help 1. General Switch Commands 1.1. show switch Displays the current switch information. Information includes: * sysName, sysLocation, sysContact * MAC address * current date-time and system uptime * operating environment (temperature, fan and power supply status) * Power supply and fan status. * Software Image information (primary/secondary image date/time, version) * NV Configuration information (primary/secondary configuration data/time, size, version) * Any scheduled reboot information * PACE Configuration Information * Software licensing information (some platforms) * MSM information [chassis only] 1.2. Show slot {SLOT} Chassis ONLY Display slot specific information. If the SLOT number is not provided, then all the SLOT will be displayed. Information includes: * Card type, serial number, part number. * Current state (e.g. power down, diagnostics, operational, etc.) * Port information (e.g. GBIC type, etc.) Press to continue or to quit: * Internal 1.3. Config slot SLOT module { F32T | G4X | G6X | F32F } Chassis ONLY Assign a module to a specific slot in the system. The following conditions can happen: * Current slot does not have any module inserted: * Pre-configure a module type of a slot so that user can start configuring the module before the actual hardware is inserted. * Current module in the slot belongs to the same module type: * No effect. * Current module in the slot is different than the module type that user just assigned: * Current configuration for the module is erased, then card will be restarted. The user specified module type will be recorded. Since the user specified module type is different then the actual module type, a warning message will be logged into the SYSLOG (trap will be sent also); the module will not be operational until the conflict is resolved. 1.4. Unconfig slot SLOT 1.5. Clear slot SLOT Chassis ONLY Press to continue or to quit: Clear the previously assigned module type of a slot in the system. All the configuration information related to the slot will be erased. If a module is present when the command is executed, it will be reset to default configuration. 1.6. show version Display the current operating version: * current running version of the software image * system, motherboard and daughterboard part numebrs * system, motherboard and daughterboard serial numbers * version number of MSM and I/O modules also. 1.7. show memory Displays the current system system memory informations: * DRAM installed in the system. (e.g. 16M, 32M, etc.) * malloc and heap information * Mbuf information 1.8. reboot {DATE TIME | cancel } Reboot the switch at the time specified. If no argument is specified, then the switch will be restart after the command. The CLI will display "Are you SURE (Y/N)?" confirmation message. New reboot command override previous command. The "cancel" option can be specified to cancel a previously scheduled reboot. Press to continue or to quit: 1.9. config time DATE TIME Change the current local time to the new time given by the user. The DATE and TIME arguments are given in local time, not GMT time. Note that time will be saved to the real-time clock right away, no save config command is needed. 1.10. Config timezone GMT_OFFSET { autodst | noautodst } Configure the time zone information by changing the offset from the GMT time. The GMT_OFFSET is in +/- minutes from the GMT time. Automatic daylight saving time (DST) changes can be enable or disable by the user. Default is enabled. 1.11. config banner The user is allowed to enter up to 24 rows of 80 column text (1920 bytes) that will be displayed before the login prompt of each session. A RETURN at the beginning of a line terminates the command and applies the banner. Just press RETURN at the beginning of the first line to clear and disable the banner. 1.12. Show banner Displays the banner configured by the user. 1.13. unconfig switch {all} This command performs the following: Press to continue or to quit: * Warn and prompt the user for confirmation * Default the configuration information. Only the currently selected configuration partition is affected! * reboot the switch The following items are not affected by this command: * software licensing information * date/time information If the ALL argument is not specified, then the switch will use default configuration except user accounts and passwords are preserved. If the ALL argument is specified, then all parameters (including the user account) will be default. 1.14. ping {continuous} { size NUMBER} { IPADDRESS | HOSTNAME } Generate ICMP Echo request to an IP host. If no optional arguments are specified, then four ICMP echo request of size 64 bytes is generated. The "continuous" option can be interrupted by pressing any key. The DNS configuration must be set up before HOSTNAME can be used. 1.15. traceroute IPADDRESS Trace the IP route toward a destination IP host. Each router along the way is displayed. Press to continue or to quit: 1.16. telnet [ IPADDRESS | HOSTNAME ] {PORT_NUMBER} Telnet from the current CLI session to another host. Only VT100 emulation is supported. If the TCP PORT_NUMBR is not specified, then the client will default to 23. 1.17. Clear counters Clears all statistical counters in the switch and ports. This include port packet statistics, bridging statistics (e.g. STP counters) and IP statistics (e.g. interface counters, ICMP counters and protocol counters). 1.18. enable license [Basic_L3 | Full_L3] LICENSE_KEY Switch platform dependent Enable a particular software feature license. LICENSE_KEY is an integer. Both site license and individual switch license is supported. Note that "unconfig switch all" does not clear out licensing information. The feature cannot be turned off once the license is enabled on the switch. 1.19. show diag { SLOT | msm-a | msm-b } Display software diagnostic result. Optional arguments are for chassis switches only. 1.20. Run diag [ normal | extended ] [ SLOT | msm-a | msm-b ] Press to continue or to quit: [Chassis only.] Run either the normal or extended diagnostics on a slot or one of the management blades. The I/O blade will be taken off line to perform the diagnostic test. The system will attempt to bring the I/O blade online again once the diagnostic test is finished. If the master MSM is specified, then a message will be displayed to inform the user that the diagnostic will be performed when the system reboots. 1.21. Help Display a very verbose help message. 1.22. History Display a history of commands entered by the user. 2. Configuration/Image Commands 2.1. save {configuration} {primary|secondary} Saves the current configuration of the switch to NVRAM. User may specify which configuration area to be used. Primary configuration area is the default. 2.2. use configuration [primary|secondary ] Configure the switch to use the primary or secondary configuration when the Press to continue or to quit: switch reboots. 2.3. use image [primary|secondary] Configure the switch to use either the primary or secondary images in NVRAM when the switch comes up after the next reboot. 2.4. download image [xmodem | [ IPADDRESS | HOSTNAME ] FILENAME] {PRIMARY | SECONDARY} [Chassis only] Begin to download a switch image using TFTP over the network or xmodem over the serial port (i.e console port). If no optional parameter is specified, then the image is saved in the current image partition specified in the "use image" command. Note that xmodem download will temporary take over the console port. (until the download is completed or timeout). Also note that xmodem is not supported over telnet session. 2.5. Download bootrom [ IPADDRESS | HOSTNAME ] FILENAME Download a BOOT ROM image from a TFTP server. The downloaded image is used to replace the BOOT ROM in the onboard FLASH device. 2.6. upload configuration [ IPADDRESS | HOSTNAME ] FILENAME { every TIME | cancel } Put the current runtime configuration in CLI format to a TFTP server. If the Press to continue or to quit: every TIME option is specified, then the switch saves the configuration to the server once per day at the specified time automatically. Automatic upload is cancelled using the "cancel" option. If not option is specified, then the current configuration is upload to the TFTP server immediately. 2.7. download configuration [ IPADDRESS | HOSTNAME ] FILENAME Download an ASCII configuration (in CLI format) to the switch from a TFTP server. The switch can use the imported configuration after the next reboot. 2.8. show configuration Display the current switch configuration in CLI format to the screen. A user can capture the output and store it as a file or send it to customer supports. This is the same configuration information (and format) as the "upload config" command. 2.9. Synchronize [Chassis only] Synchronize the configuration and image from the master MSM to the secondary MSM. The original information in the secondary MSM will be erased. The following information will be copied across: * Primary and secondary image * Primary and secondary configuration Press to continue or to quit: * Bits indicating the next reboot image and next reboot configuration Note that the runtime configuration will not be copied since it is not saved into the FLASH yet. Use the "save configuration" command to save the runtime information. 3. Syslog Commands 3.1. show log config Display the syslog configuration. Information includes: * Remote syslog server address * Remote log facility levels * Local log facilty levels 3.2. show log {PRIORITY} {SUBSYSTEM} Display the log messages. The messages are displayed in reverse order (most recent messages first) and pause between screens (24 lines). The messages will be filtered if priority and sub-system are specified. If priority is not specified, LOG_ERROR is assumed. If sub-system is not specified, then all the sub-systems will be reported. 3.3. clear log {static} Press to continue or to quit: Empty the system log database. The first entry in the database is a message indicated that the database is clear by user. Note that some critical/important messages are being stored in the non-volatile memory and is not being clear by this command unless the "static" option is used. This command will also clear the ERR LED on the Chassis MSM modules. 3.4. config log display {PRIORITY} Log messages can be display on the user's terminal (or telnet session) in real-time. This command changes the filtering capability when the log messages are displayed. Only messages at or above the specified priority level are displayed. Need to explicitly perform the "enable log display" command to turn on real-time reporting. If the command is executed on the console shell, then it will not be reset automatically even when the user logout of the console. The priority levels may change in time, but the current available priorities are: * CRITICAL * EMERGENCY * ERROR * ALERT * WARNING * NOTICE * INFO Press to continue or to quit: * DEBUG 3.5. config syslog IPADDRESS FACILITY {PRIORITY} Change the syslog server's IPADDRESS. Only one syslog server is supported. FACILITY is "local0"-"local7". The PRIORITY option specifies filtering of the log messages before sending to the remote syslog server. Need to explicitly perform the "enable log remote" command to turn on remote loggin. 3.6. enable/disable log display Enable or disable real-time logging to the shell. Default is disable for telnet users. Default is what the previous user setting for the console user. 3.7. enable/disable syslog To enable or disable logging to the remote syslog daemon. Default is disable. 4. Management/NMS/SNMP Commands 4.1. show management Display network management related configuration ans statistic information. Includes: * Enable/Disable states for telnet/SNMP/WEB Press to continue or to quit: * RMON Polling configuration * SNMP community strings * Authorized SNMP station list * SNMP Trap receiver list (IP address and community string and UDP port number) * Login statistics (# success, # failed, # timeout, etc.) 4.2. show session Display the current console/telnet/SNMP/WEB sessions. Each session includes the following Information: * Session number * Session type [Shell/SNMP/WEB] * User name * User location [Console / IPADDRESS] * Login time 4.3. clear session [NUMBER] Close a user session. 4.4. Logout | Quit Logs out the session of a current user for CLI or Telnet. Telnet will close the TCP Telnet session. Press to continue or to quit: 4.5. Enable/disable idletimeout When a TELNET or CONSOLE connection is idle for a long period of time (20 minutes) the switch can optionally logout the user. Default is disable. 4.6. enable telnet 4.7. disable telnet Enable or disable telnet sessions to/from the switch. All active telnet sessions will be closed when the disable command is executed. This command affect both inbound and outbound telnet sessions. Default is enable. 4.8. enable web 4.9. disable web Enable or disable WEB access to the switch. Default is enable. The user needs to reboot the switch before the change takes effect. The switch software will generate a warning message to the user and inform the user that he needs to reboot the switch. 4.10. Enable rmon 4.11. Disable rmon Enable or disable RMON polling. Default is disabled . Press to continue or to quit: 4.12. enable snmp access 4.13. disable snmp access Enable or disable SNMP access to the switch. Note that SNMP configuration (e.g. community strings) are not changed by the "disable snmp access" command. Default is enable. This command is not related to the "enable/disable snmp trap" command. 4.14. enable snmp traps 4.15. disable snmp traps Enable or disable SNMP trap generation from the switch. This command does not clear the SNMP trap receivers configured by the user. 4.16. config snmp add IPADDRESS {MASK} 4.17. config snmp delete [IPADDRESS {MASK} | all] Add or remove SNMP management station(s) to the access list. If no mask is specified when adding a new manager, then it is treated as a host address. Up to 32 IPADDRESS-MASK combinations can be added. If all is specified in the delete command, then all the configured IP addresses are removed and the switch can be managed by SNMP from any station. In the delete command, the IPADDRESS and MASK must both match an existing entry in the list. If MASK is not specified, a mask of 255.255.255.255 is assumed. Press to continue or to quit: 4.18. config snmp add trapreceiver IPADDRESS community STRING 4.19. config snmp delete trapreceiver [IPADDRESS community STRING | all] Each trap receiver contains a IP address and a community string. The IPADDRESS may be unicast, multicast or broadcast address. The first command adds a trap receiver to the trap receiver list. Both the IP address and the community string need to be specified. Multiple community strings can be defined for the same IP address. The second command removes one or all trap receivers. If a user want to change the community string for a trap receiver, the user needs to first remove the entry and then add it back with a different community string. Up to 6 trap receivers can be specified. The second command removed a trap receiver to the trap receiver list. If all is specified, then all the receivers wil be removed. 4.20. config snmp community [readonly | readwrite] STRING Change the community string for SNMP access. The default community string is "public" for read access and "private" for read-write access. STRING may be enclosed by double quote characters. Max 127 characters. 4.21. config snmp syscontact STRING Specifies the system contact STRING Press to continue or to quit: 4.22. config snmp sysname STRING Specifies the system name STRING.. 4.23. config snmp syslocation STRING Specifies the system location STRING. Default is blank. Max 255 characters. 4.24. unconfig management Reset all the management related parameters (defined in this section of CLI) to the factory default value. (e.g. reset SNMP community string, clear secured SNMP IP address list, delete all trap receivers, etc.) 4.25. Enable/disable clipaging CLI is designed for use in a VT100 enviornment. Most "show" command will pause when the display reaches the end of a page. This command is used to disable or enable pausing at the end of each screen so that user can use a scripting language to obtain the switch status. By default paging is enabled. 4.26. Enable/disable cli-config-logging Enable or disable logging CLI configuration commands to the syslog for auditing purpose. Press to continue or to quit: 5. User Account Commands 5.1. show accounts This cammand is available only to "admin" level users. Display the user account information for all the users. Includes: * User name * Access level * Number of successful/failed login attempts * Number of active sessions 5.2. create account [admin | user] USERNAME {encrypted} {PASSWORD} This command is available only to "admin" level users. Create an user account with USERNAME and access level of "admin" or "user". Note that USERNAME size must be between 1-32 characters and PASSWORD size must be between 0-16 characters. If no password is given, then CLI prompts the user twice to enter the password. No confirmation is asked if password is entered as an argument. User should not use the encrypted option. It is only used by the switch when generating the ASCII configuration (i.e. using the upload configuration command) and parsing a switch generated configuration (i.e. download configuration command). Press to continue or to quit: 5.3. delete account USERNAME This command is available only to "admin" level users. Remove a user from the user database. The command will fail if the user attempts to remove the last "admin" level user. 5.4. config account USERNAME {encrypted} {PASSWORD} Change the password for the user. "Admin" level user can change the password for any user but "user" level user can only change his own password. If no password is given, then CLI prompts the user twice to enter the password. No confirmation is asked if password is entered as an argument. 5.5. Enable/disable radius Enable or disable radius client functionality. When enabled, all WEB and CLI logins will be sent to one of the two RADIUS servers for login name authentication. 5.6. Config radius [ primary | secondary ] server [ IPADDRESS | HOSTNAME ] {UDP_PORT} client-ip [ IPADDRESS ] Configure the information of one of the two possible RADIUS servers. The following are the parameters: * Primary or secondary: Specify either primary or secondary RADIUS server configuration. An address of 0.0.0.0 will remove the configuration of this Press to continue or to quit: server. * Server IPADDRESS or HOSTNAME: Tell the switch where the server is! If HOSTNAME is used, DNS client must be configured. * UDP_PORT: An optional UDP port to contact the server. * Client IPADDRESS: The IP address that the switch is used to identify itself when communicating with the server. 5.7. Config radius [ primary | secondary ] shared-secret [ STRING ] Configure the shared secret STRING to communicate with the RADIUS server. 5.8. Show radius Display the current RADIUS client configuration and statistics. 6. Port Commands General information for the show port statistics commands ... * Display is updated every X seconds * Press ENTER to terminate the command * Press "D" to display ports in the next range * Press "U" to display ports in the previous range 6.1. Show ports {PORTLIST} info This command does not automatically refresh the screen. It display detail Press to continue or to quit: system related information (some information may overlap with other display commands): * Port state (enable/disable) * Link state (ready/active) * Auto negotiation status * Link speed * Duplex mode * PCS state * Load sharing information * EDP status * GARP status * TRAP state * VLAN information (together with TAG-ID, protocol filtering, GARP state) * QoS Profile information * QoS status information * Bridge learning configuration 6.2. show ports {PORTLIST} configuration Display the port configuration including QoS parameters. The following information is displayed: * port state (enable/disable) * link state (ready/active) Press to continue or to quit: * auto negotiation on/off * link speed * duplex mode * flow control * load-sharing * link media information 6.3. show ports {PORTLIST} stats Display the real-time port statistics. 6.4. Show ports {PORTLIST} txerrors Display the detail transmit error statistics on the switch. 6.5. Show ports {PORTLIST} rxerrors Display the detail receive error statistics on the switch. 6.6. show ports {PORTLIST} collisions Display the real-time collision statistics. 6.7. show ports {PORTLIST} packet Display the real-time histogram of packet statistics. Press to continue or to quit: 6.8. Show ports {PORTLIST} utilization Display the real-time port utilization information. The utilization information is collected over X seconds. SPACE bar can be used to toggle between packet, bytes and bandwidth utilization information. 6.9. Config ports PORTLIST auto on Enables auto-negotiation for that particular port type. 802.3u for 10/100 or 802.3z for Gigabit. 6.10. config ports PORTLIST auto off {speed [10 | 100]} duplex [half | full] Change the configuration of a group of ports. The user can specify auto-negotiation or not. If auto-negotiation is used, then both the port speed and duplex is negotiated. Otherwise, the user needs to specify those parameters. 6.11. config ports PORTLIST qosprofile QOSPROFILE Change the QOS setting for ingress ports based QOS configuration. 6.12. Config ports PORTLIST display-string STRING 6.13. Unconfig ports PORTLIST display-string STRING Associated an user defined string (up to 16 characters) with a port. The information will be displayed in some of the show commands (for example, show Press to continue or to quit: port all info). 6.14. enable ports PORTLIST 6.15. disable ports PORTLIST Enable or disable port. Note that the link is always enabled for diagnostic purpose. 6.16. restart ports PORTLIST Renegotiate auto-negotiation for ports in port list. 6.17. Enable/disable smartredundancy [PORTLIST] Enabled or disable the smartredundancy feature on switches with redundant Gigabit port. Default is enabled. When the smart redundancy feature is enabled, the switch will always use the primary link when the primary link is available. If the feature is disabled, the switch will change the active link only when the current active link becomes inoperable. 6.18. enable sharing PORT grouping PORTLIST 6.19. disable sharing PORT Define a load-sharing group of ports. The ports specified in PORTLIST are group to the logical (and physical) port PORT. For example, enable sharing 9 grouping 9-12 creates a logical port 9 that represents port 9, 10, 11 and 12. All Press to continue or to quit: physical port commands still address the actual physical port but all other command uses logical port representation. Note that the VLAN-port binding information is removed for all the slave ports and the master port VLAN configuration is applied to all the slave ports. 6.20. Enable mirroring to PORT 6.21. Disable mirroring Dedicate a port on the switch to be the mirror output port. 6.22. config mirroring add [mac MACADDR | vlan VLAN | port PORT | vlan VLAN port PORT] 6.23. config mirroring delete [mac MACADDR | vlan VLAN | port PORT | vlan VLAN port PORT | all] Add mirroring filter definition one-at-a-time to the filter list. Up to 8 mirroring definitions can be added. The user can specific any combination of the following mirror filters: * MAC address: Any packet contains the MAC address in the DA or SA fields. * VLAN: All traffic appears on the specific VLAN. * PORT: All traffic appears on the specified port. * Virtual port (VLAN-PORT): All traffic appears on the specific virtual port. 6.24. show mirroring Press to continue or to quit: Display the current packet-mirroring information. Including: * Output port information * Per-filter information 6.25. Enable/disable edp ports PORTLIST Enable or disable the generation and processing of EDP on certain ports. EDP is used to discovery neighboring switches for management purpose. Default is enabled. 6.26. Show edp Display information gathered by EDP. 6.27. Enable/disable learning ports PORTLIST * Enable or disable MAC address learning on certain ports for security purpose. Default is enabled. 6.28. Show ports PORTLIST qosmonitor Display the roving QoS monitor result. 6.29. Restart ports PORTLIST Restart the physical port by first bringing the physical link down. Once the link is brought down, it is allowed to perform auto-negotiate to the new speed. Press to continue or to quit: 7. PACE/802.1p/802.1Q Commands 7.1. enable pace 7.2. disable pace Enable or disable PACE recognition. A PACE packet will be changed to 802.1Q pri_value=4 7.3. config dot1q ethertype ETHERTYPE Change the IEEE 802.1Q ETHERTYPE to a new value. The default is 0x8100. Example, config dot1q ethertype 0x8888. 7.4. enable gvrp 7.5. disable gvrp Global control over 802.1Q Generic VLAN Registration Protocol on the device - when enabled allows other devices to signal their desire to receive packets for different VLANs on the port on which GVRP messages are received. Also enables this device to signal to others which VLANs it would like to receive packets for. Default is disabled. 7.6. config gvrp [ listen | send | both | none ] port PORTLIST Per-port control over sending and receiving of GVRP information. Press to continue or to quit: * Listen: Enable the switch to receive GVRP PDUs, but not transmit * Send: Enable the switch to transmit GVRP PDUs, but not receive * Both: Enable the switch to transmit and receive GVRP PDUs * None: Disable the port from participating in GVRP operation (no PDUs will be send or received). The default mode is "both". 7.7. show gvrp Display current configuration and status of GVRP. For each port, this shows a snapshot of GVRP frame statistics/errors, state of all VLAN registrations and the last GVRP neighbor heard from. 8. QoS Commands 8.1. show qosprofile {QOSPROFILE } Default is all. Display QOS profile information. All the QOSPROFILE are shown if no optional arguments are provided. Information included: * QOSPROFILE name * Min bandwidth * Max bandwith Press to continue or to quit: * Relative priority * The GROUPINGS (VLANs, ports, MAC addresses) to which this qosprofile is applied 8.2. config qosmode [ingress | egress] Changing the switch QOS mode to ingress mode or egress mode. The software warns the user that changing the QOS mode needs to reboot the switch and ask if the user still wants to proceed. 8.3. create qosprofile QOSPROFILE 8.4. delete qosprofile QOSPROFILE Create or remove a qosprofile. A newly created qosprofile has the following defaults: * minbw = 0% * maxbw = 100% * priority = normal When a qosprofile is removed, then all the entries previously associated with the qosprofile are changed to use the QP2 qosprofile. 8.5. config qosprofile QOSPROFILE {minbw PCNT} {maxbw PCNT} {priority LEVEL} Modify the setting of a qosprofile. Only the argument that is specified is changed. Note that the switch needs to perform consistency checking and Press to continue or to quit: admission control before the command is accepted. 8.6. enable qosmonitor {port PORT} 8.7. disable qosmonitor Enable or disable the QoS monitoring capability in the switch. When no port is specified in the enable command, the QoS monitor automatically samples all the ports and records the sampled results. SYSLOG will be generated if the monitor discovers queue overflow problem. Default is disabled. 8.8. Enable isq vlan VLAN 8.9. Disable isq vlan VLAN Enable or disable the Intra-Subnet QoS features on a per-VLAN basis. ISQ is the ability to use IP level QqS commands for both IP unicast and IP multicast traffic without the necessity of routing. The ISQ features requires the user to change the MAC FDB aging timer to be at least 3000 seconds on the switch. This command will automatically change the FDB timer to 3000 seconds if it is shorter than 3000 seconds. 8.10. Config ipqos [ add | delete ] DEST_IPADDRESS / MASK_LENGTH [ qosprofile QOS_PROFILE | blackhole ] 8.11. Config ipqos [ add | delete ] [ tcp | udp | other | all ] Press to continue or to quit: DEST_IPADDRESS / MASK_LENGTH { l4-dstport DSTPORT } { SRC_IPADDRESS / MASK_LENGTH } { l4-srcport SRCPORT } [ qosprofile QOS_PROFILE | blackhole ] Add or delete an IP QoS rule. In general, the switch can match on layer-3 (destination or source IP address) and layer-4 ( destination and source TCP/UDP port) of a packet and associate the packet with a QoS profile. The following parameters are needed: * TCP/UDP/Other/all : User can specify if the IP QoS rule needs to match a specific TCP, UDP or other (non-TCP nor UDP) packet. The user can also specify to match any IP based L4-protocol with the "all" option. * DEST_IPADDRESS/MASK_LENGTH and SRC_IPADDRESS/MASK_LENGTH : Both the destination and source subnet can be specified. However, in the case of unicast destination, the source must be a host (not a subnet). * L4-dstport and L4-srcport : Both the L4 source and destination port number (16-bits) can be specified. When the "other" option is used, the two 16-bits numbers are concatenated to form a 32-bits number. The 32-bit number is used to match the 4 bytes immediately following the IP header. 9. Protocol Commands 9.1. show protocol {PROTOCOL } Press to continue or to quit: Default is all. Display protocol related information. * protocol name * list of protocol fields (e.g. EtherType 0x0800, SNAP 0x1234, LLC 0x42) * list of VLANs that use this user defined protocol 9.2. create protocol PROTOCOL 9.3. delete protocol PROTOCOL Create or remove a user defined protocol. 9.4. config protocol PROTOCOL [add | delete] [PROTOTYPE HEX] {PROTOTYPE HEX} ... Change the current protocol definiton. PROTOTYPE can be either etype, llc or snap. The following number is the protocol number in HEX representation. 10. Access Policy or Access Profile 10.1. Show access-profile {ACCESS_PROFILE } Default is all. Display access profile related information. * Profile name * List of addresses configurated to the profile * List of access-profile attribute Press to continue or to quit: 10.2. Create access-profile ACCESS_PROFILE type [ vlan | ipaddress] 10.3. Delete access-profile ACCESS_PROFILE Create or delete an access profile. An access profile can contain a list of IP address/mask or VLANs. Once the access profile is created, user can add one or more addresses to the access profile and also use it to control a specific routing protocol. 10.4. Config access-profile ACCESS_PROFILE mode [ permit | deny ] Change the access profile to either: * Permit the addresses that matches the description of the access-profile or * Deny any addresses that matches the description of the access-profile The default mode is "Permit". 10.5. Config access-profile ACCESS_PROFILE [add | delete] { vlan VLAN | ipaddress IPADDRESS MASK } Add an address to the access profile or delete an entry in the access profile. The entry must be the same type as the access profile. For example, an IPX access profile cannot accept an IP address entry. 11. VLAN Commands Press to continue or to quit: 11.1. show vlan {VLAN } Default is all. Display VLAN related information for one or more VLANs. * VLAN name * VLAN port configuration (tagged/untagged) * VLAN ID (Both internal and external) * IEEE 802.1Q EtherType * Protocol information (if any) * IP address * QOS profile information * STPD information 11.2. create vlan VLAN 11.3. delete vlan VLAN Create or remove a VLAN. 11.4. Enable/disable ignore-stp vlan VLAN Enable or disable a VLAN from using STP port information. If the ignore-stp option is enabled, then all the virtual ports associated with the VLAN are put into STP forwarding mode. Default is disabled (yes, observe Spanning Tree state is a good thing). 11.5. config vlan VLAN [add | delete] port PORTLIST {tagged | untagged} Press to continue or to quit: Add or remove ports in a VLAN. If user did not specify the tagging type, then untagged is assumed. Note that no protocol decoding is performed if a port is tagged. 11.6. config vlan VLAN tag VLANID Change the VLAN ID for this VLAN. A VLAN ID is automatically assigned to a newly created VLAN (start from 4095), the user can change it to any valid value between 1-4095 that is not used by another VLAN. 11.7. config vlan VLAN protocol [PROTOCOL | any] Configure a protocol-based VLAN. If "any" is specified, then it becomes the default VLAN when all other protocol based VLAN filtering is processed. If "none" is specified, then it will not perform any protocol filtering and only tagged frames are accepted. All the untagged ports in the VLAN are affected. 11.8. config vlan VLAN qosprofile QOSPROFILE Change the QOSPROFILE associated with the VLAN. Note that the dynamic FDB entries associated with the VLAN will be flushed once the change is committed. 11.9. config vlan VLAN ipaddress IPADDRESS {MASK} Configure an IPADDRESS for the VLAN. Netmask can optionally be specified. If the netmask is not specified, then the nature mask of the IPADDRESS is used. Press to continue or to quit: 11.10. Config vlan VLAN1 [ add | delete ] subvlan VLAN2 Make the super-VLAN (VLAN1) and sub-VLAN (VLAN2) connection. 11.11. Config vlan VLAN [ add | delete ] secondary-ip IPADDRESS {MASK} Configure a secondary IP address for the VLAN. In the EW4.1 release, the secondary IP address can be used for PING only. 11.12. Enable/disable subvlan-proxy-arp vlan [ VLAN | all ] Enable or disable proxy ARP between sub-vlans. Proxy ARP between sub-vlans are enabled by default. 11.13. unconfig vlan VLAN ipaddress unconfigure the ipaddress of the vlan 12. Spanning Tree Commands 12.1. show stpd {STPD} Default is all. Display STPD configuration and runtime information for one or mode STPDs. * STPD name, bridge ID Press to continue or to quit: * STPD configuration (hellotime, forwarddelay, maxage, bridgepriority) 12.2. show stpd STPD port PORTLIST Display port specific spanning tree information. * STPD port configuration (portcost, portpriority, static) * STPD state (root bridge, etc) * STPD port state (forwarding, blocking, etc.) 12.3. create stpd STPD Create a new spanning tree domain with no VLAN. STP is disabled by default. 12.4. delete stpd STPD Create or remove a STPD. Newly create STPD has the following default parameters: * bridge priority = 32768 * hello time = 2 seconds * forward delay = 15 A STPD can be removed if no VLAN is attached to the STPD. Note that the default STPD "s0" cannot be deleted. 12.5. config stpd STPD add vlan VLAN Put a VLAN into the spanning tree domain. Press to continue or to quit: 12.6. config stpd STPD hellotime NUMBER Change the hello time of the STPD. Range 1-10. 12.7. config stpd STPD forwarddelay NUMBER Change the forward delay of the STPD. Range 4-30. 12.8. config stpd STPD maxage NUMBER Change the MAX age timer of the STPD. Range 6-40. 12.9. config stpd STPD priority NUMBER Change the bridge priority of the STPD. Range 0-65535. 12.10. config stpd STPD port cost NUMBER PORTLIST Change the port path cost of all the ports in the port list. Range 1-65535. 12.11. config stpd STPD port priority NUMBER PORTLIST Change the port priority of all the ports in the port list. Range 0-255. 12.12. enable/disable stpd {STPD} Enable or disable the STP protocol in the STPD. Press to continue or to quit: 12.13. enable/disable stpd port {PORTLIST} Enable or disable the STP protocol to run on PORTLIST. BPDUs are generated and processed if STP protocol is enabled on a port. Otherwise, no BPDU is generated by the switch, all incoming BPDUs are dropped and the port is in STP forwarding state. 12.14. Unconfig stpd {STPD} Reset the STP paramters to factory default. 13. FDB Commands 13.1. show fdb { MAC | vlan VLAN | PORTLIST | permanent | qos } Default is all FDB entries. Display all the FDB entries or a subset of the entries. Includes: * Table aging period * MAC address * VLAN Name and VLAN ID * Flags (S=static, I=IP, P=Permanent) * Port list * Hash information (hash index, entry number) Press to continue or to quit: 13.2. clear fdb { MAC | vlan VLAN | PORTLIST} Remove the dynamically learned entries from the MAC FDB table. Permanent and static MAC entries are not affected. Default is to clear all FDB entries. 13.3. create fdbentry MAC vlan VLAN [blackhole | PORTLIST | dynamic ] {qosprofile QOSPROFILE} 13.4. delete fdbentry MAC vlan VLAN Add or delete a permanent MAC FDB entry. The user can specify: * blackhole: All packets to this destination are dropped by the switch. * PORTLIST: One or more ports can be in the list. All packets destine to the MAC address (DA match) will be forwarded to the PORTLIST. * Dynamic: Used to associated QoS profile to dynamic MAC address entries. T he port associated with the MAC address is dynamically learned and the QoS profile will be applied once the SA is learned. * Optional QOSPROFILE can be specified when adding a MAC entry. Note that static entry will override any dynamic learnt entry. 13.5. config fdb agingtime NUMBER Change the aging time for all the configured VLANs. Default is 300 seconds Press to continue or to quit: 14. Basic IP Commands 14.1. show ipconfig { vlan VLAN } If no VLAN information is specified, then global IP configuration is displayed. Otherwise, specific VLAN(s) information will be displayed. Configuration information includes: * IP address/netmask/etc. * IP forwarding information / IP multicast forwarding information * BOOTP configuration * VLAN name and VLANID * ICMP configuration (Global) * IGMP configuration (Global) * IRDP configuration (Global) 14.2. show ipstats { vlan VLAN } Note that this command only shows statistics pf the CPU handled packets, not all packets are handled by the CPU. Display the following information: * inpackets, outpackets, etc. * ICMP stat. (Global/Interface) * IGMP stat (Global/Interface) * IRDP stat. (Global) Press to continue or to quit: 14.3. show ipfdb {IPADDRESS NETMASK | vlan VLAN } Default is to show all IPFDB entries. Display IPFDB table content. * IP address * Next hop router MAC address (Next hop gateway/host IP address?) * IP FDB hash index and entry number * MAC FDB hash index and entry number * Egress VLAN name, VLAN ID and port number * Flags 14.4. clear ipfdb { IPADDRESS NETMASK | vlan VLAN } Remove the dynamic entries in the IPFDB. 14.5. enable/disable ipforwarding {vlan VLAN } Enable or disable IP forwarding on an IP interface. If all is specified, then all the configured IP interfaces are affected. If no optional argument is provided, then "all" is assumed. Note that other IP related configured is not affected. When new IP interfaces are added, the interface is default to have ipforwarding disabled. 14.6. enable/disable ipforwarding broadcast {vlan VLAN } Enable or disable forwarding of IP broadcast traffic to an IP interface. If all Press to continue or to quit: is specified, then all the configured IP interfaces are affected. If no optional argument is provided, then "all" is assumed. Note that other IP related configured is not affected. IP forwarding needs to be enabled also for this command to take effect. When new IP interfaces are added, the interface is default to have broadcast enabled. 14.7. Config vlan VLAN access-filter [ ACCESS_PROFILE | none ] [Chassis only] This command is used to control the traffic being routed between VLANs on the chassis. Using this command, the user can block or allow traffic received from a list of VLANs from routing to a VLAN. The first parameter (VLAN) is the out-going (egress) VLAN name. The second parameter (ACCESS_PROFILE) is the access profile which contains a list of incoming (ingress) VLANs, Either egress VLAN can have up to one ingress access profile assigned to it. 14.8. enable/disable bootp vlan [VLAN | all] Enable or disable generation/processing of BOOTP packets on an IP interface. 14.9. enable/disable multinetting Enable or disable the IP multinetting feature. The multinetting features requires the user to change the MAC FDB aging timer to be at least 3000 seconds on the switch. This command will automatically change the FDB timer to 3000 Press to continue or to quit: seconds if it is shorter than 3000 seconds. 14.10. Show dns-client Display the DNS set up. 14.11. Config dns-client default-domain DOMAIN_NAME Setting the DNS client default domain name to DOMAIN_NAME. The default domain name will be used to fully qualify a host name when domain name is not specified. For example, setting the default domain name to "food.com" and pinging "dog" meaning pinging "dog.food.com". 14.12. Config dns-client add IPADDRESS 14.13. Config dns-client delete IPADDRESS Add or delete a DNS server in the DNS client's available server list. Up to 3 name servers can be configured. 14.14. Nslookup HOST_NAME Look up the IP address of a host (HOST_NAME) using the DNS server. 14.15. Enable/disable sntp-client Enable or disable the client functions of Simple Network Time Protocol (SNTP). Once enabled, the switch will be sending out a periodic query to the NTP servers Press to continue or to quit: (if configured) or listen to broadcast NTP updates from the network. Note that the network time information is saved into the onboard real-time clock. 14.16. Config sntp-client [ primary | secondary ] server [ IPADDRESS | HOSTNAME ] Configure a NTP server for the switch to obtain "time" information. Queries are first sent to the primary server, if the primary server does not respond within 1 seconds or if it is out-of-sync, then the switch will query the secondary server. If the switch cannot obtain the time, then it restarts the query process. Otherwise, the switch waits for an user configured interval before query again. 14.17. Config sntp-client update-interval SECONDS Configure the interval between polling for "time" information from the servers. Default is 64 seconds. 14.18. Show sntp-client Display configuration and statisitcs information of SNTP client. 15. Enterprise Standby Router Protocol (ESRP) Press to continue or to quit: 15.1. Enable ESRP vlan VLANNAME 15.2. Disable ESRP vlan VLANNAME Enable or disable ESRP on certain ports. Note that the old chip set can only be configured with the same MAC address on all 8 10/100 Ethernet ports. As a result, we need to force the user to enable/disable ESRP on all those ports. Default VLAN cannot support ESRP. 15.3. Config vlan VLANNAME esrp priority PRIORITY Select an ESRP virtual router priority (0-255) on one or more ports. A priority of 255 means that this switch will not be the ESRP master or the VLAN. 15.4. Config vlan VLANNAME esrp timer HELLO_TIMER Configure the ESRP virtual router keep alive timer interval (1-255) on one or more ports. The longer the HELLO_TIMER, then longer the route will converge. 15.5. Config vlan VLAN_ESRP [ add | delete ] track-vlan VLAN_TRACKED Configure a ESRP enabled VLAN (VLAN_ESRP) to track the condition of another VLAN (VLAN_TRACKED). The switch will not be the ESRP master of the VLAN if no ports are active in the tracked VLAN. 16. IP ARP Commands 16.1. show iparp { IPADDRESS | vlan VLAN | permanent} Press to continue or to quit: Default is all. Display the IP ARP table. * IP address * MAC address * Aging timer value * VLAN name, VLAN ID and port number * Flags 16.2. clear iparp { IPADDRESS | vlan VLAN } Remove the dynamic entries in the IP ARP table. Permanent IP ARP entries added by the user are not affected. 16.3. Config iparp timeout N_MINUTE Change the IP ARP timeout period to N_MINUTE. Default is 20 minutes. ARP aging is disabled if ZERO is specified. 16.4. config iparp add IPADDRESS MAC 16.5. config iparp delete IPADDRESS Add a permanent IP ARP entry to the system. Remove any IP ARP entry (dynamic or permanent) from the table. The IPADDRESS is used to match the IP interface address to locate a suitable interface. The VLAN-ID is derived from the router interface. Press to continue or to quit: 16.6. Config iparp add proxy IPADDRESS { MASK } { MAC } { always } 16.7. Config iparp delete proxy [ IPADDRESS { MASK } | all ] 1. Feature Explanation: Proxy ARP can be used for two purpose:To support host that cannot process ARP traffic. In this case, the switch answers the ARP request for that host. 2. To hide the IP topology from the host. The network administrator can configure a large network on the host machine (e.g. 16 bits mask) and a smaller network on each router interface (e.g. 22 bits mask). When the host sends ARP request for another host on another subnet, the switch answers the ARP request and all subsequent traffic will be sent directly to the router. 3. The user can configure up to 64 proxy ARP entries. When the MASK is not specified, then software will assume a host address (i.e. 32-bit mask). When the MAC address is not specified, then the software uses the switch's MAC address as the proxy host. Always should be specified for type-1 usage, not always is the default (type-2). 16.8. Show iparp proxy { IPADDRESS { MASK } } Display the proxy ARP table. If no argument is specified, then all proxy ARP entries are displayed. Press to continue or to quit: 17. IP Route Table Commands 17.1. show iproute { priority | vlan VLAN | permanent | IPADDRESS NETMASK} Display the content of the IP routing table or the route origin priority. 17.2. Config iproute priority [ rip | bootp | icmp | static | ospf-intra | ospf-inter | ospf-as-external | ospf-extern1 | ospf-extern2 ] PRIORITY Change the priority for all the routes from certain route origin. 17.3. config iproute add default GATEWAY {METRIC} 17.4. config iproute delete default GATEWAY Add or remove a default gateway from the route table. A default gateway must be on a configured IP interface. If METRIC is not specified, then a default of metric 1 is used. 17.5. config iproute add IPADDRESS MASK GATEWAY METRIC 17.6. config iproute delete IPADDRESS MASK GATEWAY Add or remove a net or host from the route table. A MASK of 255.255.255.255 is used to indicate host entry. 17.7. config iproute add blackhole IPADDRESS MASK 17.8. config iproute delete blackhole IPADDRESS MASK Add or remove a blackhole destination (net or host) to the route table. All Press to continue or to quit: traffic to that entry will be dropped, no ICMP message will be generated. 17.9. Show ipqos { DESTADDR NETMASK } Show the IP QOS table. Default is all. 17.10. Enable/disable iproute sharing When multiple routes to the same destination are available, load sharing can be enabled to distribute the traffic to multiple destination gateways. Only paths with the same lowest cost is will be shared. Default is enabled. 18. ICMP Commands 18.1. enable/disable icmp redirects {vlan VLAN} Enable or disable generation of ICMP Redirect messages on one or more VLANs. If no optional argument is specified, all the IP interfaces are affected. Default is enable. 18.2. enable/disable icmp unreachables {vlan VLAN} Enable or disable generation of ICMP unreachable messages on one or more VLANs. If no optional argument is specified, all the IP interfaces are affected. Default is enable. 18.3. enable/disable icmp useredirects Press to continue or to quit: Enable or disable changing routing table information when received a ICMP Redirect message. Default is disabled (NOT to use redirect messages). 18.4. enable/disable irdp {vlan VLAN} When the interface is in ipforwarding mode, this command enable or disable the generation of ICMP Router Discovery Protocol (IRDP) advertisement messages on one or more VLANs. If no optional argument is specified, all the IP interfaces are affected. Default is enable. 18.5. config irdp [multicast | broadcast] Change the destination address of the IRDP advertisement messages. Default is multicast (224.0.0.1). 18.6. config irdp MININTERVAL MAXINTERVAL LIFETIME PREFERENCE Change the IRDP advertisement messages timers. Note that all arguments need to be specified. All time intervals are in second. 18.7. unconfig icmp Change all the ICMP setting to the default values. 18.8. unconfig irdp Press to continue or to quit: Change all the IRDP setting to the default values. 19. BOOTP-DHCP Proxy and UDP Profile 19.1. Enable/disable bootprelay Enable or disable the BOOTP relay function on the router. IPADDRESS may be unicast, multicast or broadcast. 19.2. config bootprelay add IPADDRESS 19.3. config bootprelay delete [IPADDRESS | all] Add or delete IP addresses used as IP destionation to forward BOOTP packets. Note that both UDP forwarder profiles or bootprelay can be used to relay the DHCP/BOOTP packets. However, only one of the two methods should be use in the switch. In general, UDP forwarder is more flexible then the BOOTP-relay method, but it takes more time to configure. 19.4. show udp-profile { PROFILE_NAME } Displays either all UDP profiles or just the named filter. Default is all. 19.5. create udp-profile PROFILE_NAME Press to continue or to quit: 19.6. delete udp-profile PROFILE_NAME Create or delete an UDP forwarding filter. Upto 10 UDP profiles can be defined. 19.7. configure udp-profile PROFILE_NAME [ add | delete ] UDP_PORT [ vlan VLAN | ipaddress DESTINATION_IP ] Add or delete a UDP forwarding entry to the specific UDP forwarding profile name. All broadcast packets sent to the UDP_PORT will be forwarded ti either the destination IP address (unicast or subnet directed broadcast) or sent to the specific VLAN as an all-ones IP broadcast. Upto 16 VLANs or IP address can be assigned each UDP profile. 19.8. configure VLAN udp-profile PROFILE_NAME Apply an UDP forwarding profile to the source VLAN. Once the UDP profile is associated with the VLAN, the switcvh picks up any bvroadcast UDP packets that matches with the user configured UDP port number and forwards those packets to the user defined destination. If the UDP port is the DHCP/BOOTP port numner, then appropriate BOOTP/DHCP proxy functions are invoked. 19.9. Unconfig udp-profile vlan [ VLAN | all ] Remove the UDP forwarder configuration for one or more VLAN. Press to continue or to quit: 20. IP RIP Commands 20.1. show rip {vlan VLAN} Display RIP specific configuration. Default is all. Including: * global state for split horizon, poison reverse, trigger update, timer settings * Per interface states (e.g. txmode, rxmode, export static rules} 20.2. show rip stat {vlan VLAN } Display RIP specific statistics. Default is all. Including: * Per interface statistics (e.g. packet transmited, packet receives, bad packet received, bad route received, # of RIP peers) * Per interface peer information. 20.3. Enable/disable rip Enable or disable RIP for the whole router. Default is disabled. 20.4. config rip add vlan [ VLAN | all ] 20.5. config rip delete vlan [ VLAN | all ] Enable or disable RIP on a IP interface. If no vlan is specified, then all is assumed. When a IP interface is created, per interface RIP configuration is disabled by default. Note the when the RIP interface is disabled, the parameters will not be reset to default automatically. Press to continue or to quit: 20.6. Enable/disable rip aggregation Enable or disable RIP from aggregating subnet information on interfaces using RIPv2 transmission mode. Default is enabled. 20.7. enable/disable rip splithorizon Enable or disable the split horizon algorithm for RIP. Default is enabled. 20.8. enable/disable rip poisonreverse Enable or disable the split horizon with poison reverse algorithm for RIP. Default is enabled. 20.9. enable/disable rip triggerupdate Triggered updates are a mechanism for immediately notifying a router's neighbors when the router adds or deletes routes or changes their metric. Enable or disable the trigger update mechanism. Default is enabled. 20.10. Enable/disable rip exportstatic 20.11. enable/disable rip export static Enable or disable filtering of static route. Default is enabled. 20.12. Enable rip export [ ospf | ospf-intra | ospf-inter | ospf-extern1 | ospf-extern2 ] metric METRIC { tag NUMBER } Press to continue or to quit: 20.13. Disable rip export ospf Enable or disable the distribution of OSPF routes into the RIP domain. Individual types of OSPF routes can be specific and the user can use OSPF to represent ospf-intra/inter/extern1/extern2. Tag is ZERO if the user does not specify explicitly. METRIC can be between 0-15. If the METRIC is 0, then RIP uses the route metric obtain from the route origin. Otherwise, the user can force the metric to be between 1-15. Default is disabled. 20.14. Config rip vlan [ VLAN | all ] trusted-gateway [ ACCESS_PROFILE | none ] Configure RIP to use the access-list to determine which RIP neighbor to receive (or reject) the routes. 20.15. Config rip vlan [ VLAN | all ] import-filter [ ACCESS_PROFILE | none ] Configure RIP to filter out certain routes received from its neighbor. 20.16. Config rip vlan [ VLAN | all ] export-filter [ ACCESS_PROFILE | none ] Configure RIP to filter out certain routes when performing the route advertizement. 20.17. config rip updatetime {DELAY} Change the periodic RIP update timer. If no DELAY is specifiec, then the default 30 seconds will be used. Press to continue or to quit: 20.18. config rip routetimeout {DELAY} Default is 180 seconds. 20.19. config rip garbagetime {DELAY} Default is 120 seconds. 20.20. config rip txmode [none | v1only | v1comp | v2only] {vlan VLAN } Change the RIP transmission mode for one or more IP interfaces. If not vlan is specified, then all RIP interfaces are changed. Default is v2. * none: Do not transmit any packet onto this interface * v1only: Transmit V1 format packets to broadcast address * v1comp: Transmit V2 format packets to broadcast address * v2only: Transmit V2 format packets to multicast address 20.21. config rip rxmode [none | v1only | v2only | any] {vlan VLAN } Change the RIP receive mode for one or more IP interfaces. If no vlan is specified, then all RIP interfaces are changed. Default is ANY. * none: Drop all received RIP packets. * v1only: Accept only v1 packets. Strict broadcast, subnet mask 0, etc. * v2only: Accept only v2 packets. * ANY: Accept both v1 and v2 packets. Press to continue or to quit: 20.22. Unconfig rip {vlan VLAN } Reset all the RIP parameters to the default vlan. It does not change the enable/disable state of the RIP interface. Parameters include: * split horizon, poison reverse, trigger update, export static * update time, route time, garbage time * txmode, rxmode 21. IP OSPF Commands 21.1. Show ospf Display global OSPF information: * Enable/Disable state of the OSPF process * OSPF Router type (IR/ASBR/ABR) * Router-ID * LSA statistics * Sum of all external LSA checksum 21.2. show ospf area {AREAID } Display the OSPF area information. If no argument is specified, then all the OSPF areas will be shown. Press to continue or to quit: * OSPF Area ID * Router ID * Number of interfaces in the area. List of interfaces (VLANs) * Number of SPF execution, number of new LSA orginated, number of new LSA received. * Link state update interval, link state age interval * List of other routers within the same area * List of ranges for the area 21.3. show ospf interfaces {vlan VLAN | area AREAID} Display the OSPF interface information. If no argument is specified, then all the OSPF interface are displayed. For each interface, the following information is shown: * Interface VLAN name and IP address/Mask * OSPF Area ID and Router ID * Cost * Timers * List of routers in the segment: * Router ID and interface IP address * Priority, State * Type: Designated router, Backup designated router, other * Summary LSA information from those routers (?) Press to continue or to quit: * Dead timer expiration, LS retransmission expiration 21.4. show ospf lsdb {detail} area [ AREAID | all ] [ all | router | network | summary-net | summary-asb | as-external | external-type7 ] Display a table of the current link state database. The user can filter the display using either area ID or the remote router's ROUTERIDor link state ID. Default is all with no detail. The following information is displayed: * Internal entry identifier * OSPF Area ID * LS Type * 1: Router link * 2: Network link * 3: Summary link * 4: AS Summary link * 5: AS External link * 6: Multicast link * 7: NSSA External link * LS ID / Originating router ID * LS Advertising router * LS Sequence number * LS Age If detail is specified, each entry will be expand to decode the complete LSA Press to continue or to quit: information. 21.5. show ospf virtual-link {AREAID ROUTERID } Display the virtual-link configuration and operation information: * neighbor router ID * transit-area * authentication configuration * timers * cost * packet statistics * status (up/down) 21.6. enable/disable ospf Enable or disable OSPF for the whole router. Default is disable. Note that in REL2 the user will need to pick between OSPF and RIP. Only one of the two protocols can be enabled. 21.7. Config ospf routerid [automatic | ROUTERID] Configure the OSPF router ID. If automatic is specified, then the switch uses the largest IP interface address as the OSPF router ID. Default is automatic. 21.8. create ospf area AREAID Press to continue or to quit: 21.9. delete ospf area [AREAID | all] Create or delete an OSPF area. Once an OSPF area is removed, the associated OSPF area and OSPF interface information will also be removed. By default, the OSPF area 0.0.0.0 is created. Note that an area can be deleted only if there are no interfaces or address range associated with the area. 21.10. Config ospf area AREAID stub [ summary | nosummary ] stub-default-cost COST 21.11. config ospf area AERID nssa [ summary | nosummary ] stub-default-cost COST { translate } 21.12. Config ospf area AREAID normal Change the type of OSPF area. An area can be either a stub or a normal area. Default is normal. Area 0.0.0.0 can be normal only. 21.13. enable ospf export static cost METRIC [ ase-type-1 | ase-type-2 ] { tag NUMBER } 21.14. disable ospf export static 21.15. enable/disable ospf exportstatic Allow OSPF to export user configured static route via LSA to other OSPF routers. Default is enable. 21.16. Enable ospf export rip cost METRIC [ ase-type-1 | ase-type-2 ] { tag NUMBER } Press to continue or to quit: 21.17. Disable ospf export rip Allow OSPF to export RIP route via LSA to other OSPF routers. The default tag number is zero. Default is disable. 21.18. Config ospf asbr-filter [ ACCESS_POLICY | none ] Configure a route filter for all the routes OSPF exports from RIP or other sources. 21.19. Config ospf area AREAID external-filter [ ACCESS_POLICY | none ] Configure the router to check with the ACCESS_POLICY regarding which external routes are allowed to be exported into AREAID. The router needs to be an area border router. 21.20. Config ospf area AREAID interarea-filter [ ACCESS_POLICY | none ] Configure the router to check with the ACCESS_POLICY regarding which inter-area routes are allowed to be exported into AREAID. The router needs to be an area border router. 21.21. config ospf vlan VLAN area AREAID Associate an VLAN (router interface) with an OSPF AREA. We cannot have any interface that has no OSPF area association. Default is 0 (backbone). Press to continue or to quit: 21.22. Config ospf add/delete vlan [ VLAN | all ] Enable or disable OSPF on a VLAN (router interface). The default OSPF setting is "disable" on the IP interface. 21.23. Config ospf area AREAID add range IPADDRESS MASK [ advertise | noadvertise ] { type 3 | type 7 } 21.24. Config ospf area AREAID del range IPADDRESS MASK MASKCreate or delete an address range that OSPF will summarize if to propagate beyond the area. The address range is within the area specified, if a subnet is within the range, than only summary will be advertised out. 21.25. config ospf add virtual-link ROUTERID AREAID 21.26. config ospf delete virtual-link ROUTERID AREAID Create or delete a virtual link connected to another area border router. Note that both routers need to have virtual link configured. Note that virtual link cannot be configure thru stub area. ROUTERID is the far end router interface number. Transit area is the area to be used for connecting the two end-points. 21.27. config ospf [ vlan VLAN | area AREAID | virtual-link ROUTERID AREAID ] authentication [simple-password PASSWORD | md5 MD5_KEY_ID MD5_KEY | none] Configure OSPF authentication information for one interface or all the Press to continue or to quit: interfaces in an AREA. ExtremeWare 2.0 supports: * Password authentication: A plain ASCII password (up to 8 characters) is used. * MD5 authentication: Both the MD5 Key and KEYID needs to be provided by the user. * Or no authentication: Authentication is disabled. When the OSPF AREA ID is specified, then the authentication information is applied to all the OSPF interfaces within the area. 21.28. config ospf [ vlan VLAN | area AREAID | virtual-link ROUTERID AREAID ] timer RETRANSMISSION_INTERVAL TRANSMISSION_DELAY HELLO_INTERVAL DEAD_INTERVAL Configures the timers for one interface or all the interfaces in the same OSPF area. The following default, min and max are used. Variable Default Min Max RETRANSMISSION 5 0 3600 DELAY 1 0 3600 HELLO 10 1 65535 DEAD INTERVAL 40 1 0x7FFFFFFF 21.29. config ospf [ area AREAID | vlan [ VLAN | all ] ] cost NUMBER Change the cost (metric) of the interface. The default cost of an interface is 1. Press to continue or to quit: 21.30. config ospf [ area AREAID | vlan [ VLAN | all ] ] priority NUMBER Change the priority used in the designated router election algorithm for an IP interface or for all the interfaces within the area. Default is 1. Min-Max = [0..255]. 21.31. Unconfig ospf { vlan VLAN | area AREAID } Change one or more OSPF interfaces to defautl setting. 22. IP Multicast 22.1. Show ipmc cache {detail} { GROUP { SOURCE NETMASK } } Displays the following information: * IP group address * IP source address / source mask * Upstream neighbor (RPF neighbor) * Interface (VLAN-port) to upstream neighbor * Route expiry time * Routing protocol * List of next hop interface (VLAN) and protocol (DVMRP/IGMP) When the detail option is specified, the switch displays both the egress VLAN list and the pruned VLAN list. Press to continue or to quit: 22.2. clear ipmc cache { GROUP { SOURCE NETMASK } } Clear the IP multicast cache table. If no option is specified, then all the IP multicast cache entries will be flushed. 22.3. config ipmc cache timeout SECONDS Aging time for multicast cache entries. Default is 300 seconds. 22.4. enable/disable ipmcforwarding { vlan VLAN } Enable or disable multicast forwarding on an IP interface. If all is specified, then all the configured IP interfaces are affected. If no optional is provided, the "all" is assumed. When new IP interfaces are added, the interface is default to have ipmcforwarding disabled. 22.5. Show igmp snooping { vlan VLAN } Display the IGMP snooping registration information. All the IGMP group entries will be displayed if no option is provided. Summary information of all IGMP timers and states. The following information will be displayed in a per interface format: * Querier of the interface * Group IP multicast address * Host IP address Press to continue or to quit: * Host VLAN - port * Timeout information 22.6. Clear igmp snooping {vlan VLAN } Remove one or more matching IGMP snooping entries. 22.7. enable/disable igmp { vlan VLAN } Enable or disable the router-side IGMP processing on a router interface. For example, no IGMP query messages will be generated if IGMP is disabled on a VLAN. If no optional arguments are specified, all is used. Default is enabled. 22.8. Enable igmp snooping { forward-mcrouter-only } Enable igmp snooping on the whole switch. Two options are available: * If the user does not specify "forward-mcrouter-only", then the snooping switch will forward all multicast traffic to any IP router (multicast or not). * If the user specifies "forward-mcrouter-only", then the snooping switch will forward all multicast traffic to the multicast router (i.e. running PIM or DVMRP). 22.9. Disable igmp snooping Disable IGMP snooping. The user can only disable IGMP snooping if IP multicast routing is not used. Press to continue or to quit: 22.10. Config igmp QUERY_INTERVAL QUERY_RESPONSE_INTERVAL LAST_MEMBER_QUERY_INTERVAL Change the IGMP router-side timers. Timers are based on RFC2236 (IGMPv2). All arguments are in units in seconds. * QUERY_INTERVAL: The interval between General Queries are sent by the router (querier). Default: 125 seconds. Min=1 second, Max= 2147483647 seconds (86 years!). * QUERY_RESPONSE_INTERVAL: The Maximum Response Time inserted into the periodic General Queries. Default is 10 seconds (or 100 IGMP unit in the PDU). Min=1 second. Max=25 seconds. * LAST_MEMBER_QUERY_INTERVAL: The Maximum Response Time inserted into the Group-Specific Queries sent in response to Leave group messages. Default is 1 second (10 IGMP units). Min=1 second. Max=25 seconds. 22.11. Config igmp snooping ROUTER_TIMEOUT HOST_TIMEOUT Change the IGMP snooping timers. Timers should be about 2.5 times the router query interval that is used on the network. * ROUTER_TIMEOUT: The interval between that last time the router being discovered and the current time. Min = 10 seconds. Max = 2147483647 seconds (86 years!). * HOST_TIMEOUT: The interval between a multicast host's last IGMP group report Press to continue or to quit: message and the current time. Min = 10 seconds. Max = 2147483647 seconds (86 years!). 22.12. unconfig igmp Change all IGMP setting to the default values and clear the current IGMP group table. 23. DVMRP 23.1. Show dvmrp {vlan VLAN | route {detail} } Display DVMRP configuration and statistics, or unicast route table. Default is all. 23.2. Enable/disable dvmrp Enable or disable DVMRP for the whole router. Default is disable. 23.3. Config dvmrp add vlan [ VLAN | all ] 23.4. Config dvmrp delete vlan [ VLAN | all ] Enable or disable DVMRP on a IP interface. If no VLAN is specified, then all is assumed. When an IP interface is created, per interface DVMRP configuration is disabled (by default). Press to continue or to quit: 23.5. Config dvmrp vlan VLAN timer PROBE_INTERVAL NEIGHBOR_TIMEOUT_INTERVAL Change the DVMRP interface specific timers. * PROBE_INTERVAL: Probe message is used as a keep alive indication between DVMRP router. It is also used as a way for DVMRP routers to locate each other. The default probe message interval is 10 seconds. Min=1 second, Max= 2147483647 seconds (86 years!). NEIGHBOR_TIMEOUT_INTERVAL: The amount of time before a DVMRP neighbor router is declared to be down. Default is 35 seconds. Min=1 second, Max= 2147483647 seconds (86 years!). 23.6. Config dvmrp timer ROUTE_REPORT_INTERVAL ROUTE_REPLACEMENT_TIME Change the global DVMRP timers: * ROUTE_REPORT_INTERVAL: The duration between the periodic route report packets are sent. Default is 60 seconds. Min=1 second, Max= 2147483647 seconds (86 years!). * ROUTE_REPLACEMENT_TIME: The hold down time before a new route is learned once it is deleted. Default is 140 seconds. Min=1 second, Max= 2147483647 seconds (86 years!). 23.7. Config dvmrp vlan [ VLAN | all ] trusted-gateway [ ACCESS_PROFILE | none ] Configure DVMRP to use the access-list to determine which DVMRP neighbor to receive (or reject) the routes. Press to continue or to quit: 23.8. Config dvmrp vlan [ VLAN | all ] import-filter [ ACCESS_PROFILE | none ] Configure DVMRP to filter out certain routes received from its neighbor. 23.9. Config dvmrp vlan [ VLAN | all ] export-filter [ ACCESS_PROFILE | none ] Configure DVMRP to filter out certain routes when performing the route advertizement. 23.10. Enable/disable dvmrp txmode vlan [ VLAN | all ] 23.11. Enable/disable dvmrp rxmode vlan [ VLAN | all ] Enable or disable the transmit or receive capability of DVMRP packets on a per-VLAN basis. 23.12. Unconfig dvmrp {vlan VLAN } Restore the DVMRP timers into default settings. 24. PIM-DM 24.1. Show pim-dm {vlan VLAN} Display PIM-DM configuration and statistics. Default is all. Press to continue or to quit: 24.2. Enable/disable pim-dm Enable or disable the PIM process on the router. 24.3. Config pim-dm add vlan [ VLAN | all ] 24.4. Config pim-dm delete vlan [ VLAN | all ] Enable or disable PIM-DM on an IP interface. If no VLAN is specified, then all is assumed. When an IP interface is created, per interface DVMRP configuration is disabled (by default). 24.5. Config pim-dm timer HELLO_INTERVAL Change the global PIM-DM timers: * HELLO_INTERVAL: Hello message between PIM-DM router. Default is 30 seconds. Min=1 second, Max=65519 seconds. 24.6. Config pim-dm vlan [ VLAN | all ] trusted-gateway [ ACCESS_PROFILE | none ] Configure PIM-DM to use the access-profile to determine which DVMRP neighbor to receive (or reject) the routes. 24.7. Unconfig pim-dm { vlan VLAN } Change all the PIM-DM setting back to the default for one or more VLANs. Press to continue or to quit: 25. IPX 25.1. Show ipxconfig { vlan VLAN } Display the current IPX configuration. This includes: Enable status for : * global IPX routing * IPX RIP * IPX SAP * Route sharing * Service sharing. Per IPX-VLAN configuration information: * IPX Network ID * Encapsulation type (Ethernet II, Ethernet 802.3, Ethernet 802.2, Ethernet SNAP) * IPX RIP and IPX SAP enable status * Type-20 (NetBios) forwarding enable status 25.2. Show ipxstats { vlan VLAN } Display the current IPX packet statistics. Global status: * Packet transmit, receive, discard counters Press to continue or to quit: * Packet error counters (network unreachable, header error, etc.) Per IPX VLAN status: * Packet transmit, receive, discard counters * Packet error counters (network unreachable, header error, etc.) 25.3. Config ipxmaxhops MAXHOPS Change the IPX maximum hop count when forwarding IPX packets. The default is 16 hops. User should only change it if NLSP is running in the IPX network. 25.4. Config vlan VLAN xnetid NETID [ enet_ii | enet_8023 | enet_8022 | enet_snap ] 25.5. Unconfig vlan VLAN xnetid Config a VLAN to run IPX routing. Each VLAN can use only one IPX encapsulation scheme. Both SAP routing and RIP routing are enabled by default once the IPX network ID is configured. Enacapsulation type: ENET_II : Use standard Ethernet 2 header. ENET_8023 : Frame includes up to length field. No LLC . ENET_8022 : Frame includes up to LLC header. No snap. ENET_SNAP : Frame includes up to LLC/SNAP header. 25.6. Enable type20 forwarding { vlan VLAN } Press to continue or to quit: 25.7. Disable type20 forwarding { vlan VLAN } Enable or disable forwarding of IPX type 20 (NetBios inside IPX) packets from one or more ingress VLANs. Default is disable. 25.8. Xping { continuous } { size SIZE } NETID NODEADDR Ping an IPX node specified by the network ID and the node address (MAC-address). Only 4 pings will be sent if the continuous option is not specfied. The default ping packet size is 256 data bytes (or 296 bytes IPX packet + ethernet header). The size can be between 1 and 1484 bytes. 25.9. Show ipxroute { vlan VLAN | xnetid NETID | origin [static | rip | local] } Display IPX routes in the kernel route table. 25.10. Config ipxroute add [ DEST_NETID | default ] NEXT_HOP_NETID NEXT_HOP_NODE_ADDR HOPS TICS 25.11. Config ipxroute delete [ DEST_NETID | default ] NEXT_HOP_NETID NEXT_HOP_NODE_ADDR Configure static IPX route entries in the kernel route table. Up to 64 static routes can be entered. Press to continue or to quit: 25.12. Config ipxservice add SERVICE_TYPE SERVICE_NAME NETID MAC_ADDRESS SOCKET_NUMBER HOPS 25.13. Config ipxservice delete SERVICE_TYPE SERVICE_NAME NETID MAC_ADDRESS SOCKET_NUMBER Configure static IPX service entries. The following parameters need to be specified: * Service type in decimal number * Service name string * IPX network ID of the server (service provider) in hex * Server (service provider) MAC address * Socket (or IPX port) number on the server (hex) * Number of hops for SAP routing purpose. 25.14. Show ipxservice { vlan VLAN | xnetid NETID | origin [static | sap | local] } Display IPX services learned from the SAP routing process (or user configured static entries). The following information will be shown: * Service type * Server Name * Server network and address * Egress VLAN Press to continue or to quit: * Age 26. IPX RIP 26.1. Show ipxrip { vlan VLAN } Display the IPX RIP configuration and statistics: * Enable/Disable status * Timers * MTU size * Access filters for trusted gateway, import and export filters. * List of RIP neighbors * Packet transmit/receive statistics. 26.2. Enable ipxrip 26.3. Disable ipxrip Enable or disable the global IPX RIP status. 26.4. Config ipxrip add vlan [ VLAN | all ] 26.5. Config ipxrip delete vlan [ VLAN | all ] Configure a IPX VLAN to run IPX RIP. Note that IPX RIP is enabled by default Press to continue or to quit: when configuring the IPX VLAN. 26.6. Config ipxrip vlan [ VLAN | all ] max-packet-size SIZE Change the MTU size of the IPX RIP packets to SIZE. The default MTU size for IPX RIP packets is 432 bytes. 26.7. Config ipxrip vlan [ VLAN | all ] update-interval INTERVAL { hold-multiplier MULTIPLER } Change the update interval and hold multiplier for IPX RIP updates. This affect both the periodic update interval of RIP and also the aging interval of the learnt routes. The default update interval is 60 seconds and the default multiplier is 3. The aging period is calculated as INTERVAL * MULTIPLER, therefore the default aging period is 180 seconds. 26.8. Config ipxrip vlan [ VLAN | all ] delay MSEC Configure the time period between each RIP packet within an update interval. The default is 55 msec. 26.9. Unconfig ipxrip {vlan VLAN} Change the IPX RIP setting on a VLAN to the default setting. The import/export Press to continue or to quit: filters will be removed. The MTU size, update interval and inter-packet delay will also be changed. 27. IPX SAP 27.1. Show ipxsap { vlan VLAN } Display the current IPX SAP configuration and status. The following information will be available: * Packet transmit/receive statistics * Per-interface enable/disable status * GNS reply configuration * Timer confguration (update interval, aging timer, delay) * SAP neighbor information 27.2. Enable ipxsap 27.3. Disable ipxsap Enable or disable the global IPX SAP process. 27.4. Enable/disable ipxsap gns-reply { vlan VLAN } Enable or disable GNS reply on one or more IPX interface. The switch will answer GNS request if GNS reply is enabled. The switch will only forward GNS request if GNS reply is disabled. GNS reply is enabled by default. Press to continue or to quit: 27.5. Config ipxsap vlan VLAN gns-delay MILLISECOND Configure how long the switch will wait before answering a GNS request. By default, the switch answers GNS requests as soon as possible ( 0 millisecond). 27.6. Config ipxsap add vlan [ VLAN | all ] 27.7. Config ipxsap delete vlan [ VLAN | all ] Configure a IPX VLAN to run IPX SAP routing. Note that IPX SAP is enabled by default when configuring the IPX VLAN. 27.8. Config ipxsap vlan [ VLAN | all ] max-packet-size SIZE Change the MTU size of the IPX SAP packets to SIZE. The default MTU size for IPX SAP packets is 432 bytes. 27.9. Config ipxsap vlan [ VLAN | all ] update-interval INTERVAL { hold-multiplier MULTIPLER } Change the update interval and hold multiplier for IPX SAP updates. This affect both the periodic update interval of SAP and also the aging interval of the learnt routes. The default update interval is 60 seconds and the aging period is calculated as INTERVAL * MULTIPLER. Default multiplier is 3. Note that trigger update is always enabled, therefore any new information is processed and propagated right away. Press to continue or to quit: 27.10. Config ipxsap vlan [ VLAN | all ] delay MSEC Configure the time period between each SAP packet within an update interval. The default is 55 msec. 27.11. Unconfig ipxsap { vlan VAN } Change the IPX SAP setting on a VLAN to the default setting. The import/export filters will be removed. The MTU size, update interval and inter-packet delay will also be changed. 28. Debug Tracing 28.1. Show debug-tracing 28.2. Show debug-tracing [ ospf-spf ospf-lsa card-state-change ] 28.3. Show debug-tracing [ospf-hello ospf-neighbor pim-hello pim-neighbor pim-message pim-cache dvmrp-hello dvmrp-neighbor dvmrp-message dvmrp-route dvmrp-timer dvmrp-cache esrp-message esrp-state-change rip-message rip-route-change rip-triggered-update fdb bootprelay ] { vlan VLAN | all } Display the debug tracing configuration. 28.4. Config debug-tracing [ ospf-spf ospf-lsa card-state-change ] LEVEL Change the debug tracing facility for certain module to LEVEL. Press to continue or to quit: 28.5. Config debug-tracing [ospf-hello ospf-neighbor pim-hello pim-neighbor pim-message pim-cache dvmrp-hello dvmrp-neighbor dvmrp-message dvmrp-route dvmrp-timer dvmrp-cache esrp-message esrp-state-change rip-message rip-route-change rip-triggered-update fdb bootprelay ] LEVEL { vlan VLAN | all } Change the debug tracing level for certain module to LEVEL for one or more VLAN. FM-MAIN:8 # FM-MAIN:8 # FM-MAIN:8 # FM-MAIN:8 #