Vs 2024 Command Line Reference

DATACOM SYSTEMS INC
VS-2024-F
CLI User Manual
Datacom Systems Inc

Revision Number: 2.2
DATACOM SYSTEMS INC

Copyright 2012 Datacom Systems Inc . All Rights Reserved. No part of this document may be
reproduced, stored in a retrieval system or transmitted, in any form, or by any means, electronic or
otherwise, including photocopying, reprinting, or recording, for any purpose, without the express
written permission of Datacom Systems Inc.
Printed in ________
TRADEMARKS Datacom Systems Inc LOGO are trademarks of Datacom Systems Inc . in
the U.S. and other countries. The use of any of these trademarks without Datacom Systems Inc. prior
written consent is strictly prohibited. Other trademarks and trade names may be used in this document
to refer to either the entities claiming the marks and names or their products. Datacom Systems Inc.
disclaims any proprietary interest in the trademarks and trade names other than its own.
DISCLAIMER The information in this book is provided as is, with no warranties whatsoever, including
any warranty of merchantability, fitness for any particular purpose or any warranty otherwise arising out
of any proposal, specification or sample. This document is provided for informational purposes only and
should not be construed as a commitment on the part of Datacom Systems Inc. Information in this
document is subject to change without notice.
REQUESTS For information or obtaining permission for use of material of this work, please submit a
written request to: Corporate Marketing and Legal, Datacom
datacomsystems.com
DOCUMENT No.: Datacom
Systems Inc v 2.2
Systems Inc
on www
DATACOM SYSTEMS INC
Contents
CHAPTER 1:
1. INTRODUCTION _____________________________________________ 11
1.1 PURPOSE ...................................................................................................11
1.2 SCOPE .......................................................................................................11
1.3 DOCUMENT CONVENTIONS ..........................................................................11
1.4 KEY CONVENTIONS .....................................................................................12
1.4.1 Keyboard shortcuts ................................................................................12
1.4.2 Others ....................................................................................................12
CHAPTER 2:
2. COMMAND LINE INTERFACE __________________________________ 13

2.1 CLI COMMAND MODES ...............................................................................14
2.2 USER EXEC MODE ....................................................................................15
2.3 PRIVILEGED EXEC MODE ...........................................................................15
2.4 GLOBAL CONFIGURATION MODE ..................................................................15
2.5 INTERFACE CONFIGURATION MODE .............................................................15
2.5.1 Physical Interface Mode ........................................................................15
2.5.2 Port Channel Interface Mode .................................................................16
2.5.3 VLAN Interface Mode ............................................................................16
2.5.4 Tunnel Interface Mode ...........................................................................16
2.5.5 Out of Band Interface Mode ..................................................................16
2.6 CONFIG-VLAN MODE .................................................................................16
2.7 LINE CONFIGURATION MODE .......................................................................16
2.8 BOOT CONFIGURATION ...............................................................................16
2.9 REDUNDANCY CONFIGURATION ...................................................................16
2.10 PROTOCOL SPECIFIC MODES ......................................................................16
2.10.1 DiffSrv ClassMap Configuration mode ..................................................16
2.10.2 DiffSrv Policy-Map Configuration Mode.................................................17
2.10.3 DiffSrv Policy-Map Class Configuration Mode.......................................17
2.10.4 DHCP Pool Configuration Mode ............................................................17
2.10.5 ACL Standard Access List Configuration Mode ....................................17
2.10.6 ACL Extended Access List Configuration Mode ....................................17
2.10.7 ACL MAC Configuration Mode ..............................................................18
CHAPTER 3:
3. DIFFSERV (DIFFERENTIATED SERVICES)________________________ 21

3.1 SET QOS .....................................................................................................23
3.2 CLASS-MAP.................................................................................................24
3.3 POLICY-MAP ...............................................................................................25
3.4 MATCH .......................................................................................................26
3.5 CLASS ........................................................................................................27
3.6 SET COS .....................................................................................................28
3.7 SHUTDOWN QOS .........................................................................................29
3.8 COSQ SCHEDULING ALGORITHM ...................................................................30
3.9 TRAFFIC CLASS ...........................................................................................31
3.10 SHOW POLICY-MAP ......................................................................................32
3.11 SHOW CLASS-MAP .......................................................................................34
3.12 SHOW COSQ ALGORITHM .............................................................................35
3.13 SHOW COSQ WEIGHTS-BW ...........................................................................36
CHAPTER 4:
4. ACL (ACCESS CONTROL LISTS) _______________________________ 37

4.1 IP ACCESS-LIST ...........................................................................................39
4.2 MAC ACCESS-LIST EXTENDED.......................................................................41
4.3 USER-DEFINED ACCESS-LIST........................................................................42
4.4 USERDEFINED-LIST .....................................................................................43
CLI USER MANUAL

DATACOM SYSTEMS CONFIDENTIAL
DATACOM SYSTEMS INC
VS-2024-F
4.5
4.6
4.7
4.8
4.9
4.10
4.11
4.12
4.13
4.14
4.15
4.16
4.17
4.18
4.19
4.20
4.21
4.22
4.23
4.24
CHAPTER 5:
PERMIT USR-DEFINED-PACKET-TYPE ...........................................................45

DENY USR-DEFINED-PACKET-TYPE ..............................................................48
PERMIT - STANDARD MODE ..........................................................................50
DENY - STANDARD MODE .............................................................................52
PERMIT- IP/OSPF/PIM/PROTOCOL TYPE .........................................................53
PERMIT IPV6 ...............................................................................................56
DENY IPV6 ..................................................................................................58
DENY - IP/OSPF/PIM/PROTOCOL TYPE ...........................................................59
PERMIT TCP ................................................................................................61
DENY TCP ...................................................................................................64
PERMIT UDP ................................................................................................66
DENY UDP ...................................................................................................69
PERMIT ICMP ...............................................................................................71
DENY ICMP .................................................................................................75
IP ACCESS-GROUP ......................................................................................78
MAC ACCESS-GROUP ...................................................................................79
USER-DEFINED ACCESS-GROUP ...................................................................80
PERMIT .......................................................................................................81
DENY..........................................................................................................85
SHOW ACCESS-LISTS...................................................................................88
5. QOS (QUALITY OF SERVICE) __________________________________ 93

5.1 SHUTDOWN QOS .........................................................................................95
5.2 QOS ...........................................................................................................96
5.3 PRIORITY-MAP ............................................................................................97
5.4 CLASS-MAP.................................................................................................98
5.5 METER .......................................................................................................99
5.6 POLICY-MAP .............................................................................................100
5.7 QUEUE-TYPE ............................................................................................101
5.8 SHAPE-TEMPLATE .....................................................................................102
5.9 SCHEDULER ..............................................................................................103
5.10 QUEUE .....................................................................................................105
5.11 QUEUE-MAP ..............................................................................................107
5.12 SCHED-HIERARCHY ...................................................................................108
5.13 QOS INTERFACE ........................................................................................109
5.14 MAP .........................................................................................................110
5.15 MATCH ACCESS-GROUP .............................................................................112
5.16 SET CLASS ................................................................................................113
5.17 METER-TYPE .............................................................................................114
5.18 SET POLICY...............................................................................................116
5.19 SET METER ...............................................................................................117
5.20 SET ALGO-TYPE ........................................................................................120
5.21 RANDOM-DETECT DP .................................................................................121
5.22 SHOW QOS GLOBAL INFO ...........................................................................122
5.23 SHOW PRIORITY-MAP.................................................................................123
5.24 SHOW CLASS-MAP .....................................................................................124
5.25 SHOW CLASS-TO-PRIORITY-MAP .................................................................125
5.26 SHOW METER ............................................................................................126
5.27 SHOW POLICY-MAP ....................................................................................127
5.28 SHOW QUEUE-TEMPLATE ...........................................................................128
5.29 SHOW SHAPE-TEMPLATE ...........................................................................129
5.30 SHOW SCHEDULER ....................................................................................130
5.31 SHOW QUEUE ...........................................................................................131
5.32 SHOW QUEUE-MAP ....................................................................................132
5.33 SHOW SCHED-HIERARCHY .........................................................................133
5.34 SHOW QOS DEF-USER-PRIORITY.................................................................134
5.35 SHOW QOS METER-STATS ..........................................................................136
CLI USER MANUAL
CONFIDENTIAL
DATACOM SYSTEMS INC

CONTENTS
5.36
SHOW QOS QUEUE-STATS ..........................................................................137
CHAPTER 6:
6. TACACS ___________________________________________________ 138

6.1 TACACS-SERVER HOST ..............................................................................139
6.2 TACACS USE-SERVER ADDRESS .................................................................141
6.3 TACACS-SERVER RETRANSMIT ...................................................................142
6.4 DEBUG TACACS .........................................................................................143
6.5 SHOW TACACS ..........................................................................................144
CHAPTER 7:
7. LA ________________________________________________________ 146
7.1 SET PORT-CHANNEL ..................................................................................148
7.2 CHANNEL-PROTOCOL ................................................................................149
7.3 LACP SYSTEM-PRIORITY ............................................................................150
7.4 LACP SYSTEM-IDENTIFIER ..........................................................................151
7.5 PORT-CHANNEL LOAD-BALANCE .................................................................152
7.6 LACP PORT-PRIORITY ................................................................................154
7.7 LACP PORT-IDENTIFIER ..............................................................................155
7.8 CHANNEL-GROUP ......................................................................................156
7.9 LACP WAIT-TIME ........................................................................................157
7.10 LACP TIMEOUT ..........................................................................................158
7.11 LACP RATE ...............................................................................................159
7.12 LACP ........................................................................................................160
7.13 DEFAULT PORT..........................................................................................161
7.14 PORT-CHANNEL MAX-PORTS ......................................................................162
7.15 SHUTDOWN PORT-CHANNEL .......................................................................163
7.16 DEBUG LACP .............................................................................................164
7.17 DEBUG ETHERCHANNEL .............................................................................165
7.18 SHOW ETHERCHANNEL ..............................................................................166
7.19 SHOW ETHERCHANNEL - REDUNDANCY ......................................................172
7.20 SHOW INTERFACES ...................................................................................174
7.21 SHOW LACP ..............................................................................................177
CHAPTER 8:
8. SYSLOG ___________________________________________________ 180

8.1 LOGGING ..................................................................................................182
8.2 LOGGING SYNCHRONOUS ..........................................................................184
8.3 MAILSERVER .............................................................................................186
8.4 SENDER MAIL-ID ........................................................................................187
8.5 RECEIVER MAIL-ID .....................................................................................188
8.6 CMDBUFFS ...............................................................................................189
8.7 SERVICE TIMESTAMPS ...............................................................................190
8.8 CLEAR LOGS .............................................................................................191
8.9 SYSLOG MAIL ............................................................................................192
8.10 SYSLOG LOCAL STORAGE ..........................................................................193
8.11 SYSLOG FILENAME-ONE .............................................................................194
8.12 SYSLOG FILENAME-TWO ............................................................................195
8.13 SYSLOG FILENAME-THREE .........................................................................196
8.14 SYSLOG RELAY - PORT ..............................................................................197
8.15 SYSLOG PROFILE ......................................................................................198
8.16 LOGGING-FILE ...........................................................................................199
8.17 LOGGING SERVER .....................................................................................200
8.18 MAIL SERVER TABLE ..................................................................................201
8.19 SYSLOG RELAY .........................................................................................202
8.20 SYSLOG RELAY TRANSPORT TYPE ..............................................................203
8.21 SHOW LOGGING ........................................................................................204
8.22 SHOW EMAIL ALERTS .................................................................................205
8.23 SHOW SYSLOG ROLE .................................................................................206
8.24 SHOW SYSLOG MAIL ..................................................................................208
CLI USER MANUAL

DATACOM SYSTEMS INC
VS-2024-F
8.25
8.26
8.27
8.28
8.29
8.30
8.31
8.32
8.33
CHAPTER 9:
SHOW SYSLOG LOCAL STORAGE.................................................................209

SHOW LOGGING FILE .................................................................................210
SHOW LOGGING SERVER............................................................................211
SHOW MAIL SERVER ..................................................................................212
SHOW SYSLOG RELAY - PORT .....................................................................213
SHOW SYSLOG PROFILE .............................................................................214
SHOW SYSLOG RELAY TRANSPORT TYPE ....................................................215
SHOW SYSLOG FILE-NAME .........................................................................216
SHOW SYSLOG INFORMATION .....................................................................217
9. VLAN _____________________________________________________ 219

9.1 SET VLAN..................................................................................................223
9.2 VLAN ........................................................................................................224
9.3 SET MAC-LEARNING ...................................................................................225
9.4 SET UNICAST-MAC-LEARNING .....................................................................226
9.5 INTERFACE RANGE ....................................................................................227
9.6 BASE BRIDGE-MODE ..................................................................................228
9.7 MAC-VLAN ................................................................................................229
9.8 SUBNET-VLAN ...........................................................................................230
9.9 PROTOCOL-VLAN.......................................................................................231
9.10 MAP PROTOCOL ........................................................................................232
9.11 SET GVRP .................................................................................................233
9.12 SET PORT GVRP ........................................................................................234
9.13 SET PORT GVRP - ENABLE | DISABLE ...........................................................235
9.14 SET GMRP ................................................................................................236
9.15 SET PORT GMRP........................................................................................237
9.16 VLAN LEARNING MODE ...............................................................................238
9.17 FID - VLAN RANGE .....................................................................................239
9.18 SET VLAN TRAFFIC-CLASSES ......................................................................240
9.19 MAC-MAP ..................................................................................................241
9.20 MAP SUBNET .............................................................................................242
9.21 SWITCHPORT FILTERING-UTILITY-CRITERIA .................................................243
9.22 MAC-ADDRESS-TABLE STATIC UNICAST .......................................................244
9.23 MAC-ADDRESS-TABLE STATIC UNICAST TRANSPARENT BRIDGING MODE....247
9.24 MAC-ADDRESS-TABLE STATIC MULTICAST ...................................................249
9.25 MAC ADDRESS-TABLE STATIC MCAST ..........................................................251
9.26 MAC-ADDRESS-TABLE STATIC MULTICAST TRANSPARENT BRIDGING MODE 252
9.27 MAC-ADDRESS-TABLE AGING-TIME .............................................................254
9.28 BRIDGE-MODE- METRO .............................................................................255
9.29 L2PROTOCOL-TUNNEL COS ........................................................................257
9.30 CLEAR L2PROTOCOL-TUNNEL COUNTERS ...................................................258
9.31 CLEAR VLAN STATISTICS ............................................................................259
9.32 VLAN DEFAULT HYBRID TYPE ......................................................................260
9.33 WILDCARD ................................................................................................261
9.34 SET UNICAST-MAC LEARNING .....................................................................262
9.35 VLAN UNICAST-MAC LEARNING LIMIT ...........................................................263
9.36 UNICAST-MAC LEARNING LIMIT ...................................................................264
9.37 PORTS ......................................................................................................265
9.38 VLAN ACTIVE .............................................................................................267
9.39 FORWARD-ALL ..........................................................................................268
9.40 FORWARD-UNREGISTERED ........................................................................271
9.41 SWITCHPORT PVID.....................................................................................272
9.42 SWITCHPORT ACCESS VLAN .......................................................................273
9.43 SWITCHPORT ACCEPTABLE-FRAME-TYPE ....................................................274
9.44 SWITCHPORT INGRESS-FILTER ...................................................................275
9.45 PORT MAC-VLAN........................................................................................276
9.46 PORT SUBNET VLAN ................................................................................277
CLI USER MANUAL
CONFIDENTIAL
DATACOM SYSTEMS INC

CONTENTS
9.47
9.48
9.49
9.50
9.51
9.52
9.53
9.54
9.55
9.56
9.57
9.58
9.59
9.60
9.61
9.62
9.63
9.64
9.65
9.66
9.67
9.68
9.69
9.70
9.71
9.72
9.73
9.74
9.75
9.76
9.77
9.78
9.79
9.80
9.81
9.82
9.83
9.84
9.85
9.86
CHAPTER 10:
PORT PROTOCOL-VLAN ..............................................................................278

SWITCHPORT MAP PROTOCOLS-GROUP ......................................................279
SWITCHPORT PRIORITY DEFAULT ................................................................280
SWITCHPORT MODE ...................................................................................281
SWITCHPORT MODE DOT1Q-TUNNEL ...........................................................282
SET GARP TIMER .......................................................................................283
VLAN RESTRICTED .....................................................................................284
GROUP RESTRICTED ..................................................................................285
VLAN MAX-TRAFFIC-CLASS .........................................................................286
VLAN MAP-PRIORITY ..................................................................................287
SHUTDOWN GARP .....................................................................................288
SHUTDOWN VLAN ......................................................................................289
DEBUG VLAN .............................................................................................290
DEBUG GARP ............................................................................................292
SHOW VLAN ..............................................................................................295
SHOW VLAN DEVICE INFO ...........................................................................297
SHOW VLAN DEVICE CAPABILITIES ..............................................................300
SHOW FID - DETAIL ....................................................................................301
SHOW FORWARD-ALL ................................................................................303
SHOW FORWARD-UNREGISTERED...............................................................306
SHOW VLAN TRAFFIC-CLASSES...................................................................308
SHOW GARP TIMER ....................................................................................311
SHOW VLAN PORT CONFIG .........................................................................313
SHOW VLAN PROTOCOLS-GROUP ...............................................................317
SHOW PROTOCOL-VLAN .............................................................................318
SHOW MAC-VLAN.......................................................................................319
SHOW SUBNET VLAN MAPPING ...................................................................320
SHOW VLAN COUNTERS .............................................................................322
SHOW VLAN STATISTICS .............................................................................324
SHOW MAC-ADDRESS-TABLE ......................................................................325
SHOW DOT1D MAC-ADDRESS-TABLE ...........................................................327
SHOW DOT1D MAC-ADDRESS-TABLE STATIC UNICAST ..................................328
SHOW DOT1D MAC-ADDRESS-TABLE STATIC MULTICAST ..............................329
SHOW MAC-ADDRESS-TABLE COUNT ...........................................................330
SHOW MAC-ADDRESS-TABLE STATIC UNICAST .............................................332
SHOW MAC-ADDRESS-TABLE STATIC MULTICAST .........................................334
SHOW MAC-ADDRESS-TABLE DYNAMIC UNICAST ..........................................336
SHOW MAC-ADDRESS-TABLE DYNAMIC MULTICAST ......................................338
SHOW MAC-ADDRESS-TABLE AGING-TIME ...................................................340
SHOW WILDCARD ......................................................................................341
10. SNMPV3 __________________________________________________ 343

10.1 ENABLE SNMPSUBAGENT ...........................................................................346
10.2 DISABLE SNMPSUBAGENT ..........................................................................347
10.3 SHOW SNMP AGENTX INFORMATION............................................................348
10.4 SHOW SNMP AGENTX STATISTICS ...............................................................349
10.5 ENABLE SNMPAGENT .................................................................................350
10.6 DISABLE SNMPAGENT ................................................................................351
10.7 SNMP COMMUNITY INDEX ...........................................................................352
10.8 SNMP GROUP ............................................................................................354
10.9 SNMP ACCESS ..........................................................................................355
10.10 SNMP ENGINEID ........................................................................................357
10.11 SNMP PROXY NAME ...................................................................................358
10.12 SNMP MIBPROXY NAME ..............................................................................360
10.13 SNMP VIEW ...............................................................................................362
10.14 SNMP TARGETADDR ..................................................................................364
10.15 SNMP TARGETPARAMS ..............................................................................366
CLI USER MANUAL

DATACOM SYSTEMS INC
VS-2024-F
10.16
10.17
10.18
10.19
10.20
10.21
10.22
10.23
10.24
10.25
10.26
10.27
10.28
10.29
10.30
10.31
10.32
10.33
10.34
10.35
10.36
10.37
10.38
10.39
10.40
10.41
10.42
10.43
10.44
CHAPTER 11:
SNMP USER ..............................................................................................368

SNMP NOTIFY ............................................................................................370
SNMP FILTERPROFILE ................................................................................372
SNMP-SERVER ENABLE TRAPS SNMP AUTHENTICATION ................................373
SNMP-SERVER TRAP UDP-PORT .................................................................374
SNMP-SERVER TRAP PROXY-UDP-PORT ......................................................375
SNMP AGENT PORT....................................................................................376
SNMP TCP ENABLE ....................................................................................377
SNMP TRAP TCP ENABLE ............................................................................378
SNMP-SERVER TCP-PORT ..........................................................................379
SNMP-SERVER TRAP TCP-PORT ..................................................................380
SNMP-SERVER ENABLE TRAPS ...................................................................381
SHOW SNMP .............................................................................................382
SHOW SNMP COMMUNITY ...........................................................................383
SHOW SNMP GROUP ..................................................................................384
SHOW SNMP GROUP ACCESS .....................................................................386
SHOW SNMP ENGINEID ..............................................................................387
SHOW SNMP PROXY ..................................................................................388
SHOW SNMP MIBPROXY .............................................................................389
SHOW SNMP VIEWTREE .............................................................................391
SHOW SNMP TARGETADDR .........................................................................392
SHOW SNMP TARGETPARAM.......................................................................393
SHOW SNMP USER.....................................................................................394
SHOW SNMP NOTIF ....................................................................................395
SHOW SNMP INFORM STATISTICS ................................................................397
SHOW SNMP-SERVER TRAPS ......................................................................398
SHOW SNMP-SERVER PROXY-UDP-PORT .....................................................399
SHOW SNMP TCP .......................................................................................400
SHOW SNMP FILTER TABLE .........................................................................401
11. SNTP ____________________________________________________ 402

11.1 SNTP ........................................................................................................404
11.2 SET SNTP CLIENT ......................................................................................405
11.3 SET SNTP CLIENT VERSION ........................................................................406
11.4 SET SNTP CLIENT ADDRESSING MODE .........................................................407
11.5 SET SNTP CLIENT PORT .............................................................................408
11.6 SET SNTP CLIENT CLOCK-FORMAT ..............................................................409
11.7 SET SNTP TIME ZONE .................................................................................410
11.8 SET SNTP CLIENT CLOCK-SUMMER-TIME .....................................................411
11.9 SET SNTP CLIENT AUTHENTICATION-KEY .....................................................412
11.10 SET SNTP UNICAST-SERVER AUTO-DISCOVERY............................................413
11.11 SET SNTP UNICAST-POLL-INTERVAL ............................................................414
11.12 SET SNTP UNICAST-MAX-POLL-TIMEOUT......................................................415
11.13 SET SNTP UNICAST-MAX-POLL-RETRY .........................................................416
11.14 SET SNTP UNICAST-SERVER .......................................................................417
11.15 SET SNTP BROADCAST-MODE SEND-REQUEST.............................................418
11.16 SET SNTP BROADCAST-POLL-TIMEOUT ........................................................419
11.17 SET SNTP BROADCAST-DELAY-TIME ............................................................420
11.18 SET SNTP MULTICAST-MODE SEND-REQUEST ..............................................421
11.19 SET SNTP MULTICAST-POLL-TIMEOUT .........................................................422
11.20 SET SNTP MULTICAST-DELAY-TIME .............................................................423
11.21 SET SNTP MULTICAST-GROUP-ADDRESS .....................................................424
11.22 SET SNTP ANYCAST-POLL-INTERVAL ...........................................................425
11.23 SET SNTP ANYCAST-POLL-TIMEOUT ............................................................426
11.24 SET SNTP ANYCAST-POLL-RETRY-COUNT ....................................................427
11.25 SET SNTP ANYCAST-SERVER ......................................................................428
11.26 SHOW SNTP CLOCK ...................................................................................429
CLI USER MANUAL
CONFIDENTIAL
DATACOM SYSTEMS INC

CONTENTS
11.27
11.28
11.29
11.30
11.31
11.32
CHAPTER 12:
SHOW SNTP STATUS ..................................................................................430

SHOW SNTP UNICASTMODE STATUS..........................................................431
SHOW SNTP BROADCASTMODE STATUS ....................................................432
SHOW SNTP MULTICASTMODE STATUS ......................................................433
SHOW SNTP ANYCASTMODE STATUS .........................................................434
DEBUG SNTP .............................................................................................435
12. RMON ____________________________________________________ 437

12.1 SET RMON ................................................................................................438
12.2 RMON COLLECTION HISTORY ......................................................................439
12.3 RMON COLLECTION STATS .........................................................................440
12.4 RMON EVENT ............................................................................................441
12.5 RMON ALARM ............................................................................................442
12.6 SHOW RMON .............................................................................................444
CLI USER MANUAL

DATACOM SYSTEMS INC
Figures
Figure 2-1: Command Modes Access Path ................................................................................................. 19
CLI USER MANUAL

Chapter
1
1.Introduction
1.1 Purpose
Datacom Systems Inc is a pre-integrated OEM ready software for managed Layer2/Layer 3 switches,
which performs switching between Ethernet ports at wire speed. Datacom Systems Inc provides the
basic bridging functionality and also offers advanced features such as link aggregation, GVRP/GMRP,
IGMP Snooping and Network Access Control.
This document describes in detail the CLI commands that are specific to xCAT target. It is intended to be
a reference manual for users and system administrators who will configure Datacom Systems Inc
through the CLI interface.
1.2 Scope
The scope of this document is limited to Datacom Systems Inc release 5.0.0.0. This document details all
the Marvell xCAT based CLI commands provided by the Datacom Systems Inc software.
1.3 Document Conventions
The syntax of the CLI command is given in Courier New 10 bold.
Elements in (< >) indicate the field required as input along with a CLI command, for example, <
integer (100-1000)>.
Elements in square brackets ([]) indicate optional fields for a command.
Text in {} refers to either-or group for the tokens given inside separated by a | symbol.
The CLI command usage is given in Courier New 10 regular.
Outputs and messages for CLI commands are given in Courier New 10 regular.
CLI USER MANUAL

11
DATACOM SYSTEMS INC
VS-2024-F
The no form of the command resets a particular configuration to its default value or revokes the effect.
This is explicitly explained in the description of the commands for which it is applicable.
Any action that can change the switch configuration, any conditionals and requirements for a
command and any information associated with significant details and functionality of command is
listed using the
symbol.
Datacom Systems Inc is available in three different packages, namely, Workgroup, Enterprise and
Metro1. The parameters specific for a particular package are indicated along with the description of
the parameter itself.
1.4 Key Conventions

1.4.1 Keyboard shortcuts
Up Arrow /
Displays the previously executed command
Down Arrow
Ctrl + C
Exits from the ISS prompt
Backspace
Removes a single character
/ Ctrl + H
TAB
Completes a command without typing the full word
Left Arrow /
Traverses the current line
Right Arrow
1.4.2 Others
'q' - exits the output display if display is more than one page and returns to the ISS prompt
"show history"
- helps to list the available commands
- displays the command history list
Refer ISS Product Specification Document for a detailed description of the package.
12
ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.

CONFIDENTIAL
Chapter
2
2.Command Line Interface
This section describes the configuration of Datacom Systems Inc using the Command Line Interface.
The Command Line Interface (CLI) can be used to configure the Intelligent Switch Solution from a console
attached to the serial port of the switch or from a remote terminal using TELNET.
The Datacom Systems Inc CLI supports a simple login authentication mechanism. The authentication is
based on a user name and password provided by the user during login. The user "root" is created by
default with password "admin123".
When Datacom Systems Inc is started, the user name and password has to be given at the login prompt
to access the CLI shell:
Datacom Systems Inc. Intelligent Switch Solution
ISS Login: guest
Password: ********
iss#
The "user-exec" mode is now available to the user. CLI Command Modes provide a detailed description of
the various modes available for ISS.
When Datacom Systems Inc. ISS-Chassis is started, the user name and password has to be given
at the login prompt to access the CLI shell:
IDatacom Systems Inc. Intelligent Switch Solution
ISS Login: chassisuser
Password: ********
iss-boot>
CLI USER MANUAL
13
DATACOM SYSTEMS INC
VS-2024-F
The Boot Configuration mode is now available to the user.

The command prompt always displays the current mode.
CLI commands need not be fully typed. The abbreviated forms of CLI commands are also
accepted by the Datacom Systems Inc CLI. For example, commands like " show ip global
config" can be typed as "sh ip gl co".
CLI commands are case insensitive.
CLI commands will be successful only if the dependencies are satisfied for a particular
command that is issued. Appropriate error messages will be displayed, if the dependencies are
not satisfied
Note: The ethernet type of an interface is determined during System Startup. While
configuring interface-specific parameters, its ethernet type needs to be specified
correctly. A fast ethernet interface cannot be configured as a gigabit-ethernet interface
and vice-versa.
2.1 CLI Command Modes
14
Command Mode
Access Method
Prompt
iss>
Exit method
User EXEC
This is the initial mode

to start a session.
Privileged EXEC
The User EXEC mode

command enable, is
used to enter the
Privileged EXEC
mode.
iss#
To return from the

Privileged EXEC
mode to User EXEC
mode the disable
command is used.
Global Configuration
The Privileged EXEC

mode command
configure
terminal, is used to
enter the Global
Configuration mode
iss(config)#
To exit to the Global

Configuration mode
the exit command is
used and to exit to the
Privileged EXEC
mode the end
command is used.
Interface Configuration
The Global
Configuration mode
command interface
<interfacetype><interfaceid> is used to enter
the Interface
configuration mode.
iss(configif)#

Configuration mode
the exit command is
Privileged EXEC
mode the end
command is used.
Config-VLAN
The global
configuration mode
command vlan
vlan-id, is used to
enter the Config-VLAN
mode.
iss(configvlan)#

Configuration mode
the exit command is
Privileged EXEC
mode the end
The logout method is

used.

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 2: COMMAND LINE INTERFACE
Command Mode
Access Method
Prompt
Exit method
command is used.
Line Configuration
The global
configuration mode
command line, is
used to enter the Line
Configuration mode.
iss(configline)#

Configuration mode
the exit command is
Privileged EXEC
mode the end
command is used.
Redundancy
Configuration
The global
configuration mode
command
redundancy, is used
to enter the
Redundancy
Configuration mode.
iss(configr)#

Configuration mode
the exit command is
used.
Boot Configuration
This is the initial mode

to start an ISS-Chassis
session.
iss-boot>
The reload
command is used to
restart the switch.
2.2 User EXEC Mode

After logging into the device, the user is automatically in the User EXEC mode. In general, the User EXEC
commands are used to temporarily change terminal settings, perform basic tests and list system
information.
2.3 Privileged EXEC Mode

Since many of the privileged commands set operating parameters, privileged access is password
protected to prevent unauthorized use. The password is not displayed on the screen and is case
sensitive. The Privileged EXEC mode prompt is the device name followed by the pound (#) sign.
2.4 Global Configuration Mode

Global Configuration commands apply to features that affect the system as a whole, to any specific
interface.
2.5 Interface Configuration Mode

The following are the different modes present under the Interface Configuration mode.
2.5.1 Physical Interface Mode

The Physical Interface mode is used to perform interface specific operations. To return to the global
configuration mode the exit command is used.
CLI USER MANUAL

15
DATACOM SYSTEMS INC
VS-2024-F
2.5.2 Port Channel Interface Mode

The Port Channel Interface mode is used to perform port-channel specific operations.
To return to the global configuration mode the exit command is used.
2.5.3 VLAN Interface Mode

The VLAN Interface mode is used to perform L3-IPVLAN specific operations. To return to the global
2.5.4 Tunnel Interface Mode

The Tunnel Interface mode is used to perform Tunnel specific operations. To return to the global
2.5.5 Out of Band Interface Mode

The Out of Band Interface mode is used to perform OOB interface specific operations. To return to the
global configuration mode the exit command is used.
2.6 Config-VLAN Mode

This mode is used to perform VLAN specific operations. To return to the global configuration mode the
exit command is used.
2.7 Line Configuration Mode

Line configuration commands modify the operations of a terminal line.
2.8 Boot Configuration

This mode is used to generate the Slot information (module type). The reload command is used to
restart the switch.
2.9 Redundancy Configuration

This mode is used to modify the redundancy parameters. To return to the global configuration mode the
exit command is used.
2.10 Protocol Specific Modes

The following are the different Protocol specific modes.
2.10.1
DiffSrv ClassMap Configuration mode
The class-map global configuration command creates a class map to be used for matching the packets to
the class whose index is specified and to enter the class-map configuration mode The Global
16

CONFIDENTIAL
DATACOM SYSTEMS INC

configuration mode command class-map <short(1-65535)> is used to enter the DiffSrv ClassMap
Configuration mode and. the prompt seen at this mode is iss(config-cmap)#.
2.10.2
DiffSrv Policy-Map Configuration Mode
In the Policy-Map Configuration mode the user can create or modify a policy map.
The Global configuration mode command policy-map <short(1-65535)> is used to enter the DiffSrv
PolicyMap Configuration mode and the prompt seen at this mode is iss(config-pmap)#.
2.10.3
DiffSrv Policy-Map Class Configuration Mode
The Policy-Map Class Configuration command defines a traffic classification for the policy to act on. The
class-map-num that is specified in the policy map ties the characteristics for that class and its match
criteria as configured by using the class-map global configuration command to the class map. Once the
class command is entered, the switch enters policy-map class configuration mode.
The DiffSrv Policy mode command policy-map <short(1-65535)> is used to enter the DiffSrv
Policy-Map Class Configuration mode and. the prompt seen at this mode is iss(config-pmap-c)#.
2.10.4
DHCP Pool Configuration Mode
This mode is used to configure the network pool / host configurations of a subnet pool.
The Global configuration mode command ip dhcp pool <integer(1-2147483647)> creates a
DHCP server address pool and places the user in DHCP pool configuration mode. The prompt seen at
this mode is iss(dhcp-config)#.
2.10.5
ACL Standard Access List Configuration Mode
Standard access lists create filters based on IP address and network mask only (L3 filters only).
The Global configuration mode command ip access-list standard <(1-1000) creates IP ACLs
and is used to enter the ACL Standard Access List Configuration mode. The prompt seen at this mode is
iss(config-std-nacl)#.
2.10.6
ACL Extended Access List Configuration Mode
The Extended Access lists enables to specify filters based on the type of protocol, range of TCP/UDP
ports as well as IP address and network mask (Layer 4 filters).
The Global configuration mode command ip access-list extended <(1001-65535)> is used to
enter the ACL Extended Access List Configuration mode and the prompt seen at this mode is
iss(config-ext-nacl)#.
CLI USER MANUAL
17
DATACOM SYSTEMS INC
VS-2024-F
2.10.7
ACL MAC Configuration Mode
The MAC access-list global configuration command creates Layer 2 MAC ACLs, and returns the MACAccess list configuration mode to the user.
The Global configuration mode command mac access-list extended <(1-65535)> is used to
enter the ACL MAC Configuration mode and the prompt seen at this mode is iss(config-extmacl)#.
18

CONFIDENTIAL
DATACOM SYSTEMS INC

User EXEC Mode

Prompt: iss> enable
Password
Privileged Mode
Prompt: iss#
Global Configuration Mode

Prompt: iss(config)#
Protocol Specific Modes
General Configuration Modes
DHCP Pool Configuration
Line Configuration
Prompt: iss(dhcp-config)#
Prompt:: iss (config-line)#
DiffSrv ClassMap
Configuration
DiffSrv Policy-Map
Configuration
Prompt: iss(config-pmap)#
Prompt: iss(config-cmap)#
Interface Configuration
Mode
Prompt: iss (config-if)#
Config-VLAN
DiffSrv Policy-Map Class

Configuration Mode
ACL Standard Access List

Configuration
Prompt: iss(config-pmap-c)#
Prompt: iss(config-std-nacl)#
Prompt: iss(config-vlan)#
Redundancy Configuration
ACL Extended Access List

Configuration
ACL MAC Configuration

Prompt: iss(config-ext-macl)#
Prompt: iss(config-r)#
Prompt: iss(config-ext-nacl)#
Figure 2-1: Command Modes Access Path
CLI USER MANUAL

19
Chapter
3
3.DiffServ (Differentiated Services)
DiffServ (Differentiated Services) is an architecture for providing different types or levels of service for
network traffic. One key characteristic of Diffserv is that flows are aggregated in the network, so that core
routers only need to distinguish a comparably small number of aggregated flows, even if those flows
contain thousands or millions of individual flows.
Differentiated services are intended to provide a framework and building blocks to enable deployment of
scalable service discrimination in the Internet. The differentiated services approach aims to speed
deployment by separating the architecture into two major components, one of which is fairly wellunderstood and the other of which is just beginning to be understood. In this, we are guided by the original
design of the Internet where the decision was made to separate the forwarding and routing components.
Packet forwarding is the relatively simple task that needs to be performed on a per-packet basis as
quickly as possible. Forwarding uses the packet header to find an entry in a routing table that determines
the packet's output interface. Routing sets the entries in that table and may need to reflect a range of
transit and other policies as well as to keep track of route failures. Routing tables are maintained as a
background process to the forwarding task.
The list of CLI commands for the configuration of DiffServ is as follows:
set qos
class-map
policy-map
match
class
set cos
shutdown qos
cosq scheduling algorithm
traffic class
CLI USER MANUAL

21
VS-2024-F
show policy-map
show class-map
show cosq algorithm
show cosq weights-bw
22
DATACOM SYSTEMS INC

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 3: DIFFSERV (DIFFERENTIATED SERVICES)
3.1 set qos

This command enables differentiated services on the device. The disable option is used to disable the
QoS feature on the device.
set qos { enable | disable }
Syntax
Description
enable
Enables differentiated services
disable
Disables differentiated services
Mode
Package
Workgroup, Enterprise and Metro
Defaults
disable
Example
iss(config)# set qos enable
QoS must be globally enabled prior to the execution of the class-map

and policy-map mode commands.
When set as 'enabled', DiffServ Module programs the hardware and

starts Protocol Operation.
When set as 'disabled', it stops protocol operation by deleting the

hardware configuration.
Related Commands
show policy-map - Displays the quality of service (QoS) policy maps
show class-map - Displays quality of service (QoS) class maps
CLI USER MANUAL

23
DATACOM SYSTEMS INC
VS-2024-F
3.2 class-map
This command creates a class map that is meant to be used for matching the packets to the class whose
index is specified. This command is also used to enter the class-map configuration mode. The no form of
this command is used to delete an existing class map and to return to global configuration mode.
class-map <class-map-number(1-65535)>
no class-map <class-map-number(1-65535)>
Syntax
Description
class-map-number
Mode
Package
Example
iss(config)# class-map 5
Differentiated services must have been enabled in the device.
The class-map command and its subcommands are used to define packet
classification, marking, and aggregate policing as part of a globally named
service policy applied on a per-interface basis.
The match command is available from the class-map configuration mode.
QoS class map number
Related Command
24

CONFIDENTIAL
DATACOM SYSTEMS INC

3.3 policy-map
This command is used to enter the policy-map configuration mode. In the policy-map configuration mode
the user can create or modify a policy map. The no form of this command deletes an existing policy map
and returns to the global configuration mode.
policy-map <policy-map-number(1-65535)>
no policy-map <policy-map-number(1-65535)>
Syntax
Description
policy-map-number
Mode
Package
Example
iss(config)# policy-map 6
The following two commands are available from the policy-map configuration
mode:
QoS Policy map number
class
exit - Exits from the policy map configuration mode and returns to the
global configuration mode.
Related Command
show policy-map - Displays quality of service (QoS) policy maps
CLI USER MANUAL

25
DATACOM SYSTEMS INC
VS-2024-F
3.4 match
This command specifies the fields in the incoming packets that are to be examined for the classification of
the packets. The IP access group / MAC access group can be used as match criteria.
match access-group { mac-access-list | ip-access-list } <acl-index-num (165535) >
Syntax
Description
mac-access-list
Access list created based on MAC addresses for non-IP

traffic
ip-access-list
Access list created based on IP addresses. The IP-access

list can either be defined as a standard IP-access list or
an extended IP-access list.
acl-index-num
Specifies the ACL index range. The ACL index range for
an IP standard ACL is 1 to 1000 and IP extended ACL is
1001 to 65535.
The ACL index range for a MAC extended ACL is 1 to
65535.
Mode
Class Map Configuration Mode
Package
Example
iss (config-cmap)# match access-group mac-access-list 5
MAC access list and IP access list must have been configured.
Related Commands
class-map - Creates a class map to be used for matching the packets with the class whose
name/index is specified
show class-map - Displays QoS Class maps
26

CONFIDENTIAL
DATACOM SYSTEMS INC

3.5 class
This command defines a traffic classification for the policy to act. The class-map-number that is specified
in the policy map ties the characteristics for that class to the class map and its match criteria, as
configured by using the class-map global configuration command. On execution of the class command,
the switch enters the policy-map class configuration mode.
The no form of this command un-maps the class-map from the current policy-map configuration.
class <class-map-number(1-65535)>
no class <class-map-number(1-65535)>
Syntax
Description
class-map-number
Mode
Policy-Map Configuration Mode
Package
Example
iss (config-pmap)# class 5
The policy-map global configuration command must be executed prior to using the
class command. After a policy map is specified, the user can either configure a
policy for new classes or modify a policy for any existing classes in that policy map.
The following configuration commands are available from the policy map class
configuration mode:
-
Class Map Number
set cos
Related Commands
policy-map - Enters the policy map configuration mode
show policy-map - Displays the QoS policy maps
CLI USER MANUAL

27
DATACOM SYSTEMS INC
VS-2024-F
3.6 set cos

This command defines the in-profile action by setting a class of service (CoS), Differentiated Services
Code Point (DSCP), or IP-precedence value in the packet.
The no form of the command deletes the configured values.
set {cos <new-cos(0-7)> | ip dscp <new-dscp(0-63)> | ip precedence <newprecedence(0-7)>}
no set {cos <new-cos(0-7)> | ip { dscp <new-dscp(0-63)> | precedence <newprecedence(0-7)>}}
Syntax
Description
cos
New COS value assigned to the classified traffic
ip dscp
New DSCP value assigned to the classified traffic
ip precedence
New IP-precedence value assigned to the classified

traffic
Mode
Policy-Map Class Configuration Mode
Package
Example
iss (config-pmap-c)# set cos 5
To attach policy maps that contain the following elements to an ingress interface
-
set policy-map class configuration commands must be used. Moreover, the

police policy-map class configuration command can be used to mark down
(reduce) the DSCP value at the ingress interface.
Access control list (ACL) classification.
Per-port per-VLAN classification.
Related Commands
class- Defines a traffic classification for the policy set
policy-map - Used to enter the policy map configuration mode
class-map - Creates a class map
show policy-map - Displays the QoS policy map configuration
28

CONFIDENTIAL
DATACOM SYSTEMS INC

3.7 shutdown qos

This command shuts down the Quality-of-Service operation. The no form of the command starts and
enables the Quality-of-Service operation.
shutdown qos
no shutdown qos
Mode
Package
Defaults
QoS is started and enabled by default
Example
iss(config)# shutdown qos
When shutdown, all the pools used by DiffServ module will be released to the
system.
When started, the resources required by DiffServ module are allocated and the
module starts running.
Related Commands
show policy-map - Displays the quality of service (QoS) policy maps
CLI USER MANUAL

29
DATACOM SYSTEMS INC
VS-2024-F
3.8 cosq scheduling algorithm

This command sets cosq scheduling algorithm.
cosq scheduling algorithm { strict | rr | wrr | wfq | strict-rr | strict-wrr |
strict-wfq | deficit }
Syntax
Description
strict
strict
rr
round robin
wrr
weighted round robin
wfq
weighted fair queing
strict-rr
strict - round robin
strict-wrr
strict - weighted round robin
strict-wfq
strict - weighted fair queing
deficit
deficit
Mode
Interface Configuration mode
Package
Example
iss(config-if)# cosq scheduling algorithm strict
Related Commands
show cosq algorithm - Displays the CoSq algorithm used for the interface.
show cosq weights-bw - Displays the CoSq weights and the bandwidth for the interface.
30

CONFIDENTIAL
DATACOM SYSTEMS INC

3.9 traffic class

This command sets weight and bandwidth for traffic classes.
traffic-class <integer(0-7)> weight <integer(0-15)> [ minbandwidth <integer(1262143)>]
Syntax
Description
traffic-class
Configures cosq numbers
weight
Configures cosq weights
minbandwidth
Configures minimum bandwidth
Mode
Interface Configuration mode
Package
Defaults
weight
Example
iss(config-if)# traffic-class 1 weight 7 minbandwidth 1234
Related Commands
show cosq algorithm - Displays the CoSq algorithm used for the interface.
show cosq weights-bw - Ddisplays the CoSq weights and the bandwidth for the interface.
CLI USER MANUAL

31
DATACOM SYSTEMS INC
VS-2024-F
3.10 show policy-map

This command displays the quality of service (QoS) policy maps, which defines the classification criteria
for the incoming traffic. Policy maps can include policers that specify the bandwidth limitations and the
action to take if the limits are exceeded.
show policy-map [<policy-map-num(1-65535)> [class <class-map-num(1-65535)>]]
Syntax
Description
policy-map-num
Policy map number
class
Class map number
Mode
Privileged/User EXEC Mode
Package
Example
iss# show policy-map 24

DiffServ Configurations:
-----------------------Quality of Service has been enabled
Policy Map 24 is not active
Class Map: 20
---------------Protocol
: 255
In Profile Entry
---------------In profile action
: policed-precedence 5
Out Profile Entry

----------------Metering on
burst bytes/token size
: 6
Refresh count
: 1000
Out profile action
: drop
No Match Entry
-------------No match action
: policed-precedence 5
Related Commands
32
policy-map - Used to enter the policy map configuration mode

CONFIDENTIAL
DATACOM SYSTEMS INC

class - Defines a traffic classification for the policy to act
set cos - Defines the in-profile action by setting a CoS, DSCP or IP-precedence value in the packet
CLI USER MANUAL

33
DATACOM SYSTEMS INC
VS-2024-F
3.11 show class-map

This command displays quality of service (QoS) class maps, which defines the match criteria to classify
traffic.
show class-map [<class-map-num(1-65535)>]
Syntax
Description
class-map-num
Mode
Package
Example
iss# show class-map
Displays the configured class map number
DiffServ Configurations:
------------------------
Class map 20
-------------Filter-ID
: 3
Filter-Type
: IP-Filter
Related Commands
class-map - Creates a class map that is meant to be used for matching the packets to the class
whose index is specified
match - Specifies the fields in the incoming packets that are to be examined for the classification of
the packets
34

CONFIDENTIAL
DATACOM SYSTEMS INC

3.12 show cosq algorithm

This command displays the CoSq algorithm used for the interface.
show cosq algorithm [ interface <interface-type> <interface-id> ]
Syntax
Description
interface-type
Interface Type
interface-id
Interface ID
Mode
Package
Example
iss(config)# show cosq algorithm interface gigabitethernet

0/1
CoSq Algorithm
-----------------------Interface
Algorithm
-----------
---------------
Gi0/1
StrictPriority
.......
.......................
--------------------------
CLI USER MANUAL

35
DATACOM SYSTEMS INC
VS-2024-F
3.13 show cosq weights-bw

This command displays the CoSq weights and the bandwidth for the interface.
show cosq weights-bw [ interface <interface-type> <interface-id> ]
Syntax
Description
interface-type
Interface Type
interface-id
Interface ID
Mode
Package
Example
iss(config)# show cosq weights-bw interface gigabitethernet

0/1
CoSq Weights and Bandwidths
---------------------------------------------Interface
CoSqId
CoSqWeight
MinBw
MaxBw
Flag
---------
------
---------
------
----
Gi0/1
Gi0/1
Gi0/1
Gi0/1
Gi0/1
Gi0/1
Gi0/1
Gi0/1
.....
...
..
...
...
...
-----
---------------------------------------------------
36

CONFIDENTIAL
Chapter
4
4.ACL (Access Control Lists)
ACLs (Access Control Lists) filter network traffic by controlling whether routed packets are forwarded or
blocked at the router's interfaces. ACLs are used to block IP packets from being forwarded by a router.
The router examines each packet to determine whether to forward or drop the packet, based on the
criteria specified within the access lists.
Access list criteria can be the source address of the traffic, the destination address of the traffic, the
upper-layer protocol or other information.
There are many reasons to configure access lists - access lists can be used to restrict contents of routing
updates or to provide traffic flow control. But one of the most important reasons to configure access lists is
to provide security for the network.
Access lists must be used to provide a basic level of security for accessing the network. If access lists has
not been configured on the router, all packets passing through the router can be allowed onto all parts of
the network.
For example, access lists can allow one host to access a part of the network and prevent another host
from accessing the same area.
The list of CLI commands for the configuration of ACL is as follows:
ip access-list
mac access-list extended
user-defined access-list
userdefined-list
permit usr-defined-packet-type
deny usr-defined-packet-type
permit - standard mode
deny - standard mode
CLI USER MANUAL

37
VS-2024-F
permit- ip/ospf/pim/protocol type
permit ipv6
deny ipv6
deny - ip/ospf/pim/protocol type
permit tcp
deny tcp
permit udp
deny udp
permit icmp
deny icmp
ip access-group
mac access-group
user-defined access-group
permit
deny
show access-lists
38
DATACOM SYSTEMS INC

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 4: ACL (ACCESS CONTROL LISTS)
4.1 ip access-list
This command creates IP ACLs and enters the IP Access-list configuration mode. Standard access lists
create filters based on IP address and network mask only (L3 filters only ). Extended access lists enables
specification of filters based on the type of protocol, range of TCP/UDP ports as well as the IP address
and network mask (Layer 4 filters).
Depending on the standard or extended option chosen by the user, this command returns a
corresponding IP Access list configuration mode.
The no form of the command deletes the IP access-list.
ip access-list {standard <access-list-number (1-1000)> | extended
list-number (1001-65535)> }
no ip access-list {standard
list-number (1001-65535)> }
Syntax
Description
<access-
<access-list-number (1-1000)> | extended <access-
standard
Standard access-list number
extended
Extended access-list number
Mode
Package
Example
iss(config)# ip access-list standard 1
ACLs on the system perform both access control and Layer 3 field classification. To
define Layer 3 fields access-lists the ip access-list command must be used.
Related Commands
permit - standard mode - Specifies the packets to be forwarded depending upon the associated
parameters
deny - standard mode - Denies traffic if the conditions defined in the deny statement are
matched
permit- ip/ospf/pim/protocol type - Allows traffic for a particular protocol packet if the
conditions defined in the permit statement are matched
deny - ip/ospf/pim/protocol type- Denies traffic for a particular protocol packet if the
conditions defined in the deny statement are matched
permit tcp - Specifies the TCP packets to be forwarded based on the associated parameters
deny tcp - Specifies the TCP packets to be rejected based on the associated parameters
permit udp - Specifies the UDP packets to be forwarded based on the associated parameters
deny udp - Specifies the UDP packets to be rejected based on the associated parameters
CLI USER MANUAL

39
DATACOM SYSTEMS INC
VS-2024-F
permit icmp - Specifies the ICMP packets to be forwarded based on the IP address and the
associated parameters
deny icmp - Specifies the ICMP packets to be rejected based on the IP address and associated
parameters
ip access-group - Enables access control for the packets on the interface
show access-lists - Displays the access list configuration
40

CONFIDENTIAL
DATACOM SYSTEMS INC

4.2 mac access-list extended

This command creates Layer 2 MAC ACLs, that is, this command creates a MAC access-list and returns
the MAC-Access list configuration mode to the user. The no form of the command deletes the MAC
access-list.
mac access-list extended <access-list-number (1-65535)>
no mac access-list extended <short (1-65535)>
Syntax
Description
accesslist-number
Mode
Package
Example
iss(config)# mac access-list extended 5
ACLs on the system perform both access control and layer 2 field classification.
To define Layer 2 access lists, the mac access-list command must be used.
Access list number
Related Commands
permit - Specifies the packets to be forwarded based on the MAC address and the associated
parameters
deny - Specifies the packets to be rejected based on the MAC address and the associated
parameters
mac access-group - Applies a MAC access control list (ACL) to a Layer 2 interface.
CLI USER MANUAL

41
DATACOM SYSTEMS INC
VS-2024-F
4.3 user-defined access-list

This command creates a user defined access-list. The no form of the command deletes the user defined
access-list. The value ranges between 1 to 65535.
user-defined access-list
<access-list-number (1-65535)>
no user-defined access-list <short (1-65535)>
Mode
Package
Example
iss(config)# user-defined access-list 5
ACLs on the system perform both access control and layer 2 field classification based
on user defined bytes in the packets.
Related Commands
permit usr-defined-packet-type - Permits Packet Based on User Defined Packet type
parameters
parameters
userdefined-list- Creates a user defined access list by applying AND, OR, NOT operation ( regular
expressions) on existing ACL rules or specifying match on user-defined packet offsets.
user-defined access-group - Applies a user defined access list (ACL) to an interface.
Usage of Regular Expressions AND, OR , NOT
AND - Apply AND operation on base filter rules identified uniquely as ACL1, ACL2. This operation
merges the match qualifiers of two ACL rules ACL1, ACL2 to derive a new ACL Rule ACL3
OR - Apply OR operation on base filter rules identified uniquely as ACL1 and ACL2. This operation
results in applying the filter action { permit/deny/redirect } corresponding to ACL Rule 1 on ACL Rule2.
NOT Apply NOT operation on base filter rule ( ACL 1) and derive new ACL Rule. If the action
corresponding to ACL 1 is permit, then after applying NOT operation, new rule will have filter action deny.
The filter actions on which NOT operation can be applied are permit, deny. This operation is not
applicable for other filter actions.
42

CONFIDENTIAL
DATACOM SYSTEMS INC

4.4 userdefined-list
This command creates a user defined access list after application of regular expressions AND, OR, NOT
on existing ACL rules
userdefined-list {{ ip-acl1-and-ip-acl2| ip-acl1-or-ip-acl2 | mac-acl1-andmac-acl2 | mac-acl1-and-ip-acl2 | mac-acl1-or-mac-acl2 | ip-acl1-or-mac-acl2

} <short(1-65535)> <short(1-65535)> | { not-ip-acl1 | not-mac-acl1 }
<short(1-65535)>}
Syntax
Description
ip-acl1-and-ip-acl2
Performs AND operation on two Layer 3 ACL

Rules ( acl1 , acl2). And create a new layer 3
ACL rule that is represented by this user defined
access-list..The filter action corresponding to the
new ACL rule is identical to the base rules.
ip-acl1-or-ip-acl2
Performs OR operation on two layer 3 ACL Rules.

This operation results in applying the action of
ACL Rule 1 on ACL Rule 2
mac-acl1-and-mac-acl2
Performs AND operation on two layer 2 ACL

Rules and create a new layer 2 ACL rule that is
represented by this user defined access-list. The
filter action corresponding to the new ACL rule is
identical to the base rules.
mac-acl1-and-ip-acl2
Performs AND operation on two ACL rules - acl1

( layer 2 ACL Rule) and acl2 ( Layer 3 ACL rule)
and create an new ACL Rule represented by this
user defined access-list. The filter action
corresponding to the new ACL rule is identical to
the base rules.
mac-acl1-or-mac-acl2
Performs OR operation on two Layer 2 ACL Rules

and results in application of filter-action of ACL1
on ACL2
ip-acl1-or-mac-acl2
Performs OR operation on Layer 3 ACL Rule

(ACL1) using Layer 2 ACL rule ( ACL2) and
results in application of filter-action of ACL1 on
ACL2.
not-ip-acl1
Performs NOT operation on ACL Rule 1 and

derive new Rule. The filter action for the derived
ACL Rule is deny if base Rule is configured for
filter action permit and vice-versa. Other actions
are not applicable for this operation
not-mac-acl1
Performs NOT operation on ACL Rule 1 and

derive new Rule. The filter action for the derived
ACL Rule is deny if base Rule is configured for
filter action permit and vice-versa. Other actions
are not applicable for this operation
Mode
User defined Configuration Mode
Package
CLI USER MANUAL

43
DATACOM SYSTEMS INC
VS-2024-F
Example
iss(config-userdef-acl)#
15 123
userdefined-list
ip-acl1-and-ip-acl2
Related Commands
user-defined access-list - Creates user defined access-list.
44

CONFIDENTIAL
DATACOM SYSTEMS INC

4.5 permit usr-defined-packet-type

This command permits packets matching a particular User Defined Byte and by specifying the packet
type namely user-defined, tcp-ipv4, udp, mpls, ipv4, ipv6, frag-ip.
permit usr-defined-packet-type { user-def | tcp-ipv4 | udp-ipv4 | mpls | ipv4

|ipv6 | frag-ip }offset-base {l2 | l3 | l4 | ipv6-ext-hdr | ether-type |
<short(0-127)>} offset1 <short(0-127)> <short(0-255)>[offset2 <short(0-127)>
<short(0-255)>][offset3 <short(0-127)> <short(0-255)>][offset4 <short(0-127)>
<short(0-255)>][offset5 <short(0-127)> <short(0-255)>][offset6 <short(0-127)>
<short(0-255)>][redirect {interface <ifXtype> <ifnum> | <ifXtype><iface_list>
[<ifXtype><iface_list>]load-balance {src-ip | dst-ip | src-mac | dst-mac |
vlanid | src-tcpport| dst-tcpport | src-udpport | dst-udpport | udb <short(0127)>}}][vlan-action {none | modify-vlan<short (1-4094)> | nested-vlan <short
(1 -4094)>}]
Syntax
Description
user-def
Specifies the packet type as user defined.
tcp-ipv4
Specifies the packet type as tcp in the ipV4

packet.
udp-ipv4
Specifies the packet type as udp in the ipV4

packet.
mpls
Specifies the packet type as mpls.
ipv4
Specifies the packet type as ipv4.
ipv6
Specifies the packet type as ipv6.
frag-ip
Specifies the packet type as fragmented ip.
offset-base
Specifies the start of the packet from which the

user defined byte should be considered.
l2 Start of the packet is considered as layer 2
ipv6-ext-hdr - Start of the packet is considered as
ipv6 extended header.
ether-type Start of the packet is considered as
ether type.
offset1
Specifies the offset position and offset value that

needs to be considered as the match for offset1.
The two input value ranges 0 to 127 and 0 to 255.
CLI USER MANUAL

45
DATACOM SYSTEMS INC
VS-2024-F
offset2
Specifies the offset position and offset value

value that needs to be considered as the match
for offset 2. The two input value ranges 0 to 127
and 0 to 255.
Offset3

needs to be considered as the match for offset 3.
Offset4

Offset5

Offset6
Specifies the offset position and value that needs

to be considered as the match for offset 6. The
two input value ranges 0 to 127 and 0 to 255.
Redirect
Redirects the packet to the destination interface

or set of interfaces.
load-balance
ifXtype Specifies the interfae type
ifnum Specifies the interface number
iface_list Specifies the list of interfaces
Specifies the parameters based on which the

traffic distribution needs to be done. Options are:
src-ip
dst-ip
src-mac
dst-mac
vlanid
src-tcpport
dst-tcpport
src-udpport
dst-udpport
udb
Options in the Layer 3 header are classified as

IPv4 or IPv6 based on packet type
46

CONFIDENTIAL
DATACOM SYSTEMS INC

vlan-action
Specifies the VLAN specific sub action to be

performed on the packet -
none Actions relating to the VLAN ID

will not be considered.
modify-vlan Modifies the VLAN ID to

which the packet gets classified. The
packet could be an untagged or VLAN
tagged packet.
nested-vlan Adds an outer VLAN tag to

the packet with the VLAN ID as
configured.
Mode
Package
Example
iss(config-userdef-acl)# permit
usr-defined-packet-type userdef offset-base l2 offset1 5 10 load-balance src-ip
Related Commands:
user-defined access-list Creates the user defined access-list.
CLI USER MANUAL

47
DATACOM SYSTEMS INC
VS-2024-F
4.6 deny usr-defined-packet-type

This command denies packets matching a particular User Defined Byte and by specifying the packet type
namely user-defined, tcp-ipv4, udp, mpls, ipv4, ipv6, frag-ip.
deny usr-defined-packet-type { user-def | tcp-ipv4 | udp-ipv4 | mpls | ipv4

|ipv6 | frag-ip }offset-base {l2 | l3 | l4 | ipv6-ext-hdr | ether-type |
<short(0-127)>} offset1 <short(0-127)> <short(0-255)> [offset2 <short(0-127)>
<short(0-255)>][offset3 <short(0-127)> <short(0-255)>] [offset4 <short(0-127)>
<short(0-255)>][offset5 <short(0-127)> <short(0-255)>] [offset6 <short(0-127)>
<short(0-255)>]
Syntax
Description
usr-defined-packet-type
offset-base
48
user-def Specifies the packet type as

user defined
tcp-ipv4 Specifies the packet type as tcp

in the ipV4 packet.
udp-ipv4 - Specifies the packet type as

udp in the ipV4 packet.
mpls - Specifies the packet type as mpls.
ipv4 - Specifies the packet type as ipv4.
ipv6 - Specifies the packet type as ipv6.
frag-ip - Specifies the packet type as

fragmented ip.
Specifies the start of the packet from which the

user defined byte should be comsidered
-
l2 Start of the packet is considered as

layer 2

layer 3

layer 4
ipv6-ext-hdr Start of the packet is

considered as ipv6 extended header.
ether-type
Start of the packet is
considered as ether type.
offset1

offset2

The two input value ranges 0 to 127 and 0 to 255

CONFIDENTIAL
DATACOM SYSTEMS INC

Offset3
Offset4

-

Offset5

Offset6

Mode
Package
Example
iss(config-userdef-acl)# deny
offset-base l2 offset1 112 25
usr-defined-packet-type user-def
Related Commands:
CLI USER MANUAL

49
DATACOM SYSTEMS INC
VS-2024-F
4.7 permit - standard mode

This command specifies the packets to be forwarded depending upon the associated parameters.
Standard IP access lists use source addresses for matching operations.
permit { any | host <src-ip-address> | <network-src-ip> <mask> } [{ any | host

<dest-ip-address> | <network-dest-ip> <mask>}]redirect {interface <ifXtype>
<ifnum> | <ifXtype><iface_list> [<ifXtype><iface_list>] load-balance {src-ip
| dst-ip | src-mac | dst-mac | vlanid | src-tcpport | dst-tcpport | srcudpport | dst-udpport}}] [vlan-action {none | modify-vlan<short (1-4094)> |
nested-vlan <short (1 -4094)>}]
Syntax
Description
any|host
<src-ip-address>|
<network-src-ip><mask>
any|host
<dest-ip-address>|
< network-dest-ip>
<mask>
redirect
50
Source IP address can be

- 'any' or
-
the dotted decimal address
the IP address of the host that the packet is

from and the network mask to use with the
source IP address
Destination IP address can be

- 'any' or
-
the dotted decimal address or
the IP address of the host that the packet is

destined for and the network mask to use with
the destination IP address
Redirects the action to the destination interface or set of

interfaces.
- ifXtype Specifies the interfae type
-

CONFIDENTIAL
DATACOM SYSTEMS INC

load-balance
Specifies the parameters based on which the traffic

distribution needs to be done. Options are:
src-ip
src-mac
dst-ip
dst-mac
vlanid
src-tcpport
dst-tcpport
src-udpport
dst-udpport
Options in the Layer 3 header are classified as IPv4 or

IPv6 based on packet type
vlan-action
Specifies the VLAN specific sub action to be performed

on the packet none Actions relating
considered.
to the VLAN ID will not be
modify-vlan Modifies the VLAN ID to which the packet

gets classified. The packet could be an untagged or
VLAN tagged packet.
Mode
nested-vlan Adds an outer VLAN tag to the packet

with the VLAN ID as configured.
IP ACL Configuration (standard)
Package
Example
iss(config-std-nacl)# permit host 100.0.0.10
Related Commands
ip access-list - Creates IP ACLs and enters the IP Access-list configuration mode
matched
show access-lists- Displays the access list configuration
CLI USER MANUAL

51
DATACOM SYSTEMS INC
VS-2024-F
4.8 deny - standard mode

This command denies traffic if the conditions defined in the deny statement are matched.
deny{ any | host <src-ip-address> | <src-ip-address> <mask> } [ { any | host
<dest-ip-address> | <dest-ip-address> <mask> } ]
Syntax
Description
any|host
src-ip-address|

- 'any' or
<src-ip-address>
<mask>
any|host
dest-ip-address|
<dest-ipaddress><mask>
the word 'host' and the dotted decimal address

or
number of the network or the host that the

packet is from and the network mask to use
with the source IP address

- 'any' or
-

or

packet is destined for and the network mask to
use with the destination IP address
Mode
IP ACL Configuration (standard)
Package
Example
iss(config-std-nacl)# deny host 100.0.0.10 any
Related Commands
parameters
show access-lists-Displays the access list configuration
52

CONFIDENTIAL
DATACOM SYSTEMS INC

4.9 permit- ip/ospf/pim/protocol type

This command allows traffic for a particular protocol packet if the conditions defined in the permit
statement are matched.
permit { ip | ospf | pim | <protocol-type (1-255)>}{ any | host <src-ipaddress> | <src-ip-address> <mask> }{ any | host <dest-ip-addresq> | <dest-ipaddress> <mask> }[ {tos{max-reliability | max-throughput | min-delay | normal
|<value (0-7)>} | dscp <value (0-63)>} ][priority <value (1-255)>][redirect
{interface <ifXtype> <ifnum> | <ifXtype><iface_list> [<ifXtype><iface_list>]
load-balance {src-ip | dst-ip | src-mac | dst-mac | vlanid | src-tcpport |
dst-tcpport | src-udpport | dst-udpport}}][vlan-action {none | modifyvlan<short (1-4094)> | nested-vlan <short (1 -4094)>}]
Syntax
Description
ip| ospf|pim|
<protocol-type
255)>
Type of protocol for the packet. It can also be a protocol

number.

- any or
(1-
any| host
<src-ip-address>|
<src-ip-address>
<mask>
any|host
<dest-ip-address>|
<dest-ip-address>
<mask>
the IP Address of the network or the host that the

packet is from and the network mask to use with
the source address.

- any or
-
the IP Address of the network or the host that the

use with the destination address
tos
Type of service. Can be max-reliability, max throughput,

min-delay, normal or a range of values from 0 to 7,
Differentiated Services Code Point (DSCP) values to
match against incoming packets.
priority
The priority of the L3 filter is used to decide which filter

rule is applicable when the packet matches with more
than one filter rules. Lower value of filter priority implies a
higher priority.
CLI USER MANUAL

53
DATACOM SYSTEMS INC
VS-2024-F
redirect

interfaces.
load-balance

vlan-action
src-ip
dst-ip
src-mac
dst-mac
vlanid
src-tcpport
dst-tcpport
src-udpport
dst-udpport
Specifies the VLAN specific sub action to be performed on

the packet none Actions relating
considered.

gets classified. The packet could be an untagged or VLAN
tagged packet.
nested-vlan Adds an outer VLAN tag to the packet with
the VLAN ID as configured.
Mode
Package
Defaults
protocol-type
255
priority
Example
54
iss(config-ext-nacl)# permit 200 host 100.0.0.10 any tos 6 load

balance src-ip

CONFIDENTIAL
DATACOM SYSTEMS INC

Protocol type with the value 255 indicates that protocol can be anything and it will not
be checked against the action to be performed.
Service VLAN, Service VLAN Priority, Customer VLAN and Customer VLAN Priority
options are applicable only for Metro Solution, when the bridge mode is Provider
Bridge.
Related Commands
deny - ip/ospf/pim/protocol type- Denies traffic for a particular protocol packet if the
CLI USER MANUAL

55
DATACOM SYSTEMS INC
VS-2024-F
4.10 permit ipv6

This command specifies IP packets to be forwarded based on protocol and associated parameters.
permit
ipv6 { flow-label <integer(1-65535)> | {any | host <ip6_addr>
<integer(0-128)> } { any | host <ip6_addr> <integer(0-128)> }} [redirect
{interface
<ifXtype>
<ifnum>
|
<ifXtype><iface_list>
[<ifXtype><iface_list>]load-balance {src-ip | dst-ip | src-mac | dst-mac |
vlanid | src-tcpport| dst-tcpport | src-udpport | dst-udpport}}][vlan-action
{none | modify-vlan<short (1-4094)> | nested-vlan <short (1 -4094)>}]
Syntax
Description
flow-label
Flow identifier in IPv6 header.
any | host <ip6_addr>

<integer(0-128)>
Source address of the host / any host.

<integer(0-128)>
Destination address of the host / any host.
redirect
load-balance
vlan-action
56
Redirects the action to the destination interface or

set of interfaces.
- ifXtype Specifies the interfae type
-

src-ip
dst-ip
src-mac
dst-mac
vlanid
src-tcpport
dst-tcpport
src-udpport
dst-udpport
none Actions relating to the VLAN ID will

not be considered.
modify-vlan Modifies the VLAN ID to which

the packet gets classified. The packet could
be an untagged or VLAN tagged packet.
nested-vlan Adds an outer VLAN tag to the

packet with the VLAN ID as configured.

CONFIDENTIAL
DATACOM SYSTEMS INC

Mode
Package
Example
iss(config-ext-nacl)# permit ipv6 host c004::04 28 any loadbalance src-ip
Flow label cannot be configured along with either source/destination IP address.
Related Commands
show access-lists - Displays the access lists configuration.
CLI USER MANUAL

57
DATACOM SYSTEMS INC
VS-2024-F
4.11 deny ipv6

This command specifies IPv6 packets to be rejected based on protocol and associated parameters.
deny ipv6 { flow-label <integer(1-65535)> | {any | host <ip6_addr> <integer(0128)> } { any | host <ip6_addr> <integer(0-128)> }}
Syntax
Description
flow-label
Flow identifier in IPv6 header.

<integer(0-128)>
Source address of the host / any host.

<integer(0-128)>
Destination address of the host / any host.
Mode
Package
Example
iss(config-ext-nacl)# deny ipv6 host c004::04 28 any

iss(config-ext-nacl)# deny ipv6 flow-label 40
Flow label cannot be configured along with either source/destination IP address.
Related Commands
show access-lists - Displays the access lists configuration.
58

CONFIDENTIAL
DATACOM SYSTEMS INC

4.12 deny - ip/ospf/pim/protocol type

This command denies traffic for a particular protocol packet if the conditions defined in the deny statement
are matched.
deny { ip | ospf | pim | <protocol-type (1-255)>} { any | host <src-ipaddress> | <src-ip-address> <mask> } { any | host <dest-ip-address> | <destip-address> <mask> }[ {tos{max-reliability | max-throughput | min-delay |
normal |<value (0-7)>} | dscp <value (0-63)>} ] [ priority <value (1-255)>]
Syntax
Description
ip| ospf|pim|
Type of protocol for the packet. It can also be a

protocol number.
<protocol-type
(1-255)>
any| host
<src-ip-address>|
any or
<src-ip-address>
<mask>
the word host and the dotted decimal address

or

with the source address
any|host
<dest-ip-address>|
any or
<dest-ip-address>
<mask>
the word host and the dotted decimal address

or

tos
Type of service. Can be max-reliability, max

throughput, min-delay, normal or a range of values
from 0 to 7, Differentiated Services Code Point (DSCP)
values to match against incoming packets.
priority

than one filter rules. Lower value of filter priority
implies a higher priority.
Mode
Package
CLI USER MANUAL

59
DATACOM SYSTEMS INC
VS-2024-F
Defaults
protocol type
255
priority
Example
iss(config-ext-nacl)# deny ospf any host 10.0.0.1 tos maxthroughput
Protocol type with the value 255 indicates that protocol can be anything and it will
not be checked against the action to be performed.
Service Vlan, Service Vlan Priority, Customer Vlan and Customer Vlan Priority
Bridge.
Related Commands
show access-lists -Displays the access list configuration
60

CONFIDENTIAL
DATACOM SYSTEMS INC

4.13 permit tcp

This command specifies the TCP packets to be forwarded based on the associated parameters.
permit tcp {any | host <src-ip-address> | <src-ip-address> <src-mask> }[{gt

<port-number (1-65535)> | lt <port-number (1-65535)>|eq <port-number (165535)> |range <port-number (1-65535)> <port-number (1-65535)>}]{ any | host
<dest-ip-address> | <dest-ip-address> <dest-mask> }[{gt <port-number (165535)> | lt <port-number (1-65535)> | eq <port-number (1-65535)> |range
<port-number (1-65535)> <port-number (1-65535)>}][{ ack | rst }][{tos{maxreliability|max-throughput|min-delay|normal|<tos-value(0-7)>}|dscp <value (063)>}][ priority <short(1-255)>][redirect {interface <ifXtype>
<ifnum> |
<ifXtype><iface_list> [<ifXtype><iface_list>]load-balance {src-ip | dst-ip |
src-mac | dst-mac | vlanid | src-tcpport| dst-tcpport | src-udpport | dstudpport}}] [vlan-action {none | modify-vlan<short (1-4094)>
| nested-vlan
<short (1 -4094)>}]
Syntax
Description
tcp
Transport Control Protocol
any| host
<src-ip-address>|
<src-ip-address>
src-mask >
port-number
CLI USER MANUAL

<
any or
the dotted decimal address OR
the IP address of the network or the host that

the packet is from and the network mask to use
Port Number. The input for the source and the

destination port-number is prefixed with one of the
following operators.
-
eq=equal
lt=less than
gt=greater than
range=a range of ports; two different port

numbers must be specified
61
DATACOM SYSTEMS INC
VS-2024-F
any|host
<dest-ip-address>
|<dest-ip-address>
< dest-mask >
any or
the IP Address of the network or the host that

the packet is destined for and the network mask
to use with the destination address
ack
TCP ACK bit to be checked against the packet. It can be

establish (1), non-establish (2) or any (3).
rst
TCP RST bit to be checked against the packet. It can be

set (1), notset (2) or any (3).
tos

priority
The priority of the filter is used to decide which filter rule

is applicable when the packet matches with more than
one filter rules. Lower value of filter priority implies a
higher priority.
redirect
62

interfaces.
-

CONFIDENTIAL
DATACOM SYSTEMS INC

Load-balance

vlan-action
src-ip
dst-ip
src-mac
dst-mac
vlanid
src-tcpport
dst-tcpport
src-udpport
dst-udpport

on the packet -
none Actions relating to the VLAN ID will not

be considered.

the packet gets classified. The packet could be
an untagged or VLAN tagged packet.

Mode
Package
Defaults
tos-value
ack
any (3) [indicates that the TCP ACK bit will not be
checked to decide the action]
rst
any (3) [indicates that the TCP RST bit will not be
Example
iss(config-ext-nacl)# permit tcp any 10.0.0.1 load-balance scr-ip
Service Vlan, Service Vlan Priority, Customer Vlan and Customer Vlan Priority options
are applicable only for Metro Solution, when the bridge mode is Provider Bridge.
Related Commands
CLI USER MANUAL

63
DATACOM SYSTEMS INC
VS-2024-F
-deny tcp Specifies the TCP packets to be rejected based on the associated parameters
4.14 deny tcp

This command specifies the TCP packets to be rejected based on the associated parameters.
deny tcp {any | host <src-ip-address> | <src-ip-address> <src-mask> }[{gt
<port-number (1-65535)> | lt <port-number (1-65535)> |eq <port-number (165535)> | range <port-number (1-65535)> <port-number (1-65535)>}]{ any | host
<dest-ip-address> | <dest-ip-address> <dest-mask> }[{gt <port-number (165535)> | lt <port-number (1-65535)> | eq <port-number (1-65535)> |range
<port-number (1-65535)> <port-number (1-65535)>}][{ ack | rst }][{tos{maxreliability|max-throughput|min-delay|normal|<tos-value(0-7)>} | dscp <value
(0-63)>}] [ priority <short (1-255)>]
Syntax
Description
64
tcp
Transmission control protocol
any| host
<src-ip-address>|
any or
<src-ip-address>
<src-mask>
the word host and the dotted decimal

address or


CONFIDENTIAL
DATACOM SYSTEMS INC

port-number
any|host

-
eq=equal
lt=less than
gt=greater than

<dest-ip-address>|
any or
<dest-ip-address>
the word host and the dotted decimal

address or

packet is destined for and the network mask
to use with the destination address
<dest-mask>
ack
TCP ACK bit to be checked against the packet. It can

be establish (1), non-establish (2) or any (3)
rst
TCP RST bit to be checked against the packet. It can

be set (1), notset (2) or any (3)
tos
Type of service. Can be max-reliability, max

throughput, min-delay, normal or a range of values
from 0 to 7, Differentiated Services Code Point
(DSCP) values to match against incoming packets.
priority
The priority of the filter is used to decide which filter

than one filter rules. Lower value of filter priority
implies a higher priority.
Mode
Package
Defaults
tos-value
CLI USER MANUAL

65
DATACOM SYSTEMS INC
VS-2024-F
ack
any (3) [indicates that TCP ACK bit will not be

rst
any (3) [indicates that TCP RST bit will not be

Example
iss(config-ext-nacl)# deny tcp 100.0.0.10 255.255.255.0

any
Bridge.
eq 20
Related Commands
permit tcp - Specifies the TCP packets to be forwarded based on the associated parameters
4.15 permit udp

This command specifies the UDP packets to be forwarded based on the associated parameters.
permit udp { any | host <src-ip-address> | <src-ip-address> <src-mask>}[{gt
<port-number (1-65535)> | lt <port-number (1-65535)>| eq <port-number (165535)> | range <port-number (1-65535)> <port-number (1-65535)>}]{ any | host
<dest-ip-address> | <dest-ip-address> <dest-mask> }[{ gt <port-number (165535)> | lt <port-number (1-65535)>| eq <port-number (1-65535)>| range <portnumber
(1-65535)>
<port-number
(1-65535)>}][{tos{max-reliability|maxthroughput|min-delay|normal|<tos-value(0-7)>} | dscp <value (0-63)>}] [
priority
<(1-255)>][redirect
{interface
<ifXtype>
<ifnum>
|
<ifXtype><iface_list> [<ifXtype><iface_list>] load-balance {src-ip | dst-ip |
src-mac | dst-mac | vlanid | src-tcpport| dst-tcpport | src-udpport | dstudpport}}] [vlan-action {none | modify-vlan<short (1-4094)>
| nested-vlan
<short (1 -4094)>}]
Syntax
Description
66
udp
User Datagram Protocol

CONFIDENTIAL
DATACOM SYSTEMS INC

any| host
<src-ip-address>|
'any' or
<src-ip-address>

or

the source address
<src-mask>
port-number
any|host

-
eq=equal
lt=less than
gt=greater than

<dest-ip-address>|
'any' or
<dest-ip-address>

or

<dest-mask>
tos

The priority of the filter is used to decide which filter rule

one filter rules. Lower value of 'filter priority' implies a
higher priority.
{max-reliability |
max-throughput
|
min-delay | normal
| <value (0-7)> |
dscp
<value(063)>}
priority
CLI USER MANUAL

67
DATACOM SYSTEMS INC
VS-2024-F
redirect
load-balance
vlan-action

interfaces.
-

src-ip
dst-ip
src-mac
dst-mac
vlanid
src-tcpport
dst-tcpport
src-udpport
dst-udpport

on the packet none Actions relating
considered.

gets classified. The packet could be an untagged or
VLAN tagged packet.
nested-vlan Adds an outer VLAN tag to the packet with
the VLAN ID as configured.
Mode
Package
Example
iss(config-ext-nacl)# permit udp any 100.0.0.10 load-balance

src-ip
Related Commands
68

CONFIDENTIAL
DATACOM SYSTEMS INC

deny udp - Specifies the UDP packets to be rejected based on the associated parameters
4.16 deny udp

This command specifies the UDP packets to be rejected based on the associated parameters.
deny udp { any | host <src-ip-address> | <src-ip-address> <src-mask>}[{gt
<port-number (1-65535)> | lt <port-number (1-65535)>| eq <port-number (165535)> | range <port-number (1-65535)> <port-number (1-65535)>}]{ any | host
<dest-ip-address> | <dest-ip-address> <dest-mask> }[{ gt <port-number (165535)> | lt <port-number (1-65535)>| eq <port-number (1-65535)>| range <portnumber
(1-65535)>
<port-number
(1-65535)>}][{tos{max-reliability|maxthroughput|min-delay|normal|<tos-value(0-7)>} | dscp <value (0-63)>}] [
priority <(1-255)>]
Syntax
Description
udp
CLI USER MANUAL

User Datagram Protocol
69
DATACOM SYSTEMS INC
VS-2024-F
any| host
<src-ip-address>|
'any' or
<src-ip-address>

or

the source address
<src-mask>
port-number
any|host

-
eq=equal
lt=less than
gt=greater than

<dest-ip-address>
'any' or
|<dest-ip-address>

or

<dest-mask>
tos

priority
The priority of the filter used to decide which filter rule is

applicable when the packet matches with more than one
filter rules. Lower value of 'filter priority' implies a higher
priority.
Mode
Package
Example
iss(config-ext-nacl)# deny udp host 10.0.0.1 any eq 20
70

CONFIDENTIAL
DATACOM SYSTEMS INC

Related Commands
permit udp - Specifies the UDP packets to be forwarded based on the associated parameters
4.17 permit icmp

This command specifies the ICMP packets to be forwarded based on the IP address and the associated
parameters.
permit icmp {any |host <src-ip-address>|<src-ip-address> <mask>}{any | host
<dest-ip-address>
|
<dest-ip-address>
<mask>
}[<message-type
(0-255)>]
[<message-code (0-255)>] [ priority <(1-255)>] [redirect {interface <ifXtype>
<ifnum> | <ifXtype><iface_list>[<ifXtype><iface_list>] Load-balance {src-ip |
dst-ip | src-mac | dst-mac | vlanid | src-tcpport | dst-tcpport | src-udpport
| dst-udpport}}] [vlan-action {none | modify-vlan<short (1-4094)> | nestedvlan <short (1 -4094)>}]
Syntax
Description
icmp
CLI USER MANUAL

Internet Control Message Protocol
71
DATACOM SYSTEMS INC
VS-2024-F
any| host
<src-ip-address>
'any' or
|<src-ip-address>
<mask>

or

any|host
<dest-ip-address>|
'any' or
<dest-ip-address>

or

<mask>
message-type
Message type
message-code
ICMP Message code
priority
The priority of the filter used to decide which filter rule

higher priority.
Redirect
72
Redirects the action to the destination interface or set

of interfaces.
-

CONFIDENTIAL
DATACOM SYSTEMS INC

Load-balance

Vlan-action
src-ip
dst-ip
src-mac
dst-mac
vlanid
src-tcpport
dst-tcpport
src-udpport
dst-udpport

on the packet -
none Actions relating to the VLAN ID will not

be considered.

the packet gets classified. The packet could be
an untagged or VLAN tagged packet.

Mode
Package
Defaults
message-type/message
code
Example
iss(config-ext-nacl)# permit icmp any 10.0.0.1 load balance

src-ip
255
The ICMP message type can be one of the following:
Value
ICMP type
Echo reply
Destination unreachable
Source quench
Redirect
Echo request
CLI USER MANUAL

73
DATACOM SYSTEMS INC
VS-2024-F
11
Time exceeded
12
Parameter problem
13
Timestamp request
14
Timestamp reply
15
Information request
16
Information reply
17
Address mask request
18
Address mask reply
155
No ICMP type
The ICMP code can be any of the following:
Value
ICMP code
Network unreachable
Host unreachable
Protocol unreachable
Port unreachable
Fragment need
Source route fail
Destination network unknown
Destination host unknown
Source host isolated
Destination network administratively prohibited
10
Destination host administratively prohibited
11
Network unreachable TOS
12
Host unreachable TOS
255
No ICMP code
Bridge.
Related Commands
ip access-list - Created IP ACLs and enters the IP Access-list configuration mode
74

CONFIDENTIAL
DATACOM SYSTEMS INC

parameters
4.18 deny icmp

This command specifies the ICMP packets to be rejected based on the IP address and associated
parameters.
deny icmp {any |host <src-ip-address>|<src-ip-address> <mask>}{any | host
<dest-ip-address>
|
<dest-ip-address>
<mask>
}[<message-type
(0-255)>]
[<message-code (0-255)>] [ priority <(1-255)>]
CLI USER MANUAL

75
DATACOM SYSTEMS INC
VS-2024-F
Syntax
Description
icmp
Internet Control Message Protocol
any| host
<src-ip-address>|
'any' or
<src-ip-address>

or

<mask>
any|host
<dest-ip-address>|
'any' or
<dest-ip-address>

or

<mask>
message-type
Message type
message-code
ICMP Message code
priority
The priority of the filter used to decide which filter rule is

applicable when the packet matches with more than
higher priority.
Mode
Package
Defaults
message-type/
message code
Example
iss(config-ext-nacl)# deny icmp host 100.0.0.10 10.0.0.1

255.255.255.255
255
The ICMP message type can be one of the following:
Value
76
ICMP type

CONFIDENTIAL
DATACOM SYSTEMS INC

Echo reply
Destination unreachable
Source quench
Redirect
Echo request
11
Time exceeded
12
Parameter problem
13
Timestamp request
14
Timestamp reply
15
Information request
16
Information reply
17
Address mask request
18
Address mask reply
155
No ICMP type
The ICMP code can be any of the following:
Value
ICMP code
Network unreachable
Host unreachable
Protocol unreachable
Port unreachable
Fragment need
Source route fail
Destination network unknown
Destination host unknown
Source host isolated
Destination network administratively prohibited
10
Destination host administratively prohibited
11
Network unreachable TOS
12
Host unreachable TOS
255
No ICMP code
Bridge.
Related Commands
CLI USER MANUAL

77
DATACOM SYSTEMS INC
VS-2024-F
permit icmp - Specifies the ICMP packets to be forwarded based on the IP address and the
4.19 ip access-group
This command enables access control for the packets on the interface. It controls access to a Layer 2 or
Layer 3 interface. The no form of this command removes all access groups or the specified access group
from the interface. The direction of filtering is specified using the token in or out.
78

CONFIDENTIAL
DATACOM SYSTEMS INC

ip access-group <access-list-number (1-65535)> {in | out}

no ip access-group [<access-list-number (1-65535)>] {in | out}
Syntax
Description
access-list-number
IP access control list number
in
Inbound packets
out
Outbound packets
Mode
Interface Configuration Mode
Package
Example
iss(config-if)# ip access-group 1 in
IP access list must have been created.
Following are the limitations for this command to be applicable to Layer 2

interfaces.
-
The out keyword is not supported by Layer 2 interfaces.
An IP ACL applied to a Layer 2 interface filters only the IP packets. MAC

access-group interface configuration command with MAC extended ACLs
must be used to filter non-IP packets.
Related Commands
4.20 mac access-group

This command applies a MAC access control list (ACL) to a Layer 2 interface. The no form of this
command can be used to remove the MAC ACLs from the interface.
mac access-group <access-list-number (1-65535)> {in | out}
no mac access-group [<access-list-number (1-65535)>] {in | out}
CLI USER MANUAL

79
DATACOM SYSTEMS INC
VS-2024-F
Syntax
Description
access-list-number
Access List Number
in
Inbound packets
out
Outbound packets
Mode
Package
Example
iss(config-if)# mac access-group 5 in
MAC access list must have been created.
Related Commands
mac access-list extended - Creates Layer 2 MAC ACLs, and returns the MAC-Access list
configuration mode to the user
show access-lists - Displays the access list statistics
parameters
parameters.
4.21 user-defined access-group

This command applies a user defined access list (ACL) to an interface. The no form of this command
removes the User defined ACLs from the interface.
80

CONFIDENTIAL
DATACOM SYSTEMS INC

user-defined access-group <access-list-number (1-65535)> {in| out}

no user-defined access-group [<access-list-number (1-65535)>] {in| out}
Syntax
Description
access-list-number
IP access control list number
in
Inbound packets
out
Outbound packets
Mode
Package
Example
iss(config-if)# user-defined access-group 5 in
User defined access list should be created already, before executing this command.
Related Commands
user-defined access-list Creates the user defined access-list.
4.22 permit
This command specifies the packets to be forwarded based on the MAC address and the associated
parameters, that is, this command allows non-IP traffic to be forwarded if the conditions are matched.
CLI USER MANUAL
81
DATACOM SYSTEMS INC
VS-2024-F
permit { any | host <src-mac-address>}{ any | host <dest-mac-address> }[aarp |

amber | dec-spanning | decnet-iv | diagnostic | dsm | etype-6000|etype-8042 |
lat | lavc-sca | mop-console | mop-dump | msdos | mumps | netbios | vines-echo
| vines-ip | xns-id | <protocol (0-65535)>][ encaptype <value (1-65535)>][
Vlan <vlan-id (1-4094)>][priority <value (1-255)>][redirect
{interface
<ifXtype>
<ifnum> | <ifXtype><iface_list> [<ifXtype><iface_list>] loadbalance {src-ip | dst-ip | src-mac | dst-mac | vlanid | src-tcpport | dsttcpport | src-udpport | dst-udpport}}][vlan-action {none | modify-vlan<short
(1-4094)> | nested-vlan <short (1 -4094)>}]
Syntax
Description
82
any | host
address >
<src-mac-
Source MAC address to be matched with the packet
any | host <dest-macaddress >
Destination MAC address to be matched with the

packet
aarp
Ethertype AppleTalk Address Resolution Protocol

that maps a data-link address to a network address
amber
EtherType DEC-Amber
dec-spanning
EtherType Digital Equipment Corporation (DEC)

spanning tree
decnet-iv
EtherType DECnet Phase IV protocol
diagnostic
EtherType DEC-Diagnostic
dsm
EtherType DEC-DSM/DDP
etype-6000
EtherType 0x6000
etype-8042
EtherType 0x8042
lat
EtherType DEC-LAT
lavc-sca
EtherType DEC-LAVC-SCA
mop-console
EtherType DEC-MOP Remote Console

CONFIDENTIAL
DATACOM SYSTEMS INC

mop-dump
EtherType DEC-MOP Dump
msdos
EtherType DEC-MSDOS
mumps
EtherType DEC-MUMPS
netbios
EtherType DEC- Network Basic Input/Output System

(NETBIOS)
vines-echo
EtherType Virtual Integrated Network

(VINES) Echo from Banyan Systems
vines-ip
EtherType VINES IP
xns-id
EtherType Xerox Network Systems (XNS) protocol

suite
encaptype
Encapsulation Type
redirect
Redirects the action to the destination interface or

set of interfaces.
load-balance
CLI USER MANUAL

Service

src-ip
dst-ip
src-mac
dst-mac
vlanid
src-tcpport
dst-tcpport
src-udpport dst-udpport
83
DATACOM SYSTEMS INC
VS-2024-F
vlan-action

Mode
Package
Defaults
vlan-id
priority
none Actions relating to the VLAN ID will

not be considered.

the packet gets classified. The packet could
be an untagged or VLAN tagged packet.

Example
iss(config-ext-macl)# permit host 00:11:22:33:44:55 any loadbalance src-ip vlan-action modify lan 526
OuterEtherType, Service Vlan, Service Vlan Priority and Customer Vlan Priority
Bridge.
Related Commands
mac access-group - Applies a MAC access control list (ACL) to a Layer 2 interface
parameters
user-defined access-list - Creates user defined access-list
84

CONFIDENTIAL
DATACOM SYSTEMS INC

4.23 deny
This command specifies the packets to be rejected based on the MAC address and the associated
parameters.
deny { any | host <src-mac-address>}{ any | host <dest-mac-address> } [aarp |
amber | dec-spanning | decnet-iv | diagnostic | dsm | etype-6000 |etype-8042 |
lat | lavc-sca | mop-console | mop-dump | msdos | mumps | netbios | vines-echo
| vines-ip | xns-id | <protocol (0-65535)>] [ encaptype <value (1-65535)>][
Vlan <vlan-id (1-4094)>] [priority <value (1-255)>]
Syntax
Description
any | host <srcmac-address >
CLI USER MANUAL

Source MAC address to be matched with the packet
85
DATACOM SYSTEMS INC
VS-2024-F
86
any | host <destmac-address >
Destination MAC address to be matched with the packet
aarp
Ethertype AppleTalk Address Resolution Protocol that

maps a data-link address to a network address
amber
EtherType DEC-Amber
dec-spanning
EtherType Digital
spanning tree
decent-iv
EtherType DECnet Phase IV protocol
diagnostic
EtherType DEC-Diagnostic
dsm
EtherType DEC-DSM/DDP
etype-6000
EtherType 0x6000
etype-8042
EtherType 0x8042
lat
EtherType DEC-LAT
lavc-sca
EtherType DEC-LAVC-SCA
mop-console
EtherType DEC-MOP Remote Console
mop-dump
EtherType DEC-MOP Dump
msdos
EtherType DEC-MSDOS
mumps
EtherType DEC-MUMPS
netbios
EtherType DEC- Network Basic Input/Output System

(NETBIOS)
Equipment
Corporation
(DEC)

CONFIDENTIAL
DATACOM SYSTEMS INC

vines-echo
EtherType Virtual Integrated Network Service (VINES)

Echo from Banyan Systems
vines-ip
EtherType VINES IP
xns-id
EtherType Xerox Network Systems (XNS) protocol suite
encaptype
Encapsulation Type
vlan
VLAN ID to be filtered
priority

than one filter rules. Lower value of 'filter priority' implies
a higher priority.
Mode
Package
Defaults
vlan-id
priority
Example
iss(config-ext-macl)# deny any host 00:11:22:33:44:55 priority

200
OuterEtherType, Service Vlan, Service Vlan Priority and Customer Vlan Priority
Bridge.
Related Commands
parameters
CLI USER MANUAL

87
DATACOM SYSTEMS INC
VS-2024-F
4.24 show access-lists

This command displays the access lists configuration.
show access-lists [[{ip | mac | user-defined }] < access-list-number (165535)> ]
Syntax
Description
88
ip
IP Access List

CONFIDENTIAL
DATACOM SYSTEMS INC

mac
MAC Access List
user-defined
user defined access list
Mode
Package
Example
iss# show access-lists

EIP ACCESS LISTS
-----------------
Standard IP Access List 34

---------------------------IP address Type
: IPV4
Source IP address
: 172.30.3.134
Source IP address mask
: 255.255.255.255
Source IP Prefix Length
: 32
Destination IP address
: 0.0.0.0
Destination IP address mask
: 0.0.0.0
Destination IP Prefix Length
: 0
Flow Identifier
: 0
In Port List
: NIL
Out Port List
: NIL
Filter Action
: Deny
Status
: InActive
Extended IP Access List 1002

----------------------------Filter Priority
: 1
Filter Protocol Type
: ANY
IP address Type
: IPV4
Source IP address
: 0.0.0.0
: 0.0.0.0
: 0
: 0.0.0.0
: 0.0.0.0
CLI USER MANUAL

89
DATACOM SYSTEMS INC
VS-2024-F
: 0
Flow Identifier
: 0
In Port List
: NIL
Out Port List
: NIL
Filter TOS
: Invalid combination
Filter DSCP
: NIL
Filter Action
: Permit
Status
: InActive
Extended IP Access List 10022

----------------------------Filter Priority
: 1
Filter Protocol Type
: ANY
IP address Type
: IPV4
Source IP address
: 0.0.0.0
: 0.0.0.0
: 0
: 0.0.0.0
: 0.0.0.0
: 0
Flow Identifier
: 0
In Port List
: NIL
Out Port List
: NIL
Filter TOS
: Invalid combination
Filter DSCP
: NIL
Filter Action
: Permit
Status
: InActive
MAC ACCESS LISTS

-----------------
No MAC Access Lists have been configured
90

CONFIDENTIAL
DATACOM SYSTEMS INC

OuterEtherType, Service Vlan, Service Vlan Priority, innerEtherType, Customer

Vlan and Customer Vlan Priority options are applicable only with Metro Ethernet
Feature and bridge mode is provider.
Related Commands
permit usr-defined-packet-type - Permits Packet Based on User Defined Packet Byte
deny usr-defined-packet-type - This command denies packet based on user defined byte.
parameters
matched
deny - ip/ospf/pim/protocol type Denies traffic for a particular protocol packet if the
permit tcp- Specifies the TCP packets to be forwarded based on the associated parameters
deny tcp- Specifies the TCP packets to be rejected based on the associated parameters
permit udp- Specifies the UDP packets to be forwarded based on the associated parameters
deny udp- Specifies the UDP packets to be rejected based on the associated parameters
permit icmp- Specifies the ICMP packets to be forwarded based on the IP address and the
parameters
ip access-group- Enables access control for the packets on the interface
parameters
deny- specifies the packets to be rejected based on the MAC address and the associated parameters
userdefined-list - Creates a user defined access list by applying AND, OR, NOT operation on existing
ACL rules
permit ipv6 - Specifies IP packets to be forwarded based on protocol and associated parameters.
deny ipv6 - Specifies IPv6 packets to be rejected based on protocol and associated parameters.
user-defined access-group - Applies a user defined access list (ACL) to an interface
CLI USER MANUAL

91
Chapter
5
5.QoS (Quality of Service)
QoS defines the ability to provide different priority to different applications, users or data flows or the
ability to guarantee a certain level of performance to a data flow. QoS refers to resource reservation
control mechanisms rather than the achieved service quality and specifies a guaranteed throughput level.
Datacom Systems Inc. QoS provides a complete Quality of Service solution and helps in
implementing service provisioning policies for application or customers, who desire to have an
enhanced performance for their traffic on the Internet.
The list of CLI commands for the configuration of QoS is as follows:
shutdown qos
qos
priority-map
class-map
meter
policy-map
queue-type
shape-template
scheduler
queue
queue-map
sched-hierarchy
qos interface
map
match access-group
CLI USER MANUAL

93
VS-2024-F
set class
meter-type
set policy
set meter
set
random-detect dp
show priority-map
show class-map
show class-to-priority-map
show meter
show policy-map
show queue-template
show shape-template
show scheduler
show queue
show queue-map
show sched-hierarchy
show qos def-user-priority
show qos meter-stats
show qos queue-stats
94
DATACOM SYSTEMS INC

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 5: QOS (QUALITY OF SERVICE)
5.1 shutdown qos

This command shuts down the QoS subsystem. The no form of the command starts the QoS subsystem.
shutdown qos
no shutdown qos
Mode
Package
Defaults
QoS subsystem is started and enabled by default.
Example
iss(config)# shutdown qos
Resources required by QoS subsystem are allocated and QoS subsystem starts
running, when started.
All the MemPools used by the QoS subsystem will be released, when shutdown.
Related Commands
show qos global info - Displays QoS related global configurations.
CLI USER MANUAL

95
DATACOM SYSTEMS INC
VS-2024-F
5.2 qos
This command enables or disables the QoS subsystem.
qos {enable | disable}
Syntax
Description
enable
Enables QoS subsystem
disable
Disables Qos subsystem
Mode
Package
Defaults
Enabled
Example
iss(config)# qos enable
QoS module programs the hardware and starts protocol operation, when set as
enable.
QoS module stops protocol operation by deleting the hardware configuration,

when set as disable.
Related Commands
show qos global info - Displays QoS related global configurations.
96

CONFIDENTIAL
DATACOM SYSTEMS INC

5.3 priority-map
This command adds a Priority Map entry. The no form of the command deletes a Priority Map entry.
priority-map <priority-map-Id(1-65535)>
no priority-map <priority-map-Id(1-65535)>
Syntax
Description
Priority-map-Id
Mode
Package
Example
iss(config)# priority-map 1
QoS subsystem should have been started.
Priority map index for the incoming packet received

over ingress Port/VLAN with specified incoming priority.
This value ranges between 1 and 65535.
Related Commands
show priority-map Displays the Priority Map entry.
CLI USER MANUAL

97
DATACOM SYSTEMS INC
VS-2024-F
5.4 class-map
This command adds a Class Map entry. The no form of the command deletes a Class Map entry.
class-map <class-map-id(1-65535)>
no class-map <class-map-id(1-65535)>
Syntax
Description
class-map-id
Mode
Package
Example
iss(config)# class-map 1
Index that enumerates the MultiField Classifier table

entries. This value ranges between 1 and 65535.
Related Commands
show class-map Displays the Class Map entry.
98

CONFIDENTIAL
DATACOM SYSTEMS INC

5.5 meter
This command creates a Meter. The no form of the command deletes a Meter.
meter <meter-id(1-65535)>
no meter <meter-id(1-65535)>
Syntax
Description
meter-id
Mode
Package
Example
iss(config)# meter 1
Index that enumerates the Meter entries. This value

ranges between 1 and 65535.
Related Commands
show meter Displays the Meter entry.
CLI USER MANUAL

99
DATACOM SYSTEMS INC
VS-2024-F
5.6 policy-map
This command creates a policy map. The no form of the command deletes a policy map.
policy-map <policy-map-id(1-65535)>
no policy-map <policy-map-id(1-65535)>
Syntax
Description
policy-map-id
Mode
Package
Example
iss(config)# policy-map 1
Index that enumerates the policy-map table entries.

This value ranges between 1 and 65535.
Related Commands
show policy-map Displays the Policy Map entry.
100

CONFIDENTIAL
DATACOM SYSTEMS INC

5.7 queue-type
This command creates a Queue Template Type. The no form of the command deletes a Queue Template
Type.
queue-type <Q-Template-Id(1-65535)>
no queue-type <Q-Template-Id(1-65535)>
Syntax
Description
Q-Template-Id
Mode
Package
Example
iss(config)# queue-type 1
Queue Template Table index. This value ranges

between 1 and 65535.
Related Commands
show queue-template Displays the Q Template and Random Detect configurations.
CLI USER MANUAL

101
DATACOM SYSTEMS INC
VS-2024-F
5.8 shape-template
This command creates a Shape Template. The no form of the command deletes a Shape Template.
shape-template <integer(1-65535)> [cir <integer(1-65535)>] [cbs <integer(065535)>] [eir <integer(0-65535)>] [ebs <integer(0-65535)>]
no shape-template <Shape-Template-Id(1-65535)>
Syntax
Description
Shape-Template-Id
Shape Template Table index.
cir
Committed information rate for packets through the

queue.
cbs
Committed burst size for packets through the queue.
eir
Excess information rate for packets through the

hierarchy.
ebs
Excess burst size for packets through the hierarchy.
Mode
Package
Example
iss(config)# shape-template 1 cir 20 cbs 40 eir 50 ebs 40
Related Commands
show shape-template Displays the Shape Template configurations.
102

CONFIDENTIAL
DATACOM SYSTEMS INC

5.9 scheduler
This command creates a Scheduler and configures the Scheduler parameters. The no form of the
command deletes a scheduler.
scheduler <integer(1-65535)> interface <iftype> <ifnum> [sched-algo {strictpriority | rr | wrr | wfq | strict-rr | strict-wrr | strict-wfq | deficit-rr}]
[shaper <integer(0-65535)>] [hierarchy-level <integer(0-10)>]
no scheduler <Scheduler-Id(1-65535)> interface <iftype> <ifnum>
Syntax
Description
Scheduler-Id
Scheduler identifier that uniquely identifies

scheduler in the system/egress interface.
iftype
Interface type.
ifnum
Interface number.
sched-algo
Packet scheduling algorithm for the port. The algorithms

are:
strict-priority strictPriority.
rr roundRobin.
wrr weightedRoundRobin.
wfg weightedFairQueing.
strict-rr strictRoundRobin.
strict-wrr strictWeightedRoundRobin.
strict-wfg strictWeightedFairQueing.
deficit-rr deficitRoundRobin.
shaper
Shaper identifier that specifies

requirements for the scheduler.
hierarchy-level
Depth of the queue/scheduler hierarchy.
Mode
Package
Defaults
sched-algo
CLI USER MANUAL

the
the
bandwidth
strict-priority
103
DATACOM SYSTEMS INC
VS-2024-F
hierarchy-level
Example
iss(config)# scheduler 1 interface giga 0/1 sched-algo rr

shaper 1 hierarchy-level 1
Shaper identifier is not mandatory for the creation of the conceptual row.
Related Commands
show scheduler Displays the configured Scheduler.
sched-hierarchy Creates a Scheduler Hierarchy.
show sched-hierarchy Displays the configured hierarchy scheduler.
104

CONFIDENTIAL
DATACOM SYSTEMS INC

5.10 queue
This command creates a Queue and configures the Queue parameters. The no form of the command
deletes a Queue.
queue <integer(1-65535)> interface <iftype> <ifnum> [qtype <integer(1-65535)>]
[scheduler
<integer(1-65535)>]
[weight
<integer(0-1000)>]
[priority
<integer(0-15)>] [shaper <integer(0-65535)>]
no queue <integer(1-65535)> interface <iftype> <ifnum>
Syntax
Description
queue
Queue identifier that uniquely identifies the queue in the

system/port.
iftype
Interface type.
ifnum
Interface number.
qtype
Queue Type identifier.
scheduler
Scheduler identifier that manages the specified queue.
weight
User assigned weight to the CoS queue.
priority
User assigned priority for the CoS queue.
shaper
Shaper identifier that specifies

requirements for the queue.
Mode
Package
Defaults
weight
priority
Example
the
bandwidth
iss(config)# queue 1 interface giga 0/1 qtype 2 scheduler 1

weight 20 priority 10 shaper 1.
CLI USER MANUAL

105
DATACOM SYSTEMS INC
VS-2024-F
Scheduler identifier is unique relative to an egress interface.
User assigned weights are used only when scheduling algorithm is a weighted
scheduling algorithm.
User assigned priority is used only when the scheduler uses a priority based
scheduling algorithm.
Shaper identifier is not mandatory for the creation of the row.
Related Commands
queue-type Creates a Queue Template Type.
scheduler Creates a Scheduler and configures the Scheduler parameters.
shape-template Creates a Shape Template.
show queue Displays the configured Queues.
106

CONFIDENTIAL
DATACOM SYSTEMS INC

5.11 queue-map
This command creates a Map for a Queue with Class or regenerated priority. The no form of the
command deletes a Queue map entry.
queue-map { CLASS <integer(1-65535)> | regn-priority { vlanPri | ipTos |
ipDscp | mplsExp | vlanDEI } <integer(0-63)> } [interface <iftype> <ifnum>]
queue-id <integer(1-65535)>
no queue-map { CLASS <integer(1-65535)> | regn-priority { vlanPri | ipTos |
ipDscp | mplsExp | vlanDEI } <integer(0-63)> } [interface <iftype> <ifnum>]
Syntax
Description
CLASS
Input CLASS that needs to be mapped to an outbound

queue.
regn-priority
Regenerated-priority type and regenerated-priority that

needs to be mapped to an outbound queue. The types are
vlanPri VLAN Priority.
ipTos IP Type of Service.
ipDscp IP Differentiated Services Code Point.
mplsExp MPLS Experimental
iftype
vlanDEI VLAN Drop Eligibility Indicator.

Interface type.
ifnum
Interface number.
queue-id
Queue identifier that uniquely identifies a queue relative to

an interface.
Mode
Package
Example
iss(config)# queue-map CLASS 1 interface giga 0/1 queue-id 1
CLASS should be zero while configuring RegenPriority specific Q.
Regenerated-priority should be zero while configuring CLASS specific Queue.
Related Commands
show queue-map Displays the configured Queue map.
CLI USER MANUAL

107
DATACOM SYSTEMS INC
VS-2024-F
5.12 sched-hierarchy
This command creates a Scheduler Hierarchy. The no form of the command deletes a Scheduler
Hierarchy.
sched-hierarchy interface <iftype> <ifnum> hierarchy-level <integer(1-10)>
sched-id <integer(1-65535)> {next-level-queue <integer(0-65535)> | next-levelscheduler <integer(0-65535)>} [priority <integer(0-15)>] [weight <integer(01000)>]
no sched-hierarchy interface <iftype> <ifnum> hierarchy-level <integer(1-10)>
sched-id <integer(1-65535)>
Syntax
Description
iftype
Interface type.
ifnum
Interface number.
hierarchy-level
Depth of the queue/scheduler hierarchy.
sched-id
Scheduler identifier.
next-level-queue Next-level queue to which the

scheduler output needs to be sent.
priority
next-level-scheduler Next-level scheduler to which

the scheduler output needs to be sent.
Scheduler priority.
weight
Scheduler weight.
Mode
Package
Defaults
priority
Example
iss(config)# sched-hierarchy interface giga 0/1 hierarchy-level

3 sched-id 1 next-level-queue 2 priority 5 weight 50
The priority is specified when the scheduler is connecting to any of the priorities (
EF, AF, BE) of the next level strict-priority scheduler.
The weight is specified if the scheduler is connecting to a WeightedFairQueing of

another scheduler.
Related Commands
show sched-hierarchy Displays the configured hierarchy scheduler.
108

CONFIDENTIAL
DATACOM SYSTEMS INC

5.13 qos interface

This command sets the default ingress user priority for the port.
qos interface <iftype> <ifnum> def-user-priority <integer(0-7)>
Syntax
Description
iftype
Interface type
ifnum
Interface number
def-user-priority
Default ingress user priority for the port
Mode
Package
Example
iss(config)# qos interface giga 0/1 def-user-priority 3
The default ingress user priority will be used to set priority for untagged packets.
Related Commands
show qos def-user-priority Displays the configured default ingress user priority for a port.
CLI USER MANUAL

109
DATACOM SYSTEMS INC
VS-2024-F
5.14 map
This command adds a Priority Map Entry for mapping an incoming priority to a regenerated priority. The
no form of the command sets default value to the Interface, VLAN, regenerated inner priority.
map [interface <iftype> <ifnum>] [vlan <integer(1-4094)>] in-priority-type {
vlanPri | ipTos | ipDscp | mplsExp | vlanDEI } [in-priority <integer(0-63)>]
regen-priority <integer(0-63)> [regen-inner-priority <integer(0-7)>]
no map { interface | vlan | regen-inner-priority }
Syntax
Description
iftype
Interface type
ifnum
Interface number
vlan
VLAN identifier. This value ranges between 1 and 4094.
in-priority-type
Type of the incoming priority. The types are:
vlanPri VLAN Priority.
vlanDEI VLAN Drop Eligibility Indicator.
in-priority
Incoming priority value determined for the received

frame. This value ranges between 0 and 63.
regen-priority
Regenerated priority value determined for the received

frame. This value ranges between 0 and 63.
regen-innerpriority
Regenerated inner-VLAN (CVLAN) priority value

determined for the received frame. This value ranges
between zero and seven.
Mode
Priority Map Configuration Mode
Package
Defaults
vlan
in-priority-type
vlanPri
110

CONFIDENTIAL
DATACOM SYSTEMS INC

in-priority
-1
regen-priority
Example
iss(config-pri-map)# map interface gig 0/1 vlan 4094 inpriority-type vlanPri in-priority 0 regen-priority 7 regeninner-priority 1
Priority Map entry should have been created.
Related Commands
priority-map Adds a Priority Map entry
show priority-map Displays the Priority Map entry.
CLI USER MANUAL

111
DATACOM SYSTEMS INC
VS-2024-F
5.15 match access-group

This command sets Class Map parameters using L2and/or L3 ACL or Priority Map ID.
match access-group { [mac-access-list <integer(0-65535)>]
<integer(0-65535)>] | priority-map <integer(0-65535)> }
Syntax
Description
ip-access-list
mac-access-list
Identifier of the MAC filter. This value ranges between 0

and 65535.
ip-access-list
Identifier of the IP filter. This value ranges between 0

and 65535.
priority-map
Priority Map identifier for mapping incoming priority

against received packet. This value ranges between 0
and 65535.
Mode
Package
Defaults
mac-access-list
ip-access-list
priority-map
Example
iss(config-cls-map)# match access-group
Priority map ID should have been created.
L2 and/or L3 ACL should have been created.
priority-map 1
Related Commands
priority-map Adds a Priority Map entry.
112

CONFIDENTIAL
DATACOM SYSTEMS INC

5.16 set class

This command sets CLASS for L2and/or L3 filters or Priority Map ID and adds a CLASS to Priority Map
entry with regenerated priority. The no form of the command deletes a CLASS to Priority Map Table entry.
set class <class integer(1-65535)> [pre-color { green | yellow | red | none }]
[ regen-priority <integer(0-7)> group-name <string(31)> ]
no set class <class integer(1-65535)>
Syntax
Description
class
Traffic CLASS to which an incoming frame pattern is

classified.
pre-color
Color of the packet prior to metering. This can be any

one of the following:
regen-priority
group-name
None Traffic is not pre-colored.
green Traffic conforms to SLAs (Service Level

Agreements.
yellow Traffic exceeds the SLAs.
red Traffic violates the SLAs.

Regenerated priority value determined for the input
CLASS. This value ranges between zero and seven.
Unique identification of the group to which an input

CLASS belongs.
Mode
Package
Defaults
class
Example
iss(config-cls-map)# set class 1000 pre-color none

priority 1 group-name CLASS
Class map should have created.
The default value zero provided for the class is not configurable.
regen-
Related Commands
show class-to-priority-map Displays the class group Entry.
CLI USER MANUAL

113
DATACOM SYSTEMS INC
VS-2024-F
5.17 meter-type
This command sets Meter parameters CIR, CBS, EIR, EBS, Interval, meter type and color awareness.
meter-type { simpleTokenBucket | avgRate| srTCM | trTCM | tswTCM | mefCoupled
| mefDeCoupled } [ color-mode { aware | blind } ] [interval <short(1-10000)>]
[cir <integer(0-65535)>] [cbs <integer(0-65535)>] [eir <integer(0-65535)>]
[ebs <integer(0-65535)>] [next-meter <integer(0-65535)>]
Syntax
Description
114
simpleTokenBucket
Two Parameter Token Bucket Meter.
avgRate
Average Rate Meter.
srTCM
Single Rate Three Color Marker Metering as defined by

RFC 2697.
trTCM
Two Rate Three Color Marker Metering as defined by

RFC 2698
tswTCM
Time Sliding Window Three Color Marker Metering as

defined by RFC 2859.
mefCoupled
Dual bucket meter as defined by RFC 4115.
mefDeCoupled
Dual bucket meter as defined by RFC 2697 and MEF

coupling Flag.
color-mode
Indicates the color mode of the Meter. The color modes

are:
aware The Meter considers the pre-color of the

packet.
blind The Meter ignores the pre-color of the

packet.
interval
Time interval used with the token bucket. This value

cir
Committed information rate. This value ranges between

0 and 65535.
cbs
Committed burst size. This value ranges between 0 and

65535.

CONFIDENTIAL
DATACOM SYSTEMS INC

eir
Excess information rate. This value ranges between 0

and 65535.
ebs
Excess burst size. This value ranges between 0 and

65535.
next-meter
Meter entry identifier used for applying the second/next

level of conformance on the incoming packet. This
value ranges between 0 and 65535.
Mode
Meter Configuration Mode
Package
Defaults
color-mode
blind
interval
next-meter
Example
iss(config-meter)# meter-type simpleTokenBucket color-mode

aware interval 10 cir 1000
Meter should have been created.
Related Commands
meter Creates a Meter.
CLI USER MANUAL

115
DATACOM SYSTEMS INC
VS-2024-F
5.18 set policy

This command sets CLASS for policy. The no form of the command sets the default value for interface in
this policy.
set policy [class <number(0-65535)>] [interface <iftype> <ifnum>] defaultpriority-type { none | { vlanPri | ipTos | ipDscp | mplsExp } <integer(0-63)>
}
no set policy interface
Syntax
Description
class
Traffic CLASS for which the policy-map needs to be

applied.
iftype
Interface type
ifnum
Interface number
default-prioritytype
Per-Hop Behvior (PHB) type to be used for filling the

default PHB for the policy-map entry. The types are:
none No specific PHB type is set.
vlanPri VLAN priority.
Mode

Policy Map Configuration Mode
Package
Defaults
class
Example
iss(config-ply-map)# set policy class 1 interface giga 0/1

default-priority-type none
CLASS should have been created.
Related Commands
class-map Adds a Class Map Entry.
policy-map Creates a policy map.
show policy-map Displays the Policy Map Entry.
116

CONFIDENTIAL
DATACOM SYSTEMS INC

5.19 set meter

This command sets Policy parameters such as Meter and Meter Actions. The no form of the command
removes the Meter from the Policy and the Meter Actions.
set meter <integer(1-65535)> [ conform-action { none | set-cos-transmit
<short(0-7)> set-de-transmit <short(0-1)> | set-port <iftype> <ifnum> | setinner-vlan-pri <short(0-7)> |set-mpls-exp-transmit <short(0-7)> | set-ip-prectransmit <short(0-7)> | set-ip-dscp-transmit <short(0-63)> }] [ exceed-action
{drop | set-cos-transmit <short(0-7)> set-de-transmit <short(0-1)> | setinner-vlan-pri <short(0-7)> | set-mpls-exp-transmit <short(0-7)> | set-ipprec-transmit <short(0-7)> | set-ip-dscp-transmit <short(0-63)> }] [ violateaction {drop | set-cos-transmit <short(0-7)> set-de-transmit <short(0-1)> |
set-inner-vlan-pri <short(0-7)> | set-mpls-exp-transmit <short(0-7)> | set-ipprec-transmit <short(0-7)> | set-ip-dscp-transmit <short(0-63)> }] [ setconform-newclass <integer(0-65535)> ] [ set-exceed-newclass <integer(0-65535)>
] [ set-violate-newclass <integer(0-65535)> ]
no set meter
Syntax
Description
meter
Meter table identifier which is the index for the Meter

table.
conform-action
Action to be performed on the packet, when the packets

are found to be In profile (conform). Options are:
exceed-action
CLI USER MANUAL

none No action is configured.
set-cos-transmit Sets the VLAN priority of the

outgoing packet.
set-de-transmit Sets the VLAN Drop Eligible

indicator of the outgoing packet.
set-port Sets the new port value.
set-inner-vlan-pri Sets the inner VLAN priority of

the outgoing packet.
set-mpls-exp-transmit Sets the MPLS

Experimental bits of the outgoing packet.
set-ip-prec-transmit Sets the new IP TOS value.
set-ip-dscp-transmit Sets the new DSCP value.

are found to be In profile (exceed). Options are:
drop Drops the packet.

outgoing packet.



117
DATACOM SYSTEMS INC
VS-2024-F
violate-action

are found to be out of profile. Options are:
drop Drops the packet.

outgoing packet.



set-conformnewclass
Represents the Traffic CLASS to which an incoming

frame pattern is classified after metering.
set-exceednewclass

set-violatenewclass

Mode
Policy Map Configuration Mode
Package
Defaults
set-cos-transmit
set-de-transmit
set-mpls-exp-transmit
set-inner-vlan-pri
Example
118
iss(config-ply-map)# set meter 1 exceed-action drop violateaction drop

CONFIDENTIAL
DATACOM SYSTEMS INC

VLAN priority can be set to a non-zero value only when MPLS Experimental bits is
set to zero.
Related Commands
CLI USER MANUAL

119
DATACOM SYSTEMS INC
VS-2024-F
5.20 set algo-type

This command sets Q Template entry parameters.
set algo-type { tailDrop | headDrop | red | wred } [queue-limit <integer(165535)>] [queue-drop-algo {enable | disable }]
Syntax
Description
algo-type
Type of drop algorithm used by the queue template.

Options are:
tailDrop Beyond the maximum depth of the

queue, all newly arriving packets will be dropped.
headDrop Packets currently at the head of the

queue are dropped to make room for the new
packet to be enqueued at the tail of the queue,
when the current depth of the queue is at the
maximum depth of the queue.
red On packet arrival, an Active Queue

Management algorithm is executed which may
randomly drop a packet.
queue-limit
queue-drop-algo
wred On packet arrival, an Active Queue

Management algorithm is executed which may
randomly drop a packet.
Queue size. This value ranges between 1 and 65535.
Enable/disable Drop Algorithm

Management. Options are:
for
Congestion
enable Enables Drop Algorithm.
Mode
disable Disables Drop Algorithm.

Queue Template Configuration mode
Package
Defaults
queue-drop-algo
Example
iss(config-qtype)# set algo-type red queue-limit 18 queue-dropalgo enable

Queue size must be greater than or equal to the minimum average threshold and
less than or equal to the maximum average threshold.
enable
Drop algorithm for Congestion Management can be enabled only when the
Random Detect Table entry is created for the Queue.
Related Commands
random-detect dp Sets Random Detect Table entry parameters.
120

CONFIDENTIAL
DATACOM SYSTEMS INC

5.21 random-detect dp
This command sets Random Detect Table entry parameters. The no form of the command deletes
Random Detect Table entry.
random-detect dp <short(0-2)> [min-threshold <short(1-65535)>] [max-threshold
<short(1-65535)>]
[max-pkt-size
<short(1-65535)>]
[mark-probabilitydenominator <short(1-100)>] [exponential-weight <integer(0-31)>]
no random-detect dp <short(0-2)>
Syntax
Description
dp
Drop Precedence. Options are:
0 low drop precedence.
1 medium drop precedence.
2 high drop precedence.

Minimum average threshold for the random detect
algorithm. This value ranges between 1 and 65535.
min-threshold
max-threshold
Maximum average threshold for the random detect

algorithm. This value ranges between 1 and 65535.
max-pkt-size
Maximum allowed packet size. This value ranges

mark-probabilitydenominator
Maximum probability of discarding a packet in units of

percentage. This value ranges between 1 and 100.
exponentialweight
Exponential weight for determining the average queue

size. This value ranges between 0 and 31.
Mode
Queue Template Configuration Mode
Package
Defaults
mark-probabilitydenominator
100
exponential-weight
Example
iss(config-qtype)# random-detect dp 1 min-threshold 1200 maxthreshold 13000 max-pkt-size 100 mark-probability-denominator

50 exponential-weight 30
CLI USER MANUAL

121
DATACOM SYSTEMS INC
VS-2024-F
5.22 show qos global info

This command displays QoS related global configurations.
show qos global info
Mode
Privileged EXEC Mode
Package
Example
iss# show qos global info

QoS Global Information
---------------------System Control
: Start
System Control
: Enable
Rate Unit
: kbps
Rate Granularity
: 64
Trace Flag
: 0
Related Commands
shutdown qos Shutsdown the QoS subsystem.
qos Enables or disables the QoS subsystem.
122

CONFIDENTIAL
DATACOM SYSTEMS INC

5.23 show priority-map

This command displays the Priority Map entry.
show priority-map [<priority-map-id(1-65535)>]
Syntax
Description
priority-map-id
Mode
Privileged EXEC Mode.
Package
Example
iss# show priority-map
Output priority map index for the incoming packet

received over ingress Port/VLAN with specified
incoming priority.
QoS Priority Map Entries

========================
PriorityMapId
: 1
IfIndex
: 1
VlanId
: 4094
InPriorityType
: VlanPriority
InPriority
: 0
RegenPriority
: 7
InnerRegenPriority
: 1
iss# show
priority-map 9
QoS Priority Map Entries

------------------------
PriorityMapId
: 9
IfIndex
: gi 0/5
VlanId
: 2
InPriorityType
: IP Protocol
InPriority
: -1
RegenPriority
: 5
InnerRegenPriority
: 7
If executed without the optional parameters, this command displays all the available
Priority Map information.
Related Commands
map - Adds a Priority Map entry for mapping an incoming priority to a regenerated priority
CLI USER MANUAL

123
DATACOM SYSTEMS INC
VS-2024-F
5.24 show class-map

This command displays the Class Map entry.
show class-map [<class-map-id(1-65535)>]
Syntax
Description
class-map-id
Mode
Package
Example
iss# show class-map
Index that enumerates the MultiField Classifier table

entries.
QoS Class Map Entries

=====================
ClassMapId
: 1
L2FilterId
: None
L3FilterId
: None
PriorityMapId
: 1
CLASS
: 1000
PolicyMapId
: 1
PreColor
: None
Status
: Active
Class Map information
Related Commands
class-map Adds a Class Map entry.
124

CONFIDENTIAL
DATACOM SYSTEMS INC

5.25 show class-to-priority-map

This command displays the class group entry.
show class-to-priority-map <group-name(31)>
Syntax
Description
Group-name
Mode
Package
Example
iss# show class-to-priority-map CLASS1
Unique identification of the group to which an input

CLASS belongs.
QoS Class To Priority Map Entries

--------------------------------GroupName
: CLASS1
Class
LocalPriority
---------------------------------2
Related Commands
set class Sets CLASS for L2and/or L3 filters or Priority Map ID and adds a CLASS to Priority
Map Entry with regenerated priority.
CLI USER MANUAL

125
DATACOM SYSTEMS INC
VS-2024-F
5.26 show meter

This command displays the Meter entry.
show meter [<meter-id(1-65535)>]
Syntax
Description
meter-id
Mode
Package
Example
iss# show meter
Index that enumerates the Meter entries.
QoS Meter Entries

=================
MeterId
: 1
Type
: Simple Token Bucket
Color Mode
: Color Aware
Interval
: 10
CIR
: 1000
CBS
: None
EIR
: None
EBS
: None
NextMeter
: None
Status
: Active
Meter information.
Related Commands
set meter Sets Policy parameters such as Meter and Meter Actions.
126

CONFIDENTIAL
DATACOM SYSTEMS INC

5.27 show policy-map

This command displays the Policy Map entry.
show policy-map [<meter-id(1-65535)>]
Syntax
Description
meter-id
Mode
Package
Example
iss# show policy-map
QoS Policy Map Entries

======================
PolicyMapId
: 1
IfIndex
: 0
Class
: 0
DefaultPHB
: None.
MeterId
: 1
ConNClass
: 0
ExcNClass
: 0
VioNClass
: 0
ConfAct
: Port 1
ExcAct
: Drop.
VioAct
: Drop.
If executed without the optional parameter, this command displays all the available
Policy Map. information
Related Commands
set policy Sets CLASS for policy.
CLI USER MANUAL

127
DATACOM SYSTEMS INC
VS-2024-F
5.28 show queue-template

This command displays the Q Template and Random Detect configurations.
show queue-template [<queue-template-Id(1-65535)>]
Syntax
Description
queue-template-Id
Mode
Package
Example
iss# show queue-template
Queue Template Table index.
Queue Template Entries

----------------------
Q Template Id
: 1
Q Limit
: 10000
Drop Type
: Tail Drop
Drop Algo Status
: Disable
Queue Template information.
Related Commands
128

CONFIDENTIAL
DATACOM SYSTEMS INC

5.29 show shape-template

This command displays the Shape Template configurations.
show shape-template [<shape-template-Id(1-65535)>]
Syntax
Description
shape-template-Id
Mode
Package
Example
iss# show shape-template
Shape Template Table index.
QoS Shape Template Entries

--------------------------
ShapeTemplate Id
CIR
CBS
EIR
EBS
----------------
---
---
---
---
Shape Template information
Related Commands
shape-template Creates a Shape Template.
CLI USER MANUAL

129
DATACOM SYSTEMS INC
VS-2024-F
5.30 show scheduler

This command displays the configured Scheduler.
show scheduler [interface <iftype> <ifnum>]
Syntax
Description
iftype
Interface type.
ifnum
Interface number.
Mode
Package
Example
iss# show scheduler

QoS Scheduler Entries
--------------------IfIndex Scheduler Index Scheduler Algo Shape Index Scheduler HL
GlobalId
------- --------------- -------------- ----------- ---------------Gi0/1
1
strictPriority
--0
scheduler entries.
Related Commands
130

CONFIDENTIAL
DATACOM SYSTEMS INC

5.31 show queue

This command displays the configured Queues.
show queue [interface <iftype> <ifnum>]
Syntax
Description
iftype
Interface type.
ifnum
Interface number.
Mode
Package
Example
iss# show queue

QoS Queue Entries
----------------IfIndex Queue Idx Queue Type Scheduler Idx Weight Priority Shape Idx
Global Id
------- --------- ---------- ------------- ------ -------- ----------------Gi0/1
1
If executed without the optional parameter, this command displays all the available queue
entries
Related Commands
queue Creates a Queue and configures the Queue parameters.
CLI USER MANUAL

131
DATACOM SYSTEMS INC
VS-2024-F
5.32 show queue-map

This command displays the configured Queue map.
show queue-map [interface <iftype> <ifnum>]
Syntax
Description
iftype
Interface type.
ifnum
Interface number.
Mode
Package
Example
iss# show queue-map

QoS Queue Map Entries
--------------------IfIndex
CLASS
PriorityType
Priority Value
Mapped Queue
-------
-----
------------
--------------
------------
Gi0/1
none
queue map entries.
Related Commands
queue-map Creates a Map for a Queue with Class or regenerated priority.
132

CONFIDENTIAL
DATACOM SYSTEMS INC

5.33 show sched-hierarchy

This command displays the configured hierarchy scheduler.
show sched-hierarchy [interface <iftype> <ifnum>]
Syntax
Description
iftype
Interface type.
ifnum
Interface number.
Mode
Package
Example
iss# show sched-hierarchy

QoS Hierarchy Scheduler Entries
------------------------------IfIndex Hierarchy Level Sched Index NextQueue Id NextSched Id Weight
Priority
------- --------------- ----------- ------------ ------------ ------------Gi0/1
1
If executed without the optional parameter, this command displays all the available hierarchy
scheduler entries
Related Commands
sched-hierarchy Creates a Scheduler Hierarchy.
CLI USER MANUAL

133
DATACOM SYSTEMS INC
VS-2024-F
5.34 show qos def-user-priority

This command displays the configured default ingress user priority for a port.
show qos def-user-priority [interface <iftype> <ifnum>]
Syntax
Description
iftype
Interface type.
ifnum
Interface number.
Mode
Package
Example
iss# show qos def-user-priority

QoS Default User Priority Entries
--------------------------------IfIndex
Default User Priority
-------- ---------------------
134
Gi0/1
Gi0/2
Gi0/3
Gi0/4
Gi0/5
Gi0/6
Gi0/7
Gi0/8
Gi0/9
Gi0/10
Gi0/11
Gi0/12
Gi0/13
Gi0/14
Gi0/15
Gi0/16
Gi0/17
Gi0/18
Gi0/19

CONFIDENTIAL
DATACOM SYSTEMS INC

Gi0/20
Gi0/21
Gi0/22
Gi0/23
Gi0/24
If executed without the optional parameter, this command displays the available
default ingress user priority entries for all the interface.
Related Commands
qos interface Sets the default ingress user priority for the port.
CLI USER MANUAL

135
DATACOM SYSTEMS INC
VS-2024-F
5.35 show qos meter-stats

This command displays the Meters statistics for conform, exceed, violate packets and octets count.
show qos meter-stats [<Meter-Id(1-65535)>]
Syntax
Description
Meter-Id
Mode
Package
Example
iss# show qos meter-stats
QoS Meter (Policer) Stats

-------------------------
Meter Index
: 1
Conform Packets
: 00
Conform Octects
: 00
Exceed Packets
: 00
Exceed Octects
: 00
Violate Packets
: 00
Violate Octects
: 0
If executed without the optional parameter, this command displays the Meter
statistics for all the available Meters.
Related Commands
set meter Sets Policy parameters such as Meter and Meter Actions.
136

CONFIDENTIAL
DATACOM SYSTEMS INC

5.36 show qos queue-stats

This command displays Queue statistics for EnQ, DeQ, discarded packets and octets Count,
Management Algo Drop and Q occupancy.
show qos queue-stats [interface <iftype> <ifnum>]
Syntax
Description
iftype
Interface Type.
ifnum
Interface Number.
Mode
Package
Example
iss# show qos queue-stats

QoS Queue Stats
-------------------
Interface Index
: Gi 0/1
Queue Index
: 2
EnQ Packets
: 00
EnQ Octects
: 00
DeQ Packets
: 00
DeQ Octects
: 00
Discard Packets
: 00
Discard Octects
: 00
Occupancy Octects
: 00
CongMgntAlgoDrop Octects
: 00
If executed without the optional parameter, this command displays the Queue
statistics for all the available Interfaces.
Related Commands
show queue Displays the configured Queues.
CLI USER MANUAL

137
DATACOM SYSTEMS INC
VS-2024-F
Chapter
6
6.TACACS
TACACS (Terminal Access Controller Access Control System), widely used in network environments, is a
client/server protocol that enables remote access servers to communicate with a central server to
authenticate dial-in users and authorize their access to the requested system or service. It is commonly
used for providing NAS (Network Access Security). NAS ensures secure access from remotely connected
users. TACACS implements the TACACS Client and provides the AAA (Authentication, Authorization and
Accounting) functionalities.
TACACS is used for several reasons:
Facilitates centralized user administration.
Uses TCP for transport to ensure reliable delivery.
Supports inbound authentication, outbound authentication and change password request for the
Authentication service.
Provides some level of protection against an active attacker.
The list of CLI commands for the configuration of TACACS is as follows:
tacacs-server host
tacacs use-server address
tacacs-server retransmit
debug tacacs
show tacacs
138

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 6: TACACS
6.1 tacacs-server host

This command configures the TACACS server with the parameters (host, timeout, key). The no form of
the command deletes server entry from the TACACS server table.
tacacs-server host {<ipv4-address> | <ipv6-address> | <host-name>}
[single-connection] [port <tcp port (1-65535 )>] [timeout <time out in
seconds(1-255)>] {key <secret key>}
no tacacs-server host { <ipv4-address> | <ipv6-address>}
Syntax
Description
ipv4address
IPv4 address of the host
ipv6address
host-name
Name of the host
singleconnection
Establishes Single TCP connection to communicate with

TACACS Server
port
TCP Port number. This value ranges between 1 and

65535.
timeout
The time period in seconds for which a client will wait for a
response from the server before closing the connection.
This value ranges between 1 and 255 seconds.
key
Per-server encryption key. Specifies the authentication

and encryption key for all TACACS communications
between the authenticator and the TACACS server. The
string length is 64.
Mode
Package
Defaults
port
40
timeout
5 seconds
Example
iss(config)# tacacs-server host 12.0.0.100

TACACS+ server configured with default secret key !
CLI USER MANUAL

139
DATACOM SYSTEMS INC
VS-2024-F
iss(config)# tacacs-server host 2005::33

TACACS+ server configured with default secret key !
Related Commands
show tacacs - Displays the statistical log information and server for TACACS client
140

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 6: TACACS
6.2 tacacs use-server address

This command selects a server from the list of servers maintained in the TACACS client and makes the
TACACS client to use the specified server. The no form of the command disables the configured TACACS
active server.
tacacs use-server address { <ipv4-address> | <ipv6-address>}

no tacacs use-server
Syntax
Description
ipv4address
ipv6address
Mode
Package
Example
iss(config)# tacacs use-server address 10.0.0.100
Related Commands
show tacacs - Displays the statistical log information and server for TACACS client
CLI USER MANUAL

141
DATACOM SYSTEMS INC
VS-2024-F
6.3 tacacs-server retransmit

This command specifies the number of times the client searches the active server from the list of servers
maintained in the TACACS client, when active server is not configured. The no form of the command sets
the default retries.
tacacs-server retransmit <retries>

no tacacs-server retransmit
Mode
Package
Example
iss(config)# tacacs-server retransmit 3
142

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 6: TACACS
6.4 debug tacacs

This command sets the debug trace level for TACACS client module. The no form of the command
disables the debug trace level for TACACS client module.
debug tacacs { all | info | errors | dumptx | dumprx }
no debug tacacs
Syntax
Description
all
All TACACS debug messages
info
TACACS Server information messages
errors
Error code debug messages
dumptx
Transmitted packet dump messages
dumprx
Received packet dump messages
Mode
Package
Defaults
Debugging is Disabled
Example
iss# debug tacacs all
CLI USER MANUAL

143
DATACOM SYSTEMS INC
VS-2024-F
6.5 show tacacs

This command displays the statistical log information and server for TACACS+ client.
show tacacs
Mode
Package
Example
iss# sh tacacs
Server : 1
Server address
: 12.0.0.100
Address Type
: IPV4
Single Connection : no
TCP port
: 49
Timeout
: 5
Secret Key
: Datacom Systems
Server : 2
Server address
: 2005::33
Address Type
: IPV6
Single Connection : no
TCP port
: 4949
Timeout
: 5
Secret Key
: Datacom Systems
Authen. Starts sent
: 0
Authen. Continues sent : 0

Authen. Enables sent
: 0
Authen. Aborts sent
: 0
Authen. Pass rvcd.
: 0
Authen. Fails rcvd.
: 0
Authen. Get User rcvd. : 0

Authen. Get Pass rcvd. : 0
144

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 6: TACACS
Authen. Get Data rcvd. : 0

Authen. Errors rcvd.
: 0
Authen. Follows rcvd.
: 0
Authen. Restart rcvd.
: 0
Authen. Sess. timeouts : 0

Author. Requests sent
: 0
Author. Pass Add rcvd. : 0

Author. Pass Repl rcvd : 0
Author. Fails rcvd.
: 0
Author. Errors rcvd.
: 0
Author Follows rcvd.
: 0
Author. Sess. timeouts : 0

Acct. start reqs. sent : 0
Acct. WD reqs. sent
: 0
Acct. Stop reqs. sent
: 0
Acct. Success rcvd.
: 0
Acct. Errors rcvd.
: 0
Acct. Follows rcvd.
: 0
Acct. Sess. timeouts
: 0
Malformed Pkts. rcvd.
: 0
Socket failures
: 0
Connection failures
: 0
Related Commands
tacacs-server host - Configures the TACACS server with the parameters
tacacs use-server address - Selects a server from the list of servers maintained in the
TACACS client and makes the TACACS client to use the specified server
CLI USER MANUAL

145
DATACOM SYSTEMS INC
VS-2024-F
Chapter
7
7.LA
LA (Link Aggregation) is a method of combining physical network links into a single logical link for
increased bandwidth. LA increases the capacity and availability of the communications channel between
devices (both switches and end stations) using existing Fast Ethernet and Gigabit Ethernet technology.
LA also provides load balancing where the processing and communication activity is distributed across
several links in a trunk, so that no single link is overwhelmed. By taking multiple LAN connections and
treating them as a unified, aggregated link, practical benefits in many applications can be achieved. LA
provides the following important benefits:
Higher link availability
Increased link capacity
Improvements are obtained using existing hardware (no upgrading to higher-capacity link technology
is necessary)
The list of CLI commands for the configuration of LA is as follows:
set port-channel/channel-protocol
lacp system-priority
lacp system-identifier
port-channel load-balance
lacp port-priority
lacp port-identifier
channel-group
lacp wait-time
lacp timeout/lacp rate
146

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 7: LA
lacp
default port
port-channel max-ports
shutdown port-channel
debug lacp/debug etherchannel
show etherchannel
show etherchannel - Redundancy
show interfaces
show lacp
CLI USER MANUAL

147
DATACOM SYSTEMS INC
VS-2024-F
7.1 set port-channel

This command enables/disables link aggregation in the switch.
set port-channel { enable | disable }
Syntax
Description
enable
Enables link aggregation in the switch
disable
Disables link aggregation in the switch
Mode
Package
Defaults
disable
Example
iss(config)# set port-channel enable
Related Command
show etherchannel - Displays Etherchannel information
148

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 7: LA
7.2 channel-protocol
This command enables link aggregation in the switch and the no form of the command disables link
aggregation in the switch.
This command operates similar to that of the command set port-channel.
channel-protocol { lacp | pagp }
no channel-protocol
Syntax
Description
lacp
Specifies LACP (Link Aggregation Control Protocol)

to manage channeling.
pagp
Specifies PAgP (Port aggregation protocol) to

manage channeling.
Mode
Package
Defaults
Link aggregation is disabled
Example
iss(config)# channel-protocol lacp
Related Command
CLI USER MANUAL

149
DATACOM SYSTEMS INC
VS-2024-F
7.3 lacp system-priority

This command sets the LACP priority for the system and the no form of the command sets the LACP
priority for the system to the default value. System Priority represents a 2-octet value indicating the priority
value associated with the system involved in link aggregation.
lacp system-priority <0-65535>
no lacp system-priority
Mode
Package
Defaults
0x8000 or 32768
Example
iss(config)# lacp system-priority 5
The switch with the lowest system priority value decides the standby and active links
in the aggregation.
Although this is a global configuration command, the priority only takes effect on
EtherChannels that have physical interfaces with LACP enabled.
Related Command
show etherchannel - Displays lacp system-priority value
150

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 7: LA
7.4 lacp system-identifier

This command sets the global LACP System ID. The no form of the command sets the global LACP
System ID to the default value.
lacp system-identifier <aa:aa:aa:aa:aa:aa>
no lacp system-identifier
Mode
Package
Example
iss(config)#lacp system-identifier 00:01:02:03:04:05
The MAC address configured must not be a Null MAC address or a Multicast MAC
address.
Related Commands
show etherchannel - Displays lacp system-priority value
Error! Reference source not found. - Displays the current operating configuration in the
system
CLI USER MANUAL

151
DATACOM SYSTEMS INC
VS-2024-F
7.5 port-channel load-balance

This command sets the load balancing policy for aggregated ports on each of the previously created port
channels. The no form of the command sets the load balancing policy to the default value.
port-channel load-balance {src-mac | dest-mac | src-dest-mac| src-ip |

dest-ip | src-dest-ip | vlan-id | service-instance | mac-src-vid | macdest-vid | mac-src-dest-vid | mpls-vc-label | mpls-tunnel-label | mplsvc-tunnel-label} [ <port-channel-index(1-65535)>]
no port-channel load-balance [ <port-channel-index(1-65535)> ]
Syntax
Description
src-mac
Load distribution is based on the source MAC address.

Packets from different hosts use different ports in the
channel, but packets from the same host use the same
port
dest-mac
Load distribution is based on the destination host MAC

address. Packets to the same destination are sent on the
same port, but packets to different destinations are sent
on different ports in the channel
src-destmac
Load distribution is based on the source and destination

MAC address
src-ip
Load distribution is based on the source IP address
dest-ip
Load distribution is based on the destination IP address
src-dest-ip
Load distribution is based on the source and destination

IP address
mac-srcvid2
Link selection policy is based on the combination of

source MAC address and VLAN identifier.
mac-destvid2

destination MAC address and VLAN identifier.
This option is available only when MPLS is enabled.
152

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 7: LA
mac-srcdest-vid2

source, destination MAC address and VLAN identifier.
mpls-vclabel2
Link selection policy is based on MPLS VC label.
mplstunnellabel2
Link selection policy is based on MPLS tunnel label.
mpls-vctunnellabel2
Link selection policy is based on the combination of MPLS

VC and tunnel label.
vlan-id
Load distribution is based on VLAN Identifier
serviceinstance
Load distribution is based on service-instance. Packets

with the same service-instance use the same port.
Packets with different service-instance use different ports
such that the load is balanced among ports. Same port
can have packets with different service-instances also.
portchannelindex
Port channel number
Mode
Package
Defaults
source and destination MAC address based
Example
iss(config)# port-channel load-balance service-instance 20

iss(config)# port-channel load balance dest-mac 28
If the port-channel index is not mentioned in this command, the load-balancing must
apply for all port-channels configured in the system.
Initially, the port channel interface must have been configured for this command.
Related Command
show etherchannel - Displays Etherchannel load balance information
CLI USER MANUAL

153
DATACOM SYSTEMS INC
VS-2024-F
7.6 lacp port-priority

This command sets the LACP port priority and the no form of the command sets the LACP port priority to
the default value. Port priority determines whether the link is an active link or a standby link, when the
number of ports in the aggregation exceeds the maximum number supported by the hardware
lacp port-priority <0-65535>
no lacp port-priority
Mode
Package
Defaults
port-priority
Example
iss(config-if)# lacp port-priority 1
128
This command takes effect only on EtherChannel interfaces that are already
configured for LACP.
If the number of links in an aggregation exceeds the maximum supported by the

hardware, then the links with lower priority become active links.
Related Commands
lacp system-priority - Globally sets the LACP priority
show etherchannel - Displays Etherchannel detailed / port information
154

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 7: LA
7.7 lacp port-identifier

This command sets the LACP actor admin port to be filled in the LACP PDUs.
lacp port-identifier <1-65535>
Mode
Package
Example
iss(config-if)# lacp port-identifier 2
Related Commands
show interfaces Displays interface specific port-channel information
CLI USER MANUAL

155
DATACOM SYSTEMS INC
VS-2024-F
7.8 channel-group
This command configures an Etherchannel and the no form of the command removes an interface from
the Etherchannel.
channel-group <channel-group-number(1-65535)> mode {auto [non-silent] |

desirable [non-silent] | on | active | passive}
no channel-group
Syntax
Description
mode
Mode represents any one of the following:

active
conditionally
- LACP negotiation is started un-
passive
- LACP negotiation is started only
when LACP packet is received from peer
on
- Force the interface to channel
without LACP. This is equivalent to manual aggregation
- Places a port into a passive
auto
negotiating state in which the port responds to received
PAgP packets, but does not initiate PAgP packet
negotiation.
- Places a port into an active
desirable
negotiating state in which the port initiates negotiations
with other ports by sending PAgP packets.
- Used with the auto or
[non-silent]
desirable keyword when traffic is expected
from the other device.
Mode
Package
Example
iss(config-if)# channel-group 1 mode active
156
If the port-channel is not present, then the port channel must be created.

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 7: LA
Related Command
7.9 lacp wait-time

This command sets the LACP wait-time and the no form of the command sets the LACP wait-time to the
default value.
lacp wait-time <0-10>

no lacp wait-time
Mode
Package
Defaults
Example
iss(config-if)# lacp wait-time 1
Configuring the wait-time value as 0 ensures that links get aggregated immediately.
Related Command
CLI USER MANUAL

157
DATACOM SYSTEMS INC
VS-2024-F
7.10 lacp timeout

This command sets the LACP timeout period and the no form of the command sets the LACP timeout
period to the default value.
lacp timeout {long | short }
no lacp timeout
Syntax
Description
long
Long timeout value
short
Short timeout value
Mode
Package
Defaults
long
Example
iss(config-if)# lacp timeout short
The long timeout value means that LACP PDU will be sent every 30 seconds
and LACP timeout value (no packet is received from peer ) is 90 seconds.
The short timeout value means that LACP PDU will be sent every 1 second and
timeout value is 3 seconds.
Related Command
158

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 7: LA
7.11 lacp rate

This command sets the LACP timeout period and the no form of the command sets the LACP timeout
period to the default value
This command operates similar to that of the command lacp timeout.
lacp rate {normal | fast }
no lacp rate
Syntax
Description
normal
LACP control packets are ingressed at the normal rate.
That is, LACP PDU will be sent every 30 seconds and

the timeout value will be set as 90 seconds.
fast
LACP control packets are ingressed at the fast rate.
That is, LACP PDU will be sent every 1 second and

the timeout value will be set as 3 seconds.
Mode
Package
Defaults
normal
Example
iss(config-if)# lacp rate fast
The normal timeout value means that LACP PDU will be sent every 30 seconds
and LACP timeout value (no packet is received from peer) is 90 seconds.
The fast timeout value means that LACP PDU will be sent every 1 second and
timeout value is 3 seconds.
CLI USER MANUAL

159
DATACOM SYSTEMS INC
VS-2024-F
Related Command
7.12 lacp
This command sets the LACP Actor Admin key and/or LACP mode for the port.
lacp [admin-key <(Admin Key)1-65535>] [mode {active | passive}]
Syntax
Description
adminkey
LACP Actor Admin key
mode
LACP mode
Mode
Package
Defaults
mode
Example
iss(config-if)# lacp admin-key 1 mode active
active
This command can be configured only after configuring the default port.
Related Command
default port - Configures the default physical interface for the port channel.
160

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 7: LA
7.13 default port

This command configures the default physical interface for the port channel and the no form of the
command removes default port for a port channel.
default port <interface-type> <interface-id>
no default port
Syntax
Description
interfacetype
Interface Type
interfaceid
Interface Identifier
Mode
Package
Example
iss(config-if)# default port gigabitethernet 0/1
Related Commands
lacp - Sets the LACP Actor Admin key and/or LACP mode for the port.
CLI USER MANUAL

161
DATACOM SYSTEMS INC
VS-2024-F
7.14 port-channel max-ports

This command configures the maximum number of ports for a port channel.
port-channel max-ports <integer (2-8)>
Mode
Package
Defaults
Example
iss(config-if)# port-channel max-ports 5
162

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 7: LA
7.15 shutdown port-channel

This command shuts down Link Aggregation in the switch and the no form of the command starts and
enables Link Aggregation in the switch.
shutdown port-channel
no shutdown port-channel
Mode
Package
Example
iss(config)# shutdown port-channel
When shutdown, all resources used by the Link Aggregation Module are released to
the system.
Related Commands
CLI USER MANUAL

163
DATACOM SYSTEMS INC
VS-2024-F
show interfaces - Displays interface specific port-channel information
7.16 debug lacp

This command enables trace messages for link aggregation and the no form of the command disables
trace messages for link aggregation.
debug lacp [ { init-shutdown | mgmt | data | events | packet | os |

failall | buffer | all } ]
no debug lacp [ { init-shutdown | mgmt | data | events | packet | os |

failall | buffer | all } ]
Syntax
Description
164
initshutdown
Initialization and shutdown traces
mgmt
Management traces
data
Data path traces
events
Event traces

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 7: LA
packet
Packet dump traces
os
Traces related to all resources except buffers
failall
All failure traces
buffer
Buffer traces
all
All traces
Mode
Package
Defaults
init-shutdown
Example
iss# debug lacp data
7.17 debug etherchannel

This command enables trace messages for link aggregation and the no form of the command disables
trace messages for link aggregation.
This command operates similar to that of the command debug lacp.
debug etherchannel {[all] [detail] [error] [event] [idb]}
no debug etherchannel {[all] [detail] [error] [event] [idb]}
Syntax
Description
all
All traces
detail
Detailed debug traces
error
All failure traces
CLI USER MANUAL

165
DATACOM SYSTEMS INC
VS-2024-F
event
Event traces
idb
Interface descriptor block messages
Mode
Package
Example
iss# debug etherchannel detail
7.18 show etherchannel

This command displays Etherchannel information.
show etherchannel [[channel-group-number] { detail | load-balance | port

| port-channel | summary | protocol}]
Syntax
Description
166
channelgroupnumber
Number of the channel group. Valid numbers range from

maximum number of ports in the system to maximum
number of aggregations supported
detail
Detailed EtherChannel information
loadbalance
Load-balance or frame-distribution scheme among ports

in the port channel

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 7: LA
port
EtherChannel port information
portchannel
Port-channel information
summary
Protocol that is being used in the EtherChannel
protocol
One-line summary per channel-group
Mode
Package
Example
iss# show etherchannel

Port-channel Module Admin Status is enabled
Port-channel Module Oper Status is enabled
Port-channel System Identifier is 00:01:02:03:04:01
Channel Group Listing

--------------------Group : 1
---------Protocol : LACP
iss# show etherchannel 1 detail

LACP System Priority: 32768

--------------------Group: 1
---------Protocol :LACP
Ports in the Group
CLI USER MANUAL

167
DATACOM SYSTEMS INC
VS-2024-F
------------------
Port : Gi0/1
-------------
Port State = Up in Bundle

Channel Group : 1
Mode : Active
Pseudo port-channel = Po1
LACP port-priority
LACP Wait-time
= 128
= 2 secs
LACP Activity : Active

LACP Timeout : Long
Aggregation State : Aggregation, Sync, Collecting, Distributing,

Defaulted
LACP Port
Port
State
Priority
Admin Oper
Key
Port
Key Number
Port
State
-----------------------------------------------Gi0/1
Bundle
128
0x1
0xbe
Port-channel : Po1
------------------
Number of Ports = 1
HotStandBy port = null
Port state = Port-channel Ag-Inuse
Protocol = LACP
Aggregator-MAC 00:01:02:03:04:19
Default Port = None
iss# show etherchannel 1
port

--------------------Group: 1
---------168

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 7: LA
Protocol :LACP
Ports in the Group

------------------
Port : Gi0/1
-------------

Channel Group : 1
Mode : Active
port-channel = Po1
LACP port-priority
LACP Wait-time
= 128
= 2 secs
LACP Port Identifier = 2

LACP Timeout : Long
Port : Gi0/2
-------------

Channel Group : 1
Mode : Active
port-channel = Po1
LACP port-priority
LACP Wait-time
= 128
= 2 secs

LACP Timeout : Long
LACP Port
CLI USER MANUAL

Admin Oper
Port
Port
169
DATACOM SYSTEMS INC
VS-2024-F
Port
State
Priority
Key
Key Number
State
-----------------------------------------------Gi0/1
Bundle
128
0x1
0xbc
Gi0/2
Bundle
128
0x2
0xbc
port-channel


--------------------Group : 1
----------
Port-channels in the group:

---------------------------
Port-channel : Po1
-------------------
Number of Ports = 1
Protocol = LACP
Aggregator-MAC 00:01:02:03:04:19
Default Port = None
iss# show etherchannel summary

Port-channel System Identifier is
00:01:02:03:04:01
Flags:
170

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 7: LA
D - down
P - in port-channel
I - stand-alone
H - Hot-standby (LACP only)
U - in-use
Number of channel-groups in use: 1

Number of aggregators: 1
Group
Port-channel
Protocol
Ports
---------------------------------------------------------1
Po1(U)
LACP
Gi0/1(P),Gi0/2(D)
protocol

--------------------Group : 1
---------Protocol : LACP
iss# show etherchannel load-balance

--------------------Group : 1
---------Source & Destination MAC Address
If the channel group number is not specified details on all channels are displayed.
Related Commands
channel-group - Assigns an Ethernet interface to an EtherChannel group
set port-channel / channel-protocol - Enables/disables link aggregation in the switch
lacp system-priority - Sets the LACP priority for the system
port-channel load-balance - Sets the load balancing policy
lacp port-priority - Sets the LACP port priority
lacp wait-time - Sets the LACP wait-time
CLI USER MANUAL

171
DATACOM SYSTEMS INC
VS-2024-F
lacp timeout / lacp rate - Sets the LACP timeout period
7.19 show etherchannel - Redundancy

This command displays Etherchannel information.
show etherchannel [[channel-group-number] { detail | load-balance | port

| port-channel | summary | protocol | redundancy}]
Syntax
Description
channelgroupnumber
Number of the channel group. Valid numbers range from

maximum number of ports in the system to maximum
number of aggregations supported
detail
Detailed EtherChannel information
loadbalance
Load-balance or frame-distribution scheme among ports

in the port channel
port
EtherChannel port information
portchannel
Port-channel information
summary
Protocol that is being used in the EtherChannel
protocol
One-line summary per channel-group
redundancy3
Synced messages
Mode
Package
Metro
Example
iss# show etherchannel redundancy

Actor Information for Port : Gi0/1
This feature is not supported.
172

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 7: LA
---------------------------------Channel Group : 1
CurrentWhile Split Interval Tmr Count = 1
Synced Partner Information for Port : Gi0/1
-----------------------------------
Partner System ID
: 00:11:22:33:44:55
Flags
: A
LACP Partner Port Priority
: 128
LACP Partner Oper Key
: 1
Port State Flags Decode

-----------------------Activity : Active
LACP Timeout : Long
Actor Information for Port : Gi0/2

-------------
Channel Group : 1
CurrentWhile Split Interval Tmr Count = 1
Synced Partner Information for Port : Gi0/2

------------Partner System ID
: 00:11:22:33:44:55
Flags
: A
: 128
: 1

-----------------------Activity : Active
LACP Timeout : Long
CLI USER MANUAL

173
DATACOM SYSTEMS INC
VS-2024-F

----------------------------------------------------------------
If the channel group number is not specified details on all channels are displayed.
Related Commands
set port-channel / channel-protocol - Enables/disables link aggregation in the switch
lacp system-priority - Sets the LACP priority for the system
lacp timeout / lacp rate - Sets the LACP timeout period
7.20 show interfaces

This command displays interface specific port-channel information.
show interfaces [<interface-type> <interface-id> ] etherchannel
Syntax
Description
etherchannel
Interface EtherChannel information
Mode
Package
Example
iss# show interfaces gigabitethernet 0/1 etherchannel

Port : Gi0/1
-------------
174

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 7: LA

Channel Group :
Mode : Active
LACP port-priority
= 128
LACP Port Identifier = 2

LACP Wait-time
= 2 secs
LACP Activity : Passive

LACP Timeout : Long
Port
State
LACP Port
Admin
Oper
Port
Port
Priority
Key
Key
Number
State
------------------------------------------------------------Gi0/1
Bundle
128
0x1
0x3c
iss# show interfaces etherchannel

Port : Gi0/1
-------------

Channel Group : 2
Mode : Active
LACP port-priority
LACP Wait-time
= 128
= 2 secs

LACP Timeout : Long
Port : Gi0/2
CLI USER MANUAL

175
DATACOM SYSTEMS INC
VS-2024-F
-------------

Channel Group : 2
Mode : Active
LACP port-priority
LACP Wait-time
= 128
= 2 secs

LACP Timeout : Long
Port
State
LACP Port
Admin
Oper
Port
Port
Priority
Key
Key
Number
State
------------------------------------------------------------Gi0/1
Bundle
128
0x1
0x3c
Gi0/2
Bundle
128
0x2
0x3c
Port-channel : Po2
-------------------
Number of Ports = 2
Protocol = LACP
Aggregator-MAC
00:01:02:03:04:23
Default Port = None
Expressions are case sensitive.
The port-channel range is 1 to 64.
Related Commands
set port-channel - Enables/disables link aggregation in the switch
176

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 7: LA
lacp timeout - Sets the LACP timeout period
7.21 show lacp

This command displays port-channel traffic/neighbor information.
show lacp [<port-channel(1-65535)>] { counters | neighbor [detail] }
Syntax
Description
portchannel
Number of the channel group
counters
Traffic information
neighbor
Neighbor information
detail
Neighbor detail information
Mode
Example
iss# show lacp 1 counters

LACPDUs
Marker
Port Sent Recv Sent
Recv
Marker Response
Sent
Recv
LACPDUs
Pkts Err
-----------------------------------------Channel group: 1
-----------------Gi0/1
394
352
Gi0/2
318
297
iss# show lacp neighbor detail
CLI USER MANUAL

177
DATACOM SYSTEMS INC
VS-2024-F
Flags:
A - Device is in Active mode
P - Device is in Passive mode
Channel group 1 neighbors
Port Gi0/1
---------Partner System ID
: 00:01:02:03:04:21
Flags
: P
: 128
: 2
LACP Partner Port State
: 0x3c

-----------------------Activity : Passive
LACP Timeout : Long
Aggregation
Distributing
State
Aggregation,
Sync,
Collecting,
Port Gi0/2
---------Partner System ID
: 00:01:02:03:04:21
Flags
: P
: 128
: 2
LACP Partner Port State
: 0x3c

-----------------------Activity : Passive
LACP Timeout : Long
Aggregation
Distributing
178
State
Aggregation,
Sync,
Collecting,

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 7: LA
Expressions are case sensitive
Related Commands
lacp timeout - Sets the LACP timeout period
show etherchannel - Displays Etherchannel detailed information
CLI USER MANUAL

179
VS-2024-F
DATACOM SYSTEMS INC
Chapter
8
8.Syslog
Syslog is a protocol used for capturing log information for devices on a network. The syslog protocol
provides a transport to allow a machine to send event notification messages across IP networks to event
message collectors, also known as syslog servers. The protocol is simply designed to transport the event
messages.
One of the fundamental tenets of the syslog protocol and process is its simplicity. The transmission of
syslog messages may be started on a device without a receiver being configured, or even actually
physically present. This simplicity has greatly aided the acceptance and deployment of syslog.
The list of CLI commands for the configuration of Syslog is as follows:
logging
logging synchronous
mailserver
sender mail-id
receiver mail-id
cmdbuffs
service timestamps
clear logs
syslog mail
syslog local storage
syslog filename-one
syslog filename-two
180

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 8: SYSLOG
syslog filename-three
syslog relay - port
syslog profile
logging-file
logging server
mail server
syslog relay
syslog relay transport type
show logging
show email alerts
show syslog role
show syslog mail
show syslog local storage
show logging file
show logging server
show mail server
show syslog relay - port
show syslog profile
show syslog relay transport type
show syslog file-name
show syslog information
CLI USER MANUAL

181
DATACOM SYSTEMS INC
VS-2024-F
8.1 logging
This command enables Syslog server and configures the Syslog Server IP address, the log-level and
other Syslog related parameters. The no form of the command disables Syslog server and resets the
configured Syslog server IP address, the log-level and other Syslog related parameters.
logging { <ip-address> | buffered [<size (1-200)>] | console | facility

{local0 | local1 | local2 | local3 | local4 | local5 | local6 |
local7|}| severity [{ <level (0-7)> | alerts | critical | debugging |
emergencies | errors | informational | notification | warnings }] | on }
no logging { <ip-address> | buffered | console | facility | severity |
on }
Syntax
Description
182
ip-address
Host IP address used as a Syslog server.
buffered
Limits Syslog messages displayed from an internal buffer.

This size ranges between 1 and 200 entries.
The size feature is optional only in the code using
the industrial standard command, otherwise this
feature is mandatory.
Limits messages logged to the console.
console
facility
The facility that is indicated in the message. Can be one of

the following values: local0, local1, local2, local3, local4,
local5, local 6, local7.
severity
Message severity level. Messages with severity level

equal to or high than the specified value are printed
asynchronously. This can be configured using numerical
value or using the available option. The options are:
0 | emergencies - System is unusable.
1 | alerts - Immediate action needed.
2 | critical - Critical conditions.
3 | errors - Error conditions.
4 | warnings - Warning conditions.
5 | notification - Normal but significant conditions.
6 | informational - Informational messages.
7 | debugging Debugging messages.
alerts
Immediate action needed
critical
Critical conditions
debugging
Debugging messages
emergencies
System is unusable
errors
Error conditions

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 8: SYSLOG
informational
Information messages
notification
Normal but significant messages
warnings
Warning conditions
on
Syslog enabled
Mode
Package
Defaults
console
enabled
severity
informational,
configuration.
when
no
option
is
selected
while
debugging, at system start-up.
Example
buffered
50
facility
local0
iss(config)# logging 12.0.0.2
The log file is stored in ASCII text format. The Privileged EXEC command is used to
display its contents
The logging process controls the distribution of logging messages to the various
destinations, such as the logging buffer, logging file, or Syslog server
The existing syslog buffers will not be cleared and none of the configured options will
be changed, when the Syslog feature is disabled
Related Command
show logging - Displays Logging status and configuration information
CLI USER MANUAL

183
DATACOM SYSTEMS INC
VS-2024-F
8.2 logging synchronous

This command enables synchronous logging of messages.
This command operates similar to that of the command logging.
logging synchronous {severity [{<short (0-7)> | alerts | critical |

debugging | emergencies | errors | informational | notification |
warnings|all}] | limit <number-of-buffers(size(1-200))}
Syntax
Description
severity
limit
Message severity level. Messages with severity level equal

to or high than the specified value are printed
asynchronously. This can be configured using numerical
value or using the available option. The options are:
0 | emergencies - System is unusable.
1 | alerts - Immediate action needed.
2 | critical - Critical conditions.
3 | errors - Error conditions.
4 | warnings - Warning conditions.
5 | notification - Normal but significant conditions.
6 | informational - Informational messages.
7 | debugging Debugging messages.
all - All messages are printed asynchronously

regardless of the severity level.
Number of buffers to be queued for the terminal after which

new messages are dropped. This value ranges between 1
and 200 entries.
Mode
Line Configuration Mode
Package
Defaults
severity
informational,
configuration.
when
no
option
is
selected
while
debugging, at system start-up.

limit
Example
184
50
iss(config-line)# logging synchronous severity 4
The log file is stored in ASCII text format. The Privileged EXEC command is used to

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 8: SYSLOG
display its contents.
The logging process controls the distribution of logging messages to the various
destinations, such as the logging buffer, logging file, or Syslog server.
The existing syslog buffers will not be cleared and none of the configured options will
be changed, when the Syslog feature is disabled.
Related Command
CLI USER MANUAL

185
DATACOM SYSTEMS INC
VS-2024-F
8.3 mailserver
This command sets the mail server IP address to be used for sending email alert messages and the no
form of the command re-sets the mail server IP address used for sending email alert messages.
mailserver <ip-address>
no mailserver
Mode
Package
Example
iss(config)# mailserver 23.78.67.89
Initially, the mailserver has to be configured, for the show email alerts command.
Related Commands
logging - Enables Syslog Server and configures the Syslog Server IP address, the log-level and
other Syslog related parameter
show email alerts - Displays email alerts related configuration
186

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 8: SYSLOG
8.4 sender mail-id

This command sets the sender mail id and the no form of the command deletes the configured sender
mail id.
sender mail-id <mail-id (100)>
no sender mail-id
Mode
Package
Defaults
syslog@Datacom Systems.com
Example
iss(config)# sender mail-id plabinik@DatacomSystems.com
Primarily, the mailserver must have been configured for this command
The sender and receiver email-ids are mandatory for email alert messages to be
sent.
Related Commands
mailserver - Sets the mail server IP address to be used for sending email alert messages
receiver mail-id - Sets the receiver mail id
CLI USER MANUAL

187
DATACOM SYSTEMS INC
VS-2024-F
8.5 receiver mail-id

This command sets the receiver mail id and the no form of the command deletes the configured receiver
mail id.
receiver mail-id <mail-id (100)>

no receiver mail-id
Mode
Package
Defaults
admin@DatacomSystems.com
Example
iss(config)#receiver mail-id plabinik@IDatacom Systems.com
Primarily, the mailserver must have been configured for this command
The sender and receiver email-ids are mandatory for email alert messages to be
sent
Related Commands
sender mail-id - Sets the sender mail id
188

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 8: SYSLOG
8.6 cmdbuffs
This command configures the number of syslog buffers for a particular user.
cmdbuffs <user name> <no.of buffers (1-200)>
Syntax
Description
user name
User Name
no.of
buffers
Number of log buffers to be allocated in the system
Mode
Package
Defaults
50
Example
iss(config)#cmdbuffs Datacom Systems Inc. 50
CLI related events like commands given by the user, login/logout etc can be logged on
to the Syslog Server.
Related Commands
CLI USER MANUAL

189
DATACOM SYSTEMS INC
VS-2024-F
8.7 service timestamps

This command enables timestamp option for logged messages and the no form of the command disables
timestamp option for logged messages.
service timestamps
no service timestamps
Mode
Package
Defaults
Enabled
Example
iss(config)#service timestamps
When enabled, the messages (log and email alert messages) will hold the time
stamp information
When disabled, the time stamp information will not be carried with the messages
sent to the log and mail servers
Related Commands
190

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 8: SYSLOG
8.8 clear logs

This command clears the system syslog buffers.
clear logs
Mode
Package
Example
iss(config)# clear logs
Related Commands
cmdbuffs - Configures the number of Syslog buffers for a particular user
CLI USER MANUAL

191
DATACOM SYSTEMS INC
VS-2024-F
8.9 syslog mail

This command enables the mail option in syslog. The no form of command disables the mail option in
syslog.
syslog mail
no syslog mail
Mode
Package
Example
iss(config)# syslog mail
Related Commands
show syslog mail - Displays the mail option in syslog
mail server table - Adds an entry to mail-server table
192

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 8: SYSLOG
8.10 syslog local storage

This command enables the syslog local storage. The no form of command disables the syslog local
storage.
syslog localstorage
no syslog localstorage
Mode
Package
Example
iss (config)# syslog localstorage
Related Commands
show syslog local storage - Displays the syslog local storage.
syslog filename-one - Configures the file name to store the syslog messages.
syslog filename-two - Configures the file name to store the syslog messages.
syslog filename-three - Configures the file name to store the syslog messages
logging-file - Adds an entry in to file table
CLI USER MANUAL

193
DATACOM SYSTEMS INC
VS-2024-F
8.11 syslog filename-one

This command configures the file name to store the syslog messages. The maximum size of the file name
is 32.
syslog filename-one <string(32)>
Mode
Package
Example
iss (config)# syslog filename-one iss1
Syslog local storage must be enabled.
Related Commands
syslog local storage - Enables the syslog local storage
show syslog file-name - Displays the Syslog local storage file name
194

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 8: SYSLOG
8.12 syslog filename-two

is 32.
syslog filename-two <string(32)>
Mode
Package
Example
iss(config)# syslog filename-two iss2
Related Commands
CLI USER MANUAL

195
DATACOM SYSTEMS INC
VS-2024-F
8.13 syslog filename-three

is 32.
syslog filename-three <string(32)>
Mode
Package
Example
iss(config)# syslog filename-three iss3
Related Commands
196

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 8: SYSLOG
8.14 syslog relay - port

This command sets the syslog port through which it receives the syslog messages. The no form of
command sets the syslog port to default port 514.
syslog relay-port <integer(0-65535)>
no syslog relay-port
Mode
Package
Example
iss(config)# syslog relay-port 500
Syslog relay must be enabled
Related Commands
syslog relay - Changes the syslog role from device to relay
syslog relay transport type - Sets the Syslog relay transport type either as udp or tcp
show syslog relay - port - Displays the Syslog relay port
CLI USER MANUAL

197
DATACOM SYSTEMS INC
VS-2024-F
8.15 syslog profile

This command sets the profile for reliable syslog. The no form of command sets the profile to default (raw
) for Reliable Syslog.
syslog profile {raw | cooked4}
no syslog profile
Syntax
Description
raw
Profile with minimum parameters in the BEEP
Mode
Package
Example
iss(config)# syslog profile raw
Related Commands
show syslog profile - Displays the Syslog profile.
This feature is not supported. It may be implemented in the future.
198

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 8: SYSLOG
8.16 logging-file
This command adds an entry in to file table. The no form of command deletes an entry from the file table.
logging-file <short(0-191)> <string(32)>
no logging-file <short(0-191)> <string(32)>
Syntax
Description
short
string
Priority of syslog messages. 0-lowest priority, 191-highest

priority
File-name
Mode
Package
Example
iss (config)# logging-file 134 iss1
Syslog local storage must be enabled
Related Commands
CLI USER MANUAL

199
DATACOM SYSTEMS INC
VS-2024-F
show logging file - Displays the Syslog file table
8.17 logging server

This command adds an entry in to logging-server table. The no form of command deletes an entry from
forward table.
logging-server <short(0-191)> {ipv4 <ucast_addr> | ipv6 <ip6_addr>} [

port <integer(0-65535)>] [{udp | tcp | beep}]
no logging-server <short(0-191)> {ipv4 <ucast_addr> |ipv6 <ip6_addr>}
Syntax
Description
short
ipv4,ipv6
Priority of syslog messages. 0-lowest priority, 191highest priority

Version 4 and Version 6 IP address
port
Port number
udp,
tcp,beep
Sets the transport type as either udp, tcp, beep
Mode
Package
200

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 8: SYSLOG
Example
iss (config)# logging-server 134 ipv4 12.0.0.3
Related Commands
show logging server - Displays the Syslog logging server table
8.18 mail server table

This command adds an entry to mail-server table. The no form of command deletes an entry from mail
table.
mail-server
<string(50)>
<short(0-191)>
{ipv4
<ucast_addr>
|ipv6
<ip6_addr>}
no mail-server <short(0-191)> {ipv4 <ucast_addr> |ipv6 <ip6_addr>}
Syntax
Description
short
ipv4,
ipv6
Priority of syslog messages. 0-lowest priority, 191highest priority

Mode
Package
CLI USER MANUAL

201
DATACOM SYSTEMS INC
VS-2024-F
Example
iss (config)# mail-server 134 ipv4 12.0.0.100 root@localhost
Related Commands
show mail server - Displays the Syslog mail server table
syslog mail - Enables the mail option in syslog
8.19 syslog relay

This command changes the syslog role from device to relay. The no form of command changes the syslog
role from relay to device.
syslog relay
no syslog relay
Mode
Package
Example
iss(config)# syslog relay
202

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 8: SYSLOG
Related Commands
show syslog role - Displays the syslog role.
syslog relay - port - Sets the syslog port through which it receives the syslog messages
8.20 syslog relay transport type

This command sets the Syslog relay transport type either as udp or tcp.
syslog relay transport type {udp | tcp}
Syntax
Description
udp
Sets the relay transport type as udp
tcp
Sets the relay transport type as tcp
Mode
Package
Example
iss(config)# syslog relay transport type udp
CLI USER MANUAL

203
DATACOM SYSTEMS INC
VS-2024-F
Syslog relay must be enabled
Related Commands
show syslog role - Displays the syslog role.
show syslog relay transport type - Displays the Syslog relay transport type
show syslog relay - port - Displays the Syslog relay port.
8.21 show logging

This command displays logging status and configuration information.
show logging
Mode
Package
204

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 8: SYSLOG
Example
iss# show logging

System Log Information
---------------------Syslog logging
: enabled(Number of messages 0)
Console logging
: enabled(Number of messages 0)
TimeStamp option : enabled

Severity logging
: Debugging
Log server IP
: 10.0.0.1
Facility
: Default (local0)
Buffered size
: 100
LogBuffer(0 Entries, 0 bytes)
Related Commands
service timestamps - Enables timestamp option for logged messages
8.22 show email alerts

This command displays configurations related to email alerts.
CLI USER MANUAL

205
DATACOM SYSTEMS INC
VS-2024-F
show email alerts
Mode
Package
Example
iss# show email alerts

Sender email-id: syslog@DatacomSystems.com
Receiver email-id : admin@DatacomSystems.com
Mail server IP
: 12.0.0.3
Related Commands
receiver mail-id - Sets the receiver mail id
sender mail-id - Sets the sender mail id
8.23 show syslog role

206

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 8: SYSLOG
This command displays the syslog role.
show syslog role
Mode
Package
Example
iss# show syslog role

Syslog Role
: Relay
Related Commands
CLI USER MANUAL

207
DATACOM SYSTEMS INC
VS-2024-F
8.24 show syslog mail

This command displays the mail option in syslog.
show syslog mail
Mode
Package
Example
iss# show syslog mail

Syslog Mail Option
: Enabled
Related Commands
208
syslog mail Enables the mail option in syslog

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 8: SYSLOG
8.25 show syslog local storage

This command displays the syslog local storage.
show syslog localstorage
Mode
Package
Example
iss# show syslog localstorage

Syslog Localstorage
: Enabled
Related Commands
CLI USER MANUAL

209
DATACOM SYSTEMS INC
VS-2024-F
8.26 show logging file

This command displays the Syslog file table.
show logging-file
Mode
Package
Example
iss# show logging-file

Syslog File Table Information
---------------------------Priority
File-Name
--------
----------
134
iss1
134
iss2
134
iss3
Related Commands
syslog filename-one/syslog filename-two/syslog filename-three - Gets the users

desired file name to store syslog message
210

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 8: SYSLOG
8.27 show logging server

This command displays the Syslog logging server table.
show logging-server
Mode
Package
Example
iss# show logging-server

Syslog Forward Table Information
-------------------------------Priority
Address-Type
IpAddress
Port
Trans-Type
--------
------------
---------
----
----------
129
ipv4
12.0.0.2
514
udp
134
ipv4
12.0.0.1
514
udp
Related Commands
logging server - Adds an entry in to logging-server table
CLI USER MANUAL

211
DATACOM SYSTEMS INC
VS-2024-F
8.28 show mail server

This command displays the Syslog mail server table.
show mail-server
Mode
Package
Example
iss# show mail-server

Syslog Mail Table Information
----------------------------
Priority
Address-Type
IpAddress
Receiver Mail-Id
--------
------------
---------
----------------
134
ipv4
12.0.0.100
root@localhost
Related Commands
212
mail server - Adds an entry to mail-server table

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 8: SYSLOG
8.29 show syslog relay - port

This command displays the Syslog relay port.
show syslog relay-port
Mode
Package
Example
iss# show syslog relay-port

Syslog Port
: 251
Related Commands
CLI USER MANUAL

213
DATACOM SYSTEMS INC
VS-2024-F
8.30 show syslog profile

This command displays the Syslog profile.
show syslog profile
Mode
Package
Example
iss# show syslog profile

Syslog Profile
: raw
Related Commands
214
syslog profile - Sets the profile for reliable syslog

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 8: SYSLOG
8.31 show syslog relay transport type

This command displays the Syslog relay transport type.
show syslog relay transport type
Mode
Package
Example
iss# show syslog relay transport type

Syslog Relay Transport type udp
Related Commands
CLI USER MANUAL

215
DATACOM SYSTEMS INC
VS-2024-F
8.32 show syslog file-name

This command displays the Syslog local storage file name.
show syslog file-name
Mode
Package
216

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 8: SYSLOG
Example
iss# show syslog file-name

Syslog File Name
---------------------Syslog File-One :iss1
Syslog File-Two :iss2
Syslog File-Three :iss3
Related Commands
syslog filename-one - Configures the file name to store the syslog messages.
syslog filename-two - Configures the file name to store the syslog messages.
syslog filename-three - Configures the file name to store the syslog messages
8.33 show syslog information

This command displays the Syslog information.
show syslog information
CLI USER MANUAL

217
DATACOM SYSTEMS INC
VS-2024-F
Mode
Package
Example
iss# show syslog information

System Log Information
---------------------Syslog Localstorage
Syslog Mail Option
: Enabled
: Enabled
Syslog Port
: 251
Syslog Role
: Relay
Related Commands
syslog mail Enables the mail option in syslog
218

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
Chapter
9
9.VLAN
VLANs (Virtual LANs) can be viewed as a group of devices on different physical LAN segments which can
communicate with each other as if they were all on the same physical LAN segment, that is, a network of
computers that behave as if they are connected to the same wire even though they may actually be
physically located on different segments of a LAN. VLANs are configured through software rather than
hardware, which makes them extremely flexible.
VLAN provides the following benefits for switched LANs:
Improved administration efficiency
Optimized Broadcast/Multicast Activity
Enhanced network security
The list of CLI commands for the configuration of VLAN are common to both Single Instance and
Multiple Instance except for a difference in the prompt that appears for the Switch with Multiple
Instance support.
The prompt for the Global Configuration Mode is,

iss(config)# set vlan enable
The prompt for the VLAN Configuration Mode is,
iss(config-vlan)# ports gigabitethernet 0/1 untagged gigabitethernet 0/1
forbidden gigabitethernet 0/2 name vl1
The parameters specific to Multiple Instance are stated so, against the respective parameter
descriptions in this document.
The output of the Show commands differ for Single Instance and Multiple Instance. Hence
both the output are documented while depicting the show command examples.
CLI USER MANUAL

219
DATACOM SYSTEMS INC
VS-2024-F
The list of commands for the configuration of VLAN is as follows::
set vlan
vlan
interface range
base bridge-mode
mac-vlan
subnet-vlan
protocol-vlan
map protocol
set gvrp
set port gvrp/set port gvrp - enable | disable
set gmrp
set port gmrp
vlan learning mode
fid - vlan range
set vlan traffic-classes
mac-map
map subnet
switchport filtering-utility-criteria
mac-address-table static unicast
mac-address-table static unicast Transparent Bridging Mode
mac-address-table static multicast/mac address-table static mcast
mac-address-table static multicast Transparent Bridging mode
mac-address-table aging-time
bridge-mode- Metro
l2protocol-tunnel cos
clear l2protocol-tunnel counters
clear vlan statistics
vlan default hybrid type
wildcard
set unicast-mac learning
vlan unicast-mac learning limit
unicast-mac learning limit
ports
vlan active
220

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
forward-all
forward-unregistered
switchport pvid/switchport access vlan
switchport acceptable-frame-type
switchport ingress-filter
port mac-vlan
port subnet vlan
port protocol-vlan
switchport map protocols-group
switchport priority default
switchport mode
switchport mode dot1q-tunnel
set garp timer
vlan restricted
group restricted
vlan max-traffic-class
vlan map-priority
shutdown garp
shutdown vlan
debug vlan
show vlan
show vlan device info
show vlan device capabilities
show fid - detail
show forward-all
show forward-unregistered
show vlan traffic-classes
show garp timer
show vlan port config
show vlan protocols-group
show protocol-vlan
show mac-vlan
show subnet vlan mapping
show vlan statistics
show mac-address-table
show dot1d mac-address-table
CLI USER MANUAL

221
DATACOM SYSTEMS INC
VS-2024-F
show dot1d mac-address-table static unicast
show dot1d mac-address-table static multicast
show mac-address-table count
show mac-address-table static unicast
show mac-address-table static multicast
show mac-address-table dynamic unicast
show mac-address-table dynamic multicast
show mac-address-table aging-time
show wildcard
The following commands can be executed only in a Linux environment and cannot be executed on the
target.
shutdown vlan
set vlan
show vlan counters
222

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
9.1 set vlan

This command enables/disables VLAN in the switch. The value enable indicates that VLAN will be
enabled in the device on all ports. The value disable indicates that VLAN will be disabled in the device on
all ports.
set vlan { enable | disable }
Syntax
Description
enable
Enables VLAN in the switch
disable
Disables VLAN in the switch
Mode
Package
Defaults
enable
Example
iss(config)# set vlan enable
The configuration can be set to disabled if and only if, GVRP and GMRP are
disabled.
Related Commands
show vlan - Displays VLAN information in the database
show vlan device info - Displays the VLAN global status variables
CLI USER MANUAL

223
DATACOM SYSTEMS INC
VS-2024-F
9.2 vlan
This command configures a VLAN in the switch and is also used to enter into the config-VLAN mode. The
no form of the command deletes a VLAN from the switch.
vlan <vlan-id(1-4094)>
no vlan <vlan-id(1-4094)>
Mode

In Metro package, this command will be executed only in Switch
configuration mode.
Package
Defaults
vlan-id
Example
iss(config)# vlan 4
Leading zeros must not be entered for VLAN ID.
The VLAN 1 interface cannot be deleted.
This command is used in PBB bridge mode to create customer, service and
backbone VLANs.
Related Command
224

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
9.3 set mac-learning

This command configures the global mac learning status.
set mac-learning { enable | disable }
Syntax
Description
enable
Enables the global mac learning status
disable
Disables the global mac learning status
Mode
Package
Defaults
enable
Example
iss(config)# set mac-learning enable
CLI USER MANUAL

225
DATACOM SYSTEMS INC
VS-2024-F
9.4 set unicast-mac-learning

This command configures unicast-mac learning for the vlan
set unicast-mac learning { enable | disable | default}
Syntax
Description
enable
Enables the unicast-mac learning for the vlan
disable
Disables the unicast-mac learning for the vlan
default
Sets the unicast-mac learning for the vlan as default
Mode
Package
Default
Enable
Example
iss(config)# set unicast mac-learning enable
226

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
9.5 interface range

This command selects the range of physical interfaces and VLAN interfaces to be configured and the no
form of the command selects the range of VLAN interfaces to be removed.
interface range ( { <interface-type>

id(1-4094)> - <vlan-id(2-4094)>})
<slot/port-port>}
{vlan <vlan-
no interface range vlan <vlan-id(1-4094)> - <vlan-id(2-4094)>
Syntax
Description
interfacetype
Interface type.
slot/portport
Member Ports ID.
vlan
VLAN identifier.
Mode
Package
Example
iss(config)# interface range gigabitethernet 0/1-23 vlan 1 - 2

iss(config-if-range)#
iss(config)# interface range vlan 1 gigabitethernet 0/1

iss(config)# interface range vlan 1 - 4 gigabitethernet 0/1-3

iss(config)# interface range vlan 1 - 4 gigabitethernet 0/1

iss(config)# interface range gigabitethernet 0/1-23 vlan 1 128

For specifying the interface VLAN range, space should be provided before and
after the dash. That is, the command interface range vlan 1 4 is valid,
whereas the command interface range vlan 1 4 is not valid.
For port channel range, the specified range must be configured using the
interface command.
Related Commands
Error! Reference source not found. Enters into the interface mode
CLI USER MANUAL

227
DATACOM SYSTEMS INC
VS-2024-F
Error! Reference source not found. description - Displays the interface status and
configuration
9.6 base bridge-mode

This command specifies whether the bridge mode is Transparent or VLAN aware bridge.
base bridge-mode { dot1d-bridge | dot1q-vlan }
Syntax
Description
dot1dbridge
Specifies that the bridge mode is transparent
dot1q-vlan
Specifies that the bridge mode is VLAN aware bridge
Mode
Package
Defaults
dot1q-vlan
Example
iss(config)# base bridge-mode dot1d-bridge
To configure as dot1d-bridge:
PNAC/ LA/ GARP/Snooping/LLDP needs to be shutdown.
Spanning Tree mode should be RSTP
All non-physical interfaces (ivr, loopback and so on) should be deleted
Related Commands
228
show vlan device info: Displays the VLAN related global status variables.

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
9.7 mac-vlan
This command enables MAC-based VLAN for all the available interfaces of the VLAN. The no form of the
command disables MAC-based VLAN on the device.
mac-vlan
no mac-vlan
Mode
Package
Defaults
Disabled
Example
iss(config)# mac-vlan
Related Commands
show mac-vlan - Displays the entries in the MAC-VLAN database
CLI USER MANUAL

229
DATACOM SYSTEMS INC
VS-2024-F
9.8 subnet-vlan
This command enables the Subnet-VLAN based classification on all ports. The no form of the command
disables Subnet-VLAN based classification on all the ports.
subnet-vlan
no subnet-vlan
Mode
Package
Defaults
disabled
Example
iss(config)# subnet-vlan
Related Commands
230
show vlan device info - Displays the VLAN related global status variables

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
9.9 protocol-vlan
This command enables Protocol-VLAN based classification on all the ports. The no form of the command
disables Protocol-VLAN based classification on all ports.
protocol-vlan
no protocol-vlan
Mode
Package
Defaults
Enabled
Example
iss(config)# protocol-vlan
Related Commands
show protocol-vlan - Displays the entries in the protocol-VLAN database
CLI USER MANUAL

231
DATACOM SYSTEMS INC
VS-2024-F
9.10 map protocol

This command configures the group ID for a specific encapsulation and protocol value combination. This
command adds a protocol to a protocol group for protocol based VLAN learning. The no form of the
command removes the protocol from the entire group.
map protocol {ip | novell | netbios | appletalk | other <aa:aa or

aa:aa:aa:aa:aa>} {enet-v2 | snap | llcOther | snap8021H | snapOther}
protocols-group <Group id integer(0-2147483647)>
no map protocol {ip | novell | netbios | appletalk | other <aa:aa or
aa:aa:aa:aa:aa>} {enet-v2 | snap | llcOther | snap8021H | snapOther}
Syntax
Description
ip | novell
| netbios |
appletalk |
Protocol types
other
MAC address of any other protocol type not included in

the list
Encapsulation Frame Types
Group ID.
enet-v2
snap
llcOther
snap8021H
snapOther
protocolsgroup
|
|
|
|
Mode
Package
Example
iss(config)# map protocol ip enet-v2 protocols-group 1
232

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
Related Command
show vlan protocols-group - Displays the protocol group database
9.11 set gvrp

This command enables or disables GVRP on a global basis.
set gvrp { enable | disable }
Syntax
Description
enable
Enables GVRP in the switch
disable
Disables GVRP in the switch
Mode
Package
Defaults
enable
Example
iss(config)# set gvrp disable
GVRP needs to be explicitly enabled even after GARP is enabled.
Related Commands
CLI USER MANUAL

233
DATACOM SYSTEMS INC
VS-2024-F
9.12 set port gvrp

This command enables or disables GVRP on the interface.
set port gvrp <interface-type> <interface-id> { enable | disable }
Syntax
Description
interfacetype
Interface type
interfaceid
Interface Id
enable
Enables GVRP on the interface
disable
Disables GVRP on the interface
Mode
Package
Defaults
enable
Example
iss(config)# set port gvrp gigabitethernet 0/1
234
disable

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
The value enable indicates that GVRP is enabled on the current port, as long as
global GVRP status is also enabled for the device
If port GVRP state is disabled, but global GVRP status is still enabled, then
GVRP is disabled on current port. Any GVRP packet received will be discarded
and no GVRP registrations will be propagated from other ports
Related Command
show vlan port config - Displays the vlan related parameters specific for ports
9.13 set port gvrp - enable | disable

This command enables or disables GVRP (GARP VLAN Registration Protocol) on the interface.
This command operates similar to that of the command set port gvrp.
set port gvrp { enable | disable } <interface-id>
Syntax
Description
enable
Enables GVRP on the interface
disable
Disables GVRP on the interface
interfaceid
Interface identifier
Mode
Package
Defaults
enable
Example
iss(config)# set port gvrp disable 0/1
CLI USER MANUAL

235
DATACOM SYSTEMS INC
VS-2024-F
The value enable indicates that GVRP is enabled on the current port, as long as
global GVRP status is also enabled for the device
If port GVRP state is disabled, but global GVRP status is still enabled, then
GVRP is disabled on current port. Any received GVRP packets will be discarded
and no GVRP registrations will be propagated from other ports
Related Command
9.14 set gmrp

This command enables or disables GMRP globally on the device.
set gmrp { enable | disable }
Syntax
Description
enable
Enables GMRP on the device
disable
Disables GMRP on the device
Mode
Package
Defaults
enable
Example
iss(config)# set gmrp disable
236
GMRP needs to be explicitly enabled even after GARP is enabled.

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
Related Commands
9.15 set port gmrp

This command enables or disables GMRP on the port.
set port gmrp <interface-type> <interface-id> { enable | disable }
Syntax
Description
interfacetype
Interface type
interfaceid
Interface ID
enable
Enables GMRP on the interface
disable
Disables GMRP on the interface
Mode
Package
CLI USER MANUAL

237
DATACOM SYSTEMS INC
VS-2024-F
Defaults
enable
Example
iss(config)# set port gmrp gigabitethernet 0/1
disable
The value enable indicates that GMRP is enabled on this port in all VLANs as
long as GMRP Status is also enabled globally
The value disable indicates that GMRP is disabled on this port in all VLANs; any
GMRP packet received will be silently discarded and no GMRP registrations will
be propagated from other ports
Related Command
9.16 vlan learning mode

This command configures the VLAN learning mode for the switch.
vlan learning mode {ivl | svl | hybrid}
Syntax
Description
ivl
Independent VLAN learning
svl
Shared VLAN learning
hybrid
Hybrid VLAN learning
Mode
Package
238

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
Defaults
ivl
Example
iss(config)# vlan learning mode ivl
A change in the configuration of the VLAN learning mode will be effective only after
the next reboot of the system.
Related Commands
Error! Reference source not found. - Displays the current information stored in the NVRAM
9.17 fid - vlan range

This command configures a VLAN or a list of VLANs to use a Filtering database identified by a filtering
database identifier and the no form of the command configures the FIDs of all VLANs in the list to their
default value.
fid <integer(1-4094)> vlan <vlan-range>
no fid vlan <vlan-range>
Syntax
Description
Mode
vlan
List of VLANs. The vlan-range can have any valid

range between 1 and 4094.
CLI USER MANUAL

239
DATACOM SYSTEMS INC
VS-2024-F
Package
Defaults
By default, the FID of all VLANs is their VLAN ID.
Example
iss(config)# fid 2 vlan 2-20
The MST instance of all VLANs in the list must be the same.
Any other VLAN with the same FID must have MST instance same as that of the
VLANs in the list for this command to succeed.
This command is successful when the VLAN learning mode is hybrid.
Related Commands
vlan learning mode - Configures the VLAN learning mode for the switch
vlan default hybrid type - Configures the default learning type for VLANs when the
operational learning mode of the switch is hybrid
show fid - detail - Displays forwarding database identifier used by VLANs in the switch
9.18 set vlan traffic-classes

This command enables / disables traffic classes.
set vlan traffic-classes {enable | disable}
Syntax
Description
Mode
240
enable
Enables traffic classes
disable
Disables traffic classes

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
Package
Defaults
enable
Example
iss(config)# set vlan traffic-classes enable
This command has to be executed prior to executing the vlan max traffic
class command.
Related Commands
vlan max-traffic-class - Assigns traffic class value to a port
show vlan traffic-classes - Displays the traffic class information of all the available interfaces
9.19 mac-map
This command configures the VLAN-MAC address mapping. The no form of this command is used to
delete the specific mac map entry.
mac-map <aa:aa:aa:aa:aa:aa> vlan <vlan-id(1-4094)> [mcast-bcast {discard

| allow}]
no mac-map <aa:aa:aa:aa:aa:aa>
Syntax
Description
aa:aa:aa:aa:aa:aa
CLI USER MANUAL

MAC address
241
DATACOM SYSTEMS INC
VS-2024-F
vlan
VLAN Identifier
mcast-bcast
Specifies the way broadcast and multicast traffic will

be handled for the packets received from the source
address of this MAC classification entry
Mode
Package
Example
iss(config-if)# mac-map 00:11:22:33:44:55 vlan 2 mcast-bcast

discard
This command is valid only if VLAN is configured as 'Mac-based'.
Related Commands
mac-vlan - Enables MAC-based VLAN for all the available interfaces of the VLAN
show mac-vlan - Displays the entries in the MAC-VLAN database
9.20 map subnet

This command configures a VLAN subnet mapping entry. The no form of command deletes the vlan
subnet mapping entry.
map subnet <ip-subnet-address> vlan <vlan-id(1-4094)> [arp {suppress |
allow}]
no map subnet <ip-subnet-address>
Syntax
Description
242
ip-subnetaddress
Subnet address

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
vlan-id
arp
VLAN identifier
-
Configurable option for discarding/allowing ARP Untagged

frames on the vlan.
Mode
Interface Mode
Package
This command can be executed in the Global configuration mode, in BCMX

switches
Default
allow
Example
iss(config-if)# map subnet 14.0.0.0 vlan 1 arp allow
VLAN should be present.
Related Commands :
show subnet vlan mapping - Displays the entries in Subnet-VLAN database
9.21 switchport filtering-utility-criteria

This command changes filtering utility criteria to default or enhanced filtering criteria.
switchport filtering-utility-criteria {default | enhanced}
Mode
CLI USER MANUAL

243
DATACOM SYSTEMS INC
VS-2024-F
Package
Default
default
Example
iss(config-if)# switchport filtering-utility-criteria

enhanced
9.22 mac-address-table static unicast

This command configures a static unicast MAC address in the forwarding database. The no form of the
command deletes a configured static Unicast MAC address from the forwarding database.
mac-address-table static unicast <aa:aa:aa:aa:aa:aa> vlan <vlan-id(14094)> [{recv-port <ifXtype> <ifnum> }] interface ([<interface-type>
<0/a-b, 0/c, ...>] [<interface-type> <0/a-b, 0/c, ...>] [port-channel
244

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
<a,b,c-d>]) [connection-identifier <ucast_mac>] [status { permanent |

deleteOnReset | deleteOnTimeout }]
no mac-address-table static unicast <aa:aa:aa:aa:aa:aa> vlan <vlan-id(14094)> [{recv-port <ifXtype> <ifnum>}]
PBB feature enabled in the switch
mac-address-table static unicast <aa:aa:aa:aa:aa:aa> vlan <vlan-id(14094)> [{recv-port <ifXtype> <ifnum> | service-instance <integer(25616777214)>}] interface ([<interface-type> <0/a-b,0/c,...>] [<interfacetype> <0/a-b,0/c,...>] [port-channel <a,b,c-d>]) [connection-identifier
<ucast_mac>][status { permanent | deleteOnReset | deleteOnTimeout }]
no mac-address-table static unicast <aa:aa:aa:aa:aa:aa> vlan <vlan-id(14094)> [{recv-port <ifXtype> <ifnum> | service-instance <integer(25616777214)>}]
Syntax
Description
aa:aa:aa:aa:aa:aa
Destination MAC address
vlan
VLAN Identifier
recv-port
Received port's Interface type and ID
service-instance
Service instance identifier.

interface
Member Ports Interface type and ID.
<interface-type>
<0/a-b, 0/c, ...>
port-channel
Port-channel ID
connectionidentifier
Associates backbone MAC address of peer

backbone edge bridge with customer MAC address
that can be reached through the bridge.
CLI USER MANUAL

This
value
ranges
245
DATACOM SYSTEMS INC
VS-2024-F
status
Status of the Static unicast entry. The options are:

permanent - Entry remains even after the next reset
of the bridge
deleteOnReset - Entry remains until the next reset of
the bridge
deleteOnTimeout - Entry remains until it is aged out
Mode
Package
Defaults
status
Example
iss(config)# mac-address-table static unicast 00:11:22:33:44:55

vlan 3 recv-port gigabitethernet 0/2 interface gigabitethernet 0/1
status deleteOnTimeout
permanent

vlan 3 service-instance 1005 interface gigabitethernet 0/1 status
deleteOnTimeout
VLAN/Service-instance must have been configured and member ports must have been
configured for the specified VLAN/Service-instance.
Related Commands
show mac-address-table static unicast - Displays the statically configured unicast address
from the MAC address table.
mac-address-table static multicast - Configures a static multicast MAC address in the

forwarding database.
vlan - Configures a VLAN in the switch and is also used to enter in to the config-VLAN mode.
service instance - Used to enter the service instance mode for performing ISID specific
operations.
246

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
9.23 mac-address-table static unicast Transparent Bridging

Mode
This command configures a static unicast MAC Address in the forwarding database in transparent
bridging mode. The no form of the command deletes the configured Static Unicast address from the
mac-address-table
static
unicast
<aa:aa:aa:aa:aa:aa>
[recv-port
<interface-type> <interface-id>] interface ([<interface-type> <0/ab,0/c,...>] [<interface-type> <0/a-b,0/c,...>] [port-channel <a,b,c-d>])
[status { permanent | deleteOnReset | deleteOnTimeout }]
no mac-address-table static unicast

<interface-type> <interface-id>]
Syntax
Description
<aa:aa:aa:aa:aa:aa>
[recv-port
aa:aa:aa:aa:aa:aa
Destination MAC address
recv-port
interface
<interface-type>
<0/a-b, 0/c, ...>
port-channel
Port-channel ID
status
Status of the Static unicast entry. The options are:

of the bridge
the bridge
Mode
Package
Defaults
status
Example

recv-port gigabitethernet 0/2 interface gigabitethernet 0/2 status
deleteOnTimeout
permanent
Base bridge mode should be transparent bridging.
CLI USER MANUAL

247
VS-2024-F
DATACOM SYSTEMS INC
Related Commands
show dot1d mac-address-table static unicast - Displays Static Unicast MAC Address
table

248

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
9.24 mac-address-table static multicast

This command configures a static multicast MAC address in the forwarding database.
mac-address-table static multicast <aa:aa:aa:aa:aa:aa> vlan <vlan-id(14094)> [{recv-port <ifXtype> <ifnum>>}] interface ([<interface-type>
<0/a-b, 0/c, ...>] [<interface-type> <0/a-b, 0/c, ...>] [port-channel
<a,b,c-d>]]) [forbidden-ports ([<interface-type> <0/a-b, 0/c, ...>]
[<interface-type> <0/a-b, 0/c, ...>] [port-channel <a,b,c-d>]]) [status
{ permanent | deleteOnReset | deleteOnTimeout }]
no mac-address-table static multicast <aa:aa:aa:aa:aa:aa> vlan <vlanid(1-4094)> [recv-port <ifXtype> <ifnum>}]
PBB feature enabled in the switch
mac-address-table static multicast <aa:aa:aa:aa:aa:aa> vlan <vlan-id(14094)> [{recv-port <ifXtype> <ifnum> | service-instance <integer(25616777214)>}] interface ([<interface-type> <0/a-b,0/c,...>] [<interfacetype> <0/a-b,0/c,...>] [port-channel <a,b,c-d>]])
[forbidden-ports
([<interface-type> <0/a-b,0/c,...>] [<interface-type> <0/a-b,0/c,...>]
[port-channel <a,b,c-d>]]) [status { permanent | deleteOnReset |
deleteOnTimeout }]
no mac-address-table static multicast <aa:aa:aa:aa:aa:aa> vlan <vlanid(1-4094)>

[{recv-port
<ifXtype>
<ifnum>
|
service-instance
<integer(256-16777214)>}]
Syntax
Description
aa:aa:aa:aa:aa:aa
Multicast MAC address
vlan
VLAN Identifier
recv-port
service-instance
Service instance identifier.

interface
<interface-type>
<0/a-b, 0/c, ...>
CLI USER MANUAL

This
value
ranges
249
DATACOM SYSTEMS INC
VS-2024-F
port-channel
Port channel ID
forbidden-ports
Forbidden ports interface type and ID.
<interface-type>
<0/a-b, 0/c, ...>
Forbidden ports interface type and ID.
port-channel
Port-channel ID
status
Status of the static multicast entry. The options are:

of the bridge
the bridge
Mode
Package
Defaults
status
Example
iss(config)# mac-address-table static multicast 01:02:03:04:05:06

vlan 2 interface gigabitethernet 0/1
permanent
Related Command
show mac-address-table static multicast - Displays the statically configured multicast

entries.
service instance Used to enter the service instance mode for performing ISID specific
operations.
250

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
9.25 mac address-table static mcast

This command configures a static multicast MAC (Media Access Control) address in the forwarding
database and the no form of the command deletes a configured static multicast MAC address from the
This command operates similar to that of the command mac-address-table static multicast.
mac address-table static <mcast_mac> vlan <integer(1-4094)> ([interface

<interface-type>
<0/a-b,0/c,...>]
[<interface-type>
<0/ab,0/c,...>][port-channel <a,b,c-d>])
no
mac
address-table
static
[interface <ifXtype> <ifnum>]
Syntax
Description
<mcast_mac>
vlan
<vlan-id(1-4094)>
mcast_mac
Multicast MAC address.
vlan
VLAN identifier. This value ranges between 1 and 4094.
interface
<interfacetype> <0/ab,
0/c,
...>
Specifies interface type and ID of the member and

forbidden ports.
portchannel
Port-channel ID
Mode
Package
Example
iss(config)# mac address-table static 01:02:03:04:05:06 vlan 2

interface gigabitethernet 0/1
Related Command
CLI USER MANUAL

251
DATACOM SYSTEMS INC
VS-2024-F

entries.
service instance Used to enter the service instance mode for performing ISID specific
operations.
9.26 mac-address-table static multicast Transparent

Bridging mode
This command configures a static multicast MAC address in the forwarding database in transparent
bridging. The no form of command deletes the configured Static Multicast address from the forwarding
database.
mac-address-table
static
multicast
<aa:aa:aa:aa:aa:aa>
[recv-port
<interface-type> <interface-id>] interface ([<interface-type> <0/ab,0/c,...>] [<interface-type> <0/a-b,0/c,...>] [port-channel <a,b,cd>]]) [status { permanent | deleteOnReset | deleteOnTimeout }]
no mac-address-table static multicast

<interface-type> <interface-id>]
Syntax
Description
<aa:aa:aa:aa:aa:aa>
[recv-port
aa:aa:aa:aa:aa:aa
Multicast MAC address
recv-port
interface
<interface-type>
<0/a-b, 0/c, ...>
port-channel
Port channel ID
port-channel
Port-channel ID
status
Status of the static multicast entry. The options are:

of the bridge
the bridge
252

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
Mode
Package
Defaults
status
Example
iss(config)# mac-address-table static multicast

01:00:5E:01:02:03interface gigabitethernet 0/2
permanent
Base bridge mode should be transparent bridging
Related Command
show dot1d mac-address-table static multicast - Displays Static Multicast MAC Address
table.
mac-address-table static unicast - Configures a static unicast MAC address in the

CLI USER MANUAL

253
DATACOM SYSTEMS INC
VS-2024-F
9.27 mac-address-table aging-time

This command sets the maximum age of a dynamically learnt entry in the MAC address table. The no
form of the command sets the maximum age of an entry in the MAC address table to its default value.
mac-address-table aging-time <10-1000000 seconds>
no mac-address-table aging-time
For DX260 target
mac-address-table aging-time <10-630 seconds>
Mode
Package
Defaults
300
Example
iss(config)# mac-address-table aging-time 200
If traffic on an interface is not very frequent, then the aging time must be
increased to record the dynamic entries for a longer time. Increasing the time
can reduce the possibility of flooding.
Related Command
show mac-address-table aging-time - Displays the MAC address-table with ageing time
254

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
9.28 bridge-mode- Metro

This command configures the bridge mode of the Switch.
bridge-mode {customer | provider | provider-core

provider-backbone-icomp |provider-backbone-bcomp}
Syntax
Description
Mode
Package
provider-edge
customer
Customer Bridge Mode
provider
Provider Bridge Mode
providercore
Provider core Bridge Mode
provideredge
Provider edge Bridge Mode
providerbackboneicomp
Provider Backbone Bridge I component Mode
providerbackbonebcomp
Provider Backbone Bridge B component Mode
Global Configuration Mode in SI mode/Switch Configuration Mode in MI mode

In the Workgroup and the Enterprise package, only the customer and
provider are the valid parameters.
Defaults
Based on the bridge mode value in issnvram.txt
Example
iss(config)#
CLI USER MANUAL

bridge-mode provider-backbone-icomp
255
DATACOM SYSTEMS INC
VS-2024-F
Only one bridge mode can be set at a time. If multiple bridge modes are required,
multiple instances of the bridge should be run.
To configure the bridge mode of the switch.

-
Spanning tree must be shut down.
GARP must be shut down.
ECFM must be shutdown
Related Command
no Error! Reference source not found. - Starts MRP module in the switch
256

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
9.29 l2protocol-tunnel cos

This command configures the priority for the tunneled STP BPDUs. The no form of the command
configures the default priority for the tunneled STP BPDUs.
l2protocol-tunnel cos <cos-value(0-7)>
no l2protocol-tunnel cos
Mode
Package
Defaults
cos - value
Example
iss(config)# l2protocol-tunnel cos 5
The configured priority value will be effective only when the L2 Protocol tunnel STP is
enabled on an interface
Related Command
show l2protocol-tunnel - Displays the entries in VLAN tunnel protocol table containing the number
of ingress or egress STP BPDUs tunneled
CLI USER MANUAL

257
DATACOM SYSTEMS INC
VS-2024-F
9.30 clear l2protocol-tunnel counters

This command clears the L2 protocol tunnel counters.
clear l2protocol-tunnel counters [<interface-type> <interface-id>]
Syntax
Description
interfacetype
Type of interface
interfaceid
Interface ID
Mode
Package
Example
iss(config)# clear l2protocol-tunnel counters
If executed without the optional parameters this command clears the STP tunnel
counters of all the available interfaces.
Related Command
show l2protocol-tunnel - Displays the entries in VLAN tunnel protocol table containing the number
of ingress or egress STP BPDUs tunneled
258

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
9.31 clear vlan statistics

This command clears the VLAN counters.
clear vlan statistics [vlan < vlan-id (1-4094)>]
Syntax
Description
vlan
VLAN Identifier
Mode
Package
Example
iss(config)# clear vlan statistics vlan 1
If executed without the optional parameters this command clears all the VLAN counters.
Related Command
show vlan statistics - Displays the VLAN statistics
CLI USER MANUAL

259
DATACOM SYSTEMS INC
VS-2024-F
9.32 vlan default hybrid type

This command configures the default learning type for VLANs when the operational learning mode of the
switch is hybrid.
vlan default hybrid type {ivl | svl}
Syntax
Description
ivl
Independent VLAN learning
svl
Shared VLAN learning
Mode
Package
Example
iss(config)# vlan default hybrid type ivl
This command is successful when the VLAN learning mode is not hybrid.
This configuration is useful when the switch is restarted with VLAN learning
mode changed to Hybrid.
A config save restore must be done for this configuration
Related Commands
260

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
vlan learning mode - Configures the VLAN learning mode for the switch
show fid - detail - Displays forwarding database identifier used by VLANs in the switch
9.33 wildcard
This command configures the wildcard vlan entry for a given mac address and the no form of the
command deletes the wildcard entry for the same.
wildcard {mac-adddress <mac_addr> | broadcast} interface ([<interfacetype> <0/a-b, 0/c, ...>] [<interface-type> <0/a-b, 0/c, ...>] [portchannel <a,b,c-d>])
no wildcard {mac-adddress <mac_addr> | broadcast}
Syntax
Description
macadddress /
broadcast
Unicast/Multicast/BroadCast Mac Address of Wildcard

entry
Interface
Interface type and ID
portchannel
Port-channel ID
Mode
Package
CLI USER MANUAL

261
DATACOM SYSTEMS INC
VS-2024-F
Example
iss(config)# wildcard mac-address 01:02:03:04:05:06 interface

gigabitethernet 0/1
9.34 set unicast-mac learning

This command enables / disables unicast-mac learning for the VLAN.
set unicast-mac learning { enable | disable }
Syntax
Description
enable
Enables unicast-mac learning for the VLAN
disable
Disables unicast-mac learning for the VLAN
Mode
Config-VLAN Mode
Package
Defaults
enable
262

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
Example
iss(config-vlan)# set unicast-mac learning enable
This configuration will not take effect on VLANs with the number of member ports greater
than or equal to 3.
Related Command
show vlan learning params - Displays unicast-MAC learning status and learning limit configured for
the specified VLAN
9.35 vlan unicast-mac learning limit

This command sets the unicast-mac learning limit for the VLAN. The no form of the command resets the
unicast-mac learning limit for the vlan to the default value.
vlan unicast-mac learning limit <size(0-4294967295)>
no vlan unicast-mac learning limit
Syntax
Description
learning
limit
Mode
Config-VLAN Mode
Package
CLI USER MANUAL

Specifies the MAC learning limit configured for the

VLAN
263
VS-2024-F
DATACOM SYSTEMS INC
Defaults
A value calculated depending on the dynamic unicast size and the maximum number of
VLANs supported in the system.
Example
iss(config-vlan)# vlan unicast-mac learning limit 100
The maximum limit that can be configured for a VLAN is dependent on the total size
available for dynamic unicast entries in the forwarding table and on the maximum number
of VLANs that can be supported.
This configuration is allowed only in case of independent VLAN learning mode.
Related Command
show vlan learning params - Displays unicast-MAC learning status and learning limit configured for
the specified VLAN
9.36 unicast-mac learning limit

This command sets unicast MAC learning limit for the switch. The no form of the command resets unicast
MAC learning limit for the switch to the default value.
unicast-mac learning limit <limit value(0-4294967295)>
no unicast-mac learning limit
Syntax
Description
264
limit value
Limiting value on the number of distinct unicast MAC

addresses that can be learnt in the device. This value
ranges between 0 and 4294967295

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
Mode
Global Configuration mode.
Package
Example
iss(config)# unicast-mac learning limit 5
The limiting value must not be less than any of the unicast MAC learning limits set
for the VLANs.
The upper limiting value that can be set is determined by the underlying hardware.
Related Command
show vlan device info - Displays the VLAN related global status variables.
9.37 ports
This command configures a static VLAN entry with the required member ports, untagged ports and
forbidden ports. The tagged and untagged member ports defined by this command are used for egress
tagging for a VLAN at a port.
For ports in PBB bridge mode, this command is used to define member ports for a
VLAN in a component.
For BVLAN in a B component, these member ports can be only PNP.
For SVLAN in an I component, these member ports can be only CNP-Stagged.
For CVLAN in an I component, these member ports can be only CNP-Ctagged.

The no form of the command resets port list for the VLAN.
CLI USER MANUAL

265
DATACOM SYSTEMS INC
VS-2024-F
ports
([<interface-type>
<0/a-b,0/c,...>]
[<interface-type>
<0/ab,0/c,...>] [port-channel <a,b,c-d>]) [untagged <interface-type> <0/ab,0/c,...> [<interface-type> <0/a-b,0/c,...>] [port-channel <a,b,cd>][all])] [forbidden <interface-type> <0/a-b,0/c,...> [<interface-type>
<0/a-b,0/c,...>] [port-channel <a,b,c-d>]] [name <vlan-name>]
no ports [<interface-type> <0/a-b,0/c,...>] [<interface-type> <0/ab,0/c,...>] [port-channel <a,b,c-d>] [all] [untagged ([<interface-type>
<0/a-b,0/c,...>]
[<interface-type>
<0/a-b,0/c,...>]
[port-channel
<a,b,c-d>]
[all])]
[forbidden
([<interface-type>
<0/a-b,0/c,...>]
[<interface-type> <0/a-b,0/c,...>] [port-channel <a,b,c-d>] [all])]
[name <vlan-name>]
Syntax
Description
266
ports
0/c,
...>
Member Ports Interface type and Id.
portchannel
<a,b,c-d>
Port-channel ID
untagged
Untagged Ports Interface type and Id
0/c,
...>
Untagged Ports Interface type and Id
forbidden
Forbidden Ports Interface type and Id
0/c,
...>
Forbidden Ports Interface type and Id
portchannel
Port-channel ID
all
All Member Ports
name
Administratively assigned string used to identify the VLAN

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
Mode
VLAN Configuration Mode
Package
Example
iss(config-switch-vlan)# ports gigabitethernet 0/1 untagged

gigabitethernet 0/1 forbidden gigabitethernet 0/2 name vl1
Member-ports represent the set of ports permanently assigned to the egress list
Forbidden-ports represent the set of ports forbidden for the VLAN
Untagged ports represent the set of ports which transmits untagged frames
CBP should always be set as untagged member port of a BVLAN.
All the existing commands in VLAN configuration mode are also used for the
configuration of a B-VLAN of a PBB.
Related Command
9.38 vlan active

This command makes the particular VLAN active in the switch.
vlan active
CLI USER MANUAL

267
DATACOM SYSTEMS INC
VS-2024-F
Mode
Config-VLAN Mode
Package
Example
iss(config-vlan)# vlan active
9.39 forward-all
This command configures the forward-all information for a VLAN specifying the set of ports to which all
multicasts must be forwarded.
The no form of the command sets the forward-all to default.
268

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
forward-all
([static-ports
([<interface-type>
<0/a-b,
0/c,
...>]
[<interface-type> <0/a-b, 0/c, ...>] [port-channel <a,b,c-d>] [none])]
[forbidden-ports <interface-type> <0/a-b, 0/c, ...> [<interface-type>
<0/a-b, 0/c, ...>] [port-channel <a,b,c-d>]])
no forward-all
Syntax
Description
staticports
Static Ports Interface type and ID.
0/c,
...>
portchannel
Port-channel ID
none
None
forbiddenports
Forbidden Ports Interface type and ID.
0/c,
...>
portchannel
Port-channel ID
Mode
Config-VLAN Mode
Package
Example
iss(config-vlan)# forward-all static-ports gigabitethernet 0/1

forbidden-ports gigabitethernet 0/2
CLI USER MANUAL

269
DATACOM SYSTEMS INC
VS-2024-F
static-ports are the set of ports configured by the user in this VLAN to which the
multicast group-addressed frames are to be forwarded
forbidden-ports are the set of ports configured by the user in this VLAN to which the
multicast group-addressed frames are NOT to be forwarded
Related Command
show forward-all - Displays the GMRP forward-all table entries
270

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
9.40 forward-unregistered
This command configures the forward unregistered information for a VLAN for which there is no specific
forwarding information. The no form of the command sets the forward-unregistered information to default.
forward-unregistered ([static-ports ([<interface-type> <0/a-b, 0/c,

...>] [<interface-type> <0/a-b, 0/c, ...>] [port-channel <a,b,c-d>]
[none])]
[forbidden-ports
<interface-type>
<0/a-b,
0/c,
...>
[<interface-type> <0/a-b, 0/c, ...>] [port-channel <a,b,c-d>]])
no forward-unregistered
Syntax
Description
staticports
0/c,
...>
portchannel
Port-channel ID
none
None
forbiddenports
0/c,
...>
portchannel
Port-channel ID
Mode
Config-VLAN Mode
Package
Example
iss(config-vlan)# forward-unregistered static-ports

gigabitethernet 0/2 forbidden-ports gigabitethernet 0/1
static-ports are the set of ports configured by the user in this VLAN to which the
multicast group-addressed frames are to be forwarded
forbidden-ports are the set of ports configured by the user in this VLAN to which the
multicast group-addressed frames are NOT to be forwarded
Related Command
show forward-unregistered - Displays the GMRP forward-unregistered table

CLI USER MANUAL
271
DATACOM SYSTEMS INC
VS-2024-F
9.41 switchport pvid

This command configures the PVID (VLAN Identifier) on a port. The no form of this command sets the
PVID to the default value on the port.
switchport pvid <vlan-id(1-4094)>
no switchport pvid
Syntax
Description
vlan-id
PVID value to be configured on the port.
Mode
Example
iss(config-if)# switchport pvid 3
If the frame (untagged/priority tagged/customer VLAN tagged) is received on a

"tunnel" port, then the default Port VLAN Id (PVID) associated with the port is
used.
If the received frame cannot be classified as MAC-based or port-and-protocolbased, then the PVID associated with the port is used.
For ports in PBB bridge mode, PVID can be configured on CNP and CBP.
Usage is based on acceptable frame type of the port. Packets will be either
dropped or accepted at ingress. Once a packet is accepted, if packet is having
a tag, it will be processed against that tag. Otherwise, the packet will be
processed against PVID.
Related Command
show vlan port config - Displays the VLAN related parameters specific for ports
272

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
9.42 switchport access vlan

This command configures the PVID (Port VLAN Identifier) on a port. The no form of this command sets
the PVID to the default value on the port.
This command operates similar to that of the command switchport pvid.
switchport access vlan <vlanid (1-4094)>
no switchport access vlan
Syntax
Description
vlan-id
PVID value to be configured on the port.
Mode
Example
iss(config-if)# switchport access vlan 3
If the frame (untagged/priority tagged/customer VLAN tagged) is received on a

"tunnel" port, then the default PVID associated with the port is used.
If the received frame cannot be classified as MAC-based or port-and-protocolbased, then the PVID associated with the port is used.
For ports in PBB bridge mode, PVID can be configured on CNP (Customer
Network Port) and CBP (Customer Backbone Port).
Usage is based on acceptable frame type of the port. Packets will be either
dropped or accepted at ingress. Once a packet is accepted, if the packet is
having a tag, it will be processed against that tag. Otherwise, the packet will
be processed against PVID.
Related Command
CLI USER MANUAL

273
DATACOM SYSTEMS INC
VS-2024-F
9.43 switchport acceptable-frame-type

This command configures the acceptable frame type for the port. The no form of this command sets the
default value of acceptable frame type - all where all frames will be accepted.
switchport
acceptable-frame-type
untaggedAndPrioritytagged }
{all
tagged
no switchport acceptable-frame-type
Syntax
Description
all
All frames. Both tagged and untagged frames are allowed.
tagged
Tagged frames. For ports in PBB bridge mode, the

description of tagged frames is given in the below table:
untaggedAndP
rioritytagge
d
Port Type
What will be considered as

TAG
CNP STagged
S-Tag
CNP CTagged
C-Tag
CNP Port Based
S-Tag
PIP
I-Tag
CBP
I-Tag
PNP
B-Tag or S Tag
Untagged and priority tagged frames. For ports in PBB

bridge mode, the description of untagged frames is given
in the below table:
Mode
Package
Defaults
all
Example
iss(config-if)# switchport acceptable-frame-type tagged
274

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
When set to "tagged" the device will discard untagged and priority tagged frames
received on the port and will process only the VLAN tagged frames
When set to "all" untagged frames or priority-tagged frames received on the port are
also accepted
When set to untaggedAndPrioritytagged, untagged and priority tagged frames alone

are accepted and tagged frames are dropped.
Related Command
show vlan port config - Displays the VLAN related parameters specific for ports.
9.44 switchport ingress-filter

This command enables ingress filtering on the port. The no form of this command disables ingress filtering
on the port.
switchport ingress-filter
no switchport ingress-filter
Mode
Package
Defaults
Disabled
Example
iss(config-if)# switchport ingress-filter
When ingress-filtering is enabled, the device discards those incoming

frames for VLANs which do not include this port in its member set
When the ingress filtering is disabled using the no form of the command,
the device accepts all incoming frames
Related Command
CLI USER MANUAL

275
DATACOM SYSTEMS INC
VS-2024-F
9.45 port mac-vlan

This command enables MAC-based VLAN learning on the port. The no form of the command disables
MAC-based VLAN learning on the port.
port mac-vlan
no port mac-vlan
Mode
Package
Defaults
Disabled
Example
iss(config-if)# port mac-vlan
VLAN classification on the port will be MAC-based as long as MAC-based VLAN

classification is enabled globally for the device.
Related Command
276

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
9.46 port subnet vlan

This command enables subnet based VLAN classification on the port. The no form of command disables
the subnet based VLAN learning on the port.
port subnet-vlan
no port subnet-vlan
Mode
Package
Defaults
Disabled
Example
iss(config-if)# port subnet-vlan
Related Command
show subnet vlan mapping: Displays the entries in Subnet-VLAN database
CLI USER MANUAL

277
DATACOM SYSTEMS INC
VS-2024-F
9.47 port protocol-vlan

This command enables port protocol based VLANs. The no form of the command disables port Protocol
based VLANs.
port protocol-vlan
no port protocol-vlan
Mode
Package
Defaults
Enabled
Example
iss(config-if)# port protocol-vlan
The value enable indicates that the VLAN classification on this port is port and
protocol based as long as the port and protocol based classification is enabled
globally for the device.
Related Command
278

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
9.48 switchport map protocols-group

This command maps the protocol group configured to a particular VLAN identifier for the specified
interface. The no form of the command unmaps the VLAN identifier to group Id mapping.
switchport map protocols-group

<vlan-id(1-4094)>
<Group
id
integer(0-2147483647)>vlan
no switchport map protocols-group <Group id integer(0-2147483647)>>
Syntax
Description
Group id
Group ID
vlan
VLAN ID
Mode
Package
Example
iss(config-if)# switchport map protocols-group 1 vlan 2
Protocol group must have been configured
Related Commands
map protocol - Adds a protocol to a protocol group for protocol based VLAN learning
CLI USER MANUAL

279
DATACOM SYSTEMS INC
VS-2024-F
show protocol-vlan - Displays the entries in protocol-VLAN database
show vlan protocols-group - Displays the protocol group database
9.49 switchport priority default

This command sets the default user priority for the port. The no form of the command sets the default user
priority for the port to the default value.
switchport priority default <priority value(0-7)>
no switchport priority default
Mode
Package
Defaults
Example
iss(config-if)# switchport priority default 5
Related Command
280

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
9.50 switchport mode

This command configures the VLAN port mode. The no form of the command configures the default VLAN
port mode.
switchport mode { access | trunk | hybrid | {dynamic {auto | desirable}}

}
no switchport mode
Syntax
Description
access
Access port Mode
trunk
Trunk port Mode
hybrid
Hybrid VLAN port Mode
dynamic
Dynamic Mode. This can be:
auto Interface converts the link to a trunk link.
desirable Interface actively attempts to convert

the link to a trunk link.
Mode
Package
CLI USER MANUAL

281
DATACOM SYSTEMS INC
VS-2024-F
Defaults
Hybrid Mode
Example
iss(config-if)# switchport mode access
It is not possible to set the switchport mode status to Trunk/Hybrid if the tunnel is
enabled.
It is not possible to configure the switchport mode status to trunk if the port is an
untagged member of a VLAN.
It is not possible to configure the switchport mode status to access if the ports
acceptable frame type is All/Tagged.
Related Commands
switchport mode dot1q-tunnel - Enables dot1q-tunneling on the specified interface
9.51 switchport mode dot1q-tunnel

This command enables dot1q-tunneling on the specified interface. The no form of the command disables
dot1q-tunneling on the specified interface.
switchport mode dot1q-tunnel
no switchport mode dot1q-tunnel
Mode
Package
Defaults
Disabled
Example
iss(config-if)# switchport mode dot1q-tunnel
282

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
Bridge Mode must be set to 'provider' for the dot1q-tunneling status to be enabled
It is not possible to set the dot1q-tunnel status on the port if the port mode is not
'access' type
PNAC port control must be force-authorized
If dot1q tunneling is enabled on the specified interface, then GMRP is disabled

internally
Related Commands
bridge-mode- Metro - Configures the bridge mode of the Switch
switchport mode - Configures the VLAN port mode
show dot1q-tunnel - Displays the entries in the dot1q-tunnel table
show vlan port config - Displays the VLAN port information
9.52 set garp timer

This command configures the GARP join time, leave time, and leaveall time in milli-seconds.
set garp timer {join | leave | leaveall} <time in milli seconds>
Syntax
Description
join
Join Time
leave
Leave Time
leaveall
Leaveall Time
Mode
Package
CLI USER MANUAL

283
DATACOM SYSTEMS INC
VS-2024-F
Defaults
Example
join
20
leave
60
leaveall
1000
iss(config-if)# set garp timer join 500
Leave Timer must be greater than 2 times Join Timer and Leaveall Timer must
be greater than Leave Timer
Timer values cannot be set to zero
The GARP timer configuration will be applied to the GARP applications (GMRP
and GVRP) on the specified interface.
Related Command
show garp timer - Displays the GARP timer information of the available interfaces
9.53 vlan restricted

This command enables/disables restricted VLAN registration on the port.
vlan restricted {enable | disable}
Syntax
Description
enable
Enables restricted VLAN registration
disable
Disables restricted VLAN registration
Mode
Package
284

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
Defaults
disable
Example
iss(config-if)# vlan restricted enable
If restricted VLAN registration rules are enabled, then a VLAN is learnt dynamically
from the GVRP frame only if the specific VLAN is statically configured in the switch. If
restricted VLAN registration rules are disabled, then GVRP packets are processed
normally and the VLANs are learnt dynamically even if they are not statically configured
in the switch.
Related Command
9.54 group restricted

This command enables or disables restricted group registration on a port.
group restricted {enable | disable }
Syntax
Description
enable
Enables restricted group registration
disable
Disables restricted group registration
Mode
Package
CLI USER MANUAL

285
DATACOM SYSTEMS INC
VS-2024-F
Defaults
disable
Example
iss(config-if)# group restricted enable
If restricted group registration rules are enabled, then a multicast group

attribute/service requirement attribute is learnt dynamically from the GMRP frame
only if the specific multicast group attribute/service requirement attribute is statically
configured in the switch. If restricted group registration rules are disabled, then
GMRP packets are processed normally and the multicast group attribute/service
requirement attribute are learnt dynamically even if they are not statically configured
in the switch.
Related Command
9.55 vlan max-traffic-class

This command configures the maximum number of traffic classes supported on a port. The no form of the
command assigns the default maximum traffic class value to a port.
vlan max-traffic-class <MAX Traffic class(1-8)>
no vlan max-traffic-class
Syntax
Description
286
MAX Traffic
class
The number of traffic classes supported on the port

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
Mode
Package
Defaults
Example
iss(config-if)# vlan max-traffic-class 7
Related Command
show vlan traffic-classes - Displays the traffic classes information of all the available interfaces
9.56 vlan map-priority

This command maps a priority to a traffic class on the specified port. The frame received on the interface
with the configured priority will be processed in the configured traffic class.
The no form of the command maps the default priority to traffic class value on the port.
vlan map-priority
value(0-7)>
<priority
value(0-7)>
traffic-class
<Traffic
class
no vlan map-priority <priority value (0-7)>
CLI USER MANUAL

287
DATACOM SYSTEMS INC
VS-2024-F
Syntax
Description
trafficclass
Traffic class value
Mode
Package
Example
iss(config-if)# vlan map-priority 2 traffic-class 2
The default traffic class value depends upon the configured priority value
Following is the list of default traffic class values for different priority values
Priority
0
1
2
3
4
5
6
7
Default traffic class

2
0
1
3
4
5
6
7
Related Command
show vlan traffic-classes - Displays the traffic classes information of all the available interfaces
9.57 shutdown garp

This command shuts down the GARP Module. The no form of the command starts and enables the GARP
Module.
shutdown garp
no shutdown garp
288

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
Mode
Package
Defaults
GARP Module is Started and enabled by default
Example
iss(config)# shutdown garp
GARP cannot be started, if VLAN is shutdown and MRP is not shutdown
GARP cannot be shutdown, if GVRP and/or GMRP are enabled
Related Command
set gvrp disable - Globally disables GVRP
set gmrp disable - Globally disables GMRP
Error! Reference source not found. - Shuts down MRP module in the switch
shutdown vlan Shuts down VLAN switching
9.58 shutdown vlan

This command shuts down VLAN switching. The no form of the command starts and enables VLAN
switching.
shutdown vlan
CLI USER MANUAL

289
DATACOM SYSTEMS INC
VS-2024-F
no shutdown vlan
Mode
Package
Defaults
VLAN Module is Started and enabled by default
Example
iss(config)# shutdown vlan
VLAN module cannot be shutdown when the GARP Module is started
shutdown command releases the resources acquired by the VLAN Module,

disabling VLAN on all the ports in the device
start acquires the resources required by the VLAN Module to function in the
device
Related Commands
set vlan - Enables/disables VLAN in the switch
shutdown garp Shuts down the GARP Module
show vlan - Displays the VLAN information in the database
9.59 debug vlan

This command sets the debug level. The no form of the command sets the debug level to default value.
debug vlan { global | [{fwd | priority | | redundancy} [initshut] [mgmt]

[data]
[ctpl]
[dump]
[os]
[failall]
[buffer]
[all]]
switch
<context_name> }
290

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
no debug vlan { global | [{fwd | priority | | redundancy} [initshut]

[mgmt] [data] [ctpl] [dump] [os] [failall] [buffer] [all]] switch
<context_name> }
Syntax
Description
global
Global related debug messages
fwd
Forwarding Module
priority
VLAN Priority Module
redundancy
Mode
Redundancy related debug messages
initshut
Init and Shutdown
mgmt
Management
data
Data path
ctpl
Control Plane
dump
Packet dump
os
Traces related to all Resources except Buffer
failall
All Failures
buffer
Buffer
all
All Traces
switch
Context/Switch Name. If the switch supports

multiple instances, the name of the instance can
be specified. Otherwise this parameter need not
be given or the context name can be given as
default.
Privileged Exec Mode
CLI USER MANUAL

291
DATACOM SYSTEMS INC
VS-2024-F
Package
Defaults
Disabled
Example
iss # debug vlan fwd all
Related Command
Error! Reference source not found. - Displays state of each debugging option
9.60 debug garp

This command sets debug level. The no form of the command sets the debug level to default value.
292

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
debug garp { global | [{protocol | gmrp | gvrp | redundancy} [initshut]

[mgmt] [data] [ctpl] [dump] [os] [failall] [buffer] [all]] [switch
<context_name>] }
no debug garp { global | [{protocol | gmrp | garp | redundancy}

[initshut] [mgmt] [data] [ctpl] [dump] [os] [failall] [buffer] [all]]
[switch <context_name>] }
Syntax
Description
global
Global related debug messages
protocol
Protocol related traces
gmrp
GMRP related traces
gvrp
GVRP related traces
redundancy
Redundancy related debug messages
initshut
Init and Shutdown
mgmt
Management
data
Data path
ctpl
Control Plane
dump
Packet dump
os
Traces related to all Resources except Buffer
failall
All Failures
buffer
Buffer
all
All Traces
CLI USER MANUAL

293
DATACOM SYSTEMS INC
VS-2024-F
switch
Context/Switch Name. If the switch supports

multiple instances, the name of the instance can
be specified. Otherwise this parameter need not be
given or the context name can be given as default
Mode
Privileged Exec Mode
Package
Defaults
Disabled
Example
iss # debug garp fwd all
Related Command
Error! Reference source not found. - Displays state of each debugging option
294

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
9.61 show vlan

This command displays the VLAN information in the database.
show vlan [brief | id <vlan-range> | summary] [ switch <context_name>]
Syntax
Description
brief
Information about all the VLANs in brief
id
Information specific to the VLAN Id
summary
Summary of the VLAN
switch
Context/Switch Name. This parameter is specific to

Multiple Instance.
Mode
Package
Example
Single Instance:
iss# show vlan brief
Vlan database
------------Vlan ID
: 1
Member Ports
: Gi0/1, Gi0/2, Gi0/3, Gi0/4, Gi0/5, Gi0/6

Gi0/7, Gi0/8, Gi0/9, Gi0/10, Gi0/11, Gi0/12
Gi0/13, Gi0/14, Gi0/15, Gi0/16, Gi0/17, Gi0/18
Gi0/19, Gi0/20, Gi0/21, Gi0/22, Gi0/23, Gi0/24
Untagged Ports
: Gi0/1, Gi0/2, Gi0/3, Gi0/4, Gi0/5, Gi0/6

Gi0/7, Gi0/8, Gi0/9, Gi0/10, Gi0/11, Gi0/12
Gi0/13, Gi0/14, Gi0/15, Gi0/16, Gi0/17, Gi0/18
Gi0/19, Gi0/20, Gi0/21, Gi0/22, Gi0/23, Gi0/24
Forbidden Ports
: None
Name
Status
: Permanent
---------------------------------------------------iss# show vlan summary

Number of vlans : 1
Multiple Instance:
CLI USER MANUAL
295
DATACOM SYSTEMS INC
VS-2024-F
iss# show vlan

Switch - default
Vlan database
------------Vlan ID
: 1
Member Ports
: Gi0/49
Untagged Ports
: Gi0/49
Forbidden Ports
: None
Name
Status
: Permanent
----------------------------------------------------
Switch - cust1
Vlan database
------------Vlan ID
: 1
Member Ports
: Gi0/1, Gi0/2, Gi0/3, Gi0/4, Gi0/5, Gi0/6
Untagged Ports
: Gi0/1, Gi0/2, Gi0/3, Gi0/4, Gi0/5, Gi0/6
Forbidden Ports
: None
Name
Status
: Permanent
---------------------------------------------------Vlan ID
: 20
Member Ports
: Gi0/1
Untagged Ports
: Gi0/1
Forbidden Ports
: None
Name
Status
: Permanent
----------------------------------------------------
296
Vlan ID
: 30
Member Ports
: Gi0/2
Untagged Ports
: None
Forbidden Ports
: None
Name

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
Status
: Dynamic Gvrp
----------------------------------------------------
If the optional parameter is not specified then this command displays the VLAN
information of all the available interfaces.
Related Commands
shutdown vlan Shuts down VLAN switching. The no form of the command starts and enables
VLAN switching
vlan - Configures a VLAN in the switch and is also used to enter in to the config-VLAN mode
ports - Configures a static VLAN entry with the required member ports, untagged ports and
forbidden ports
9.62 show vlan device info

This command displays the VLAN related global status variables.
show vlan device info [ switch <context_name>]
Syntax
Description
switch
Context/Switch Name. This parameter is

specific to Multiple Instance.
Mode
Package
Example
Single Instance:
iss# show vlan device info
Vlan device configurations
--------------------------
CLI USER MANUAL

297
DATACOM SYSTEMS INC
VS-2024-F
Vlan Status
: Enabled
Vlan Oper status
: Enabled
Gvrp status
: Enabled
Gmrp status
: Disabled
Gvrp Oper status
: Enabled
Gmrp Oper status
: Disabled
Mac-Vlan Status
: Disabled
Subnet-Vlan Status
: Enabled
Protocol-Vlan Status
: Enabled
Bridge Mode
: Customer Bridge
Base-Bridge Mode
: Vlan Aware Bridge
Traffic Classes
: Enabled
Vlan Operational Learning Mode
: IVL
Version number
: 1
Max Vlan id
: 4094
Max supported vlans
: 1024
Unicast mac learning limit
: 150
Multiple Instance:
iss# show vlan device info
Switch default
Vlan device configurations

--------------------------
298
Vlan Status
: Enabled
Vlan Oper status
: Enabled
Gvrp status
: Enabled
Gmrp status
: Enabled
Gvrp Oper status
: Enabled
Gmrp Oper status
: Enabled
Mac-Vlan Status
: Disabled
Protocol-Vlan Status
: Enabled
Bridge Mode
: Customer Bridge
Traffic Classes
: Enabled
Vlan Operational Learning Mode
: IVL
Version number
: 1

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
Max Vlan id
: 4094
Max supported vlans
: 1024
Unicast mac learning limit
: 150
Related Commands
shutdown vlan Shuts down VLAN switching. The no form of the command starts and enables
VLAN switching
- Enables MAC-based VLAN for all the available interfaces of the VLAN
forbidden ports
set gvrp - Enables or disables GVRP on a global basis
set port gvrp - Enables or disables GVRP on the interface
set gmrp - Enables or disables GMRP on a global basis
set port gmrp - Enables or disables GMRP on the interface
set vlan traffic-classes - Enables or disables traffic classes
port protocol-vlan - Enables port protocol based VLANs
vlan learning mode - Configures the VLAN learning mode
show vlan traffic-classes - Displays the traffic classes information of all the available
interfaces.
show protocol-vlan - Displays the entries in the protocol-VLAN database.
unicast-mac learning limit - Sets unicast MAC learning limit for the switch
CLI USER MANUAL

299
DATACOM SYSTEMS INC
VS-2024-F
9.63 show vlan device capabilities

This command displays VLAN capabilities of the device.
show vlan device capabilities [ switch <context_name>]
Syntax
Description
switch
Context/Switch Name. This

Mode
Package
Example
Single Instance:
iss# show vlan device capabilities
parameter
is
Vlan device capabilities

--------------------------
Extended filtering services

Traffic classes
Static Entry Individual port
IVL capable
SVL capable
Hybrid capable
Configurable Pvid Tagging
Multiple Instance:
iss# show vlan device capabilities
Switch - default
--------------------------

Traffic classes
IVL capable
SVL capable
Hybrid capable
300

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
Switch - cust1
--------------------------

Traffic classes
IVL capable
SVL capable
Hybrid capable
9.64 show fid - detail

This command displays forwarding database identifier used by VLANs in the switch.
show fid [<integer(1-4094)> | detail] [ switch <context_name>]
Syntax
Description
switch

Multiple Instance.
Mode
Package
Example
Single Instance:
iss# show fid 2
Default Learning Type
: IVL
Fid Vlan mapping information

---------------------------Fid
: 2
Vlan's
: 2,
---------------------------iss# show fid detail

: IVL
CLI USER MANUAL

301
DATACOM SYSTEMS INC
VS-2024-F
---------------------------Fid
: 1
Vlan's
: 1,
---------------------------Fid
: 2
Vlan's
: 2,
---------------------------Fid
: 3
Vlan's
: 3,
---------------------------Fid
: 4
Vlan's
: 4,
---------------------------Fid
: 5
Vlan's
: 5,
---------------------------Fid
: 6
Vlan's
: 6,
Multiple Instance:
iss# show fid 2
Switch - default
: IVL

---------------------------Fid
: 2
Vlan's
: 2,
---------------------------Switch - cust1
: IVL

---------------------------Fid
: 2
Vlan's
: 2,
---------------------------302

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
Related Commands
fid - vlan range - Configures a VLAN or a list of VLANs to use a Filtering database identified by
a filtering database identifier
vlan default hybrid type - Configures the default learning type for VLANs
9.65 show forward-all

This command displays the GMRP forward-all table entries.
show forward-all [ switch <context_name>]
CLI USER MANUAL

303
DATACOM SYSTEMS INC
VS-2024-F
Syntax
Description
switch

Multiple Instance.
Mode
Package
Example
Single Instance:
iss# show forward-all
Vlan Forward All Table
------------------------
Vlan ID : 1
ForwardAll Ports
: Gi0/2
ForwardAll Static Ports
: Gi0/2
ForwardAll ForbiddenPorts : Gi0/1

---------------------------------------------------------Vlan ID : 2
ForwardAll Ports
: Gi0/1
: Gi0/1

---------------------------------------------------------Multiple Instance:
iss# show forward-all
Switch default
Vlan Forward All Table
------------------------
Vlan ID : 1
ForwardAll Ports
: Gi0/2
: Gi0/2

---------------------------------------------------------Vlan ID : 2
304
ForwardAll Ports
: Gi0/1
: Gi0/1

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN

----------------------------------------------------------
Related Commands
vlan - Configures a VLAN in the switch and is used to enter into the VLAN mode
forbidden ports
forward-all - Configures the forward-all information for a VLAN
CLI USER MANUAL

305
DATACOM SYSTEMS INC
VS-2024-F
9.66 show forward-unregistered

This command displays the GMRP forward-unregistered table.
show forward-unregistered [ switch <context_name>]
Syntax
Description
switch

Multiple Instance.
Mode
Package
Example
Single Instance:
iss# show forward-unregistered
Vlan Forward Unregistered Table
---------------------------------
Vlan ID : 1
Unreg ports
: Gi0/1
Unreg Static Ports
: Gi0/1
Unreg Forbidden Ports : Gi0/2

-----------------------------------------------------Vlan ID : 2
Unreg ports
: Gi0/2
Unreg Static Ports
: Gi0/2
Unreg Forbidden Ports : Gi0/1

-----------------------------------------------------Multiple Instance:
iss# show forward-unregistered
Switch - default
306

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN

---------------------------------
Vlan ID : 1
Unreg ports
: Gi0/49
Unreg Static Ports
: Gi0/49
Unreg Forbidden Ports : None

------------------------------------------------------
Switch - cust1

---------------------------------
Vlan ID : 1
Unreg ports
Gi0/6
: Gi0/1, Gi0/2, Gi0/3, Gi0/4, Gi0/5,
Unreg Static Ports

Gi0/6
: Gi0/1, Gi0/2, Gi0/3, Gi0/4, Gi0/5,

-----------------------------------------------------Vlan ID : 20
Unreg ports
: Gi0/1
Unreg Static Ports
: Gi0/1

-----------------------------------------------------Vlan ID : 30
Unreg ports
: Gi0/2
Unreg Static Ports
: Gi0/2

------------------------------------------------------
Related Commands
forbidden ports
forward-unregistered - Configures the forward unregistered information for a VLAN
CLI USER MANUAL

307
DATACOM SYSTEMS INC
VS-2024-F
9.67 show vlan traffic-classes

This command displays the traffic classes information of all the available interfaces.
show vlan traffic-classes

switch <context_name>}]
Syntax
Description
[{port
<interface-type>
<interface-id>
port
Interface Type and ID of the port
switch
Context/Switch Name. This parameter is specific

to Multiple Instance.
Mode
Package
Example
Single Instance:
308

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
iss# show vlan traffic-classes

Traffic Class table
--------------------Port
Priority
Traffic Class
-----
---------
-------------
Gi0/1
Gi0/1
Gi0/1
Gi0/1
Gi0/1
Gi0/1
Gi0/1
Gi0/1
Gi0/2
Gi0/2
Gi0/2
Gi0/2
Gi0/2
Gi0/2
Gi0/2
Gi0/2
Multiple Instance:
iss# show vlan traffic-classes
Switch - default
Traffic Class table

--------------------Port
Priority
Traffic Class
-----
---------
-------------
Gi0/49
Gi0/49
Gi0/49
Gi0/49
Gi0/49
Gi0/49
CLI USER MANUAL

309
DATACOM SYSTEMS INC
VS-2024-F
Gi0/49
Gi0/49
Switch - cust1
Traffic Class table

---------------------
Port
Priority
Traffic Class
-----
---------
-------------
Gi0/1
Gi0/1
Gi0/1
Gi0/1
Gi0/1
Gi0/1
Gi0/1
Gi0/1
Gi0/2
Gi0/2
Gi0/2
Gi0/2
Gi0/2
Gi0/2
Gi0/2
Gi0/2
If executed without the ports option, this command displays the priority mapped
to all the available traffic classes on the port.
Related Commands
forbidden ports
set vlan traffic-classes - Enables / disables traffic classes
310

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
9.68 show garp timer

This command displays the GARP timer information of the available interfaces.
show garp timer

<context_name>}]
Syntax
Description
[{
port
<interface-type>
<interface-id>
port
Interface type and ID of the port
switch

Mode
Package
Example
Single Instance:
iss# show garp timer port gigabitethernet 0/1
parameter
switch
is
Garp Port Timer Info (in milli seconds)

---------------------------------------
Port
Join-time
Leave-time
Leave-all-time
-----
---------
----------
--------------
Gi0/1
200
600
10000
Multiple Instance:
iss# show garp timer
Switch - default

---------------------------------------
CLI USER MANUAL

311
DATACOM SYSTEMS INC
VS-2024-F
Port
Join-time
Leave-time
Leave-all-time
-----
---------
----------
--------------
Gi0/49
200
600
10000
Switch - cust1

---------------------------------------
Port
Join-time
Leave-time
Leave-all-time
-----
---------
----------
--------------
Gi0/1
200
600
10000
Gi0/2
200
600
10000
Gi0/3
200
600
10000
Gi0/4
200
600
10000
Gi0/5
200
600
10000
Gi0/6
200
600
10000
The timer information is the same for GVRP and GMRP.
Related Commands
forbidden ports
set garp timer - Configures the GARP join time, leave time, and leaveall time in milli-seconds
312

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
9.69 show vlan port config

This command displays the VLAN related parameters specific for ports.
show vlan port config [{port <interface-type> <interface-id> | switch

<context_name>}]
Syntax
Description
port
Interface type and ID of the port
switch

Multiple Instance.
Mode
Package
Example
Single Instance:
iss# show vlan port config
Vlan Port configuration table
-------------------------------
CLI USER MANUAL

313
DATACOM SYSTEMS INC
VS-2024-F
Port Gi0/1
Port Vlan ID
: 1
Port Acceptable Frame Type
: Admit All
Port Ingress Filtering
: Disabled
Port Mode
: Hybrid
Port Gvrp Status
: Enabled
Port Gmrp Status
: Enabled
Port Gvrp Failed Registrations
: 0
Gvrp last pdu origin
: 00:00:00:00:00:00
Port Restricted Vlan Registration
: Disabled
Port Restricted Group Registration
: Disabled
Mac Based Support
: Disabled
Subnet Based Support
: Disabled
Port-and-Protocol Based Support
: Enabled
Default Priority
: 0
Filtering Utility Criteria
: Default
Port Protected Status
: Disabled
------------------------------------------------------Port Gi0/2
Port Vlan ID
: 1
: Admit All
: Disabled
Port Mode
: Hybrid
Port Gvrp Status
: Enabled
Port Gmrp Status
: Enabled
: 0
: 00:00:00:00:00:00
: Disabled
: Disabled
Mac Based Support
: Disabled
Subnet Based Support
: Disabled
: Enabled
Default Priority
: 0
: Default
Port Protected Status
: Disabled
------------------------------------------------------Multiple Instance:
iss# show vlan port config
314

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
Switch - default

------------------------------Port Gi0/49
Port Vlan ID
: 1
: Admit All
: Disabled
Port Mode
: Hybrid
Port Gvrp Status
: Enabled
Port Gmrp Status
: Enabled
: 0
: 00:00:00:00:00:00
: Disabled
: Disabled
Mac Based Support
: Disabled
: Enabled
Default Priority
: 0
Dot1x Protocol Tunnel Status
: Peer
LACP Protocol Tunnel Status
: Peer
Spanning Tree Tunnel Status
: Peer
GVRP Protocol Tunnel Status
: Peer
GMRP Protocol Tunnel Status
: Peer
IGMP Protocol Tunnel Status
: Peer
: Enhanced
-------------------------------------------------------
Switch - cust1

------------------------------Port Gi0/1
Port Vlan ID
: 20
: Admit All
: Disabled
Port Mode
: Hybrid
CLI USER MANUAL

315
DATACOM SYSTEMS INC
VS-2024-F
Port Gvrp Status
: Enabled
Port Gmrp Status
: Enabled
: 0
: 00:00:00:00:00:00
: Disabled
: Disabled
Mac Based Support
: Disabled
: Enabled
Default Priority
: 0
------------------------------------------------------Port Gi0/2
Port Vlan ID
: 1
: Admit All
: Disabled
Port Mode
: Hybrid
Port Gvrp Status
: Enabled
Port Gmrp Status
: Enabled
: 0
: 00:01:02:03:04:0e
: Disabled
: Disabled
Mac Based Support
: Disabled
: Enabled
Default Priority
: 0
-------------------------------------------------------
If executed with out the optional parameter this command displays the port
information of all the available ports.
Related Commands
set port gvrp / set port gvrp - enable | disable - Enables or disables GVRP on the
interface
set port gmrp - Enables or disables GMRP on the interface
switchport pvid / switchport access vlan - Configures the PVID (VLAN ID) that would be
assigned to untagged/priority-tagged frames/VLAN tagged frames
switchport acceptable-frame-type - Configures the acceptable frame type for the port
switchport ingress-filter - Enables ingress filtering on the port
316

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
port mac-vlan - Enables MAC-based VLAN on the port
port protocol-vlan - Enables port protocol based VLANs
vlan restricted - Enables/disables restricted VLAN registration on the port
9.70 show vlan protocols-group

This command displays the protocol group database.
show vlan protocols-group [ switch <context_name>]
Syntax
Description
switch

Mode
Package
Example
Single Instance:
iss# show vlan protocols-group
parameter
is
Protocol Group Table

------------------------------------------------------------Frame Type
Protocol
Group
-----------------------------------------Enet-v2
CLI USER MANUAL
IP
1
317
DATACOM SYSTEMS INC
VS-2024-F
Snap
Novell
-----------------------------------------Multiple Instance:
iss# show vlan protocols-group
Switch - default
Protocol Group Table
------------------------------------------------------------Frame Type
Protocol
Group
-----------------------------------------Enet-v2
IP
Snap
Novell
-----------------------------------------Related Commands
map protocol - Configures the group ID for a specific encapsulation and protocol value
combination
show protocol-vlan - Displays the entries in the protocol-VLAN database
switchport map protocols-group - Maps the protocol group configured to a particular VLAN
identifier for the specified interface
9.71 show protocol-vlan

This command displays the entries in protocol-VLAN database.
show protocol-vlan [ switch <context_name>]
Syntax
Description
switch

Multiple Instance.
Mode
Package
Example
Single Instance:
iss# show protocol-vlan
318

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
Port Protocol Table

-------------------------------------Port
Group
Vlan ID
-------------------------------------Gi0/2
Gi0/1
--------------------------------------
Multiple Instance:
iss# show protocol-vlan
Switch - default
Port Protocol Table
-------------------------------------Port
Group
Vlan ID
-------------------------------------Gi0/2
Gi0/1
--------------------------------------
Related Command
switchport map protocols-group - Maps the protocol group configured to a particular VLAN
identifier for the specified interface
9.72 show mac-vlan

This command displays the entries in the MAC-VLAN database.
show mac-vlan [{interface

<context_name>]
Syntax
interface
CLI USER MANUAL

<interface-type>
<interface-id>]
switch
Interface Type and Identifier
319
DATACOM SYSTEMS INC
VS-2024-F
Description
switch

Multiple Instance.
Mode
Package
Example
Single Instance:
iss# show mac-vlan interface gigabitethernet 0/1
Mac Map Table For Port 1--Mac Vlan Disabled
--------------------------
Mac Address
Vlan ID
MCast/Bcast
-----------
-------
-----------
00:11:11:11:11:11
discard
00:22:22:22:22:22
allow
Multiple Instance:
iss# show mac-vlan switch cust1
Switch - cust1
Mac Map Table

-------------Mac Address
Vlan ID
-----------
-------
00:11:22:33:44:55
Related Commands
mac-vlan - Enables MAC-based VLAN for all the available interfaces of the VLAN
mac-map - Configures the VLAN-MAC address mapping
9.73 show subnet vlan mapping

320

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
This command displays the entries in Subnet-VLAN database.

show subnet-vlan mapping [{interface <interface-type> <interface-id> |
switch <string(32)>}]
Syntax
Description
interface
Interface Type and Identifier
switch

Multiple Instance.
Mode
Package
Example
iss# show subnet -vlan mapping interface gigabitethernet 0/1

Subnet Map Table For Port 1--Subnet Vlan Enabled
------------------------------------------------Subnet Address
Vlan ID
ARP Traffic
------------------------------------------------14.0.0.0
allow
192.168.1.0
discard
Related Commands
map subnet: Configures a VLAN subnet mapping entry
CLI USER MANUAL

321
DATACOM SYSTEMS INC
VS-2024-F
9.74 show vlan counters

This command displays the VLAN counters database.
show vlan counters [vlan <vlan-range>] [ switch <context_name>]
Syntax
Description
vlan
VLAN range.
switch

Multiple Instance.
Mode
Package
Example
Single Instance:
iss# show vlan counters
Port Vlan statistics
-------------------------Port Gi0/1
Vlan ID
: 1
In frames
: 342
Out frames : 345

Discards
: 0
Port Gi0/1
Vlan ID
: 2
In frames
: 446
Out frames : 248

Discards
: 0
Port Gi0/2
Vlan ID
: 2
In frames
: 115
Out frames : 517

Discards
: 7
Port Gi0/2
322
Vlan ID
: 2
In frames
: 0

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
Out frames : 0
Discards
: 0
Multiple Instance:
iss# show vlan counters
Switch - default

-------------------------Port Gi0/49
Vlan ID
: 1
In frames
: 75
Out frames : 0
Discards
: 0
--------------------------
Switch - cust1

-------------------------Port Gi0/1
Vlan ID
: 1
In frames
: 0
Out frames : 0
Discards
: 0
-------------------------Port Gi0/1
Vlan ID
: 20
In frames
: 0
Out frames : 0
Discards
: 0
-------------------------Port Gi0/2
Vlan ID
: 1
In frames
: 70
Out frames : 0
Discards
: 0
--------------------------
CLI USER MANUAL

323
DATACOM SYSTEMS INC
VS-2024-F
Port Gi0/2
Vlan ID
: 30
In frames
: 0
Out frames : 0
Discards
: 2
--------------------------
Related Commands
vlan - Configures a VLAN in the switch and is also used to enter into the config-VLAN mode
forbidden ports
9.75 show vlan statistics

This command displays VLAN statistics such as the number of unicast frames forwarded broadcast
packets and unknown unicast packets flooded in that VLAN.
show vlan statistics [vlan <vlan-range>] [ switch <context_name>]
Syntax
Description
Mode
324
vlan
VLAN range.
switch

Multiple Instance.

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
Package
Example
Single Instance
iss# show vlan statistics vlan 1
Unicast/broadcast Vlan statistics
------------------------------------Vlan Id
: 1
Unicast frames received
: 0
Mcast/Bcast frames received
: 0
Unknown Unicast frames flooded
: 0
Unicast frames transmitted
: 0
Broadcast frames transmitted
: 0
------------------------------------Multiple Instance
iss# show vlan statistics vlan 1 switch sw1
Switch sw1
Unicast/broadcast Vlan statistics

-------------------------------------Vlan Id
: 1
Unicast frames
: 16
Broadcast frames
: 10
Unicast frames flooded
: 25
--------------------------------------
If VLAN ID is not specified in the command, statistics of all the VLAN existing in the
system will be displayed.
Related Command
clear vlan statistics - Clears the VLAN counters
9.76 show mac-address-table

This command displays the static and dynamic unicast and multicast MAC address table.
CLI USER MANUAL

325
DATACOM SYSTEMS INC
VS-2024-F
show mac-address-table [vlan <vlan-range>] [address <aa:aa:aa:aa:aa:aa>]

[interface <interface-type> <interface-id> ]
Syntax
Description
vlan
VLAN range
address
MAC address
interface
Mode
Package
Example
iss# show mac-address-table vlan 2

Vlan
Mac Address
Type
ConnectionId
Ports
----
-----------
----
-----------
-----
00:01:02:03:04:21
Learnt
Gi0/1
Total Mac Addresses displayed: 1
iss# show mac-address-table interface gigabitethernet 0/1

Vlan
Mac Address
Type
ConnectionId
Ports
----
-----------
----
-----------
-----
00:01:02:03:04:21
Learnt
Gi0/1
01:02:03:04:05:06
Static
Gi0/1
If executed without the optional parameters this command displays all the static and
dynamic MAC entries
Related Commands
forbidden ports

forwarding database

forwarding database
326

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
9.77 show dot1d mac-address-table

This command displays the static/dynamic unicast and dynamic multicast FDB table entries, when the
base bridge mode is transparent bridging.
show dot1d mac-address-table [address <aa:aa:aa:aa:aa:aa>] [{interface

<interface-type> <interface-id> | switch <context_name>}]
Syntax
Description
address
MAC address
interfacetype,
interface-id
switch
Context/Switch Name
Mode
Package
Example
iss# show dot1d mac-address-table address 00:01:02:03:04:21

Mac Address
Type
Ports
-----------
----
-----
00:01:02:03:04:21
Learnt
Gi0/2
iss# show dot1d mac-address-table interface gigabitethernet

0/2
Mac Address
-----------
Type
----
Ports
-----
00:01:02:03:04:21
Learnt
Gi0/2
01:02:03:04:05:06
Static
Gi0/2
If executed without the optional parameters this command displays all the
static/dynamic unicast and dynamic multicast entries
Related Commands
CLI USER MANUAL

327
DATACOM SYSTEMS INC
VS-2024-F
mac-address-table static unicast Transparent Bridging Mode - Configures a

static unicast MAC address in the forwarding database when base bridge mode is transparent
bridging.
mac-address-table static multicast Transparent Bridging mode- Configures a

static multicast MAC address in the forwarding database when base bridge mode is transparent
bridging
9.78 show dot1d mac-address-table static unicast

This command displays static unicast MAC address table when the base bridge mode is transparent
bridging.
show
dot1d
mac-address-table
static
unicast
[address
<aa:aa:aa:aa:aa:aa>] [interface <interface-type> <interface-id>]
Syntax
Description
address
MAC address
interfacetype,
interface-id
Mode
Package
Example
iss# show dot1d mac-address-table static unicast address

00:01:02:03:04:21
Mac Address
RecvPort
Status
Ports
-----------
--------
------
-----
00:11:22:33:44:55
Permanent
Gi0/2
iss# show dot1d mac-address-table static unicast address

00:11:22:33:44:55
Mac Address
RecvPort
Status
Ports
-----------
--------
------
-----
00:11:22:33:44:55
Permanent
Gi0/2
328
If executed without the optional parameters this command displays all the static
unicast MAC entries

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
Related commands
mac-address-table static unicast Transparent Bridging Mode - Configures a static
unicast MAC address in the forwarding database when base bridge mode is transparent bridging.
9.79 show dot1d mac-address-table static multicast

This command displays static multicast MAC address table when the base bridge mode is transparent
bridging.
show
dot1d
mac-address-table
static
multicast
[address
<aa:aa:aa:aa:aa:aa>] [interface <interface-type> <interface-id>]
Syntax
Description
address
MAC address
interfacetype,
interface-id
Mode
Package
Example
iss# show dot1d mac-address-table static multicast address

01:00:5E:01:02:03
Mac Address
RecvPort
Type
Ports
-----------
----
-----
-----
static
Gi0/2-3
01:00:5E:01:02:03
iss# show dot1d mac-address-table static multicast interface

gigabitethernet 0/2
Mac Address
CLI USER MANUAL

RecvPort
Type
Ports
329
DATACOM SYSTEMS INC
VS-2024-F
-----------
------
----
-----
01:00:5E:01:02:03
static
Gi0/2
01:00:5E:01:02:04
static
Gi0/2
If executed without the optional parameters this command displays all the static
multicast MAC entries
Related commands
mac-address-table static multicast Transparent Bridging mode- Configures a static
multicast MAC address in the forwarding database when base bridge mode is transparent bridging
9.80 show mac-address-table count

This command displays the number of MAC addresses present on all the VLANs or on the specified
VLAN.
show
mac-address-table
<context_name>]
Syntax
Description
count
[vlan
<vlan-id(1-4094)>]
vlan
VLAN ID
switch

Multiple Instance.
Mode
Package
Example
Single Instance
iss# show mac-address-table count
switch
Mac Entries for Vlan 1:
330

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
-------------------------Dynamic Unicast Address Count
: 1
Dynamic Multicast Address Count
: 0
Static Unicast Address Count
: 1
Static Multicast Address Count
: 1
----------------------------------------

: 1
: 0
: 1
: 0
---------------------------------------Multiple Instance:
iss# show mac-address-table count switch cust1
Switch - cust1

: 1
: 0
: 0
: 0
----------------------------------------

: 0
: 0
: 0
: 0
----------------------------------------

--------------------------
CLI USER MANUAL

331
DATACOM SYSTEMS INC
VS-2024-F
Dynamic Unicast Address Count
: 0
: 0
: 0
: 0
----------------------------------------
If executed without the optional parameter this command displays the MAC
addresses present on all the VLANs.
Related Commands
forbidden ports

forwarding database

forwarding database
9.81 show mac-address-table static unicast

332

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
This command displays the statically configured unicast addresses from the MAC address table.
show mac-address-table static unicast [vlan <vlan-range>] [address

<aa:aa:aa:aa:aa:aa>]
[{interface
<interface-type>
<interface-id>
|
Syntax
Description
vlan
VLAN Id
address
MAC address
interface
switch

Multiple Instance.
Mode
Package
Example
Single Instance:
iss# show mac-address-table static unicast
Vlan Mac Address
RecvPort Status
----
-----------
00:11:22:33:44:55
-------- -----Gi0/2
ConnectionId
-----
Del-OnTimeout
Ports
------Gi0/3
Multiple Instance:
iss# sh mac-address-table static unicast switch cust1
Switch - cust1
Vlan
Mac Address
SrvInst/ Status
Ports
----
-----------
-------- ------
-----
00:11:22:33:44:55
Gi0/2
Permanent
Gi0/3
If executed without the optional parameters this command displays the MAC address
table for all the available interfaces.
Related Commands
forbidden ports

forwarding database
CLI USER MANUAL

333
DATACOM SYSTEMS INC
VS-2024-F
show mac-address-table dynamic unicast - Displays the dynamic MAC address table for the
specified address or for all the addresses
9.82 show mac-address-table static multicast

This command displays the statically configured multicast entries.
show mac-address-table static multicast [vlan <vlan-range>] [address

[{interface
<interface-type>
<interface-id>
|
Syntax
Description
vlan
VLAN Id
address
MAC address
interface
switch

Multiple Instance.
Mode
Package
Example
Single Instance:
iss# show mac-address-table static multicast
Static Multicast Table
---------------------Vlan
: 1
Mac Address
: 01:02:03:04:05:06
Receive Port
: Gi0/1
Member Ports
: Gi0/1
Forbidden Ports : Gi0/2

Status
: Permanent
------------------------------------------------
334

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
Multiple Instance:
iss# sh mac-address-table static multicast switch cust1
Switch - cust1
Static Multicast Table
---------------------Vlan
: 1
Mac Address
: 01:02:03:04:05:06
Receive Port
: Gi0/2
Member Ports
: Gi0/3
Status
: Permanent
------------------------------------------------
Related Commands
forbidden ports
mac-address-table static multicast / mac address-table

Configures a static multicast MAC address in the forwarding database
show mac-address-table dynamic multicast - Displays the dynamic MAC address table for
the specified address or for all the addresses
CLI USER MANUAL

static
mcast -
335
DATACOM SYSTEMS INC
VS-2024-F
9.83 show mac-address-table dynamic unicast

This command displays the dynamically learnt unicast entries from the MAC address table.
show mac-address-table dynamic unicast [vlan <vlan-range>] [address

[{interface
<interface-type>
<interface-id>
|
Syntax
Description
vlan
VLAN Id
address
MAC address
interface
switch

Multiple Instance.
Mode
Package
Example
Single Instance:
iss# show mac-address-table dynamic unicast vlan 2
336
Vlan
Mac Address
Type
ConnectionId
Ports
----
-----------
----
------------
-----
00:01:02:03:04:21
Learnt
Gi0/1

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN

Multiple Instance:
iss# show mac-address-table dynamic unicast
Switch - default
Vlan
Mac Address
Type
Ports
----
-----------
----
-----
00:02:02:03:04:04
Learnt
Gi0/2
00:03:02:03:04:04
Learnt
Gi0/3
00:02:02:03:04:04
Learnt
Gi0/2
00:03:02:03:04:04
Learnt
Gi0/3
00:02:02:03:04:04
Learnt
Gi0/2
00:03:02:03:04:04
Learnt
Gi0/3
If executed without the optional parameters this command displays the MAC address
table of all the available interfaces
Related Commands
forbidden ports

forwarding database
show mac-address-table static unicast - Displays the statically configured unicast address
from the MAC address table
CLI USER MANUAL

337
DATACOM SYSTEMS INC
VS-2024-F
9.84 show mac-address-table dynamic multicast

This command displays the dynamically learnt multicast MAC address.
show mac-address-table dynamic multicast [vlan <vlan-range>] [address

[{interface
<interface-type>
<interface-id>
|
Syntax
Description
Mode
338
vlan
VLAN Id
address
MAC address
interface
switch
Context/Switch Name. This parameter is specific

to Multiple Instance.

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
Package
Example
Single Instance:
iss# show mac-address-table dynamic multicast
Vlan
Mac Address
Type
ConnectionId Ports
----
-----------
----
------------ -----
01:03:05:07:09:04
Learnt
Gi0/1
Multiple Instance:
iss# show mac-address-table dynamic multicast
Switch - default
Vlan
Mac Address
Type
Ports
----
-----------
----
-----
01:02:02:02:02:02
Learnt
Gi0/2, Gi0/3
01:02:02:02:02:02
Learnt
Gi0/2
01:03:03:03:03:03
Learnt
Gi0/3
If executed without the optional parameters this command displays the MAC
address table of all the available interfaces.
Related Commands
vlan - Configures a VLAN in the switch and is also used to enter into the config-VLAN mode
forbidden ports

forwarding database

entries
CLI USER MANUAL

339
DATACOM SYSTEMS INC
VS-2024-F
9.85 show mac-address-table aging-time

This command displays the MAC address-table ageing time.
show mac-address-table aging-time [ switch <context_name>]
Syntax
Description
switch

Multiple Instance.
Mode
Package
340

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 9: VLAN
Example
Single Instance:
iss# show mac-address-table aging-time
Mac Address Aging Time: 300
Multiple Instance:
iss# show mac-address-table aging-time
Context default: Mac Address Aging Time: 300
Related Commands
show mac-address-table - Displays the static and dynamic MAC entries
mac-address-table aging-time - Configures the MAC address table entry maximum age
9.86 show wildcard

This command displays wildcard Mac Address Table entries
show
wildcard
<context_name>]
Syntax
Description
{mac-address
mac-address
/ broadcast
CLI USER MANUAL

<mac_addr>
broadcast}
[switch
Unicast/Multicast/BroadCast Mac Address of Wildcard

entry
341
DATACOM SYSTEMS INC
VS-2024-F
switch

Multiple Instance.
Mode
Package
Example
iss# show wildcard mac-address 01:02:03:04:05:06

Switch default
Wild Card Entries:

-----------------Mac Address
---------------01:02:03:04:05:06
342
Ports
, ------------------Gi0/1

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 10: SNMPV3
Chapter
11
10.SNMPv3
SNMP (Simple Network Management Protocol) is the most widely-used network management protocol on
TCP/IP-based networks. SNMPv3 is designed mainly to overcome the security shortcomings of
SNMPv1/v2. USM (User based Security Model) and VACM (View based Access Control Model) are the
main features added as part of the SNMPv3 specification. USM provides for both encryption and
authentication of the SNMP PDUs, while VACM specifies a mechanism for defining access policies for
different users with different MIB trees. Also, SNMPv3 specifies a generic management framework, which
is expandable for adding new Management Engines, Security Models, Access Control Models and so on.
With SNMPv3, the SNMP communication is completely safe and secure.
SNMPv3 is a multi-lingual Agent supporting all three versions of SNMP (SNMPv1, SNMPv2c and
SNMPv3) while conforming to the latest specifications. It is available as a portable source code product,
which can be easily integrated to any platform (any OS and any Processor). MIB integration is made
simple with the aid of a tool called Middle Level Code Generator (MIDGEN), which is available along
with DatacomSystems SNMP. MIDGEN generates the interface stubs required for every object in the
MIB for the SET, GET and GETNEXT operations.
These stubs can be implemented by the respective modules supporting the MIB. DatacomSystems
SNMP is provided as source code available for licensing to OEMs and VARs who wish to incorporate
the multi-lingual SNMP functionality into their products.
The list of CLI commands for the configuration of SNMPv3 is as follows:
enable snmpsubagent
disable snmpsubagent
show snmp agentx information
show snmp agentx statistics
enable snmpagent
disable snmpagent
CLI USER MANUAL

343
DATACOM SYSTEMS INC
VS-2024-F
snmp community index
snmp group
snmp access
snmp engineid
snmp proxy name
snmp mibproxy name
snmp view
snmp targetaddr
snmp targetparams
snmp user
snmp notify
snmp filterprofile
snmp-server enable traps snmp authentication
snmp-server trap udp-port
snmp-server trap proxy-udp-port
snmp agent port
snmp tcp enable
snmp trap tcp enable
snmp-server tcp-port
snmp-server trap tcp-port
snmp-server enable traps
show snmp
show snmp community
show snmp group
show snmp group access
show snmp engineID
show snmp proxy
show snmp mibproxy
show snmp viewtree
show snmp targetaddr
show snmp targetparam
show snmp user
show snmp notif
show snmp inform statistics
show snmp-server traps
show snmp-server proxy-udp-port
344

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 10: SNMPV3
show snmp tcp
show snmp filter table
CLI USER MANUAL

345
DATACOM SYSTEMS INC
VS-2024-F
10.1 enable snmpsubagent

This command enables either snmp agent or agentx-subagent capabilities.
enable snmpsubagent { master { ip4 <ipv4_address> | ip6 <ipv6_address> }

[port <number>] }
Syntax
Description
snmpsubagent
Enables SNMP Subagent
master
The master agent address. It can be either ip4 or

ip6.
port
Port number on which master agent listens

subagent.
705
Mode
Package
Defaults
port
Example
iss(config)# enable snmpsubagent master ip4 10.0.0.5 port 897
Related Commands
show snmp agentx information - Displays global information of SNMP Agentx communications.
show snmp agentx statistics - Displays all the information regarding SNMP Agentx statistics.
346

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 10: SNMPV3
10.2 disable snmpsubagent

This command disables agentx-subagent.
disable snmpsubagent
Mode
Package
Example
iss(config)# disable snmpsubagent
Related Commands
show snmp agentx information - Displays global information of SNMP Agentx communications.
show snmp agentx statistics - Displays all the information regarding SNMP Agentx statistics.
CLI USER MANUAL

347
DATACOM SYSTEMS INC
VS-2024-F
10.3 show snmp agentx information

This command displays global information of SNMP Agentx communications.
show snmp agentx information
Mode
Package
Example
iss# show snmp agentx information

Agentx Subagent is enabled
TransportDomain
:TCP
Master IP Address :10.0.0.2

Master PortNo
348
:705

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 10: SNMPV3
10.4 show snmp agentx statistics

This command displays all the information regarding SNMP Agentx statistics.
show snmp agentx statistics
Mode
Package
Example
iss# show snmp agentx statistics

Tx Statistics
Transmitted Packets
:860
Open PDU
:1
Index Allocate PDU
:0
Index DeAllocate PDU
:0
Register PDU
:2
Add Agent Capabilities PDU
:0
Notify PDU
:0
Ping PDU
:20
Remove Agent Capabilities PDU
:0
UnRegister PDU
:0
Close PDU
:0
Response PDU
:837
Rx Statistics
Rx Packets
:859
Get PDU
:1
GetNext PDU
:836
GetBulk PDU
:0
TestSet PDU
:0
Commit PDU
:0
Cleanup PDU
:0
CLI USER MANUAL

349
DATACOM SYSTEMS INC
VS-2024-F
Undo PDU
:0
Dropped Packets
:0
Parse Drop Errors
:1
Open Fail Errors
:0
Close PDU
:0
Response PDU
:21
10.5 enable snmpagent

This command enables SNMP agent.
enable snmpagent
Mode
Package
Defaults
SNMP agent is enabled.
Example
iss(config)# enable snmpagent
Related Commands
disable snmpagent - Disables SNMP agent.
enable snmpsubagent - Enables either snmp agent or agentx-subagent capabilities.
350

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 10: SNMPV3
10.6 disable snmpagent

This command disables SNMP agent.
disable snmpagent
Mode
Package
Example
iss(config)# disable snmpagent
Related Commands
enable snmpagent - Enables SNMP agent.
enable snmpsubagent - Enables either snmp agent or agentx-subagent capabilities.
CLI USER MANUAL

351
DATACOM SYSTEMS INC
VS-2024-F
10.7 snmp community index

This command configures the SNMP community details. The no form of this command removes the
SNMP community details.
snmp community index <CommunityIndex>

<SecurityName>
[context
<Name
>]
[transporttag
<TransportTagIdentifier
<ContextEngineID>]
name <CommunityName> security

[{volatile
|
nonvolatile}]
|
none>]
[contextengineid
no snmp community index <CommunityIndex>
Syntax
Description
352
CommunityIndex
Community index identifier
name
Community name
security
User Name

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 10: SNMPV3
context
volatile
nonvolatile
transporttag
Context name through which the management

information is accessed when using the
community string specified by the corresponding
instance of SNMP community name
Storage type
Transport tag identifier
contextengineid
Context engine identifier.
Mode
Package
Defaults
Community Index
NETMAN/PUBLIC
CommunityName
NETMAN/PUBLIC
Security Name
None
ContextName
Null
Transport Tag
Null
Storage type
Volatile
Example
iss(config)# snmp community index myv3com name myv3com security

xyz context myinst nonvolatile transporttag myv3tag
The community index identifier must be unique for every community name entry.
Related Commands
show snmp - Displays the status information of SNMP communications
show snmp community - Displays the configured SNMP community details
CLI USER MANUAL

353
DATACOM SYSTEMS INC
VS-2024-F
10.8 snmp group

This command configures SNMP group details. The no form of the command removes the SNMP group
details.
snmp group <GroupName> user <UserName> security-model {v1 | v2c | v3 }

[{volatile | nonvolatile}]
no snmp group <GroupName> user <UserName> security-model {v1 | v2c | v3

}
Syntax
Description
354
GroupName
Name of the SNMP group
user
User Name
securitymodel
Security Model

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 10: SNMPV3
volatile |
nonvolatile
Storage Type
Mode
Package
Defaults
Group Name
Example
iss(config)# snmp group myv3group user myv3user securitymodel v1 volatile
iso/initial
Related Commands
show snmp group - Displays the configured SNMP groups
show snmp user - Displays the configured SNMP users
10.9 snmp access

This command configures the SNMP group access details. The no form of the command removes the
SNMP group access details.
snmp access <GroupName> {v1 | v2c | v3 {auth | noauth | priv}} [read

<ReadView | none>] [write <WriteView | none>] [notify <NotifyView |
none>] [{volatile | nonvolatile}] [context <name>]
no snmp access <GroupName> {v1 | v2c | v3 {auth | noauth | priv}}

[context <name>]
Syntax
Description
GroupName
CLI USER MANUAL

Name of the group
355
DATACOM SYSTEMS INC
VS-2024-F
v1 | v2c | v3
Version of the SNMP
auth
Authentication - Enables Message digest (MD5) or

Secure Hash Algorithm (SHA) packet authentication
noauth
no-authentication
priv
Specifies both authentication and privacy
read
A read view identifier
write
A write view identifier
notify
A notification view identifier
Storage type
Name of the SNMP context
volatile
nonvolatile
context
Mode
Package
Defaults
Group Name
iso
iso
Storage Type
volatile
Group Name
initial
restricted
Storage Type
non-volatile
Group Name
initial
Read/Write/Notify
Read/Write/Notify
356
view
View

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 10: SNMPV3
Read/Write/Notify
View
Storage Type
Example
iso
non-volatile
iss(config)# snmp access myv2group v2 read v2readview write

v2writeview notify v2notifyview nonvolatile
To configure an SNMP access along with the group, a group must have already been
created using the snmp group command
Version 3 is the most secure model as it allows packet encryption with the priv key
word
Related Commands
snmp group - Configures SNMP group details
snmp view - Configures the SNMP view
show snmp group - Displays the configured SNMP groups
show snmp group access - Displays the configured SNMP group access details
show snmp viewtree - Displays the configured SNMP Tree views
10.10
snmp engineid
This command configures the engine identifier. The no form of the command removes the configured
engine identifier.
snmp engineid <EngineIdentifier>
no snmp engineid
Syntax
Description
Mode
EngineIdentifier
Engine ID
CLI USER MANUAL

357
DATACOM SYSTEMS INC
VS-2024-F
Package
Defaults
80.00.08.1c.04.46.53
Example
iss(config)# snmp engineid 80.0.08.1c.04.5f.a9
The Engine ID must be given as octets in hexadecimal separated by dots and the
allowed length is 5 to 32 octets.
SNMP engine ID is an administratively unique identifier.
Changing the value of the SNMP engine ID has significant effects.
All the user information will be updated automatically to reflect the change
Related Commands
show snmp engineID - Displays the Engine Identifier
10.11
snmp proxy name
This command configures the proxy. The no form of the command removes the proxy.
snmp proxy name <ProxyName> ProxyType {Read | Write | inform | Trap}

ContextEngineID
<EngineId>
TargetParamsIn
<TargetParam>
TargetOut
<TargetOut> [ContextName <ProxyContextName>] [StorageType {volatile |
nonvolatile}]
no snmp proxy name <ProxyName>
358

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 10: SNMPV3
Syntax
Description
ProxyName
The locally arbitrary, but unique identifier

associated with the tProxyEntry.
This will be the INDEX used for the Proxy
Table.
ProxyType
Type of message that are forwarded using the

translation parameters. Options are:
Read
Write
Inform
Trap
ContextEngineID
Context engine identifier contained in messages

that are forwarded using the translation
parameters.
TargetParamsIn
This object selects an entry in the

snmpTargetParamsTable. The selected entry is
used to determine which row of the
snmpProxyTable is to be used for forwarding the
received messages.
TargetOut
This object selects a management target defined

in the snmpTargetAddrTable (in the SNMPTARGET-MIB). The selected target is defined by
an entry in the snmpTargetAddrTable whose
index value (snmpTargetAddrName) is equal to
this object.
This object is only used when selection of a
single target is required (that is, when
forwarding an incoming read or write
request).
ContextName
Context name contained in messages that are

forwarded using the translation parameters.
Storage Type
Storage type. Options are:
volatile
nonvolatile
Mode
Package
Defaults
Storage Type
Example
iss(config)# snmp proxy name proxy1 ProxyType write

ContextEngineID 80.00.08.1c.04.46.53 TargetParamsIn param2
TargetOut target2 ContextName pxyctxtname StorageType
nonvolatile
nonvolatile
Related Commands
CLI USER MANUAL
359
DATACOM SYSTEMS INC
VS-2024-F
show snmp proxy - Displays proxy details.
10.12
snmp mibproxy name
This command configures the proxy. The no form of the command removes the proxy.
snmp mibproxy name <ProxyName> ProxyType {Read | Write | inform | Trap}

mibid
<MibId>
TargetParamsIn
<TargetParam>
TargetOut
<TargetOut>
[StorageType {volatile | nonvolatile}]
no snmp mibproxy name <ProxyMibName>
360

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 10: SNMPV3
Syntax
Description
ProxyName
The locally arbitrary, but unique identifier

associated with the tProxyEntry.
This will be the INDEX used for the Proxy
Table.
ProxyType
Type of message that are forwarded using the

translation parameters. Options are:
Read
Write
Inform
Trap
MIB identifier.
mibid
TargetParamsIn
This
object
selects
an
entry
in
the
snmpTargetParamsTable. The selected entry is
used to determine which row of the
snmpProxyTable to use for forwarding the received
messages.
TargetOut
This object selects a management target defined

in the snmpTargetAddrTable (in the SNMPTARGET-MIB). The selected target is defined by
an entry in the snmpTargetAddrTable whose
index value (snmpTargetAddrName) is equal to
this object.
ContextName
Storage Type
This object is only used when selection of a

single target is required (that is, when
forwarding an incoming read or write
request).
Context name contained in messages that are
forwarded using the translation parameters
Storage type. Options are:
volatile
nonvolatile
Mode
Package
Defaults
Storage Type
Example
iss(config)# snmp mibproxy name mibproxy1 ProxyType read

mibid 1 TargetParamsIn param1 TargetOut target1 StorageType
nonvolatile
nonvolatile
Related Commands
show snmp mibproxy - Displays proxy details.

CLI USER MANUAL
361
DATACOM SYSTEMS INC
VS-2024-F
10.13
snmp view
This command configures the SNMP view. The no form of the command removes the SNMP view.
snmp view <ViewName> <OIDTree> [mask <OIDMask>] {included | excluded}

[{volatile | nonvolatile}]
no snmp view <ViewName> <OIDTree>
362

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 10: SNMPV3
Syntax
Description
ViewName
View Name
OIDTree
Object Identifier
OIDMask
none
Defines views' subtrees
included
excluded
Type of view
volatile |
nonvolatile
Type of storage
Mode
Package
Defaults
View Name
iso/restricted
OIDTree
OIDMask
None
View type
included
Storage type
non-volatile
Example
iss(config)# snmp view v2readview 1.3.6.1 mask 1.1.1.1 included

nonvolatile
To configure an SNMP view (read/write/notify), a group must have already been created
using the snmp group command and SNMP group access must be configured using the
snmp access command.
Related Commands
snmp access - Configures the SNMP group access details
show snmp viewtree - Displays the configured SNMP Tree views
show snmp group access - Displays the configured SNMP group access details
CLI USER MANUAL

363
DATACOM SYSTEMS INC
VS-2024-F
10.14
snmp targetaddr
This command configures the SNMP target address. The no form of the command removes the
configured SNMP target address.
snmp targetaddr <TargetAddressName> param <ParamName> {<IPAddress> |

<IP6Address>} [timeout <Seconds(1-1500)] [retries <RetryCount(1-3)]
[taglist <TagIdentifier | none>] [{volatile | nonvolatile}] [port
<integer (1-65535)>]
364

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 10: SNMPV3
no snmp targetaddr <TargetAddressName>
Syntax
Description
TargetAddressName
Name of the Target address (host)
param
SNMP parameter Name
IPAddress/
IP6Address
IP/IP6 Address of the host
timeout
The time the SNMP agent waits for a response from

the SNMP Manager before retransmitting the Inform
Request Message
retries
The Maximum number of times the agent can

retransmit the Inform Request Message
taglist
Tag Identifier
Storage type
SNMP Manager port number for sending the

TRAP/INFORM messages to SNMP Manager. This
value ranges between 1 and 65535.
volatile
nonvolatile
port
Mode
Package
Defaults
ParamName
Internet
IPAddress
10.0.0.10
taglist
snmp
volatile | nonvolatile
volatile
port
162
CLI USER MANUAL

365
DATACOM SYSTEMS INC
VS-2024-F
Example
iss(config)# snmp targetaddr issmgr param issd 10.0.0.10 taglist

mytag nonvolatile
Target param must have been configured.
Related Commands
show snmp targetaddr - Displays the configured SNMP target Addresses
snmp targetparams - Configures the SNMP target parameters
show snmp targetparam - Displays the configured SNMP Target Address Params
10.15
snmp targetparams
This command configures the SNMP target parameters. The no form of the command removes the SNMP
target parameters.
snmp targetparams <ParamName> user <UserName> security-model {v1 | v2c |

v3 {auth | noauth | priv}} message-processing {v1 | v2c | v3} [{volatile
366

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 10: SNMPV3
| nonvolatile}] [filterprofile-name <profilename> ] [filter-storagetype

{volatile | nonvolatile}]
no snmp targetparams <ParamName>
Syntax
Description
ParamName
SNMP Parameter Name
user
User Name
security-model
Security Model
auth
Authentication - Enables Message digest (MD5) or

Secure Hash Algorithm (SHA) packet authentication
noauth
no-authentication
priv
Specifies both authentication and privacy
messageprocessing
Message processing model
Storage type
filterprofilename
Name of the filter profile to be used for the specified

target address.
filterstoragetype
Storage type for the filter. This can be:
volatile
nonvolatile
volatile - Temporary storage. Details are lost once

restarted.
nonvolatile - Permanent storage. Details are

present even after restart.
Mode
Package
Defaults
ParamName
User/Security
Name
CLI USER MANUAL

internet
None
367
DATACOM SYSTEMS INC
VS-2024-F
Security Model
v2c
Security Level
NoauthNoPriv
v2c
Storage Type
Non-volatile
ParamName
test1
User/Security Name
None
Security Model
v1
Security Level
NoauthNoPriv
v1
Non-volatile
Message
Model
Message
Model
Processing
Processing
Storage Type
Example
iss(config)# snmp targetparams param1 user user1 security-model

v3 noauth message-processing v3
User information must have been configured prior to the configuration of SNMP target
parameters
Related Commands
snmp user - Configures the SNMP user details
snmp filterprofile - Creates Notify filter Table
show snmp targetparam - Displays the configured SNMP Target Address Params
show snmp user - Displays the configured SNMP users.
10.16
snmp user
This command configures the SNMP user details. The no form of the command removes the SNMP user
details.
368

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 10: SNMPV3
snmp user <UserName> [auth {md5 | sha} <passwd> [priv DES <passwd>]]
[{volatile | nonvolatile}] [EngineId <EngineID>]
no snmp user <UserName> [EnginId <EngineID>]
Syntax
Description
UserName
Name of the User
auth
Authentication Algorithm - can be Message Digest 5

or Secure Hash Algorithm
passwd
Password associated with the Authentication type
priv DES
Private encryption password
volatile |
nonvolatile
Storage type - can be either volatile or non-volatile
EngineId
SNMP engine identifier
Mode
Package
Defaults
UserName
Initial
Authentication Protocol
None
Privacy Protocol
None
Storage type
Non-volatile
Storage type
Non-volatile
Example
iss(config)# snmp user user1
SNMP passwords are localized using the local SNMP engine ID
CLI USER MANUAL

369
DATACOM SYSTEMS INC
VS-2024-F
Related Commands
show snmp engineID - Displays the Engine Identifier
10.17
370
snmp notify

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 10: SNMPV3
This command configures the SNMP notification details. The no form of this command removes the
SNMP notification details.
snmp notify <NotifyName> tag <TagName> type {Trap | Inform} [{volatile |

nonvolatile}]
no snmp notify <NotifyName>
Syntax
Description
NotifyName
Notification Name
tag
Tag Name
type
Type of Notification
volatile |
nonvolatile
Storage type of the notification details
Mode
Package
Defaults
Notify Name
iss/iss1
Notify Tag
iss/iss1
Storage type
volatile
Example
iss(config)# snmp notify note1 tag tag1 type Inform
Related Commands
show snmp notif - Displays the configured SNMP Notifications
show snmp targetaddr - Displays the configured SNMP target Addresses
CLI USER MANUAL

371
DATACOM SYSTEMS INC
VS-2024-F
10.18
snmp filterprofile
This command creates Notify filter Table. The no form of the command removes the filter entry from the
table.
snmp filterprofile <profile-name> <OIDTree> [mask <OIDMask>] {included |

excluded} [{volatile | nonvolatile}]
no snmp filterprofile <profilename> <OIDTree>
Syntax
Description
profilename
Name of the filter profile.
OIDTree
Object Identifier
mask
<OIDMask>
Defines a family of subtrees, in combination with the

object identifier.
Type of filter. This indicates whether the OID and mask

should be included in or excluded from the fileter
profile.
volatile |
nonvolatile
Storage type.
included
excluded
volatile - Temporary storage. Details are lost once

restarted.
nonvolatile - Permanent storage. Details are

present even after restart.
Mode
Package
Example
iss(config)# snmp filterprofile filter1 1.5 mask 1.1 included

nonvolatile
Related Commands
show snmp filter table - Displays the configured SNMP filters
372

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 10: SNMPV3
10.19
This command enables generation of authentication traps for SNMPv1 and SNMPv2c. The no form of the
command disables generation of authentication traps for SNMPv1 and SNMPv2c.
no snmp-server enable traps snmp authentication
Mode
Package
Defaults
Generation of authentication traps is disabled by default.
Example
iss(config)# snmp-server enable traps snmp authentication
CLI USER MANUAL

373
DATACOM SYSTEMS INC
VS-2024-F
10.20
snmp-server trap udp-port
This command configures the udp port over which agent sends the trap. The no form of the command
configures the snmp agent to sent trap on default udp port.
snmp-server trap udp-port <port>
no snmp-server trap udp-port
Syntax
Description
port
Port number
Mode
Package
Example
iss(config)# snmp-server trap udp-port 1234
Related Commands
show snmp notif - Displays the configured SNMP Notification types.
374

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 10: SNMPV3
10.21
snmp-server trap proxy-udp-port
This command configures the udp port over which agent sends the trap. The no form of the command
configures the snmp agent to sent trap on default udp port.
snmp-server trap proxy-udp-port <port>
no snmp-server trap proxy-udp-port
Syntax
Description
port
Port number
Mode
Package
Defaults
162
Example
iss(config)# snmp-server trap proxy-udp-port 162
Related Commands
show snmp-server proxy-udp-port - Displays the proxy udp port.
CLI USER MANUAL

375
DATACOM SYSTEMS INC
VS-2024-F
10.22
snmp agent port
This command configures the agent port on which agent listens.
snmp agent port <port>
Syntax
Description
port
Port number. This value ranges between 1 and 65535.
Mode
Package
Defaults
161
Example
iss(config)# snmp agent port 100
Related Commands
show snmp - Displays the status information of SNMP communications
376

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 10: SNMPV3
10.23
snmp tcp enable
This command enables sending snmp messages over tcp. The no form of the command disables sending
snmp messages over tcp.
snmp tcp enable
no snmp tcp enable
Mode
Package
Defaults
Disabled
Example
iss(config)# snmp tcp enable
Related Commands
show snmp tcp - Displays the configuration for snmp over tcp.
CLI USER MANUAL

377
DATACOM SYSTEMS INC
VS-2024-F
10.24
This command enables sending snmp trap messages over tcp. The no form of the command disables
sending snmp trap messages over tcp.
no snmp trap tcp enable
Mode
Package
Defaults
Disabled
Example
iss(config)# snmp trap tcp enable
Related Commands
378

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 10: SNMPV3
10.25
snmp-server tcp-port
This command configures the tcp port over which agent sends the snmp message. The no form of the
command configures the snmp agent to sent snmp message on default tcp port.
snmp-server tcp-port <port>
no snmp-server tcp-port
Syntax
Description
port
Port number
Mode
Package
Defaults
161
Example
iss(config)# snmp-server tcp-port 161
Related Commands
CLI USER MANUAL

379
DATACOM SYSTEMS INC
VS-2024-F
10.26
snmp-server trap tcp-port
This command configures the tcp port over which agent sends the trap. The no form of the command
configures the snmp agent to sent trap on default tcp port.
snmp-server trap tcp-port <port>
no snmp-server trap tcp-port
Syntax
Description
port
Port number
Mode
Package
Defaults
162
Example
iss(config)# snmp-server trap tcp-port 162
Related Commands
380

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 10: SNMPV3
10.27
snmp-server enable traps
This command enables generation of a particular trap. The no form of the command disables generation
of a particular trap.
snmp-server enable traps {[firewall-limit] [linkup] [linkdown] [sipstates]

[sip-cfg-change]
[coldstart]
[poe-power]
[dhcp-pool-limit]
[dsx1-line]}
no snmp-server enable traps {[firewall-limit] [linkup] [linkdown] [sipstates]

[sip-cfg-change]
[coldstart]
[poe-power]
[dhcp-pool-limit]
[dsx1-line]}
Syntax
Description
firewalllimit
Firewall attack summary trap
linkup
Linkup trap
linkdown
Linkdown trap
sip-states
SIP states trap
sip-cfgchange
SIP configuration change trap
coldstart
Coldstart trap
poe-power
Power on Ethernet trap
dhcp-poollimit
DHCP Server pool limit trap
dsx1-line
DSX1 line trap
Mode
Package
Example
iss(config)# snmp-server enable traps firewall-limit
Related Commands
show snmp-server traps - Displays the set of traps that are currently enabled.
CLI USER MANUAL

381
DATACOM SYSTEMS INC
VS-2024-F
10.28
show snmp
This command displays the status information of SNMP communications.
show snmp
Mode
Package
Example
iss# show snmp

0 SNMP Packets Input
0 Bad SNMP Version errors
0 Unknown community name
0 Get request PDUs
0 Get Next PDUs
0 Set request PDUs
0 SNMP Packets Output

0 Too big errors
0 No such name errors
0 Bad value errors
0 General errors
0 Trap PDUs
0 SNMP Rollback failures
SNMP Manager-role output packets

0 Drops
SNMP Informs:
0 Inform Requests generated
382

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 10: SNMPV3
0 Inform Responses received

0 Inform messages Dropped
0 Inform Requests awaiting Acknowledgement
SNMP Trap Listen Port is 162
snmp agent port : 170
Related Command
snmp agent port - Configures the agent port on which agent listens
10.29
show snmp community
This command displays the configured SNMP community details.
show snmp community
Mode
Package
CLI USER MANUAL

383
DATACOM SYSTEMS INC
VS-2024-F
Example
iss# show snmp community

Community Index: NETMAN
Community Name: NETMAN
Security Name: none
Context Name:
Transport Tag:
Storage Type: volatile
Row Status: active
-----------------------------Community Index: PUBLIC
Community Name: PUBLIC
Security Name: none
Context Name:
Transport Tag:
Row Status: active
Related Command
snmp community index - Configures the SNMP community details
10.30
show snmp group
This command displays the configured SNMP groups.
384

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 10: SNMPV3
show snmp group
Mode
Package
Example
iss# show snmp group

Security Model: v1
Security Name: none
Group Name: iso
Row Status: active
-----------------------------Security Model: v2c
Security Name: none
Group Name: iso
Row Status: active
-----------------------------Security Model: v3
Security Name: initial
Group Name: initial
Storage Type: nonVolatile
Row Status: active
-----------------------------Security Model: v3
Security Name: templateMD5
Group Name: initial
Row Status: active
-----------------------------Security Model: v3
Security Name: templateSHA
Group Name: initial
Row Status: active
CLI USER MANUAL

385
DATACOM SYSTEMS INC
VS-2024-F
Related Commands
snmp group - Configures the SNMP group details
10.31
This command displays the configured SNMP group access details.
Mode
Package
Example
iss# show snmp group access

Group Name: iso
Read View: iso
Write View: iso
Notify View: iso
Row Status: active
-----------------------------Group Name: iso
Read View: iso
Write View: iso
Notify View: iso
Row Status: active
-----------------------------Group Name: initial
Read View: restricted
Write View: restricted
Notify View: restricted
386

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 10: SNMPV3
Row Status: active

-----------------------------Group Name: initial
Read View: iso
Write View: iso
Notify View: iso
Row Status: active
Related Commands
snmp access - Configures the SNMP group access details
10.32
show snmp engineID
This command displays the Engine Identifier.
show snmp engineID
Mode
Package
Example
iss# show snmp engineID

EngineId: 80.00.08.1c.04.46.53
Related Command
snmp engineid - Configures the engine identifier
CLI USER MANUAL

387
DATACOM SYSTEMS INC
VS-2024-F
10.33
show snmp proxy
This command displays proxy details.
show snmp proxy
Mode
Package
388

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 10: SNMPV3
Example
iss# show snmp proxy

Proxy Name
: PROXY1
Proxy ContextEngineID
: 80.00.08.1c.04.46.54
Proxy ContextName
Proxy TargetParamIn
: param1
Proxy SingleTargetOut
: Tgt1
Proxy MultipleTargetOut
Proxy Type
: Read
Storage Type
: Non-volatile
Row Status
: Active
---------------------------------------------------Proxy Name
: PROXY2
Proxy ContextEngineID
: 80.00.08.1c.04.46.54
Proxy ContextName
Proxy TargetParamIn
: param1
Proxy SingleTargetOut
: Tgt1
Proxy MultipleTargetOut
Proxy Type
: Write
Storage Type
: Non-volatile
Row Status
: Active
----------------------------------------------------
Related Command
snmp proxy name - Configures the proxy.
10.34
show snmp mibproxy
This command displays proxy details.

CLI USER MANUAL
389
DATACOM SYSTEMS INC
VS-2024-F
show snmp mibproxy
Mode
Package
Example
iss# show snmp mibproxy

Prop Proxy Name
: proxy1
Prop MibID
: 2
Prop Proxy TargetParamIn
: param1
Prop Proxy SingleTargetOut
: target1
Prop Proxy MultipleTargetOut
Prop Proxy Type
: Read
Prop Storage Type
: Non-volatile
Prop Row Status
: Active
----------------------------------------------------
Related Command
snmp mibproxy name - Configures the proxy.
390

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 10: SNMPV3
10.35
show snmp viewtree
This command displays the configured SNMP Tree views.
show snmp viewtree
Mode
Package
Example
iss# show snmp viewtree

View Name: iso
Subtree OID: 1
Subtree Mask:
View Type: included
Row Status: active
-----------------------------View Name: restricted
Subtree OID: 1
Subtree Mask:
View Type: included
Row Status: active
------------------------------
Related Command
CLI USER MANUAL

391
DATACOM SYSTEMS INC
VS-2024-F
10.36
This command displays the configured SNMP target Addresses.
Mode
Package
Example
iss# sh snmp targetaddr

Target Address Name : ht231
IP Address
: 12.0.0.100
Port
: 150
Tag List
: tg231
Parameters
: pa231
Storage Type
: Non-volatile
Row Status
: Active
-----------------------------Related Commands
snmp targetaddr - Configures the SNMP target address
snmp notify - Configures the SNMP notification details
392

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 10: SNMPV3
10.37
This command displays the configured SNMP Target Address Params.
Mode
Package
Example
iss# sh snmp targetparam

Target Parameter Name
: internet
Message Processing Model : v2c

Security Model
: v2c
Security Name
: none
Security Level
: No Authenitcation, No Privacy
Storage Type
: Non-volatile
Row Status
: Active
Filter Profile Name
: None
Row Status
: Active
-----------------------------Target Parameter Name
: pa231
Message Processing Model : v3

Security Model
: v3
Security Name
: u231
Security Level
Storage Type
: Volatile
CLI USER MANUAL

393
DATACOM SYSTEMS INC
VS-2024-F
Row Status
: Active
Filter Profile Name
: filter1
Row Status
: Active
-----------------------------Target Parameter Name
: test1
Message Processing Model : v2c

Security Model
: v1
Security Name
: none
Security Level
Storage Type
: Non-volatile
Row Status
: Active
Filter Profile Name
: None
Row Status
: Active
------------------------------
Related Commands
10.38
show snmp user
This command displays the configured SNMP users.
show snmp user
Mode
Package
Example
iss# show snmp user

Engine ID: 80.00.08.1c.04.46.53
User: initial
Authentication Protocol: none
Privacy Protocol: none
394

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 10: SNMPV3
Row Status: active

-----------------------------Engine ID: 80.00.08.1c.04.46.53
User: templateMD5
Authentication Protocol: MD5
Privacy Protocol: none
Row Status: active
-----------------------------Engine ID: 80.00.08.1c.04.46.53
User: templateSHA
Authentication Protocol: SHA
Privacy Protocol: DES_CBC
Row Status: active
------------------------------
Related Commands
show snmp community - Displays the configured SNMP community details
10.39
show snmp notif
This command displays the configured SNMP Notification types.
show snmp notif
CLI USER MANUAL

395
DATACOM SYSTEMS INC
VS-2024-F
Mode
Package
Example
iss# show snmp notif

Notify Name: iss
Notify Tag: iss
Notify Type: trap
Row Status: active
-----------------------------Notify Name: iss1
Notify Tag: iss1
Notify Type: trap
Row Status: active
Related Commands
snmp notify - Configures the SNMP notification details
396

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 10: SNMPV3
10.40
This command displays the inform message statistics.
Mode
Package
Example
iss# show snmp inform statistics

Target Address Name
: issmanager
IP Address
: 10.0.0.10
Inform messages sent : 20

Acknowledgement awaited for : 2 Inform messages
Inform messages dropped : 0
Acknowledgement failed for : 0 Inform messages
Informs retransmitted: 0
Inform responses received: 18
SNMP Manager must have been configured and Inform type notifications
must have been generated.
CLI USER MANUAL

397
DATACOM SYSTEMS INC
VS-2024-F
10.41
This command displays the set of traps that are currently enabled.
Mode
Package
Example
iss# show snmp-server traps

Currently enabled traps:
-----------------------linkup,linkdown,
Related Command
snmp-server enable traps - Enables generation of a particular trap.
398

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 10: SNMPV3
10.42
This command displays the proxy udp port.
Mode
Package
Example
iss# show snmp-server proxy-udp-port

snmp-server proxy-udp-port : 162
Related Command
snmp-server trap proxy-udp-port - Configures the udp port over which agent sends the trap.
CLI USER MANUAL

399
DATACOM SYSTEMS INC
VS-2024-F
10.43
show snmp tcp
This command displays the configuration for snmp over tcp.
show snmp tcp
Mode
Package
Example
iss# show snmp tcp

snmp over tcp disabled
snmp trap over tcp disabled
snmp listen tcp port 161
Snmp listen tcp trap port 162
Related Command
snmp tcp enable Enables sending snmp messages over tcp.
snmp trap tcp enable - Enables sending snmp trap messages over tcp.
snmp-server tcp-port Configures the tcp port over which agent sends the snmp message.
snmp-server trap tcp-port - Configures the tcp port over which agent sends the trap.
400

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 10: SNMPV3
10.44
This command displays the configured SNMP filters.
Mode
Package
Example
iss# show snmp filter table

Filter Name
: filter1
Subtree OID
: 1.5
Subtree Mask : 1.1

Filter Type
: Included
Storage Type : Non-volatile

Row Status
: Active
------------------------------
Related Command
snmp filterprofile - Creates Notify filter Table
CLI USER MANUAL

401
VS-2024-F
DATACOM SYSTEMS INC
Chapter
12
11.SNTP
The SNTP (Simple Network Time Protocol) module is used to synchronize the time and date in ISS by
contacting the SNTP Server. It supports different time zones, where the user can set the required time
zone.
The following are the list of SNTP commands:
sntp
set sntp client
set sntp client version
set sntp client addressing mode
set sntp client port
set sntp client clock-format
set sntp time zone
set sntp client clock-summer-time
set sntp client authentication-key
set sntp unicast-server auto-discovery
set sntp unicast-poll-interval
set sntp unicast-max-poll-timeout
set sntp unicast-max-poll-retry
set sntp unicast-server
set sntp broadcast-mode send-request
set sntp broadcast-poll-timeout
set sntp broadcast-delay-time
402

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 11: SNTP
set sntp multicast-mode send-request
set sntp multicast-poll-timeout
set sntp multicast-delay-time
set sntp multicast-group-address
set sntp anycast-poll-interval
set sntp anycast-poll-timeout
set sntp anycast-poll-retry-count
set sntp anycast-server
set sntp client clock-format
show sntp status
show sntp unicastmode status
show sntp broadcastmode status
show sntp multicastmode status
show sntp anycastmode status
debug sntp
CLI USER MANUAL

403
DATACOM SYSTEMS INC
VS-2024-F
11.1 sntp
This command enters SNTP configuration mode.
sntp
Mode
Profile configuration mode
Package
Example
iss(config)# sntp
iss(config-sntp)#
404

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 11: SNTP
11.2 set sntp client

This command enables or disables SNTP client module.
set sntp client {enabled | disabled}
Syntax
Description
enabled
Enables the SNTP client module
disabled
Disables the SNTP client module
Mode
SNTP Configuration Mode
Package
Defaults
disabled
Example
iss(config-sntp)# set sntp client enabled
SNTP client should be enabled
Related Command
show sntp status: Displays SNTP status
CLI USER MANUAL

405
DATACOM SYSTEMS INC
VS-2024-F
11.3 set sntp client version

This command sets the operating version of the SNTP for the client.
set sntp client version { v1 | v2 | v3 | v4 }
Syntax
Description
v1
SNTP Version 1
v2
SNTP Version 2
v3
SNTP Version 3
v4
SNTP Version 4
Mode
Package
Defaults
v4
Example
iss(config-sntp)# set sntp client version v3
Related Command
406

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 11: SNTP
11.4 set sntp client addressing mode

This command sets the addressing mode of SNTP client as either unicast, multicast, broadcast, anycast.
set sntp client addressing-mode { unicast | broadcast | multicast |

anycast }
Syntax
Description
unicast
Sets the addressing mode of SNTP client

as unicast.
broadcast

as broadcast.
multicast
anycast

as multicast

as anycast.
Mode
Package
Defaults
unicast
Example
iss(config-sntp)# set sntp client addressing-mode

unicast
Related Command
show sntp anycastmode status Displays the SNTP anycast mode status
show sntp broadcastmode status Displays the SNTP broadcast mode status
show sntp multicastmode status Displays the SNTP multicast mode status
show sntp unicastmode status - Displays the SNTP Unicast Mode status
CLI USER MANUAL

407
DATACOM SYSTEMS INC
VS-2024-F
11.5 set sntp client port

This command sets the listening port for SNTP client greater than 1024 as below 1024 are reserved.
Therefore the configurable listening port for SNTP client starts at 1025.The no form of command deletes
the listening port for SNTP client and sets the default value.
set sntp client port <portno(1025-65535)>
no sntp client port
Syntax
Description
port no
Listening port for SNTP client
Mode
Package
Defaults
123
Example
iss (config-sntp)# set sntp client port 1026
Related commands
408

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 11: SNTP
11.6 set sntp client clock-format

This command sets the system clock format as AM PM format or HOURS format.
set sntp client clock-format {ampm | hours}
Syntax
Description
am-pm
Sets the system clock in am/ pm format
hours
Sets the system clock in 24 hours format
Mode
Package
Default
hours
Example
iss (config-sntp)# set sntp client clock-format ampm
SNTP clock format configuration in the Switch:
Date Hours, Minutes, Seconds, Date Month and Year
Month Jan, Feb, Mar..
Year - yyyy
Related Command
show sntp clock - Displays the current time.
CLI USER MANUAL

409
DATACOM SYSTEMS INC
VS-2024-F
11.7 set sntp time zone

This command sets the system time zone with respect to UTC. The no form of command resets the
system time zone to GMT.
set sntp client time-zone <+/- UTC TimeDiff in Hrs:UTC TimeDiff in Min>
Eg: +05:30
no sntp client time-zone
Syntax
Description
+/-
After or before UTC
UTCTimeDiff
in Hrs
UTC Time difference in hours
UTC TimeDiff
in Min
UTC Time difference in minutes
Mode
Package
Example
iss(config-sntp)# set sntp client time-zone +05:30
SNTP server must be enabled prior to the execution of this command.
Related Command
410

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 11: SNTP
11.8 set sntp client clock-summer-time

This command enables the Daylight Saving Time. The no form of the command disables the Daylight
Saving Time.
set sntp client clock-summer-time <week-day-month,hh:mm> <week-daymonth,hh:mm> Eg: set sntp client clock-summer-time First-Sun-Mar,05:10
Second-Sun-Nov,06:1
0
no sntp client clock summer-time
Syntax
Description
week-daymonth
hh:mm
Week First, Second, Third, Fourth or Last week of month.

Day Sunday, Monday, Tuesday, Wednesday, Thursday,
Friday or Saturday.
Month: January, February, March, April, May, June, July,
August, September, October, November or December.
Time in hours and minutes
Mode
Package
Example
iss(config-sntp)# set sntp client clock-summer-time First-SunJan,12:12 Second-Sun-Mar,12:12
Related Commands:
CLI USER MANUAL

411
DATACOM SYSTEMS INC
VS-2024-F
11.9 set sntp client authentication-key

This command sets the authentication parameters. The no form of the command disables authentication.
set sntp client authentication-key <key-id> md5 <key>
no sntp client authentication
Syntax
Description
key-id
Key Identifier (integer value). Range is 1 65535.
md5
Message Digest Algorithm
key
Key value (string value)
Mode
Package
Example
iss(config-sntp)# set sntp client authentication-key 123

md5 DatacomSystems
Related Command
412

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 11: SNTP
11.10
set sntp unicast-server auto-discovery
This command configures SNTP client status of auto-discovery of server.
set sntp unicast-server auto-discovery {enabled | disabled}
Syntax
Description
enabled
Enables the auto discovery of server
disabled
Disables the auto discovery of server
Mode
Package
Defaults
disabled
Example
iss(config-sntp)# set sntp unicast-server auto-discovery

enabled
SNTP client addressing mode should be unicast
Related Command
CLI USER MANUAL

413
DATACOM SYSTEMS INC
VS-2024-F
11.11
set sntp unicast-poll-interval
This command configures SNTP client poll interval.
set sntp unicast-poll-interval <value (16-16284) seconds>
Syntax
Description
value
Poll interval value in seconds.
Mode
Package
Default
64
Example
iss(config-sntp)# set sntp unicast-poll-interval 50
Related Command
414

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 11: SNTP
11.12
set sntp unicast-max-poll-timeout
This command configures SNTP client maximum poll interval timeout.
set sntp unicast-max-poll-timeout <value (1-30) seconds>
Syntax
Description
value
Maximum poll interval time out value in seconds.
Mode
Package
Default
Example
iss(config-sntp)# set sntp unicast-max-poll-timeout 25
Related Command
CLI USER MANUAL

415
DATACOM SYSTEMS INC
VS-2024-F
11.13
set sntp unicast-max-poll-retry
This command configures SNTP client maximum retry poll count.
set sntp unicast-max-poll-retry <value (1-10) times>
Syntax
Description
value
Maximum retry poll count value
Mode
Package
Default
Example
iss(config-sntp)# set sntp unicast-max-poll-retry 10
Related Command
416

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 11: SNTP
11.14
set sntp unicast-server
This command configures SNTP unicast server attributes. The no form of command deletes the sntp
unicast server attributes and sets to default.
set sntp unicast-server {ipv4 <ucast_addr> | ipv6 <ip6_addr>} [{primary

| Secondary}] [{version3 | version 4}] [<portid(1025-36564)>]
no sntp unicast-server {ipv4 <ucast_addr> | ipv6 <ip6_addr>}
Syntax
Description
ipv4, ipv6
Primary/
secondary
Primary/ Secondary NTP servers
Port-id
Port identifier
Mode
Package
Example
iss(config-sntp)# set sntp unicast-server ipv4 12.0.0.100 Primary

3 1234
Related Command
CLI USER MANUAL

417
DATACOM SYSTEMS INC
VS-2024-F
11.15
set sntp broadcast-mode send-request
This command sets the status of sending the request for knowing the delay.
set sntp broadcast-mode send-request {enabled | disabled}
Syntax
Description
enabled
When enabled the SNTP request packet is sent to

broadcast server to calculate the actual delay.
disabled
When disabled no SNTP request packet is sent out to

broadcast server instead default value for the delay is
taken.
Mode
Package
Defaults
disabled
Example
iss(config-sntp)# set sntp broadcast-mode send-request enabled
SNTP client addressing mode should be broadcast
Related Command
418

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 11: SNTP
11.16
set sntp broadcast-poll-timeout
This command configures SNTP client poll interval in broadcast mode.
set sntp broadcast-poll-timeout [<value (1-30) seconds>]
Syntax
Description
value
Poll interval time out value in seconds for broadcast mode
Mode
Package
Default
Example
iss(config-sntp)# set sntp broadcast-poll-timeout 30
Related Command
CLI USER MANUAL

419
DATACOM SYSTEMS INC
VS-2024-F
11.17
set sntp broadcast-delay-time
This command configures SNTP delay time in broadcast mode.
set sntp broadcast-delay-time [<value (1000-15000) microseconds>]
Syntax
Description
value
Delay time value in micro seconds in broadcast mode
Mode
Package
Default
8000
Example
iss(config-sntp)# set sntp broadcast-delay-time 2000
Related Command
420

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 11: SNTP
11.18
set sntp multicast-mode send-request
This command sets the status of sending the request for knowing the delay.
set sntp multicast-mode send-request {enabled | disabled}
Syntax
Description
enabled
When enabled the SNTP request packet is sent to

broadcast server to calculate the actual delay.
disabled
When disabled no SNTP request packet is sent out to

broadcast server instead default value for the delay is
taken.
Mode
Package
Defaults
disabled
Example
iss(config-sntp)# set sntp multicast-mode send-request enabled
SNTP client addressing mode should be multicast
Related Command
CLI USER MANUAL

421
DATACOM SYSTEMS INC
VS-2024-F
11.19
set sntp multicast-poll-timeout
This command configures SNTP client poll interval in multicast mode.
set sntp multicast-poll-timeout [<value (1-30) seconds>]
Syntax
Description
value
Poll interval time out value in seconds in multicast mode
Mode
Package
Default
Example
iss(config-sntp# set sntp multicast-poll-timeout 10
Related Command
422

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 11: SNTP
11.20
set sntp multicast-delay-time
This command configures SNTP delay time in multicast mode.
set sntp multicast-delay-time [<value (1000-15000) microseconds>]
Syntax
Description
value
Delay time value in micros seconds in multicast mode
Mode
Package
Default
8000
Example
iss(config-sntp)# set sntp multicast-delay-time 2000
Related Command
CLI USER MANUAL

423
DATACOM SYSTEMS INC
VS-2024-F
11.21
set sntp multicast-group-address
This command configures SNTP multicast group address.
set sntp multicast-group-address {ipv4 {<mcast_addr> | default} | ipv6

{<ipv6_addr> | default}}
Syntax
Description
ipv4, ipv6
Version4, Version 6 multicast group address
Mode
Package
Example
iss(config-sntp)# set sntp multicast-group-address ipv4

224.1.1.10.
Related Command
424

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 11: SNTP
11.22
set sntp anycast-poll-interval
This command configures SNTP client poll interval in anycast mode.
set sntp anycast-poll-interval [<value (16-16284) seconds>]
Syntax
Description
value
Poll interval value in seconds in anycast mode.
Mode
Package
Default
64
Example
iss(config-sntp)# set sntp anycast-poll-interval 20
SNTP client addressing mode should be anycast
Related Command
CLI USER MANUAL

425
DATACOM SYSTEMS INC
VS-2024-F
11.23
set sntp anycast-poll-timeout
This command configures SNTP client poll timeout in anycast mode.
set sntp anycast-poll-timeout [<value (1-30) seconds>]
Syntax
Description
value
Poll interval time out value in seconds in anycast mode
Mode
Package
Default
Example
iss(config-sntp)# set sntp anycast-poll-timeout 10
Related Command
426

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 11: SNTP
11.24
set sntp anycast-poll-retry-count
This command configures SNTP poll retries in anycast mode.
set sntp anycast-poll-retry-count [<value (1-10)>]
Syntax
Description
value
Maximum retry poll count value in anycast mode
Mode
Package
Default
Example
iss(config-sntp)# set sntp anycast-poll-retry-count 5
Related Command
CLI USER MANUAL

427
DATACOM SYSTEMS INC
VS-2024-F
11.25
set sntp anycast-server
This command configures SNTP multicast or broadcast server address in anycast mode.
set sntp anycast-server { broadcast | multicast {ipv4 [<ipv4_addr>]

|ipv6 [<ip6_addr>]} }
Syntax
Description
broadcast
Configures SNTP broadcast server address in anycast

mode
multicast
Configures SNTP multicast server address in anycast

mode.
ipv4,ipv6
Version 4, Version 6
ipv4 addr, ip6

addr
Version 4/ Version 6 any cast address
Mode
Package
Example
iss(config-sntp)# set sntp anycast-server ipv4 12.0.0.100
Related Command
428

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 11: SNTP
11.26
show sntp clock
This command displays the current time.
show sntp clock
Mode
User EXEC Mode
Package
Example
iss# show sntp clock

current time : Sat Jan
01 2000 00:07:04
(UTC +
0: 0 )
Related Command
Error! Reference source not found.: Displays the system date and time.
CLI USER MANUAL

429
DATACOM SYSTEMS INC
VS-2024-F
11.27
show sntp status
This command displays SNTP status.
show sntp status
Mode
User EXEC Mode
Package
Example
iss# show sntp status

sntp client is enabled
current sntp client version is v4
current sntp client addressing mode is unicast
sntp client port is 123
sntp client clock format is 24 hours
sntp client authenticatin key id is 5
sntp client authentication algorithm is md5
sntp client auth Key is DatacomSystems
sntp client time zone is
+ 05:30
sntp client dst start time is not set

sntp client dst end time is not set
Related Command
430
show sntp unicastmode status Displays the SNTP Unicast Mode status
CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 11: SNTP
show sntp multicastmode status - Displays the SNTP multicast mode status
show sntp anycastmode status - Displays the SNTP anycast mode status
11.28
show sntp unicastmode status
This command displays the SNTP Unicast Mode status.
show sntp unicast-mode status
Mode
User EXEC Mode
Package
Example
iss# show sntp unicast-mode status

auto discovery of sntp/ntp servers is disabled
unicast poll interval value is 50
unicast max poll time out value is 25
unicast max retry time value is 10
unicast primary server address is 12.0.0.100
unicast primary server version is 3
unicast primary server port is 1234
Related Command
CLI USER MANUAL

431
DATACOM SYSTEMS INC
VS-2024-F
set sntp unicast-server auto-discovery - Configures SNTP client status of auto-discovery

of server
set sntp unicast-poll-interval - Configures SNTP client poll interval
set sntp unicast-max-poll-timeout - Configures SNTP client maximum poll interval timeout
set sntp unicast-max-poll-retry - Configures SNTP client maximum retry poll count
11.29
show sntp broadcastmode status
This command displays the SNTP broadcast mode status.
show sntp broadcast-mode status
Mode
User EXEC Mode
Package
Example
iss# show sntp broadcast-mode status

send sntp request to server in broadcast mode is disabled
broadcast poll time out value is 5
broadcast delay time value is 8000
broadcast sntp server is 12.0.0.100
Related Command
432

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 11: SNTP
set sntp broadcast-mode send-request - Sets the status of sending the request for knowing
the delay
set sntp broadcast-poll-timeout - Configures SNTP client poll interval in broadcast mode
set sntp broadcast-delay-time - Configures SNTP delay time in broadcast mode
11.30
show sntp multicastmode status
This command displays the SNTP multicast mode status.
show sntp multicast-mode status
Mode
User EXEC Mode
Package
CLI USER MANUAL

433
DATACOM SYSTEMS INC
VS-2024-F
Example
iss# show sntp multicast-mode status

send sntp request to server in multicast mode is disabled
multicast poll time out value is 5
multicast delay time value is 8000
multicast group address is 12.0.0.100
Related Command
set sntp multicast-mode send-request - Sets the status of sending the request for knowing
the delay
set sntp multicast-poll-timeout - Configures SNTP client poll interval in multicast mode
set sntp multicast-delay-time - Configures SNTP delay time in multicast mode
set sntp multicast-group-address - Configures SNTP multicast server address
11.31
show sntp anycastmode status
This command displays the SNTP anycast mode status.
show sntp anycast-mode status
434

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 11: SNTP
Mode
User EXEC Mode
Package
Example
iss# show sntp anycast-mode status

anycast poll interval value is 64
anycast max poll time out value is 5
anycast max retry time value is 3
anycast server type is
broadcast
primary server address is 12.0.0.100
Related Command
set sntp anycast-poll-interval - Configures SNTP client poll interval in anycast mode
set sntp anycast-poll-timeout - Configures SNTP client poll timeout in anycast mode
set sntp anycast-poll-retry-count - Configures SNTP poll retries in anycast mode
11.32
debug sntp
CLI USER MANUAL

435
DATACOM SYSTEMS INC
VS-2024-F
This command enables SNTP trace. The no form of the command disables the SNTP trace.
debug sntp {all | [init-shut] [mgmt] [data-path] [control] [pkt-dump]

[resource] [all-fail] [buff]}
no debug sntp {all | [init-shut] [mgmt] [data-path] [control] [pkt-dump]

[resource] [all-fail] [buff]}
Syntax
Description
init/shut
Initialization/ Shutdown messages
mgmt
Management Messages
data-path
Data Path Messages
control
Control Messages
pkt-dump
Packet Dump Messages
resource
Resource Messages
all-fail
All failure Messages
buff
Buffer Message
Mode
User EXEC Mode
Package
Defaults
Debugging is Disabled
Example
debug sntp all
436

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 12: RMON
Chapter
13
12.RMON
RMON (Remote Monitoring) is a standard monitoring specification5 that enables various network monitors
and console systems to exchange network-monitoring data.
The RMON specification defines a set of statistics and functions that can be exchanged between RMONcompliant console managers and network probes. As such, RMON provides network administrators with
comprehensive network-fault diagnosis, planning, and performance-tuning information.
The list of CLI commands for the configuration of RMON is as follows:
set rmon
rmon collection history
rmon collection stats
rmon event
rmon alarm
show rmon
CLI USER MANUAL

437
DATACOM SYSTEMS INC
VS-2024-F
12.1 set rmon

This command is used to enable or disable the RMON feature.
set rmon {enable | disable}
Syntax
Description
enable
Enables the RMON feature in the system
disable
Disables the RMON feature in the system
Mode
Package
Defaults
The RMON Module is disabled by default
Example
iss(config)# set rmon enable
All the other RMON Module commands can be executed only when the RMON
Module is enabled. Fatal error messages are displayed when commands are
executed without enabling the RMON feature.
Related Command
show rmon - Successful execution of this command without any messages indicates that RMON feature
is enabled in the system
438

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 12: RMON
12.2 rmon collection history

This command enables history collection of interface statistics in the buckets for the specified time
interval. The no form of the command disables the history collection on the interface.
rmon collection history <index (1-65535)> [buckets <bucket-number (165535)>] [interval <seconds (1-3600)>] [owner <ownername (127)>]
no rmon collection history <index (1-65535)>
Syntax
Description
index
History table index
buckets
The maximum number of buckets desired for the RMON

collection history group of statistics
interval
The number of seconds in each polling cycle
owner
Optional field - allows the user to enter the name of the

owner of the RMON group of statistics
Mode
Package
Defaults
bucket number
50
interval
1800 seconds
owner
monitor
Example
iss(config-if)# rmon collection history 1 buckets 2 interval 20
The RMON feature must be enabled for the successful execution of this
command.
The polling cycle is the bucket interval where the interface statistics details are
stored.
Related Command
show rmon - Displays the history collection for the configured bucket (show rmon history [history-index
(1-65535)>])
CLI USER MANUAL

439
DATACOM SYSTEMS INC
VS-2024-F
12.3 rmon collection stats

This command enables RMON statistic collection on the interface. The no form of the command disables
RMON statistic collection on the interface.
rmon collection stats <index (1-65535)> [owner <ownername (127)>]
no rmon collection stats <index (1-65535)>
Syntax
Description
index
Statistics table index
owner
Optional field - allows the user to enter the name of the

owner of the RMON group of statistics with a string
length of 127
Mode
Package
Defaults
owner
Example
iss(config-if)#
monitor
rmon collection stats 1
The RMON feature must be enabled for the successful execution of this command.
Related Command
show rmon - Displays the RMON collection statistics (show rmon statistics [<stats-index (1-65535)>])
440

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 12: RMON
12.4 rmon event

This command adds an event to the RMON event table. The added event is associated with an RMON
event number. The no form of the command deletes an event from the RMON event table.
rmon event <number (1-65535)> [description <event-description (127)>]

[log] [owner <ownername (127)>] [trap <community (127)>]
no rmon event <number (1-65535)>
Syntax
Description
number
Event number
description
Description of the event
log
Used to generate a log entry
owner
Owner of the event
trap
Used to generate a trap. The SNMP community string

is to be passed for the specified trap.
Mode
Package
Example
iss(config)# rmon event 1 log owner DatacomSystems trap

NETMAN
The RMON feature must be enabled for the successful execution of this command.
Related Commands
rmon alarm - Sets an alarm on a MIB object
show rmon events - Displays the RMON events
show rmon alarms - Displays the RMON alarms
show snmp community - Configures the SNMP community details
CLI USER MANUAL

441
DATACOM SYSTEMS INC
VS-2024-F
12.5 rmon alarm

This command sets an alarm on a MIB object. The Alarm group periodically takes statistical samples from
variables in the probe and compares them to thresholds that have been configured. The no form of the
command deletes the alarm configured on the MIB object.
rmon alarm <alarm-number> <mib-object-id (255)> <sample-interval-time

(1-65535)> {absolute | delta} rising-threshold <value (0-2147483647)>
[rising-event-number (1-65535)] falling-threshold <value (0-2147483647)>
[falling-event-number (1-65535)] [owner <ownername (127)>]
no rmon alarm <number (1-65535)>
Syntax
Description
alarmnumber
Alarm Number. This value ranges between 1 and 65535.
mib-objectid
The mib object identifier
sampleintervaltime
Time in seconds during which the alarm monitors the MIB

variable. This value ranges between 1 and 65535
seconds.
absolute
Used to test each mib variable directly
delta
risingthreshold
A number at which the alarm is triggered. This value

fallingthreshold
value
A number at which the alarm is reset. This value ranges

risingeventnumber
The event number to trigger when the rising threshold

exceeds its limit. This value ranges between 1 and 65535.
fallingeventnumber
owner
Mode
442
Used to test the change between samples of a variable
This feature is optional only in the code using the

industrial standard command, otherwise this feature
is mandatory.
The event number to trigger when the falling threshold
exceeds its limit. This value ranges between 1 and 65535.
This feature is optional only in the code using the
industrial standard command, otherwise this feature
is mandatory.
Owner of the alarm

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 12: RMON
Package
Defaults
By default, the least event number in the event table is assigned for the rising and
falling threshold as its event number.
Example
iss(config)# rmon alarm 4

1.3.6.1.6.3.16.1.2.1.4.1.4.110.111.110.101 2 absolute risingthreshold 2 2 falling-threshold 1 2 owner DatacomSystems
The RMON Feature must be enabled for the successful execution of this command
RMON events must have been configured
In DatacomSystems ISS, we cannot monitor all the mib objects through RMON.
This will be applicable only to the Ethernet interfaces
Falling threshold should be less than rising threshold.
Related Commands
rmon collection stats - Enables RMON statistic collection on the interface
rmon event - Adds an event to the RMON event table
show rmon alarms - Displays the RMON alarms
show rmon events - Displays the RMON events
CLI USER MANUAL

443
DATACOM SYSTEMS INC
VS-2024-F
12.6 show rmon

This command displays the RMON statistics, alarms, events, and history configured on the interface.
show rmon [statistics [<stats-index (1-65535)>]]

[history [history-index (1-65535)] [overview]]
Syntax
Description
[alarms]
statistics
The configured stats index value
alarms
The configured alarm
events
The configured event
history
The configured history index
overview
Displays only the overview of rmon history entries
Mode
Package
Example
iss# show rmon
[events]
statistics 2
RMON is enabled
Collection 2 on Gi0/2 is active, and owned by fsoft,
Monitors ifEntry.1.2 which has
Received 1240 octets, 10 packets,
2 broadcast and 10 multicast packets,
0 undersized and 1 oversized packets,
0 fragments and 0 jabbers,
0 CRC alignment errors and 0 collisions.
# of packets received of length (in octets):
444

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 12: RMON
64: 0, 65-127: 10, 128-255: 0,

256-511: 0, 512-1023: 0, 1024-1518: 0
iss# show rmon

RMON is enabled
iss# show rmon history

RMON is enabled
Entry 1 is active,
and owned by fsoft
Monitors ifEntry.1.1 every 3000 second(s)

Requested # of time intervals, ie buckets, is 3,
Granted # of time intervals, ie buckets, is 3,
Sample 1 began measuring at 0
0 CRC alignment errors and 0 collisions,
# of dropped packet events is 0
Network utilization is estimated at 0
Sample 2 began measuring at 0
0 CRC alignment errors and 0 collisions,
# of dropped packet events is 0
Network utilization is estimated at 0
iss# show rmon events

RMON is enabled
Event 1 is active, owned by
CLI USER MANUAL

445
DATACOM SYSTEMS INC
VS-2024-F
Description is
Event firing causes nothing,
Time last sent is Aug 27 18:30:01 2009

Description is
iss# show rmon alarms

RMON is enabled
Alarm 4 is active,
owned by DatacomSystems
Monitors 1.3.6.1.6.3.16.1.2.1.4.1.4.110.111.110.101 every 2

second(s)
Taking absolute samples, last value was 3
Rising threshold is 2, assigned to event 2
Falling threshold is 1, assigned to event 2
On startup enable rising or falling alarm
iss# show rmon statistics 2 alarms events
history 1
RMON is enabled
Collection 2 on Ex0/1 is active, and owned by monitor,
Monitors ifEntry.1.1 which has
53 CRC alignment errors and 0 collisions.
# of packets received of length (in octets):
64: 0, 65-127: 53, 128-255: 0,
256-511: 0, 512-1023: 0, 1024-1518: 0
Alarm 4 is active,
owned by DatacomSystems
Monitors 1.3.6.1.6.3.16.1.2.1.4.1.4.110.111.110.101 every 2

second(s)
446

CONFIDENTIAL
DATACOM SYSTEMS INC

CHAPTER 12: RMON
Taking absolute samples, last value was 3

Rising threshold is 2, assigned to event 2
Falling threshold is 1, assigned to event 2
On startup enable rising or falling alarm

Description is

Description is
iss# show rmon history overview

RMON is enabled
Entry 1 is active,
and owned by fsoft
Monitors ifEntry.1.1 every 3000 second(s)

Requested # of time intervals, ie buckets, is 3,
Granted # of time intervals, ie buckets, is 3
If the show rmon command is executed with out enabling the RMON feature,
then the following output is displayed
iss# show rmon
RMON feature is disabled
Related Commands
set rmon - Enables or disables the RMON feature
rmon collection history - Enables history collection of interface statistics in the buckets for the
specified time interval
rmon collection stats - Enables RMON statistic collection on the interface
rmon event - Adds an event to the RMON event table
rmon alarm - Sets an alarm on a MIB object
CLI USER MANUAL

447

Vs 2024 Command Line Reference

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Vs 2024 Command Line Reference

Caricato da

Copyright:

Formati disponibili

DATACOM SYSTEMS INC

Datacom Systems Inc

DATACOM SYSTEMS INC

Systems Inc v 2.2

DATACOM SYSTEMS INC

2. COMMAND LINE INTERFACE __________________________________ 13

3. DIFFSERV (DIFFERENTIATED SERVICES)________________________ 21

4. ACL (ACCESS CONTROL LISTS) _______________________________ 37

CLI USER MANUAL

DATACOM SYSTEMS INC

PERMIT USR-DEFINED-PACKET-TYPE ...........................................................45

5. QOS (QUALITY OF SERVICE) __________________________________ 93

DATACOM SYSTEMS INC

SHOW QOS QUEUE-STATS ..........................................................................137

6. TACACS ___________________________________________________ 138

8. SYSLOG ___________________________________________________ 180

CLI USER MANUAL

DATACOM SYSTEMS INC

SHOW SYSLOG LOCAL STORAGE.................................................................209

9. VLAN _____________________________________________________ 219

DATACOM SYSTEMS INC

PORT PROTOCOL-VLAN ..............................................................................278

10. SNMPV3 __________________________________________________ 343

CLI USER MANUAL

DATACOM SYSTEMS INC

SNMP USER ..............................................................................................368

11. SNTP ____________________________________________________ 402

DATACOM SYSTEMS INC

SHOW SNTP STATUS ..................................................................................430

12. RMON ____________________________________________________ 437

CLI USER MANUAL

DATACOM SYSTEMS INC

CLI USER MANUAL

1.3 Document Conventions

The syntax of the CLI command is given in Courier New 10 bold.

Elements in square brackets ([]) indicate optional fields for a command.

The CLI command usage is given in Courier New 10 regular.

CLI USER MANUAL

DATACOM SYSTEMS INC

1.4 Key Conventions

Displays the previously executed command

Exits from the ISS prompt

Removes a single character

Completes a command without typing the full word

Traverses the current line

- helps to list the available commands

- displays the command history list

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.

DATACOM SYSTEMS INC

The Boot Configuration mode is now available to the user.

CLI commands are case insensitive.

2.1 CLI Command Modes

This is the initial mode

The User EXEC mode

To return from the

The Privileged EXEC

To exit to the Global

To exit to the Global

To exit to the Global

The logout method is

ERROR! NO TEXT OF SPECIFIED STYLE IN DOCUMENT.

DATACOM SYSTEMS INC

To exit to the Global

To exit to the Global