s).Foradetailed
descriptionofpossibleportstringvalues,refertoPortStringSyntaxUsed
intheCLIonpage 41.
Defaults
Ifportstringisnotspecified,PWAwillenabledonallports.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoenablePWAonports122:
B3(su)->set pwa portcontrol enable ge.1.1-22
Syntax
show pwa session [port-string]
Parameters
portstring (Optional)DisplaysPWAsessioninformationforspecificport(s).Fora
detaileddescriptionofpossibleportstringvalues,refertoPortString
SyntaxUsedintheCLIonpage 41.
Defaults
Ifportstringisnotspecified,sessioninformationforallportswillbedisplayed.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplayPWAsessioninformation:
B3(su)->show pwa session
Port MAC IP User Duration Status
-------- ----------------- --------------- ------------- ------------ ---------
ge.2.19 00-c0-4f-20-05-4b 172.50.15.121 pwachap10 0,14:46:55 active
ge.2.19 00-c0-4f-24-51-70 172.50.15.120 pwachap1 0,15:43:30 active
ge.2.19 00-00-f8-78-9c-a7 172.50.15.61 pwachap11 0,14:47:58 active
Syntax
set pwa enhancedmode {enable | disable}
Parameters
enable|disable EnableordisablePWAenhancedmode.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoenablePWAenhancedmode:
B3(su)->set pwa enhancedmode enable
Purpose
Toreview,enable,disable,andconfiguretheSecureShell(SSH)protocol,whichprovidessecure
Telnet.
Commands
ThecommandsusedtoreviewandconfigureSSHarelistedbelow:
Syntax
show ssh status
Parameters
None.
Defaults
None.
Mode
Switchcommand,readonly.
Example
ThisexampleshowshowtodisplaySSHstatusontheswitch:
B3(su)->show ssh status
SSH Server status: Disabled
set ssh
Usethiscommandtoenable,disableorreinitializeSSHserverontheswitch.Bydefault,theSSH
serverisdisabled.
Syntax
set ssh {enable | disable | reinitialize}
Parameters
enable|disable EnablesordisablesSSH,orreinitializestheSSHserver.
reinitialize ReinitializestheSSHserver.
Defaults
None.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtodisableSSH:
B3(su)->set ssh disable
Syntax
set ssh hostkey [reinitialize]
Parameters
reinitialize (Optional)Reinitializestheserverhostauthenticationkeys.
Defaults
Ifreinitializeisnotspecified,theusermustsupplySSHauthenticationkeyvalues.
Mode
Switchcommand,readwrite.
Example
ThisexampleshowshowtoregenerateSSHkeys:
B3(su)->set ssh hostkey reinitialize
Index-1
Ping 12-14 Security VLANs
Policy Management methods, overview of 16-1 assigning ingress filtering 7-11
assigning ports 9-15 Serial Port assigning port VLAN IDs 7-8
classifying to a VLAN or Class of downloading upgrades via 3-38 authentication 16-42, 16-45
Service 9-7, 9-12 show system utilization cpu 3-14 classifying to 9-7, 9-12
dynamic assignment of profiles 16-2 SNMP creating static 7-5
profiles 9-2, 9-17 access rights 5-16 dynamic egress 7-19
Port Mirroring 4-34 accessing in router mode 5-3 egress lists 7-14, 16-43
Port Priority enabling on the switch 5-18 enabling GVRP 7-23
configuring 10-2 MIB views 5-20 forbidden ports 7-15
Port String notification parameters 5-33 host, setting 7-20
syntax used in the CLI 4-1 notify filters 5-33 ingress filtering 7-8
Port Trunking 4-40 security models and levels 5-2 naming 7-6
Port web authentication statistics 5-4 RADIUS 16-42
configuring 16-56 target addresses 5-29 secure management, creating 7-1
Port(s) target parameters 5-25
alias 4-9 trap configuration example 5-43 W
assignment scheme 4-1 users, groups and communities 5-8 WebView 1-2, 3-71
auto-negotiation and advertised SNTP 12-27 WebView SSL 3-73
ability 4-15 Spanning Tree 6-1
broadcast suppression 4-31 backup root 6-22, 6-23
counters, reviewing statistics 4-5 bridge parameters 6-3
duplex mode, setting 4-10 features 6-2
flow control 4-19 port parameters 6-34
link flap Rapid Spanning Tree Protocol
about 4-21 (RSTP) 6-1
configuration defaults 4-24 SSL WebView 3-73
configuring 4-23 stacks
link traps, configuring 4-21 installing units 2-2
MAC lock 16-49 operation 2-1
priority, configuring 10-2 virtual switch configuration 2-4
speed, setting 4-10 Syslog 12-1
status, reviewing 4-3 System Information
Power over Ethernet (PoE), displaying basic 3-12
configuring 3-34 setting basic 3-9
Priority to Transmit Queue
Mapping 10-5 T
Prompt Technical Support xxvi
set 3-19 Telnet
PWA 16-56 disconnecting 12-15
enabling in switch mode 3-44
R Terminal Settings 3-25
RADIUS 16-4 TFTP
realm 16-6 downloading firmware upgrades
RADIUS Filter-ID 16-2 via 3-38
attribute formats 16-3 Timeout
RADIUS server 16-6, 16-10 CLI, system 3-26
Rapid Spanning Tree Protocol RADIUS 16-6
(RSTP) 6-1 Trap
remote port mirroring SNMP configuration example 5-43
about 4-34 Tunnel Attributes
configuring 4-38 RFC 3580 RADIUS attributes 16-42
Reset 3-69
RFC 3580 16-42 U
User Accounts
S default 1-6
Scrolling Screens 1-8 setting 3-2
Secure Shell (SSH) 16-68
enabling 16-69 V
regenerating new keys 16-69 Version Information 3-21
virtual switch, configuring 2-4
Index-2