Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Table of Contents
Table of Contents
Chapter 1 System Management Commands........................................................................................................................ 1
1.1 Configuring File Management Commands............................................................................................................ 1
1.1.1 Copy.......................................................................................................................................................... 1
1.1.2 Delete........................................................................................................................................................ 2
1.1.3 dir .............................................................................................................................................................. 2
1.1.4 ip address.................................................................................................................................................. 3
1.1.5 ip route ...................................................................................................................................................... 3
1.1.6 show configuration .................................................................................................................................... 4
1.1.7 format ........................................................................................................................................................ 4
1.1.8 more .......................................................................................................................................................... 5
1.2 BasicSystemManagementCommands .................................................................................................................. 5
1.2.1 boot flash................................................................................................................................................... 6
1.2.2 cd............................................................................................................................................................... 7
1.2.3 chinese...................................................................................................................................................... 7
1.2.4 chram ........................................................................................................................................................ 8
1.2.5 date ........................................................................................................................................................... 8
1.2.6 english....................................................................................................................................................... 9
1.2.7 md ........................................................................................................................................................... 10
1.2.8 pwd.......................................................................................................................................................... 10
1.2.9 rd ............................................................................................................................................................. 11
1.2.10 rename .................................................................................................................................................. 11
1.2.11 reboot .................................................................................................................................................... 12
1.2.12 alias....................................................................................................................................................... 12
1.2.13 boot system flash .................................................................................................................................. 13
1.2.14 help........................................................................................................................................................ 14
1.2.15 history.................................................................................................................................................... 14
1.2.16 show alias.............................................................................................................................................. 15
1.2.17 show job ................................................................................................................................................ 16
1.2.18 show break............................................................................................................................................ 17
1.2.19 show memory........................................................................................................................................ 17
1.3 HTTP Configuration Command ........................................................................................................................... 18
1.3.1 ip http access-class................................................................................................................................. 18
1.3.2 ip http port ............................................................................................................................................... 19
1.3.3 ip http server............................................................................................................................................ 19
1.3.4 debug ip http............................................................................................................................................ 20
Chapter 2 Terminal Service Configuration Command........................................................................................................ 21
2.1 Telnet Configuration Command ........................................................................................................................... 21
2.1.1 telnet........................................................................................................................................................ 21
2.1.2 ip telnet.................................................................................................................................................... 23
2.1.3 ctrl-shift-6+x (the current connection is mounted) ................................................................................... 24
2.1.4 where....................................................................................................................................................... 25
2.1.5 resume .................................................................................................................................................... 26
2.1.6 disconnect ............................................................................................................................................... 27
-I-
Table of Contents
2.1.7 switchkey................................................................................................................................................. 28
2.1.8 switchmsg................................................................................................................................................ 29
2.1.9 sequence-char......................................................................................................................................... 29
2.1.10 clear telnet............................................................................................................................................. 31
2.1.11 show telnet ............................................................................................................................................ 32
2.1.12 debug telnet........................................................................................................................................... 32
2.2 Terminal Configuration Command ....................................................................................................................... 33
2.2.1 attach-port ............................................................................................................................................... 34
2.2.2 autocommand.......................................................................................................................................... 34
2.2.3 clear line.................................................................................................................................................. 35
2.2.4 connect.................................................................................................................................................... 35
2.2.5 disconnect ............................................................................................................................................... 35
2.2.6 exec-timeout............................................................................................................................................ 36
2.2.7 length....................................................................................................................................................... 36
2.2.8 line........................................................................................................................................................... 37
2.2.9 location.................................................................................................................................................... 37
2.2.10 login authentication ............................................................................................................................... 38
2.2.11 monitor................................................................................................................................................... 38
2.2.12 no debug all........................................................................................................................................... 38
2.2.13 password............................................................................................................................................... 39
2.2.14 resume .................................................................................................................................................. 39
2.2.15 switchkey............................................................................................................................................... 40
2.2.16 sequence-char....................................................................................................................................... 40
2.2.17 show debug........................................................................................................................................... 41
2.2.18 show line ............................................................................................................................................... 41
2.2.19 switchmsg.............................................................................................................................................. 41
2.2.20 terminal length....................................................................................................................................... 42
2.2.21 terminal monitor..................................................................................................................................... 43
2.2.22 terminal width ........................................................................................................................................ 43
2.2.23 terminal-type.......................................................................................................................................... 44
2.2.24 where..................................................................................................................................................... 44
2.2.25 width...................................................................................................................................................... 45
Chapter 3 Network Management Configuration Commands .............................................................................................. 46
3.1 SNMP Commands............................................................................................................................................... 46
3.1.1 snmp-server community.......................................................................................................................... 46
3.1.2 snmp-server contact................................................................................................................................ 47
3.1.3 snmp-server host..................................................................................................................................... 48
3.1.4 snmp-server location............................................................................................................................... 49
3.1.5 snmp-server packetsize .......................................................................................................................... 50
3.1.6 snmp-server queue-length ...................................................................................................................... 50
3.1.7 snmp-server trap-source ......................................................................................................................... 51
3.1.8 snmp-server trap-timeout ........................................................................................................................ 52
3.1.9 snmp-server view .................................................................................................................................... 52
3.1.10 snmp-server udp-port............................................................................................................................ 54
3.1.11 snmp-server source-addr ...................................................................................................................... 54
3.1.12 snmp-server encryption......................................................................................................................... 55
- II -
Table of Contents
- III -
Table of Contents
- IV -
Baisc Configuration Commands
1.1.1 Copy
To read a file from the tftp server to a switch, use the copy command.
copy tftp<:filename> {flash<:filename>|rom} [ip_addr]
Parameter
Parameter Description
tftp<:filename> Read a file from the tftp server. Filename indicates the relevant
filename. If not specified the filename, the system will prompt
user to input the filename after executing the copy command.
flash <:filename> Write a file to the flash memory of the switch. Filename
indicates the relevant filename. If not specified the filename,
the system will prompt user to input the filename after executing
the copy command.
Default
none
Command mode
monitor mode
Instrution
none
-1-
Baisc Configuration Commands
Example
Related commands
none
1.1.2 Delete
To delete a file, use the delete command.
delete file-name
Parameter
Parameter Description
Default
If the file name is not specified, the system will delete the startup-config file
by default.
Command mode
monitor mode
Instruction
none
Related commands
none
1.1.3 dir
To display filename, use the dir command.
dir file-name
Parameter
Parameter Description
-2-
Baisc Configuration Commands
Default
none
Command mode
monitor mode
Instruction
none
Related commands
none
1.1.4 ip address
To set an IP address for an Ethernet interface, use the ip address command.
ip address ip-address mask
Parameter
Parameter Description
ip-address IP address
Default
none
Command mode
monitor mode
Instruction
none
Example
Related commands
ip route
ping
1.1.5 ip route
To specify a default gateway, use the ip route default command.
ip route default gw_ip_addr
-3-
Baisc Configuration Commands
Parameter
Parameter Description
Default
none
Command mode
monitor mode
Instrution
none
Example
Related commands
ip address
Parameter
none
Default
none
Command mode
monitor mode
Instrution
none
Related commands
none
1.1.7 format
To format file system, use the format command.
-4-
Baisc Configuration Commands
format
Parameter
none
Default
none
Command mode
EXEC
Instrution
All files in the file system will de deleted after executing the format command.
Related commands
none
1.1.8 more
To display the contents of a file, use the more command.
more file-name
Parameter
Parameter Description
Default
none
Command mode
EXEC
Instrution
If all files are displayable characters, they will be displayed in ASCII format, or they will
be displayed binary format.
Related commands
none
1.2 BasicSystemManagementCommands
z bootflash
-5-
Baisc Configuration Commands
z cd
z chinese
z english
z chram
z date
z debub job
z md
z pwd
z rd
z rename
z reboot
z show break
z show memory
z alias
z boot system flash
z help
z history
z job
z jobd
z show alias
z show job
parameter
parameter Description
default
none
command mode
monitor mode
command mode
Use the boot flash command to enable the device after user entering the monitor mode.
-6-
Baisc Configuration Commands
example
related commands
none
1.2.2 cd
To change the current directory, use the cd command.
cd directory|..
parameter:
parameter description
.. Upper directory.
default
none
command mode
monitor mode
command mode
none
example
monitor#cd my_dir
related commands
pwd
1.2.3 chinese
To switch command prompt to chinese mode, use the chinese command.
parameter
(1) none
default
none
-7-
Baisc Configuration Commands
command mode
monitor mode
command mode
none
example
none
related commands
none
1.2.4 chram
To modify memory data, use the chram command.
chram mem_addr value
parameter
parameter description
default
none
command mode
Monitor mode
command mode
example
none
related commands
none
1.2.5 date
To set the absolute time, use the date command.
-8-
Baisc Configuration Commands
parameter
none
default
none
command mode
monitor mode
command mode
This command is used to set the abslute time for the system. For the switch with a
battery-powered clock, the clock will be powered by the battery. If the clock doesn’t
keep good time, you need to change the battery.
st
For the swich without a battery-powered clock, the system date is configured to July 1 ,
1970 after the reboot of the switch, and user needs to set the current time each time
when starting the switch.
example
monitor#date
The current date is 2000-7-27 21:17:24
Enter the new date(yyyy-mm-dd):2000-7-27
Enter the new time(hh:mm:ss):21:17:00
related commands
1.2.6 english
To switch the command prompt to english mode, use the english command.
parameter
none
default
none
command mode
monitor
instruction
none
-9-
Baisc Configuration Commands
example
none
related commands
none
1.2.7 md
md directory
parameter
parameter description
default
none
command mode
monitor
instruction
related commands
none
1.2.8 pwd
parameter
none
default
none
command mode
monitor mode
instruction
- 10 -
Baisc Configuration Commands
related commands
none
1.2.9 rd
rd directory
parameter
parameter Description
default
none
command mode
monitor mode
instruction
The system prompts if the directory is not empty. The system prompts if the directory
doesn’t exist. To delete a command, use the rd command.
related commands
none
1.2.10 rename
To rename a file in a file system, use the rename command.
rename old_file_name new_file_name
parameter
parameter description
default
none
command mode
monitor mode
- 11 -
Baisc Configuration Commands
instruction
none
related commands
none
1.2.11 reboot
To reboot a switch, use the reboot command.
parameter
none
default
none
command mode
monitor mode
instruction
none
related commands
none
1.2.12 alias
parameter
parameter description
default
If there are no more than 20 commands executed, all historical command lines will be
displayed from the beginning to the end. If there are more than 20 commands executed,
all historical command lines will be displayed from the beginning to the end.
comand mode
- 12 -
Baisc Configuration Commands
explanation
The modularized switch can save up to 20 historical commands. You can invoke these
commands with the "up" or “down” key or directly use it after edition. The command is
used to browse the history command. You can run the [no] history command to delete
the history command.
example
The following example shows the latest five historical commands from the end to the
beginning:
switch#history - 5
config
int e0/1
no ip addr
ip addr 192.2.2.49 255.255.255.0
exit
relative command
None
Parameter
Parameter Description
Default
None
Command mode
Instruction
If you have not configured the command, the system will execute the first systematic
mirroring file in the flash file system. If you have configured multiple commands, the
system will execute the mirroring files one by one. If the file does not exist or the check
sum is wrong, the system will execute the next file. If both fail, the system will run at the
monitoring state.
- 13 -
Baisc Configuration Commands
Example
Relative command
None
1.2.14 help
help
Parameter
None
Default
None
Command mode
Management mode
Instruction
Example
After you enter the command, the help system of the switch is displayed.
switch# help
Help may be requested at any point in a command by entering a question mark '?',If nothing
matches, the help list will be empty and you must backup until entering a '?' shows the available
options.
Two styles of help are provided:
1. Full help is available when you are ready to enter a command argument (e.g.'show ?') and
describes each possible argument.
2. Partial help is provided when an abbreviated argument is entered and you want to know what
arguments match the input (e.g. 'interface e?'.)
Relative command
None
1.2.15 history
The command is used to check the historical commands. Run the [no] history
command to delete the historical commands.
[no] history [ + <count> | - <count> | clear]
Parameter
Parameter Description
- 14 -
Baisc Configuration Commands
- <count> Displays the count<1-20> historial command from the end to the
beginning.
Default
If there are no more than 20 commands executed, all historical command lines will be
displayed from the beginning to the end. If there are more than 20 commands executed,
all historical command lines will be displayed from the beginning to the end.
Command mode
Instruction
The modularized switch can save up to 20 historical commands. You can invoke these
commands with the "up" or “down” key or directly use it after edition.
Example
The following example shows the latest five commands from the end to the beginning:
switch#history - 5
config
int e1/1
no ip addr
ip addr 192.2.2.49 255.255.255.0
exit
Relative command
None
Parameter
Parameter Description
Default
Command mode
- 15 -
Baisc Configuration Commands
Instruction
None
Example
The following example shows how to display all aliases of the current system:
switch_config#show alias
hualab=date
router=snmp
Relative command
alias
Parameter
Parameter Description
Default
None
Command mode
Instruction
Run the show job command to browse the defined parameters and the dynamic
execution state of the job.
Example
The following example shows how to display the parameters of the job:
switch_config#show job parameter
<showver> fires interval, first at 5, re-fires per 5 secs, on error stop
will do "show ver"
The following example shows how to display the dynamic execution state of the job:
Jobd disabled at 245218 seconds
Name: job's name
Type: none - Not scheduled, interval - Fire interval, one-shot - Fire once
Status: null - Not scheduled, idle - To fire first
started - Fired ever, to fire again, stopped - Can't fire
- 16 -
Baisc Configuration Commands
Relative command
debug job
job
jobd
Parameter
None
Default
None
Command mode
Monitoring state
Instruction
Relative command
None
Parameter
Parameter Description
- 17 -
Baisc Configuration Commands
Default
None
Command mode
Monitoring state
Instruction
None
Relative command
None
Command description
Parameter
Parameter Description
Default
no ip http access-class
Instruction
Set the designated standard access list before running the command.
Run the command no ip http access-class to cancel the HTTP service limitation of the
access list.
- 18 -
Baisc Configuration Commands
Command mode
Example
Command description
Parameter
Parameter Description
Default
Explanation
After running the http port command, shut down the previous listening port and then
use the designated port to accept the http service request if the http service is started
up. If the http service is not started, the ip http port command is temporarily useless.
Command mode
Example
The following example shows how to modify the http port from 80 to 90:
switch _config# ip http server
switch _config# ip http port 90
Command description
ip http server
no ip http server
To start up the http service, run the command ip http server.
- 19 -
Baisc Configuration Commands
Parameter
None
Default
no ip http server
Instruction
Run the command ip http server to enable the switch to accept the HTTP service
request through the designated port, handle the request and return the result to the
browser.
Command mode
Example
Command description
debug ip http
The previous command is used to export the debugging information during http service
running. You can use the no command to resume the default value.
Parameter
None
Default
no debug ip http
Instruction
None
Command mode
Example
- 20 -
Baisc Configuration Commands
2.1.1 telnet
The following is a command sentence for establishing a telnet session:
telnet server-ip-addr/server-host-name [/port port][/source-interface interface] [/local
local-ip-addr] [/debug][echo/noecho] [/script scriptname]
Parameter
Parameter Description
echo/noecho Enable or disable the local echo. The default value is noecho.
- 21 -
Baisc Configuration Commands
Default
The default port number is 23. The interface has no default number.
Command mode
Management mode
Instruction
You can use one of the following command lines to establish a remote login.
telnet server-ip-addr/server-host-name
In this case, the application program directly sends the telnet login request to port 23 of
the remote server. The local IP address is the IP address which is nearest to the peer
and found by the routing table.
telnet server-ip-addr/server-host-name /port port
In this case, the application program sends a telnet login request to the port of the peer.
telnet server-ip-addr/server-host-name /source-interface interface
In this case, the application program uses the IP address on the interface ass the local
IP address.
telnet server-ip-addr/server-host-name /debug
In this case, the application program opens the debug and exports the connection at the
client side.
telnet server-ip-addr/server-host-name echo/noecho
In this case, the application program enables or disables the local echo. The local echo
is disabled by default. The echo is completed at the server side. Only when the server
is not in charge of echo is the local echo enabled.
telnet server-ip-addr/server-host-name /script scriptname
Before executing the automatic login command of the script, run the command ip telnet
script to configure the script.
The previous commands can be used together.
During the session with the remote server, you can press the Q button to exit the
session. If the session is not manually closed, the session will be complete after a
10-second timeout.
Example
Suppose you want to telnet server 192.168.20.124, the telnet port of the server is port
23 and port 2323, and the local two interfaces are e1/1(192.168.20.240) and
s1/0(202.96.124.240). You can run the following operations to complete the remote
login.
1.telnet 192.168.20.124 /port 2323
In this case, the telnet connection with port 2323 of the peer is to be established. The
local IP address of the peer is 192.168.20.240.
2.telnet 192.168.20.124 /source-interface s1/0
In this case, the telnet connection with port 23 of the peer is to be established. The local
IP address of the peer is 202.96.124.240.
3.telnet 192.168.20.124 /local 192.168.20.240
- 22 -
Baisc Configuration Commands
In this case, the telnet connection with port 23 of the peer is to be established. The local
IP address of the peer is 192.168.20.240.
4.telnet 192.168.20.124 /debug
In this case, the telnet connection negotiation with port 23 of the peer will be printed out.
5.telnet 192.168.20.124 /echo
In this case, the local echo is enabled. If the echo is also enabled at the server side, all
input will be echoed twice.
6.telnet 192.168.20.124 /script s1
2.1.2 ip telnet
The following are the configuration command formats of the telnet session:
ip telnet source-interface vlan value
ip telnet access-class accesslist
ip telnet listen-port start-port [end-port]
ip telnet script scriptname ‘user_prompt’ user_answer ‘pwd_prompt’ pwd_answer
Parameter
Parameter Description
Access list name to limit the source address when the local
accesslist
client receives the connection
Default
None
Command mode
Global configuration
Instruction
z Run the following command to configure the local interface for originating the
telnet connection:
ip telnet source-interface interface
- 23 -
Baisc Configuration Commands
In this case, all telnet connections originated afterwards are through the interface.
The configuration command is similar to the command telnet source-interface
interface. However, the telnet command has no interface parameters followed.
When the interface is configured and the telnet command has interface
parameters, the interface followed the telnet command is used.
z Run the following command to configure the name of the access list which
performs limitation on local telnet connection reception.
ip telnet access-class accesslist
In this case, the access list will be checked when the server accepts all telnet
connections.
z Run the following command to configure a port, except the default port 23, to
receive the telnet service.
ip telnet listen-port start-port [end-port]
Explanation: If the end port number is not designated, the listening will be
executed at a specific port. The number of the designated ports cannot be
bigger than 16 and the port number ranges between 3001 and 3999.
z Run the following command to configure the telnet login script.
ip telnet script s1 ‘login:’ switch ‘Password:’ test
Explanation: When the script is configured, the username prompt and password
prompt and their answers must be correctly matched, especially the prompt
information is capital sensitive and has inverted comma (‘’). If one of them is
wrongly configured, the automatic login cannot be performed.
Note:
You can add the NO prefix on the above four commands and then run them to cancel
previous configuration.
Example
- 24 -
Baisc Configuration Commands
Parameter
None
Default
None
Command mode
Instruction
You can use the shortcut key to mount the current telnet connection at the client side.
Example
switchA>telnet 192.168.20.1
Welcome to Multi-Protocol 2000 Series switch
switchB>ena
switchB#(press ctrl-shift-6+x)
switchA>
You press ctrl-shift-6+x to mount the telnet connection to switch B and return to the
current state of switch A.
2.1.4 where
Run the following command to check the currently mounted telnet session:
where
Parameter
None
Default
None
Command mode
Global configuration
Instruction
You can use the command to check the mounted outward telnet connection at the client
side. The displayed information contains the serial number, peer address, local
address and local port.
Note:
The where command is different from the show telnet command. The former is used at
the client side and the displayed information is the outward telnet connection. The latter
is used at the server and the displayed information is the inward telnet connection.
- 25 -
Baisc Configuration Commands
Example
switchA>telnet 192.168.20.1
Welcome to Multi-Protocol 2000 Series switch
switchB>ena
switchB#(Press ctrl-shift-6+x)
switchA> telnet 192.168.20.2
Welcome to Multi-Protocol 2000 Series switch
switchC>ena
switchC#(Press ctrl-shift-6+x)
switchA>where
NO. Remote Addr Remote Port Local Addr Local Port
1 192.168.20.1 23 192.168.20.180 20034
2 192.168.20.2 23 192.168.20.180 20035
Enter where at switch A. The mounted outward connection is displayed.
2.1.5 resume
It is used to resume the currently mounted outward telnet connection:
resume no
Parameter
Parameter Description
Default
None
Command mode
Global configuration
Instruction
The command can be used to resume the currently mounted outward telnet connection
at the client side.
Example
switchA>telnet 192.168.20.1
Welcome to Multi-Protocol 2000 Series switch
switchB>ena
switchB#( press ctrl-shift-6+x)
switchA> telnet 192.168.20.2
Welcome to Multi-Protocol 2000 Series switch
switchC>ena
switchC#( press ctrl-shift-6+x)
switchA>where
- 26 -
Baisc Configuration Commands
2.1.6 disconnect
The following command is used to clear the currently mounted outward telnet session:
disconnect no
Parameter
Parameter Description
Default
None
Command mode
Global configuration
Instruction
The command can be used to clear the currently mounted outward telnet connection at
the client side.
Note:
The disconnect command is different from the clear telnet command. The former is
used at the client side and clears the outward telnet connection. The latter is used at
the server and clears the inward telnet connection.
Example
switchA>telnet 192.168.20.1
Welcome to Multi-Protocol 2000 Series switch
switchB>ena
switchB#(press ctrl-shift-6+x)
switchA> telnet 192.168.20.2
Welcome to Multi-Protocol 2000 Series switch
switchC>ena
switchC#(press ctrl-shift-6+x)
switchA>where
NO. Remote Addr Remote Port Local Addr Local Port
1 192.168.20.1 23 192.168.20.180 20034
- 27 -
Baisc Configuration Commands
2.1.7 switchkey
The following is a command to configure the terminal switch key on the line.
switchkey key cmdalias server-name
Parameter
Parameter Description
Compound key can be the ctrl key plus any key from A to Z,
key
except the letter h.
Default
None
Command mode
Instruction
The command is used to configure the terminal switchover key and the corresponding
command alias, and the name of the remote host on the line.
Note:
1) The parameter cmdalias must be applied at a correct command.
2) The parameter key cannot be ctrl-h.
3) The parameter server-name will appear at the switchover prompt and the
switchover menu.
4) The parameter autocommand cannot be configured at the line, or the terminal
switchover function is invalid.
Example
- 28 -
Baisc Configuration Commands
2.1.8 switchmsg
The following command is used to configure whether the prompt information about the
terminal switchover is exported:
switchmsg enable/disable
Parameter
Parameter Description
Default
disable
Command mode
Instruction
The command can be used to decide whether the switchover prompt information is
exported when the terminal is switched.
Example
switchA>switchmsg enable
When the terminal is switched, export the switchover prompt information.
2.1.9 sequence-char
The following is a command to configure the terminal switchover key on the line:
sequence-char key char1 char2 char3 …
Parameter
Parameter Description
Compound key can be the ctrl key plus any key from A to Z,
key
except the letter h.
char1 char2 char3 … Screen character sequence relative to the specific terminal
Default
None
Command mode
- 29 -
Baisc Configuration Commands
Instruction
The command can be used to configure the switchover key and the corresponding
terminal character sequence on the line.
Note:
1) The key parameter can not be ctrl-h.
2) The character sequence parameter is relative to the detailed terminal. You can
find it by checking the terminal manual.
3) The character sequence parameter must be a hex value and starts from 0x. Each
character is differentiated by space.
Example
For other commands about alias and async, refer to relative configuration explanation.
Application Example:
The switch is configured as follows:
…
…
…
interface Serial1/1
physical-layer mode async
no ip directed-broadcast
async mode interactive
line tty 1
switchkey CTRL-U cona ServerA
sequence-char CTRL-U 0x1b 0x21 0x38 0x51
switchkey CTRL-V conb ServerB
sequence-char CTRL-V 0x1b 0x21 0x39 0x51
switchkey CTRL-W conc ServerC
sequence-char CTRL-W 0x1b 0x21 0x31 0x30 0x51
switchmsg enable
…
...
alias cona connect 192.168.20.1
alias conb connect 192.168.20.2
alias conc connect 192.168.20.3
When all the configurations are complete and the connection is established, open the
terminal. The switchover menu automatically appears. After you press CTRL-U, the
system automatically switches to server A and exports the prompt information about
server A. After you press CTRL-V, the system automatically switches to server B on
the new screen and exports the prompt information about server B. After you press
CTRL-W, the system automatically switches to server C on the new screen and
exports the prompt information about server C. If you press CTRL-\, the switchover
menu appears on the current screen and add the asterisk mark (*) behind the current
server.
The following is a result after you press CTRL-\:
- 30 -
Baisc Configuration Commands
======================================
Terminal Switch Menu
1) CTRL-U ServerA *
2) CTRL-V ServerB
3) CTRL-W ServerC
Note:
4) During multiple connection operations, if the system exits from one connection,
the system will take the first connection as the current connection and the
interface of the first host will appear. If the system has already exited from the first
connection, it will take the second connection as the current connection and the
interface of the second host will appear.
5) After all services are complete, you are recommended to directly shut down the
terminal no matter how many connections are currently open.
6) Before other connections exit, you'd better not enable the system to exit from the
first connection.
7) Try not to exit from a connection during operations. Switching connections is a
better choice. After all operations are completer, shut down the terminal.
8) During terminal switchover, the functions to mount and resume the connection by
pressing ctrl-shift-6+x are forbidden.
Parameter
Parameter Description
Default
None
Command mode
Management mode
Instruction
Example
clear telnet 1
The telnet session whose sequence number is 1 is cleared at the server.
- 31 -
Baisc Configuration Commands
Parameter
None
Default
None
Command mode
Instruction
The command is used to display the telnet session at the server. The displayed
information includes the sequence number, peer address, peer port, local address and
local port.
Example
Parameter
None
Default
None
Command mode
Management mode
Instruction
- 32 -
Baisc Configuration Commands
debug telnet command is different from the telnet debug command. The former is to
export the debug information of the telnet session connected to the server. The latter is
to export the debug information of the telnet session that the client originates.
Example
debug telnet
The debug information of the telnet session that is connected to the server is displayed.
- 33 -
Baisc Configuration Commands
z terminal-type
z terminal monitor
z terminal width
z terminal length
z where
z width
2.2.1 attach-port
The following command is to bind the telnet listening port to the line vty number and
enable the telnet connection at a specific port generates vty according to the
designated sequence number.
[no] attach-port PORT
Parameter
Parameter Description
Default
None
Command mode
Example
2.2.2 autocommand
It is used to set the automatically-run command when user logs in to the terminal. The
connection is cut off after the command is executed.
autocommand LINE
no autocommand
Parameter
Parameter Description
Command mode
- 34 -
Baisc Configuration Commands
Example
switch_conf#line vty 1
switch_conf_line#autocommand pad 123456
After you successfully log in, the host whose X.121 address is 123456 will be
automatically padded.
Parameter
Command mode
Management mode
Example
2.2.4 connect
It is to connect the telnet server.
connect server-ip-addr/server-host-name {[/port port][/source-interface interface]
[/local local-ip-addr]}
Parameter
Parameter Description
Command mode
Example
2.2.5 disconnect
It is used to delete the mounted telnet session.
disconnect N
- 35 -
Baisc Configuration Commands
Parameter
Parameter Description
Command mode
Example
switch#disconnect 1
2.2.6 exec-timeout
It is to set the maximum spare time for the terminal.
[no] exec-timeout [time]
Parameter
Parameter Description
Default
Command mode
Example
2.2.7 length
It is used to set the line number on the screen of the terminal.
[no] length [value]
Parameter
Parameter Description
- 36 -
Baisc Configuration Commands
Default
24
Command mode
2.2.8 line
It is used to enter the line configuration mode.
line [aux | console | tty | vty] [number]
Parameter
Parameter Description
Command mode
Global configuration
Example
The following example shows how to enter the line configuration mode of VTY 0 to 10.
switch_config#line vty 0 10
2.2.9 location
It is used to recoded the description of the current line.
location [LINE]
no location
Parameter
Parameter Description
Command mode
- 37 -
Baisc Configuration Commands
Parameter
Parameter Description
Command mode
Example
2.2.11 monitor
It is used to export the log and debugging information to the line:
[no] monitor
Parameter
None
Command mode
Example
switch_config_line#monitor
Parameter
None
Command mode
Management mode
- 38 -
Baisc Configuration Commands
Example
2.2.13 password
It is used to set the password for the terminal:
password {password | [encryption-type] encrypted-password }
no password
Parameter
Parameter Description
Command mode
Example
switch_conf#line vty 1
switch_conf_line#password test
The previous example shows the login password of VTY1 is set to test.
2.2.14 resume
It is used to resume the mounted telnet session:
resume N
Parameter
Parameter Description
- 39 -
Baisc Configuration Commands
Command mode
Example
switch#resume 1
2.2.15 switchkey
It is used to configure the terminal switchover key:
switchkey key cmdalias server-name
Parameter
Parameter Description
Command mode
Example
The following example shows how to connect to the sco1 server by the con_sco
command when the switchover is performed through pressing ctrl-a:
switch_config_line#switchkey ctrl-a con_sco sco1
2.2.16 sequence-char
It is used to configure the character sequence of terminal call-back when the terminal is
switched:
sequence-char key char1 char2 char3 …
Parameter
Parameter Description
Command mode
- 40 -
Baisc Configuration Commands
Example
The following example shows how to configure the character sequence of terminal
call-back to 0x1b 0x21 0x38 0x51 when the terminal is switched.
switch_config_line#sequence-char ctrl-a 0x1b 0x21 0x38 0x51
Parameter
None
Command mode
Example
Parameter
(3) If there is no parameter followed, the status of all effective lines will be displayed.
The definition of other parameters is similar to that of the line command.
Command mode
2.2.19 switchmsg
It is used to decide whether the prompt information is displayed when the terminal is
switched:
switchmsg enable
switchmsg disable
- 41 -
Baisc Configuration Commands
Parameter
Parameter Parameter
Default
disable
Command mode
Example
The following example shows how to display the prompt information when the terminal
is switched:
switch_config_line#switchmsg enable
Parameter
Parameter Description
Default
Command mode
Global configuration
Instruction
The command is effective only to the current terminal. When the session is complete, the terminal
attribute is invalid.
Example
switch#terminal length 40
- 42 -
Baisc Configuration Commands
Relative command
line
Parameter
None
Default
The system monitoring port (console) is open by default. Other terminals are closed by
default.
Command mode
Global configuration
Instruction
The command is effective only to the current terminal. When the session is complete,
the terminal attribute is invalid.
Example
switch#terminal monitor
Relative command
line
debug
Parameter
Parameter Description
- 43 -
Baisc Configuration Commands
Default
Command mode
Global configuration
Instruction
The command is effective only to the current terminal. When the session is complete,
the terminal attribute is invalid.
Example
switch#terminal width 40
Relative command
line
2.2.23 terminal-type
It is used to set the terminal type:
[no] terminal-type [name]
Parameter
Parameter Description
Terminal name
name Terminal types currently supported are VT100, ANSI and
VT100J.
Default
ANSI
Command mode
2.2.24 where
It is used to check the currently mounted outward telnet session at the client side:
where
Parameter
None
Command mode
- 44 -
Baisc Configuration Commands
Example
switch#where
2.2.25 width
It is used to set the terminal width of the line:
[no] width [value]
Parameter
Parameter Description
Default
80
Command mode
- 45 -
Baisc Configuration Commands
Parameter
Parameter Description
word Designates the access list name of the SNMP agent which can
be accessed through the community character string.
- 46 -
Baisc Configuration Commands
Default
The SNMP community character string can only read all objects.
Command mode
Global configuration
Instruction
Example
The following example shows how to distribute the character string comaccess to the
SNMP, how to permit the read-only access and how to designate the IP access list
allowed to use the community character string:
snmp-server community comaccess ro allowed
The following example shows how to distribute the character string mgr to the SNMP,
how to permit the read-write access to the objects in the restricted view:
snmp-server community mgr view restricted rw
In the following example, the community comaccess is deleted:
no snmp-server community comaccess
Relative command
access-list
snmp-server view
Parameter
Parameter Description
Default
Command mode
Global configuration
- 47 -
Baisc Configuration Commands
Instruction
It corresponds to the sysContact value of the MIB variable in the system group.
Example
Parameter
Parameter Description
Default
The command is invalid by default. The trap is not sent. If the command with keyword is not entered,
all traps are sent by default.
Command mode
Global configuration
Instruction
If the snmp-server host command is not entered, the trap is not sent. To configure the
switch to send SNMP traps, you need to run the snmp-server host command. If the
command without the keyword trap-type is entered, all types of traps of the host are
activated. If the command with the keyword trap-type is entered, you can designate
multiple trap types in each host.
When you specify multiple snmp-server host commands at the same host, the SNMP trap
information sent to the host will be filtered according to the character string and the trap type in the
command. To the same host and the community character string, only one trap type can be
configured.
The usability of the option trap-type depends on the switch type and the characteristics
of the routing software supported by the switch.
- 48 -
Baisc Configuration Commands
Example
In the following example, the SNMP trap defined by RFC1157 to the host whose IP
address is 10.20.30.40. The community character string is comaccess.
snmp-server host 10.20.30.40 comaccess snmp
In the following example, the switch uses the community character string public to send
all types of traps to the host whose IP address is 10.20.30.40.
snmp-server host 10.20.30.40 public
In the following example, only authentication traps are valid and can be sent to host
bob.
snmp-server host bob public authentication
Relative command
snmp-server queue-length
snmp-server trap-source
snmp-server trap-timeout
Parameter
Parameter Description
Default
Command mode
Global configuration
Instruction
It corresponds to the value of sysLocation of the MIB variable in the system group.
Example
Relative command
snmp-server contact
- 49 -
Baisc Configuration Commands
Parameter
Parameter Description
Default
3000 bytes
Command mode
Global configuration
Instruction
It corresponds to the value of sysLocation of the MIB variable in the system group.
Example
In the following example, a filter is created for the packet with maximum length of 1024
bytes:
snmp-server location Building_3/Room_214
Relative command
snmp-server queue-length
Parameter
Parameter Description
length Trap event number that can be saved in the queue (1~1000)
Default
10 events
- 50 -
Baisc Configuration Commands
Command mode
Global configuration
Instruction
The command is used to define the queue length for each trap host. Once the trap message is
successfully transmitted, the switch will clear the queue.
Example
The following example shows that a message queue that can capture four events is created.
snmp-server queue-length 4
Relative command
snmp-server packetsize
Parameter
Parameter Description
Default
No interface is designated.
Command mode
Global configuration
Instruction
When the SNMP server sends the SNMP trap, the SNMP trap has a trap address no matter from
which interface it is sent out. If you want use the trap address to track the trap, you can use the
command.
Example
The following example shows that the address of the Ethernet’s 1/0 interface is designated as the
source address of all traps.
snmp-server trap-source ethernet 1/0
- 51 -
Baisc Configuration Commands
The following example shows that the IP address of the Ethernet’s 1/0 interface is
designated as the source address of all traps.
snmp-server trap-source ethernet 1/0
Relative command
snmp-server queue-length
snmp-server host
Parameter
Parameter Description
seconds An interval integer from 1 to 1000 (unit: second), which is set for
resending the message
Default
30 seconds
Command mode
Global configuration
Instruction
Before the switch software sends the trap, it will look for the route of the destination
address. If there is no route, the trap is stored in the resending queue. The command
server trap-timeout decides the interval for resending the trap.
Example
The following example shows the trap message at the resending queue will be resent after an
interval of 20 seconds:
snmp-server trap-timeout 20
Relative command
snmp-server host
snmp-server queue-length
Run the command snmp-server view in global configuration mode to create or update an MIB view.
Run the command no snmp-server view to delete a view of the SNMP server.
- 52 -
Baisc Configuration Commands
Parameter
Parameter Description
Default
None
Command mode
Global configuration
Instruction
If other SNMP commands need a view as a parameter, you can run the command to
create a view to take as the parameter of these SNMP commands. In default settings,
the view need not be defined. You can see all objects, which is similar to the
everything view predefined by Cisco. You can use the command to define the objects
that can seen from the view.
Example
The following example shows that the views of all objects in the MIB-II sub-tree are
created:
snmp-server view mib2 mib-2 included
The following example shows that the views of all objects in the system group are
created:
snmp-server view phred system included
The following example shows that the views of all objects in the system group are created, while all
objects in sysServices.7 and in the No.1 interface of the interface group are excluded.
snmp-server view agon system included
snmp-server view agon system.7 excluded
Relative command
snmp-server community
- 53 -
Baisc Configuration Commands
Parameter
Parameter Description
Udp-port Send SNMP traps to the destination port number. Can’t use the
commonly used port number.
Default
Command mode
Global configuration
Instruction
When the issue SNMP traps from the SNMP server, specify a special destination port
number can use this command.
Example
The following example shows that trap sent to host the 1234 port.
snmp-server udp-port 1234
Relative command
Snmp-server host
Parameter
Parameter Description
ipaddress Designates the source address where the SNMP generates the
message. The parameter is the set IP address of the device.
- 54 -
Baisc Configuration Commands
Default
Command mode
Global configuration
Instruction
The command is used to configure the source address of the SNMP message.
Example
The following example shows that the IP address of the Ethernet’s 1/0 interface is
designated as the source address of all SNMP messages.
snmp-server source-addr 192.168.213.15
Relative command
None
Run the command snmp-server encryption in global configuration mode the configured snmp
community,SHA encrypted passwords amd MD5 encrypted password ciphertext. The command
is a one-time command, it can not to save,not to cancel with NO command. Command format is
as follows:
snmp-server encryption
Parameter
NONE
Default
The default is expressly show snmp community, SHA encrypted passwords and MD5
encrypted password.
Command mode
Global configuration
Instruction
The SNMP community SHA encrypted passwords and MD5 encrypted password
ciphertext display. Used to ensure password security.
- 55 -
Baisc Configuration Commands
Example
In the following example, configure the snmp community ,SHA encrypted passwords and MD5
encryption password ciphertext for the remote host 90.0.0.3 .
snmp-server encryption
Relative command
snmp-server community
Parameter
Parameter Description
Default
None
Command mode
Instruction
Run the command show snmp to monitor the SNMP input or output statistics.
Run the command show snmp host to display information about the SNMP trap host.
Run the command show snmp view to display the information about SNMP views.
Example
The following example shows that the SNMP input or output statistics is listed out:
#show snmp
37 SNMP packets input
0 Bad SNMP version errors
4 Unknown community name
- 56 -
Baisc Configuration Commands
Field Meaning
In the following example, the information about the SNMP trap message is displayed:
#show snmp host
Notification host: 192.2.2.1 udp-port: 162 type: trap
user: public security model: v1
In the following example, information about SNMP views is displayed:
#show snmp view
mib2 mib-2 - included permanent active
Relative command
snmp-server host
snmp-server view
- 57 -
Baisc Configuration Commands
Parameter
Parameter Description
Command mode
Management mode
Instruction
After the switch of the SNMP debugging information is enabled, SNMP events and
information about message sending and receiving are exported. The exported
information helps to diagnose SNMP faults.
Example
The following example shows how to debug SNMP message receiving and sending:
switch#debug snmp packet
Received 49 bytes from 192.168.0.29:1433
0000: 30 82 00 2D 02 01 00 04 06 70 75 62 6C 69 63 A0 0..-.....public.
0016: 82 00 1E 02 02 7D 01 02 01 00 02 01 00 30 82 00 .....}.......0..
0032: 10 30 82 00 0C 06 08 2B 06 01 02 01 01 03 00 05 .0.....+........
0048: 00 .
Sending 52 bytes to 192.168.0.29:1433
0000: 30 82 00 30 02 01 00 04 06 70 75 62 6C 69 63 A2 0..0.....public.
0016: 82 00 21 02 02 7D 01 02 01 00 02 01 00 30 82 00 ..!..}.......0..
0032: 13 30 82 00 0F 06 08 2B 06 01 02 01 01 03 00 43 .0.....+.......C
0048: 03 00 F4 36 ...6
Received 51 bytes from 1192.168.0.29:1434
0000: 30 82 00 2F 02 01 00 04 06 70 75 62 6C 69 63 A0 0../.....public.
0016: 82 00 20 02 02 6B 84 02 01 00 02 01 00 30 82 00 .. ..k.......0..
0032: 12 30 82 00 0E 06 0A 2B 06 01 02 01 02 02 01 02 .0.....+........
0048: 01 05 00 ...
Sending 62 bytes to 192.168.0.29:1434
0000: 30 82 00 3A 02 01 00 04 06 70 75 62 6C 69 63 A2 0..:.....public.
0016: 82 00 2B 02 02 6B 84 02 01 00 02 01 00 30 82 00 ..+..k.......0..
0032: 1D 30 82 00 19 06 0A 2B 06 01 02 01 02 02 01 02 .0.....+........
0048: 01 04 0B 45 74 68 65 72 6E 65 74 30 2F 31 ...Ethernet0/1
- 58 -
Baisc Configuration Commands
Field Description
10 30 82 00 0C 06 08 2B 06 01 02 01 01 03 00 05
00
13 30 82 00 0F 06 08 2B 06 01 02 01 01 03 00 43
03 00 F4 36
- 59 -
Baisc Configuration Commands
SNMP: Response
>> ip.ipFragCreates.0 = 2
Field Description
-- Receiving message
Command description
Parameter
Parameter Description
- 60 -
Baisc Configuration Commands
Default
Instruction
The command is configured in global configuration mode. It is used to monitor the value
of the designated object. When the value exceeds the threshold, the specified event is
triggered.
Example
Command description
Parameter
Parameter Description
Default
None
Instruction
Example
In the following example, an rmon event item is configured. The index is 6. The
description character string is example. When the event is triggered, items will be
added to the log table and the trap will be generated by taking public as the community
name.
- 61 -
Baisc Configuration Commands
Command description
Parameter
Parameter Description
Default
None
Instruction
It is configured in interface mode and used for the statistics on the interface.
Example
Command description
Parameter
Parameter Description
bucket-number Among the data collected in the history control table, the latest
bucket-number items are saved.
Value range: 1-65535
- 62 -
Baisc Configuration Commands
Default
Instruction
It is configured in interface mode and used for adding an item to the history control
table.
Example
In the following example, the history control item is added to interface 8 of fast Ethernet. The
statistics data in the latest 20 intervals is saved. The interval is 20 seconds.
int f 0/8
rmon collection history 2 buckets 20 interval 10 owner switch
Command description
Parameter
None
Default
None
Instruction
Example
- 63 -
Baisc Configuration Commands
Command description
Parameter
Parameter Description
Default
60 seconds
Instruction
Example
In the following example, the switch is configured to send out the PDP message every five seconds.
pdp timer 5
Command description
Parameter
Parameter Description
Default
180 seconds
Instruction
- 64 -
Baisc Configuration Commands
Example
In the following example, the switch is configured to save the received neighbour information for 15
seconds
pdp holdtime 15
Command description
Parameter
Parameter Description
Default
Version 2
Instruction
Example
In the following example, the PDP version of the switch is set to version 1:
pdp version 1
Command description
Parameter
None.
Default
Instruction
- 65 -
Baisc Configuration Commands
Example
Command description
Parameter
None
Default
Instruction
It is configured in interface configuration mode. PDP must be enabled in port mode and
global mode. PDP can then be effective. Generally, PDP is forbidden only on several
ports.
Example
Command description
Parameter
None
Default
None
Instruction
Example
- 66 -
Baisc Configuration Commands
Command description
Parameter
None
Default
None
Instruction
Example
- 67 -
Baisc Configuration Commands
Parameter
Parameter Description
- 68 -
Baisc Configuration Commands
-v Detailed output
Default: simple output
Command mode
Instruction
The command supports that the destination address is the broadcast address or the multicast
address. If the destination address is the broadcast address (255.255.255.255) or the multicast
address, the ICMP request message is sent on all interfaces that support broadcast or multicast.
The routing switch is to export the addresses of all response hosts. By pinging multicast address
224.0.0.1, you can obtain the information about all hosts in directly-connected network segment
that support multicast transmission.
Press the Q key to stop the ping command.
Simple output is adopted by default.
Parameter Description
Parameter Description
- 69 -
Baisc Configuration Commands
Example
4.3.1 logging
It is used to record the log information to the syslog server.
logging A.B.C.D
no logging A.B.C.D
Parameter
Parameter Description
- 70 -
Baisc Configuration Commands
Default:
Command mode
Global configuration
Instruction
It is used to record the log information to the designated syslog server. It can be used
for many times to designate multiple syslog servers.
Example
logging 192.168.1.1
Relative command
logging trap
no logging buffered
Parameter
Parameter Description
dump When the system has abnormality, the information in the current
memory is currently recorded to the flash and the information is
resumed after the system is restarted.
Default
Command mode
Global configuration
- 71 -
Baisc Configuration Commands
Instruction
The command records the log information to the memory cache of the switch. The
memory cache is circularly used. After the memory cache is fully occupied, the latter
information will cover the previous information.
You can use the show logging command to display the log information recorded in the
memory cache of the switch.
Do not use big memory for it causes the shortage of memory.
Table 1 Level of log recording
Relative command
clear logging
show loggin
Parameter
Parameter Description
Default
None
- 72 -
Baisc Configuration Commands
Command mode
Global configuration
Instruction
After the information level is specified, information of this level or the lower level will be displayed on
the console.
Run the command show logging to display the currently configured level and the statistics
information recorded in the log.
Table 2 Level of log recording
Example
Relative command
logging facility
show logging
Parameter
Parameter Description
Facility type
facility-type
Refer to table 3.
- 73 -
Baisc Configuration Commands
Default
local7
Command mode
Global configuration
Instruction
Type Description
kern Kernel
Example
Relative command
logging console
- 74 -
Baisc Configuration Commands
Parameter
Parameter Description
Default
debugging
Command mode
Global configuration
Instruction
Example
Relative command
terminal monitor
4.3.6 logging on
Run the command logging on to control the recording of error information.
Run the command no logging on to forbid all records.
logging on
- 75 -
Baisc Configuration Commands
no logging on
Parameter
None
Default
logging on
Command mode
Global configuration
Example
switch_config# logging on
switch_config# ^Z
switch#
Configured from console 0 by DEFAULT
switch# ping 192.167.1.1
switch#ping 192.167.1.1
PING 192.167.1.1 (192.167.1.1): 56 data bytes
!!!!!
--- 192.167.1.1 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0/4/10 ms
switch#IP: s=192.167.1.111 (local), d=192.167.1.1 (FastEthernet0/0), g=192.167.1.1, len=84,
sending
IP: s=192.167.1.1 (FastEthernet0/0), d=192.167.1.111 (FastEthernet0/0), len=84,rcvd
IP: s=192.167.1.111 (local), d=192.167.1.1 (FastEthernet0/0), g=192.167.1.1, len=84, sending
IP: s=192.167.1.1 (FastEthernet0/0), d=192.167.1.111 (FastEthernet0/0), len=84,rcvd
IP: s=192.167.1.111 (local), d=192.167.1.1 (FastEthernet0/0), g=192.167.1.1, len=84, sending
IP: s=192.167.1.1 (FastEthernet0/0), d=192.167.1.111 (FastEthernet0/0), len=84,rcvd
IP: s=192.167.1.111 (local), d=192.167.1.1 (FastEthernet0/0), g=192.167.1.1, len=84, sending
IP: s=192.167.1.1 (FastEthernet0/0), d=192.167.1.111 (FastEthernet0/0), len=84,rcvd
IP: s=192.167.1.111 (local), d=192.167.1.1 (FastEthernet0/0), g=192.167.1.1, len=84, sending
IP: s=192.167.1.1 (FastEthernet0/0), d=192.167.1.111 (FastEthernet0/0), len=84,rcvd
switch_config# no logging on
switch_config# ^Z
switch#
switch# ping 192.167.1.1
PING 192.167.1.1 (192.167.1.1): 56 data bytes
!!!!!
--- 192.167.1.1 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0/4/10 ms
Relative command
logging
- 76 -
Baisc Configuration Commands
logging buffered
logging monitor
logging console
Parameter
Parameter Description
Default
Informational
Command mode
Global configuration
Instruction
Description
Prompt Level Syslog Definition
- 77 -
Baisc Configuration Commands
Example
logging 192.168.1.1
logging trap notifications
Relative command
logging
Parameter
Parameter Description
uptime Duration between the startup of the switch and the current time
Default
Command mode
Global configuration
Instruction
The time stamp in the uptime form is displayed like HHHH:MM:SS, meaning the
duration from the start-up of the switch to the current time.
The time stamp in the date form is displayed like YEAR-MON-DAY HH:MM:SS,
meaning the real-time clock time.
Example
- 78 -
Baisc Configuration Commands
clear logging
Parameter
None
Command mode
Management mode
Relative command
logging buffered
show logging
Parameter
Parameter Description
Default
None
Command mode
Management mode
Instruction
It is used to display the information about abnormal breakdown of the switch, helping to
find the cause of the abnormality.
Example
switch#sh break
Exception Type:1400-Data TLB error
BreakNum: 1 s date: 2000-1-1 time: 0:34:6
r0 r1 r2 r3 r4 r5 r6
00008538-01dbc970-0054ca18-00000003-80808080-fefefeff-01dbcca1-
r7 r8 r9 r10 r11 r12 r13
00000000-00009032-00000000-7ffffff0-00008588-44444444-0054c190-
r14 r15 r16 r17 r18 r19 r20
000083f4-000083f4-00000000-00000000-00000000-00000000-00000000-
r21 r22 r23 r24 r25 r26 r27
00000000-0000000a-00000001-00000000-00000000-004d6ce8-01dbd15c-
r28 r29 r30 r31 spr8 spr9 ip
00000002-00467078-00010300-00000300-00000310-00008588-00000370-
- 79 -
Baisc Configuration Commands
Variables :
00008538-44444444-01dbd15c-01dbcaac-00000002-00000000-004d6ce8-
01dbca18-
00008538 --- do_chram_mem_sys_addr---bspcfg.o
0001060c --- subcmd---cmdparse.o---libcmd.a
000083e4 --- do_chram_mem_sys---bspcfg.o
0000fb24 --- lookupcmd---cmdparse.o---libcmd.a
0000f05c --- cmdparse---cmdparse.o---libcmd.a
003e220c --- vty---vty.o---libvty.a
00499820 --- pSOS_qcv_broadcast---ksppc.o---os\libsys.a
The whole displayed content can be divided into six parts:
1 RROR:file function.map not found
The prompt information means that the system has not been installed the software function.map,
which does not affect the system running.
If the version of the software function.map is not consistent with that of the switch, the system
prompts that the version is not consistent.
3 BreakNum
It is the current abnormal number. It means the number of abnormalities that the system
has since it is powered on in the latest time. It is followed by the time when the
abnormality occurs.
5 Variable area
The content in the stack is listed out.
Parameter
Parameter Description
- 80 -
Baisc Configuration Commands
Default
None
Command mode
Management mode
Instruction
It is used to display the controller state and the configuration information of the specified
interface. When the fault occurs, you can analyze the data to discover the cause of the
fault.
Example
- 81 -
Baisc Configuration Commands
DCR_B3#
The whole displayed information can be divided into the following parts:
(4) Name and type of interface control
Here it is MPC860 and SCC.
(5) Running state of the controller
Statistics data about breakdown, error and resetting
Length of the receiving and transmitting queue
(6) Controller configuration parameter
Register content parameter
Controller partial parameter
Physical protocol parameter
(7) State when BD is received or sent
The length, state and indicator of BD are listed out.
The location where BD is received or sent and relative states
Parameter
None
Command mode
Management mode
Example
- 82 -
Baisc Configuration Commands
Crypto Subsystem:
Crypto Ipsec debugging is on
Crypto Isakmp debugging is on
Crypto Packet debugging is on
Relative command
debug
Parameter
None
Command mode
Management mode
Instruction
It is used to display the state of logging (syslog), including the login information about the console,
monitor and syslog.
Example
Relative command
clear logging
- 83 -
Baisc Configuration Commands
Command description
ip sshd enable
no ip sshd enable
Parameter
None
Default
1024 bits
Instruction
It is used to generate the rsa encryption key and then monitor the connection to the ssh
server. The process of generating encryption key is a process of consuming the
calculation time. It takes one or two minutes.
Command mode
Example
Command description
Parameter
Parameter Description
Default
180 seconds
- 84 -
Baisc Configuration Commands
Instruction
To prevent the illegal user from occupying the connection resources, the connections
that are not approved will be shut down after the set duration is exceeded.
Command mode
Example
Command description
Parameter
Parameter Description
Default
Instrunction
The ssh server uses the authentication method list of the login type.
Command mode
Example
Command description
- 85 -
Baisc Configuration Commands
Parameter
Parameter Description
Default
Instrunction
It is used to configure the access control list for the ssh server. Only the connections
complying with the regulations in the access control list can be approved.
Command mode
Example
Command description
Parameter
Parameter Description
Default
3 times
Instrunction
The connection will be shut down when the re-authentication times exceeds the set
times.
Command mode
- 86 -
Baisc Configuration Commands
Example
In the following example, the maximum re-authentication times is set to five times:
device_config#ip sshd auth-retries 5
Command description
ip sshd clear ID
Parameter
Parameter Description
Default
N/A
Instruction
It is used to mandatorily close the incoming ssh connection with the specified number.
You can run the command show ip sshd line to check the current incoming
connection’s number.
Command mode
Example
5.1.7 ssh
Command description
Parameter
Parameter Description
- 87 -
Baisc Configuration Commands
Default
N/A
Instruction
The command is used to create a connection with the remote ssh server.
Command mode
Privileged mode
Example
In the following example, a connection with the ssh server whose IP address is
192.168.20.41 is created. The account is zmz and the encryption algorithm is blowfish:
device#ip ssh –l zmz –d 192.168.20.41 –c blowfish
Command description
show ssh
Parameter
None
Default
N/A
Instrunction
Command mode
Privileged mode
Example
In the following example, the sessions on the ssh server are displayed:
device#show ssh
- 88 -
Baisc Configuration Commands
Command description
show ip sshd
Parameter
None
Default
N/A
Instrunction
Command mode
Privileged mode
Example
In the following example, the current state of the ssh server is displayed:
device#show ip sshd
- 89 -
Baisc Configuration Commands
Parameter
Parameter Description
Default
Default IES model is 10ms, and the general switch models is 1000ms.
Command mode
Global configuration
Example
In the following example, Configure the switch every 20 milliseconds to do a port scan:
Link scan 20
- 90 -
Interface Configuration Commands
Table of Contents
Table of Contents
Chapter 1 Interface Configuration Commands................................................................................... 1
1.1 Interface Configuration Commands ...................................................................................... 1
1.1.1 description .................................................................................................................. 1
1.1.2 bandwidth ................................................................................................................... 2
1.1.3 delay........................................................................................................................... 2
-I-
Interface Configuration Commands
z description
z bandwidth
z delay
1.1.1 description
description
parameter
parameter description
Specifies the description character string, including the spaces
line
in the middle of the line.
default
disabled
instruction
example
The following example configures ‘up link’ as the interface f0/1 description:
Switch(config)# interface FastEthernet0/1
Switch(Switch_config_g0/1)# description up link
-1-
Interface Configuration Commands
1.1.2 bandwidth
description
bandwidth kilobps
parameter
parameter description
Specifies the interface bandwidth. The value is the same as the
kilobps
interface type.
default
default:10000.
instruction
Note:
The configured bandwidth isn’t the actural bandwidth of the interface. It is only used to
compute the interface cost by certain protocols (like spanning-tree).
Example
1.1.3 delay
description
To set a delay value for an interface, use the delay command in interface configuration
mode.
delay tensofmicroseconds
-2-
Interface Configuration Commands
parameter
parameter Description
tensofmicroseconds specifies the interface delay.
default
instruction
example
-3-
Port Additional Characteristics Configuration
Commands
Table of Contents
Table of Contents
Chapter 1 Port Security ...................................................................................................................... 1
1.1 switchport port-security mode static ..................................................................................... 1
1.2 switchport port-security mode dynamic ................................................................................ 1
1.3 switchport port-security static mac-address.......................................................................... 1
1.4 switchport port-security dynamic maximum.......................................................................... 1
Chapter 2 Port Protection................................................................................................................... 2
2.1 switchport protected.............................................................................................................. 2
Chapter 3 Port Storm Control............................................................................................................. 3
3.1 storm-control ......................................................................................................................... 3
Chapter 4 Port Rate Limitation ........................................................................................................... 4
4.1 switchport rate-limit ............................................................................................................... 4
-I-
Port Additional Characteristics Configuration Commands
-1-
Port Additional Characteristics Configuration Commands
Parameter
None
Default
Explanation
Example
-2-
Port Additional Characteristics Configuration Commands
Parameter
Parameter Description
broadcast | multicast | Defines the storm control of the broadcast, multicast and
unicast unicast.
Default
Explanation
Example
Set the storm control of the unknown unicast frame on port f0/1 to 192 Kbps.
Switch(config)# interface fastethernet0/1
Switch(config-f0/1)# storm-control unicast threshold 3
-3-
Port Additional Characteristics Configuration Commands
Parameter
Parameter Description
Default
Explanation
Example
-4-
Interface Range Command
Table of Contents
Table of Contents
Chapter 1 Interface range command.................................................................................................. 1
1.1 interface range ...................................................................................................................... 1
-I-
Interface Range Commands
Description
Parameter
port1 Beginning value of the port All legal port numbers on the slot.
number
port2 Ending value of the port All legal port numbers on the slot except for port 1.
number
Default
none
Instruction
Example
Use the following command to enter the enterface configuration mode, including slot 0
and fast Ethernet port 1,2,3,6,8,10,11,12:
switch_config#interface range 1 - 3 , 6 , 8 , 10 - 12
switch_config_if_range#
-1-
Port Mirroring Configuration Commands
Table of Contents
Table of Contents
Chapter 1 Configuring Port Mirroring Commands.............................................................................. 1
1.1 Port Mirroring Configuration Commands .............................................................................. 1
1.1.1 mirror .......................................................................................................................... 1
1.1.2 show mirror................................................................................................................. 1
-I-
Port Mirroring Configuration Commands
1.1.1 mirror
Description
Parameters
Parameter Description
Instruction
Example
Description
-1-
Port Mirroring Configuration Commands
Parameter
Parameter Description
Default
None
Instruction
Example
-2-
VLAN Configuration Commands
Table of Contents
Table of Contents
Chapter 1 VLAN Configuration Commands ....................................................................................... 1
1.1 VLAN Configuration Commands........................................................................................... 1
1.1.1 vlan............................................................................................................................. 1
1.1.2 name .......................................................................................................................... 2
1.1.3 switchport pvid............................................................................................................ 3
1.1.4 switchport mode ......................................................................................................... 3
1.1.5 switchport trunk .......................................................................................................... 4
1.1.6 show vlan ................................................................................................................... 6
-I-
VLAN Configuration Commands
z vlan
z name
z switchport pvid
z switchport mode
z switchport trunk
z show vlan
1.1.1 vlan
To add a VLAN, use the vlan command. Use the no form of this command to delete a
VLAN.
Parameter
Parameter Description
vlan-id ID of the VLAN. Range is from 1 to 4094。
Default
none
Command mode
global
Instruction
Use this command to enter VLAN configuration mode and to modify some attributes of
the VLAN.
-1-
VLAN Configuration Commands
Example
1.1.2 name
To assign a name to a VLAN, use the name command. Use the no form of this
command to remove the name assigned to a VLAN.
Parameter
Parameter Description
str Name of the defined VLAN。The name consists of up to 32
characters.
Default
The default VLAN name is ‘Default’. Other VLAN name is VLANxxxx (xxxx is 4-digit
stack ID)
Command mode
Instruction
This command can modify VLAN name to indicate special VLAN according to special
requirements.
Example
-2-
VLAN Configuration Commands
To configure port VLAN of in the access mode, use the switchport pvid command.
no switchport pvid
Parameter
Parameter Description
vlan-id VLAN ID of the port。 Range is from 1 to 4094。
Default
Command mode
Instruction
Vlan of the pvid must exist before configuring this command. The port can be access
mode or frame relay mode.
Example
The following example configures interface fastethernet 0/1 as the access interface of
VLAN 10:
Switch(config)#interface f0/1
Switch(config)#vlan10
Switch(config-f0/1)#switchport pvid 10
Parameter
Parameter Description
access Sets a nontrunking, nontagged single VLAN Layer 2 interface.
-3-
VLAN Configuration Commands
Default
Access mode
Command mode
Instruction
If you enter access mode, the interface goes into permanent nontrunking mode and
negotiates to convert the link into a nontrunk link even if the neighboring interface does
not agree to the change.
If you enter trunk mode, the interface goes into permanent trunking mode and
negotiates to convert the link into a trunk link even if the neighboring interface does not
agree to the change.
If you enter dot1q-tunnel mode, the port is set unconditionally as an 802.1Q tunnel
port.
The switchport mode command conflicts with 802.1X protocol. You cannot configure
802.1X protocol in trunk mode. 802.1X protocol is valid only in access mode.
Example
To set the trunk characteristics, use the switchport trunk commands. To reset all of the
trunking characteristics back to the original defaults, use the no form of this command.
Parameter
Parameter Description
vlan-allowed Sets the list of allowed VLANs that transmit traffic from this
interface in tagged format. Value is from 1 to 4094.
vlan-untagged Sets the list of allowed VLANs that transmit traffic from this
interface in untagged format.Value is from 1 to 4094.
-4-
VLAN Configuration Commands
Default
Command mode
interface configuration
Instruction
You can use this command on an interface no matter it is in access or trunk mode. But
this command is valid only when the interface is in trunking mode.
The vlan-allowed parameter sets the list of allowed VLANs that transmit traffic from this
interface in tagged format. The vlan-untagged parameter sets the list of allowed VLANs
that transmit traffic from this interface in untagged format.
The vlan-list format is all | none | add | remove | except vlan-list[,vlan-list...] where:
•all—Specifies all VLANs from 1 to 1005. Beginning with Cisco IOS Release 12.4(15)T,
the valid VLAN ID range is from 1 to 4094.
•none—Indicates an empty list. This keyword is not supported in the switchport trunk
allowed vlan form of the command.
•add—Adds the defined list of VLANs to those currently set instead of replacing the
list.
•remove—Removes the defined list of VLANs from those currently set instead of
replacing the list.
•except—Lists the VLANs that should be calculated by inverting the defined list of
VLANs.
Example
-5-
VLAN Configuration Commands
Parameter
Parameter Description
id Displays information about a single VLAN that is identified by a
VLAN ID number; valid values are from 1 to 4094.
Default
none
Command mode
Instruction
none
Example
Status: indicates the source of VLAN. Static: indicates the VLAN is formed by
configuration. Dynamic: indicates the VLAN is dynamically formed by GVRP protocol.
-6-
VLAN Configuration Commands
Ports Atttributes
-----------------------------------------------------------------
F0/1 Trunk,Untagged
F0/2 Access
F0/5 Trunk,Untagged
F0/7 Trunk,Tagged
F0/8 Trunk,Tagged
F0/9 Trunk,Tagged
F0/11 Access
F0/12 Access
F0/14 Trunk,Tagged
F0/15 Trunk,Tagged
F0/16 Trunk,Untagged
The following example shows the relevant information about a VLAN on an interface:
Switch#sho vlan int f0/6
Interface VLAN
Name Property PVID Vlan-Map uTagg-VLan-Map
-------------------- -------- ---- ---------------- ----------------
FastEthernet0/6 Trunk 1 3,5,7,9,11,13,15 none
17,19
Switch#sho vlan int f0/7
Interface VLAN
Name Property PVID Vlan-Map uTagg-VLan-Map
-------------------- -------- ---- ---------------- ----------------
FastEthernet0/7 Access 7 7 ----
-7-
STP Configuration Commands
Table of Contents
Table of Contents
Chapter 1 STP Configuration Commands ............................................................................................................................ 1
1.1 SSTP Configuration Commands ........................................................................................................................... 1
1.1.1 spanning-tree mode .................................................................................................................................. 1
1.1.2 spanning-tree sstp priority......................................................................................................................... 2
1.1.3 spanning-tree sstp hello-time .................................................................................................................... 2
1.1.4 spanning-tree sstp max-age...................................................................................................................... 3
1.1.5 spanning-tree sstp forward-time................................................................................................................ 4
1.1.6 spanning-tree sstp cost ............................................................................................................................. 5
1.1.7 spanning-tree cost..................................................................................................................................... 6
1.1.8 spanning-tree sstp port-priority.................................................................................................................. 7
1.1.9 spanning-tree port-priority ......................................................................................................................... 8
1.1.10 show spanning-tree................................................................................................................................. 9
1.2 RSTP Configuration Commands ......................................................................................................................... 10
1.2.1 spanning-tree mode rstp ......................................................................................................................... 10
1.2.2 spanning-tree rstp forward-time .............................................................................................................. 10
1.2.3 spanning-tree rstp hello-time................................................................................................................... 11
1.2.4 spanning-tree rstp max-age .................................................................................................................... 12
1.2.5 spanning-tree rstp priority........................................................................................................................ 13
1.2.6 spanning-tree rstp cost............................................................................................................................ 13
1.2.7 spanning-tree rstp port-priority ................................................................................................................ 14
1.2.8 spanning-tree rstp migration-check......................................................................................................... 15
Chapter 2 MSTP Configuration Commands ....................................................................................................................... 16
2.1 MSTP Configuration Command........................................................................................................................... 16
2.1.1 spanning-tree mode mstp........................................................................................................................ 16
2.1.2 spanning-tree mstp name........................................................................................................................ 16
2.1.3 spanning-tree mstp revision .................................................................................................................... 17
2.1.4 spanning-tree mstp instance ................................................................................................................... 18
2.1.5 spanning-tree mstp root .......................................................................................................................... 19
2.1.6 spanning-tree mstp priority...................................................................................................................... 20
2.1.7 spanning-tree mstp hello-time................................................................................................................. 21
2.1.8 spanning-tree mstp forward-time............................................................................................................. 21
2.1.9 spanning-tree mstp max-age................................................................................................................... 22
2.1.10 spanning-tree mstp diameter................................................................................................................. 23
2.1.11 spanning-tree mstp max-hops ............................................................................................................... 24
2.1.12 spanning-tree mstp port-priority ............................................................................................................ 24
2.1.13 spanning-tree mstp cost........................................................................................................................ 25
2.1.14 spanning-tree mstp mst-compatible ...................................................................................................... 26
2.1.15 spanning-tree mstp migration-check ..................................................................................................... 27
2.1.16 show spanning-tree mstp ...................................................................................................................... 27
2.1.17 show spanning-tree mstp region ........................................................................................................... 29
2.1.18 show spanning-tree mstp detail............................................................................................................. 29
-I-
Table of Contents
- II -
STP Configuration Commands
description
To switch between RSTP and SSTP modes, use the spanning-tree mode command.
To return to the default settings, use the no form of this command.
no spanning-tree mode
parameter
parameter description
rstp Enables RSTP mode
default
SSTP
instruction
none
command mode
global configuration
example
-1-
STP Configuration Commands
description
To set the sstp bridge priority, use the spanning-tree sstp priority command. To return
to the default settings, use the no form of this command.
parameter
parameter description
value Value is from 0 to 61440.
default
32768
Instruction
The switch becomes the root of the whole network spanning-tree when configured the
priority value. You can set the bridge priority in increments of 4096 only. When you set
the priority, valid values are 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672,
32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440.
Command mode
global configuration
example
description
To set the hello-time delay timer, use the spanning-tree sstp hello-time command. To
return to the default settings, use the no form of this command.
-2-
STP Configuration Commands
parameter
parameter description
time Number of seconds to set the hello-time delay timer; valid
values are from 1 to 10 seconds.
default
4s
Instruction
The hello-time configured by the local switch is valid only when the local switch is the
root switch.
Command mode
Global configuration
Example
description
To set the SSTP max-age timer, use the spanning-tree sstp max-age command. To
return to the default settings, use the no form of this command.
parameter
parameter description
seconds Number of seconds to set the max-age timer; valid values are
from 6 to 40 seconds.
-3-
STP Configuration Commands
default
20s
instruction
none
command mode
global configuration
example
description
To set the forward-delay timer, use the spanning-tree sstp forward-time command in
global configuration mode. To return to the default settings, use the no form of this
command.
parameter
parameter description
time Number of seconds to set the forward-delay timer; valid values
are from 4 to 30 seconds.
default
15 seconds
instruction
none
-4-
STP Configuration Commands
command mode
global configuration
example
description
To set the path cost of the interface for SSTP calculations, use the spanning-tree sstp
cost command in interface configuration mode. To revert to the default value, use the
no form of this command.
parameter
parameter description
value Path cost. Valid values are from 1 to 200000000
default
10M Ethernet:100 。
100M Ethernet: 19 。
1000M Ethernet: 1 。
instruction
none
command mode
interface configuration
-5-
STP Configuration Commands
example
This example shows how to set a path cost value of 100 for the spanning tree VLAN
associated with the interface F1/10:
Switch(config_f0/10)#spanning-tree sstp cost 100
Switch(config_f0/10)#
description
To set the path cost of the interface for Spanning Tree Protocol (STP) calculations,
use the spanning-tree cost command in interface configuration mode. To revert to the
default value, use the no form of this command.
no spanning-tree cost
parameter
parameter description
value Path cost; valid values are from 1 to 200000000
default
The default path cost is computed from the bandwidth setting of the interface.
instruction
The configuration result of this command is valid to all spanning-tree modes. In STP
mode, the path cost of all VLAN spanning-trees on the interface will be updated. In
MSTP mode, the path cost of all spanning-tree examples will be updated.
But the configuration result of the command will not influence the independent
configuration in various modes. For example, the switch respectively configured with
the spanning-tree sstp cost 100 and the spanning-tree cost 110 in SSTP mode, the
port priority will be 100.
command mode
-6-
STP Configuration Commands
example
This example shows how to set a path cost value of 24 for the spanning tree VLAN
associated with that interface:
Switch(config_f0/0)# spanning-tree cost 24
Switch(config_f0/0)#
description
To set the priority value in SSTP mode, use the spanning-tree sstp port-priority
command. Use the no form of this command to restore the default value.
parameter
parameter description
value Port priority。Value is from 0 to 255
default
128(0x80)
instruction
command mode
interface configuration
example
-7-
STP Configuration Commands
description
To prioritize an interface when two bridges compete for position as the root bridge, use
the spanning-tree port-priority command. The priority you set breaks the tie. To revert
to the default setting, use the no form of this command.
no spanning-tree port-priority
parameter
parameter parameter
value Port priority。Value is from 0 to 255,
default
instruction
The configuration result of this command is valid to all spanning-tree modes. In STP
mode, the priority of all VLAN spanning-trees on the interface will be updated. In MSTP
mode, the priority of all spanning-tree examples will be updated.
But the configuration result of the command will not influence the independent
configuration in various modes. For example, the switch respectively configured with
the spanning-tree sstp port-priority 100 and the spanning-tree port-priority 110 in SSTP
mode, the port priority will be 100.
command mode
interface configuration
example
-8-
STP Configuration Commands
description
To display spanning-tree information for the specified spanning-tree instances, use the
show spanning-tree command.
parameter
parameter Description
intf-i Pory name,like F0/10, G1/1
default
none
instruction
command mode
example
Switch_config#show span
Spanning tree enabled protocol SSTP
SSTP
Root ID This bridge is the root
Bridge ID Priority 32768
Address 00E0.0F64.8365
Hello/MaxAge/FwdDly 4/20/15(s)
Intf Port ID Designated Port ID
Name Pri.Nbr Role Sts Cost Bridge ID Pri.Nbr Cost
-------- ------- ---- --- --------- -------------------- ------- ---------
F0/47 128.47 Desg LIS 12 32768 00E0.0F64.8365 128.47 0
Switch_config#
-9-
STP Configuration Commands
description
To enable RSTP feature, use the spanning-tree mode rstp command. Use the no form
of this command to disable RSTP.
no spanning-tree mode
parameter
none
default
instruction
none
example
description
To set the rstp forward-delay timer, use the spanning-tree rstp forward-time command
in global configuration mode. To return to the default settings, use the no form of this
command.
- 10 -
STP Configuration Commands
parameter
parameter description
time Number of seconds to set the forward-delay timer; valid values
are from 4 to 30 seconds.
default
15 seconds
instruction
none
example
description
To set the RSTP hello-time delay timer, use the spanning-tree rstp hello-time
command in global configuration mode. To return to the default settings, use the no
form of this command.
parameter
parameter description
time Number of seconds to set the hello-time delay timer; valid
values are from 1 to 10 seconds.
default
4 seconds
- 11 -
STP Configuration Commands
instruction
The hello-time configured by the local switch is valid only when the local switch is the
root switch.
example
description
To set the RSTP max-age timer, use the spanning-tree rstp max-age command. To
return to the default settings, use the no form of this command.
parameter
parameter description
time Number of seconds to set the max-age timer; valid values are
from 6 to 40 seconds.
default
20 seconds
instruction
none
example
- 12 -
STP Configuration Commands
description
To set the rstp bridge priority, use the spanning-tree rstp priority command. To return to
the default settings, use the no form of this command.
parameter
parameter description
value Bridge priority。Value is from 0 to 61440,
default
32768
instruction
none
example
description
To set the path cost of the interface, use the spanning-tree rstp cost command. To
revert to the default value, use the no form of this command.
parameter
parameter description
value Path cost; valid values are from 1 to 200000000
- 13 -
STP Configuration Commands
default
The default path cost is computed from the bandwidth setting of the interface
10 Mbps: 2000000
instruction
none
example
The following example sets a path cost value of 24 for the interface f0/0:
switch(config_f0/0)# spanning-tree rstp cost 24
switch(config_f0/0)#
description
To set an interface priority, use the spanning-tree rstp port-priority command. To revert
to the default value, use the no form of this command.
parameter
parameter description
value Port priority; valid values are from 0 to 255.
default
128
instruction
none
- 14 -
STP Configuration Commands
example
Command description
Parameter
None
Default
None
Usage description
It is used to restart the protocol coversion check at the port, change the port from the
STP-compatible mode to the RSTP mode, enabling the port to send RSTP BPDU.
The command is supported only in the switches that support IEEE 802.1D 2004 RSTP.
Command mode
Example
The following example shows the protocol coversion check is performed on port F0/10:
Switch(config_f0/10)#spanning-tree rstp migration-check
Switch(config_f0/10)
- 15 -
STP Configuration Commands
Command description
no spanning-tree mode
Run the spanning-tree mode mstp command to set the running mode of STP to
MSTP. Run the no spanning-tree mode command to disable STP.
Parameter
None
Default
Usage description
None
Example
The following commands are used to enable the MSTP protocol on the switch:
switch(config)# spanning-tree mode mstp
switch(config)#
Command description
- 16 -
STP Configuration Commands
Run the spanning-tree mstp name string command to configure the regional name
of the STP. Run the no spanning-tree mstp name command to resume the default
name.
Parameter
Parameter Description
String Configures the character string of the name. The character string can
have up to 32 characters, capital sensitive. The default value is in the form
of character string like the MAC address of the switch.
Default
Usage description
None
Example
The following commands are used to set the configuration name of the switch’s STP to
reg-01.
switch(config)# spanning-tree mstp name reg-01
switch(config)#
Command description
Run the spanning-tree mstp revision value command to generate the revision
number of STP. Run the no spanning-tree mstp revision to restore the revision
number to the default value.
Parameter
Parameter Description
Value Revision number: 0 ~65535
- 17 -
STP Configuration Commands
Default
Usage description
None
Example
The following commands are used to set the regional revision number of STP to 100.
switch(config)# spanning-tree mstp revision 100
switch(config)#
Command description
Run the command spanning-tree mstp instance instance-id vlan vlan-list to map
the VLAN to the MSTI. Run the command no spanning-tree mstp instance
instance-id to re-map the VLAN to the CIST.
Parameter
Parameter Description
instance-id Instance number of the STP, meaning an MSTI which ranges
from 1 to 15.
vlan-list VLAN list which is mapped to the STP, ranging from 1 to 4094.
Default
Usage description
- 18 -
STP Configuration Commands
Example
Command description
Configure the specified MSTP instance to the primary/secondary root. Run its negative
form to restore the priority of MSTP instance to the default value.
Both the diameter command and the hello-time command can modify the network
diameter and the HelloTime parameter of the MSTP when they are setting the root.
Parameter
Parameter Description
instance-id MSTP instance, ranging from 0 to 15
It ranges from 2 to 7.
Default
The priority value of all default roots of all MSTP instances are 32768, the network
diameter is 7 and the HelloTime is 2 seconds.
Usage description
Both the diameter command and the hello-time command are valid only when
instanc-id is 0.
- 19 -
STP Configuration Commands
Generally, after you run the command to set the primary root, the protocol
automatically checks the ID of the current network root and then sets the priority field
of the root identifier to 24576 if this value gurantees the current switch to be the root of
the MSTP instance. If the priority value of the root is smaller than 24576, the protocol
will automatically set the MSTP priority of the current root to a value which is 4096
smaller than the root’s priority. Here, 4069 is the step of the root priority.
Different from the configuration of the primary root, the protocol directly sets the MSTP
priority of the switch to 28672 after the command for configuring the secondary root is
run. Thus, the current switch can be the secondary root when the priorities of other
switches are the default value 28672.
Example
The following commands are used to set tbe switch to the primary root in the CIST and
recalculate the time parameter of the MSTP through network diameter 3 and
HelloTime3, and at last set the switch to the secondary root in the MST01.
switch(config)# spanning-tree mstp 0 root primary diameter 3 hello-time 3
switch(config)# spanning-tree mstp 1 root secondary
Command description
It is used to configure the bridge priority of the MSTP instance. Its negative form is
used to resume the default value of the priority.
Parameter
Parameter Description
instance-id MSTP instance number, ranging from 0 to 15
Default
Usage description
Each priority value in the MSTP instance is independent and can be configured
independently.
- 20 -
STP Configuration Commands
Example
The following commands are used to set the priority of the switch in the CIST and
MST01 to 4096 and 8192 respectively.
switch(config)# spanning-tree mstp 0 priority 4096
switch(config)# spanning-tree mstp 1 priority 8192
Command description
It is used to configure the hello-time of the MSTP, and its negative form is used to
resume the default settings of the HelloTime.
Parameter
Parameter Description
Seconds It ranges from 1 to 10 seconds. Its default value is 2 seconds.
Default
Two seconds
Usage description
None
Example
The following commands are used to set the HelloTime of the MSTP to 10.
switch(config)# spanning-tree mstp hello-time 10
switch(config)# no spanning-tree mstp hello-time
Command description
- 21 -
STP Configuration Commands
It is used to configure the Forward Delay of the MTSP. Its negative is used to resume
the default settings.
Parameter
Parameter Description
Seconds It ranges from 4 to 30 seconds. Its default value is 15 seconds.
Default
15 seconds
Usage description
None
Example
The following commands are used to set the Forward Delay parameter of the MTSP
to 10.
switch(config)# spanning-tree mstp forward-time 10
switch(config)# no spanning-tree mstp forward-time
Command description
It is used to configure the Max Age parameter of the MSTP. Its negative is used to
resume the default settings.
Parameter
Parameter Description
Seconds Range: 6 – 40 seconds
Default
20 seconds
- 22 -
STP Configuration Commands
Usage description
None
Example
The following commands are used to set the MaxAge parameter of the MSTP to 10.
switch(config)# spanning-tree mstp max-age 10
switch(config)# no spanning-tree mstp max-age
Command description
It is used to configure the network diameter of the MSTP. Its negative is used to
resume the default settings.
Parameter Description
net-diameter Range: 2 – 7
Default
Usage description
It is recommended to set the time parameters of the STP through root configuration or
network diameter configuration. In this way, the reasonability of the time parameters
can be assured.
Example
The following first command is to set the bridge diameter of MSTP to 5. The second
command is to resume the default value of the bridge diameter.
switch(config)# spanning-tree mstp diameter 5
- 23 -
STP Configuration Commands
Command description
Parameter
Parameter Description
hop-count Range: 1 -40
Default
Usage description
None
Example
The first command is to set the maximum hop counts of the MSTP BPDU to 5. The
second command is to restore the default value of the maximum hop counts.
switch(config)# spanning-tree mstp max-hops 5
switch(config)# no spanning-tree mstp max-hops
Command description
- 24 -
STP Configuration Commands
Parameter
Parameter Description
instance-id Number of the STP instance, ranging from 0 to 15
Default
The default priority value of the port in all STP instances is 128.
Usage description
None
Example
The first command is to set the priority of port F0/1 in the CIST to 16. The second
command is to resume the default value.
switch(config_f0/1)# spanning-tree mstp 0 port-priority 16
switch(config_f0/1)# no spanning-tree mstp 0 port-priority
Command description
The command spanning-tree mstp instance-id cost value is used to set the path
cost of the port in the specified STP instance. Its negative is used to resume the
default settings.
Parameter
Parameter Description
instance-id Number of the STP instance, ranging from 0 to 15
Default
- 25 -
STP Configuration Commands
10 Mbps: 2000000
Usage description
None
Example
The following commands are used to set the path cost of port F0/1 in the CIST to 200.
switch(config_f0/1)# spanning-tree mstp 0 cost 200
switch(config_f0/1)#
Command description
Parameter
None
Default
Usage description
After the MST-compatible mode is enabled, configure other connected switches that
are running other MSTP protocols to the roots of CIST, ensuring that the switch can
enter the MSTP-compatible mode by receiving the message.
Example
- 26 -
STP Configuration Commands
Command description
Clear the STP information that is checked by the port, and restart the protocol
conversion process.
Parameter
None
Default
None
Usage description
The command is valid in global configuration mode and in port configuration mode.
Example
The following commands are used to check the protocol conversion on all ports first,
and then check the protocol conversion on port F0/1 again.
switch(config)# spanning-tree mstp migration-check
switch(config)# interface f 0/1
switch(config_f0/1)# spanning-tree mstp migration-check
Command description
The command above is used to check the MSTP information. If you run the command
show spanning-tree mstp, the information about all STP instances is displayed.
Parameter
Parameter Description
- 27 -
STP Configuration Commands
Default
None
Usage description
Example
The following shows how to view all STP instances through the command. Here,
MST00 stands for CIST, and the Type field stands for the port connection type.
Switch#show spanning-tree mstp
- 28 -
STP Configuration Commands
Command description
Parameter
None
Default
None
Usage description
None
Example
See the following information. MST Config Table shows the relation between VLAN
and STP instance.
switch(config)# show spanning-tree mstp region
MST Region:
Name: [reg01]
Revision:[0]
Command description
The command above is used to check the detailed information about MSTP.
- 29 -
STP Configuration Commands
Parameter
None
Default
None
Usage description
None
Example
The following example shows the detailed STP information after the command is run,
including the port connection type and optional characteristics:
Switch#show spanning-tree mstp detail
- 30 -
STP Configuration Commands
Command description
- 31 -
STP Configuration Commands
The command above is used to check the information about the port which is run
under MSTP.
Parameter
Parameter Description
Default
None
Usage description
None
Example
The following example shows the information about port F0/1 after you run the command show
spanning-tree mstp interface f0/1:
- 32 -
STP Configuration Commands
Command description
The command above is used to check the protocol conversion information when the
port is running under MSTP.
Parameter
None
Default
None
Usage description
None
Example
The following example shows the information about protocol conversion after the
command show spanning-tree mstp protocol-migration is run. Note that port F0/2
has transferred to the 802.1D STP mode.
Switch#show spanning-tree mstp protocol-migration
- 33 -
STP Optional Characteristic Configuration
Commands
Table of Contents
Table of Contents
Chapter 1 STP Optional Characteristic Configuration Commands .................................................... 1
1.1 STP Optional Characteristic Configuration Commands ....................................................... 1
1.1.1 spanning-tree portfast ................................................................................................ 1
1.1.2 spanning-tree bpduguard ........................................................................................... 2
1.1.3 spanning-tree bpdufilter ............................................................................................. 3
1.1.4 spanning-tree uplinkfast ............................................................................................. 4
1.1.5 spanning-tree backbonefast....................................................................................... 4
1.1.6 spanning-tree guard ................................................................................................... 5
1.1.7 spanning-tree loopguard ............................................................................................ 6
-I-
STP Optional Characteristic Configuration Commands
description
To enable bridge protocol data unit (BPDU) filtering by default on all PortFast ports,
use the spanning-tree portfast bpdufilter default command in global configuration mode.
To return to the default settings, use the no form of this command.
To enable PortFast mode where the interface is immediately put into the forwarding
state upon linkup without waiting for the timer to expire, use the spanning-tree portfast
command in interface configuration mode. To return to the default settings, use the no
form of this command.
no spanning-tree portfast
parameter
parameter description
bpdufilter default Enables bpdu flter.
default
disabled
instruction
In SSTP/PVST mode, the Port Fast characteristic makes a port immediately enter
Forwarding state without experiencing any status change process. This configuration is
invalid in RSTP/MSTP mode.
-1-
STP Optional Characteristic Configuration Commands
After configuring Port Fast, BPDU Guard or BPDU Filter needs to be configured for
protection.
command mode
example
This example shows how to enable PortFast mode on the interface f0/0:
Switch(config_f0/0)# spanning-tree portfast
Switch(config_f0/0)#
description
To enable bridge protocol data unit (BPDU) guard on the interface, use the
spanning-tree bpduguard command in interface configuration mode. To return to the
default settings, use the no form of this command.
no spanning-tree bpduguard
parameter
none
default
disabled
instruction
In SSTP/PVST mode, if a port that configured BPDU Guard and Port Fast receives
BPDU, this port will be forced to shutdown. User can restore it by the manual
configuration. In RSTP/MSTP mode, if a port that configured BPDU Guard receives
BPDU, this port will be configured to Blocking state for a period of time.
-2-
STP Optional Characteristic Configuration Commands
command mode
interface configuration
example
description
To enable bridge protocol data unit (BPDU) filtering on the interface, use the
spanning-tree bpdufilter command in interface configuration mode. To return to
the default settings, use the no form of this command.
no spanning-tree bpdufilter
parameter
none
default
disabled
instruction
In SSTP/PVST mode, if a port that configured BPDU Filter and Port Fast receives
BPDU, the BPDU Filter and Port Fast characteristics on that port will be disabled
automatically to restore the port to an ordinary port. Then this port must endure the
wait from Listening to Learning before entering Forwarding state.
command mode
interface configuration
example
-3-
STP Optional Characteristic Configuration Commands
Switch(config_f0/0)#
description
To enable the debugging of the spanning-tree UplinkFast events, use the debug
spanning-tree uplinkfast command. To disable the debugging output, use the no form
of this command.
parameter
none
default
disabled
instruction
command mode
global configuration
example
description
spanning-tree backbonefast
-4-
STP Optional Characteristic Configuration Commands
no spanning-tree backbonefast
parameter
none
default
disabled
instruction
command mode
global configuration
example
description
To enable or disable the guard mode, use the spanning-tree guard command in
interface configuration mode. To return to the default settings, use the no form of this
command.
no spanning-tree guard
parameter
parameter description
loop Enables the loop-guard mode on the interface. Value is from 1
to 0xfe.
-5-
STP Optional Characteristic Configuration Commands
default
disabled
instruction
Root Guard characteristic can prevent a port from becoming Root port due to receving
high priority BPDU.
Loop Guard characteristic can protect a Root Port or a Alternate Port when it becomes
the Designated Port. This function can prevent a port from occuring the loop when it
cannot continuously receive BPDU.
command mode
interface configuration
example
description
To enable loop guard as a default on all ports of a given bridge, use the spanning-tree
loopguard default command in global configuration mode. To disable loop guard, use
the no form of this command.
parameter
none
default
none
instruction
none
-6-
STP Optional Characteristic Configuration Commands
command mode
global configuration
example
-7-
MAC Address Table Characteristics
Configuration Commands
Table of Contents
Table of Contents
Chapter 1 MAC Address Table Characteristics Configuration Commands ....................................... 1
1.1 MAC Address Table Characteristic Configuration Commands ............................................. 1
1.1.1 mac address-table static ............................................................................................ 1
1.1.2 mac address-table aging-time.................................................................................... 1
1.1.3 show mac address-table ............................................................................................ 2
1.1.4 clear mac address-table ............................................................................................. 3
-I-
MAC Address Table Characteristics Configuration Commands
description
To add/delete a static MAC address, use the mac address-table static command.
[no] mac address-table static mac-addr vlan vlan-id interface interface-id
parameter
parameter description
Default
none
command mode
global configuration
example
The following example binds the MAC address 0004.5600.67ab to the interface g0/2 of
VLAN 1:
Switch(config)# mac address-table static 0004.5600.67ab vlan 1 interface g0/2
description
To configure the maximum aging time for MAC address table, use the
mac-address-table aging-time command in global configuration mode.
mac address-table aging-time [0 | 10-1000000]
parameter
parameter description
10-1000000 The aging time for MAC address table. Valid values are from 10
-1-
MAC Address Table Characteristics Configuration Commands
to 1000000 seconds.
Default
none
command mode
example
The following example configures the aging time for MAC address table to 100
seconds:
Switch(config)# mac address-table aging-time 100
description
To display the content of the switch MAC address table, use the show mac
address-table command.
show mac address-table {dynamic [interface interface-id | vlan vlan-id] | static}
parameter
parameter description
default
none
instruction
example
-2-
MAC Address Table Characteristics Configuration Commands
description
parameter
parameter description
default
none
command mode
EXEC
example
The following example deletes all MAC addresses that acquire dynamically on interface
f0/2:
Switch# clear mac address-table dynamic interface f0/2
-3-
Link Aggregation Configuration
Commands
Table of Contents
Table of Contents
Chapter 1 Link Aggregation Configuration Commands...................................................................... 1
1.1 Link Aggregation Configuration Commands ......................................................................... 1
1.1.1 aggregator-group ....................................................................................................... 1
1.1.2 aggregator-group load-balance.................................................................................. 2
1.1.3 show aggregator-port ................................................................................................. 3
1.1.4 show interface port-aggregator .................................................................................. 4
1.1.5 debug lacp errors ....................................................................................................... 5
1.1.6 debug lacp state ......................................................................................................... 6
1.1.7 debug lacp packet ...................................................................................................... 7
-I-
Link Aggregation Configuration Commands
1.1.1 aggregator-group
description
no aggregator-group
parameter
parameter description
id ID number of the logical port. Value range: none.
default
disabled
instruction
Port link aggregation is to bind several ports with the familiar attrubute to one logical
port. LACP negotiation can be used to form binding process. Also the binding process
can be forced to be formed without any LACP negotiation .
If the static aggregation is used, please make sure the attribute of the ports to be
binded is the same,that is, they are all full-duplex mode and with the same rate.
Meantime make sure the connection of the ports to be binded is peer-to-peer
connection. Also the remote ports of the peer-to-peer connection are also binded to
one logical port.
You can select LACP negotiation mode when configuring port aggregation.
Active—Places a port into an active negotiating state, in which the port initiates
negotiations with remote ports by sending LACP packets. Passive—Places a
-1-
Link Aggregation Configuration Commands
port into a passive negotiating state, in which the port responds to LACP
packets it receives but does not initiate LACP negotiation.
Command mode
example
description
To configure the load balance after port aggregation, use the aggregator-group
load-balance command. Use the no form of this command to restore the default value.
no aggregator-group load-balance
parameter
parameter description
dst-mac Sets destination mac address as standard. Value range: N/A.
default
dst-mac
-2-
Link Aggregation Configuration Commands
instruction
To ensure load balance of each physical port after port aggregation, use this command
to equably distribute data flow on each physical port.
When dst-mac mode is selected, the distribution of data flow sets destination MAC
address of the data packet as standard. The same MAC address is only sent out on a
certain physical interface. The src-mac uses source MAC address as standard.
The supporting capability in load balance policy varies according to different models of
switches. The command prompt only shows the sharing policy that the switch supports.
If the switch doesn’t support any sharing polich or just supports one of them, the
relevant subcommands will not be displayed.
Command mode
Example
The following command modifies load balance of the port-aggregator 3 to src mode:
Switch(config)#port-aggregator load-balance 3 src-mac
Switch(config)#
description
parameter
parameter Description
id THE CONCRETE LOGICAL PORT ID.
default
none
instruction
-3-
Link Aggregation Configuration Commands
Command mode
description
parameter
parameter Description
id The concrete port ID, in the range from 1 to 16.
default
none
instruction
Command mode
example
-4-
Link Aggregation Configuration Commands
Note: Members in this Aggregator indicates the physical port aggregated to the logical
port.
Packets input indicates total number of error-free packets received by the system,
including unicasts, multicasts and broadcasts.
Bytes indicate total number of in the error-free packets received by the system.
Input discards indicate the received packets are discarded, like the received packets
when the interface protocol is down.
Input discards indicate the sending packets are discarded, like the sending packets
when the interface protocol is down.
description
To debug LACP errors information, use the debug lacp errors command.
-5-
Link Aggregation Configuration Commands
parameter
none
default
none
instruction
This command is used to debug all errors information during lacp operation to locate
the error.
Command mode
EXEC
example
description
parameter
none
default
none
command mode
EXEC
-6-
Link Aggregation Configuration Commands
example
description
To debug lacp packet information, use the debug lacp packet command.
parameter
none
default
none
command mode
EXEC
example
-7-
MAC Address List Characteristic
Configuration Commands
Table of Contents
Table of Contents
Chapter 1 MAC Access List Configuration Commands........................................................................................................ 1
1.1 MAC Access List Configuration Commands.......................................................................................................... 1
1.1.1 mac access-list.......................................................................................................................................... 1
1.1.2 permit ........................................................................................................................................................ 1
1.1.3 deny........................................................................................................................................................... 2
1.1.4 mac access-group..................................................................................................................................... 3
-I-
MAC Address List Characteristic Configuration Commands
description
To add a MAC access list, use the mac access-list command. To delete a MAC access
list, use the mac access-list command.
[no] mac access-list name
parameter
parameter Description
default
none
command mode
example
1.1.2 permit
description
To add a permit entry to the MAC access list, use the permit command. Use the no form
of this command to delete a permit entry from the MAC access list.
-1-
MAC Address List Characteristic Configuration Commands
parameter
host Host -
default
deny all
command mode
example
The following example permits host whose source MAC address is 1234.5678.abcd:
Switch-config-macl#permit host 1234.5678.abcd any 0x806
1.1.3 deny
description
To add a deny entry to the MAC access list, use the deny command. Use the no form of
this command to delete a deny entry from the MAC access list.
[no] deny {any | host src-mac-addr} {any | host dst-mac-addr}[ethertype]
parameter
host Host -
default
deny all
-2-
MAC Address List Characteristic Configuration Commands
comamnd mode
example
The following example denies host whose source MAC address is 1234.5678.abcd:
Switch-config-macl#deny host 1234.5678.abcd any 0x806
description
To apply the configured MAC access list in global configuration mode, use the mac
access-group command. Use the no form of this comand to delete the mac access-list.
[no] mac access-group name
parameter
parameter Description
default
Command mode
example
-3-
IP Access List Configuration Commands
Table of Contents
Table of Contents
Chapter 1 Configuring Physical Interface IP Access List Command ................................................. 1
1.1 IP Access List Configuration Commands Based on Physical Interface................................ 1
1.1.1 deny............................................................................................................................ 1
1.1.2 ip access-group .......................................................................................................... 3
1.1.3 ip access-list............................................................................................................... 4
1.1.4 permit ......................................................................................................................... 5
1.1.5 show ip access-list ..................................................................................................... 7
-I-
Physical Interface IP Access List Configuration Commands
1.1.1 deny
To set conditions in a named IP access list that will deny packets, use the deny
command in access list configuration mode. To remove a deny condition from an
access list, use the no form of this command.
deny source [source-mask]
no deny source [source-mask]
deny protocol source source-mask destination destination-mask [tos tos]
no deny protocol source source-mask destination destination-mask [tos tos]
Internet Control Message Protocol (ICMP)
deny icmp source source-mask destination destination-mask [icmp-type] [tos tos]
Internet Group Management Protocol (IGMP)
deny igmp source source-mask destination destination-mask [igmp-type] [tos tos]
Transmission Control Protocol (TCP)
deny tcp source source-mask [operator port] destination destination-mask [operator
port ] [tos tos]
User Datagram Protocol (UDP)
deny udp source source-mask [operator port] destination destination-mask [operator
port] [tos tos]
parameter
parameter Description
source Number of the network or host from which the packet is being sent.
There are two alternative ways to specify the source. Use a 32-bit
Use the any keyword
quantity in four-part dotted-decimal format.
as an abbreviation for a source and source-wildcard of 0.0.0.0
-1-
Physical Interface IP Access List Configuration Commands
0.0.0.0.
destination Number of the network or host to which the packet is being sent.
There are two alternative ways to specify the destination:
Use a 32-bit quantity in four-part dotted-decimal format.
Use the any keyword as an abbreviation for the destination and
destination-wildcard of 0.0.0.0 255.255.255.255.
tos tos (Optional) Packets can be filtered by type of service (ToS) level,
as specified by a number from 0 to 15, or by a name as listed in
the "Usage Guidelines" section of the access-list (IP extended)
command.
Command mode
Instruction
Use this command following the ip access-list command to specify conditions under
which a packet cannot pass the named access list. The time-range keyword allows you
to identify a time range by name. The time-range, absolute, and periodic commands
specify when this deny statement is in effect.
Note:
-2-
Physical Interface IP Access List Configuration Commands
After initially establishing an access list, any subsequent adding content(which can be
input by terminal) is put in the bottom of the list.
example
Related commands
ip access-group
ip access-list
permit
show ip access-list
1.1.2 ip access-group
To apply an access control list to control packet access, use the ip access-group
command in the appropriate configuration mode. To remove the specified access group,
use the no form of this command.
ip access-group {access-list-name}
no ip access-group {access-list-name}
parameter
parameter Description
Command mode
Instruction
Access lists can be applied on either outbound or inbound interfaces. For standard
inbound access lists, after receiving a packet, the Cisco IOS software checks the
source address of the packet against the access list. For extended access lists, the
router also checks the destination access list. If the access list permits the address, the
software continues to process the packet. If the access list rejects the address, the
software discards the packet and returns an ICMP host unreachable message. If the
specified access list does not exist, all packets are passed.
example
The following example applies list on packets outbound from Ethernet interface
g0/10::
-3-
Physical Interface IP Access List Configuration Commands
Interface f0/10
ip access-group filter
related commands
ip access-list
show ip access-list
1.1.3 ip access-list
To define an IP access list by name or number, use the ip access-list command in
global configuration mode. To remove the IP access list, use the no form of this
command.
ip access-list {standard | extended} name
no ip access-list {standard | extended} name
parameter
parameter description
default
Command mode
instruction
Use this command to configure a named or numbered IP access list. This command will
place the router in access-list configuration mode, where you must define the denied or
permitted access conditions with the deny and permit commands.
example
related commands
deny
ip access-group
-4-
Physical Interface IP Access List Configuration Commands
permit
show ip access-list
1.1.4 permit
To set conditions to allow a packet to pass a named IP access list, use the permit
command in access list configuration mode. To remove a permit condition from an
access list, use the no form of this command.
permit source [source-mask]
no permit source [source-mask]
permit protocol source source-mask destination destination-mask [tos tos]
no permit protocol source source-mask destination destination-mask [tos tos]
Internet Control Message Protocol (ICMP)
permit icmp source source-mask destination destination-mask [icmp-type] [tos tos]
Internet Group Management Protocol (IGMP)
permit igmp source source-mask destination destination-mask [igmp-type] [tos tos]
Transmission Control Protocol (TCP)
permit tcp source source-mask [operator port] destination destination-mask
[operator port ] [tos tos]
User Datagram Protocol (UDP)
permit udp source source-mask [operator port [port]] destination destination-mask
[tos tos]
parameter
parameter description
source Number of the network or host from which the packet is being
sent. There are two alternative ways to specify the source: Use a
32-bit quantity in four-part dotted-decimal format. Use the any
keyword as an abbreviation for a source and source-wildcard of
0.0.0.0 0.0.0.0.
destination Number of the network or host to which the packet is being sent.
There are two alternative ways to specify the destination:
Use a 32-bit quantity in four-part dotted-decimal format.
Use the any keyword as an abbreviation for the destination and
destination-wildcard of 0.0.0.0 255.255.255.255.
-5-
Physical Interface IP Access List Configuration Commands
tos tos (Optional) Packets can be filtered by type of service (ToS) level,
as specified by a number from 0 to 15, or by a name as listed in
the "Usage Guidelines" section of the access-list (IP extended)
command.
Command mode
Instruction
Use this command following the ip access-list command to define the conditions under
which a packet passes the named access list.
The time-range keyword allows you to identify a time range by name. The time-range,
absolute, and periodic commands specify when this permit statement is in effect.
Note:
After initially establishing an access list, any subsequent adding content(which can be
input by terminal) is put in the bottom of the list.
example
-6-
Physical Interface IP Access List Configuration Commands
Related commands
deny
ip access-group
ip access-list
show ip access-list
parameter
parameter Description
default
Command mode
EXEC
Instruction
The show ip access-list command provides output identical to the show access-lists
command, except that it is IP-specific and allows you to specify a particular access list
example
The following is sample output from the show ip access-list command when the name
of a specific access list is not requested::
Switch# show ip access-list
ip access-list standard aaa
permit 192.2.2.1
permit 192.3.3.0 255.255.255.0
ip access-list extended bbb
permit tcp any any eq 25
permit ip any any
The following is sample output from the show ip access-list command when the name
of a specific access list is requested::
ip access-list extended bbb
permit tcp any any eq 25
permit ip any any
-7-
Network Protocol Configuration Commands
Table of Contents
Table of Contents
Chapter 1 IP Address Configuration Commands.................................................................................................................. 1
1.1 IP Address Configuration Commands ................................................................................................................... 1
1.1.1 arp ............................................................................................................................................................. 1
1.1.2 arp timeout ................................................................................................................................................ 2
1.1.3 clear arp-cache.......................................................................................................................................... 3
1.1.4 ip address.................................................................................................................................................. 3
1.1.5 ip host........................................................................................................................................................ 4
1.1.6 ip default-gateway ..................................................................................................................................... 5
1.1.7 show arp.................................................................................................................................................... 6
1.1.8 show hosts ................................................................................................................................................ 6
1.1.9 show ip interface ....................................................................................................................................... 7
Chapter 2 IP Service Configuration Commands................................................................................................................... 9
2.1 IP Service Configuration Commands .................................................................................................................... 9
2.1.1 clear tcp..................................................................................................................................................... 9
2.1.2 clear tcp statistics.................................................................................................................................... 11
2.1.3 debug arp ................................................................................................................................................ 11
2.1.4 debug ip icmp.......................................................................................................................................... 12
2.1.5 debug ip packet....................................................................................................................................... 15
2.1.6 debug ip raw............................................................................................................................................ 19
2.1.7 debug ip tcp packet ................................................................................................................................. 21
2.1.8 debug ip tcp transactions ........................................................................................................................ 22
2.1.9 debug ip udp............................................................................................................................................ 24
2.1.10 ip mask-reply......................................................................................................................................... 25
2.1.11 ip mtu..................................................................................................................................................... 26
2.1.12 ip redirects............................................................................................................................................. 26
2.1.13 ip source-route ...................................................................................................................................... 27
2.1.14 ip tcp synwait-time................................................................................................................................. 28
2.1.15 ip tcp window-size ................................................................................................................................. 28
2.1.16 ip unreachables..................................................................................................................................... 29
2.1.17 show ip sockets..................................................................................................................................... 30
2.1.18 show ip traffic ........................................................................................................................................ 31
2.1.19 show tcp ................................................................................................................................................ 32
2.1.20 show tcp brief ........................................................................................................................................ 36
2.1.21 show tcp statistics ................................................................................................................................. 37
2.1.22 show tcp tcbI ......................................................................................................................................... 39
-I-
Network Protocol Configuration Commands
1.1.1 arp
To add a static and permanent entry in the Address Resolution Protocol (ARP) cache,
use the arp command in global configuration mode. To remove an entry from the ARP
cache, use the no form of this command.
arp ip-address hardware-address [alias]
no arp ip-address
parameter
parameter description
default
-1-
Network Protocol Configuration Commands
command mode
instruction
The common host all supports dynamic ARP analysis, so user doesn’t need to
configure static ARP entries for host.
Example
The following is an example of a static ARP entry for a typical Ethernet host:
arp 1.1.1.1 00:12:34:56:78:90
related commands
clear arp-cache
parameter
parameter description
default
mode
instruction
This command is ignored when it is not configured on interfaces using ARP. The show
interface command displays the ARP timeout value, as seen in the following example
from the show interfaces command:
-2-
Network Protocol Configuration Commands
example
The following example sets the ARP timeout to 900 seconds on Ethernet 1/0 to allow
entries to time out more quickly than the default
interface vlan 10
arp timeout 900
related commands
show interface
To clear all dynamic entries from the ARP cache, use the clear arp-cache
command.
clear arp-cache [ ip-address [ mask ] ]
parameter
parameter description
ip-address IP or subnets
mode
EXEC
example
The following example removes all dynamic entries from the ARP cache:
clear arp-cache
related commands
arp
1.1.4 ip address
To set an IP address and mask for an interface, use the ip address command.
Currently, there is no strict regulation to distinguish A.B.C IP address. But multicast
address and broadcast address can not be used( all host section is ‘1’). Other than the
Ethernet,multiple interfaces of other types can be connected to the same network.
Other than the unnumbered interface, the configured network range ot the Ethernet
interface can not be the same as the arbitrary interfaces of other types. You should
configure the primary address before configuring the secondary address. Also you
should delete all secondary addresses before deleting the primary address. IP packets
generanted by the system, if the upper application does not specify the soruce address,
the router will use the IP address configured on the sending interface that on the same
network range with the gateway as the source address of the packet. If the IP address
is uncertain (like interface route), the router will use the primary address of the sending
interface. If the ip address is not configured on an interface, also it is not the
-3-
Network Protocol Configuration Commands
unnumbered interface, and then this interface will not deal with any IP packet.To
remove an IP address or disable IP processing, use the no form of this command.
ip address ip-address mask [secondary]
no ip address ip-address mask
no ip address
parameter
parameter description
ip-address IP address
mask IP mask
default
command mode
instruction
If any router on a network segment uses a secondary address, all other devices on that
same segment must also use a secondary address from the same network or subnet.
Inconsistent use of secondary addresses on a network segment can very quickly cause
routing loops. When you are routing using the Open Shortest Path First (OSPF)
algorithm, ensure that all secondary addresses of an interface fall into the same OSPF
area as the primary addresses
example
In the following example, 202.0.0.1 is the primary address, 255.255.255.0 is the mask
and 203.0.0.1 and 204.0.0.1 are secondary addresses for Ethernet interface 1/0:
interface vlan 10
ip address 202.0.0.1 255.255.255.0
ip address 203.0.0.1 255.255.255.0 secondary
ip address 204.0.0.1 255.255.255.0 secondary
1.1.5 ip host
To define a static host name-to-address mapping in the host cache, use the ip host
command in global configuration mode. To remove the host name-to-address mapping,
use the no form of this command.
-4-
Network Protocol Configuration Commands
no ip host name
parameter
parameter description
default
disabled
command mode
example
The following example shows how to configure host name dns-server to IP host
address 202.96.1.3:
ip host dns-server 202.96.1.3
1.1.6 ip default-gateway
TO configure the default gateway of switch, use the ip default-gateway command. To
delete the default gateway of switch, use the no form of this command.
ip default-gateway address
no ip default-gateway
parameter
parameter description
address IP address
default
no configuration
mode
example
-5-
Network Protocol Configuration Commands
show arp
parameter
mode
EXEC
instruction
parameter description
Age Displays the age in seconds. The router will refresh the
time to 0 when using this ARP entry.
example
-6-
Network Protocol Configuration Commands
show hosts
parameter
command mode
EXEC
example
The following command shows how to display all host names/address mappings.
show hosts
related commands
clear host
parameter
parameter description
command mode
EXEC
instruction
If the interface link layer is usable, the line protocol is marked "Protocol up." If you
configure IP address on this interface, the router will add a direct route to the routing
table. If the link layer protocol is marked “Protocol down”, the direct route will be deleted.
This command displays the specified interface information if specified interface type
and number, or IP configuration information of all interfaces will be displayed.
Example
-7-
Network Protocol Configuration Commands
domain description
-8-
Network Protocol Configuration Commands
-9-
Network Protocol Configuration Commands
Parameter
Parameter Description
local host-name port IP address and TCP port of the local host
remote host-name port IP address and TCP port of the remote host
Command mode
Management mode
Instruction
The clear tcp command is mainly used to delete the terminated TCP connection. In
some cases, such as faulty in communication lines, restarting TCP connection or the
peer host, the TCP connections are terminated in fact. However, the system cannot
obtain information about the terminated TCP connection because there is no
communication on the TCP connections. In this case, you can run the clear tcp
command to terminate these invalid TCP connections. The command clear tcp local
host-name port remote host-name port is used to terminate the connections
between the specified host's IP address/port and the remote host’s IP address/port. The
command clear tcp tcb address is used to terminate the TCP connections identified
by the TCB address.
Example
The following example shows that the TCP connection between 192.168.20.22:23 and
192.168.20.120:4420 is deleted. The show tcp brief command is used to show the
information about the local host and the remote host in TCP connection.
switch#show tcp brief
TCB Local Address Foreign Address State
0xE85AC8 192.168.20.22:23 192.168.20.120:4420 ESTABLISHED
0xEA38C8 192.168.20.22:23 192.168.20.125:1583 ESTABLISHED
switch#clear tcp local 192.168.20.22 23 remote 192.168.20.120 4420
switch#show tcp brief
TCB Local Address Foreign Address State
0xEA38C8 192.168.20.22:23 192.168.20.125:1583 ESTABLISHED
In the following example, the TCP connection whose TCB address is 0xea38c8 is
deleted. The command show tcp brief displays the TCB address of the TCP
connection.
switch#show tcp brief
TCB Local Address Foreign Address State
0xEA38C8 192.168.20.22:23 192.168.20.125:1583 ESTABLISHED
switch#clear tcp tcb 0xea38c8
switch#show tcp brief
TCB Local Address Foreign Address State
- 10 -
Network Protocol Configuration Commands
Related command
show tcp
show tcp brief
show tcp tcb
Parameter
Command mode
Management mode
Example
Related command
Parameter
Command mode
Management mode
Example
switch#debug arp
switch#IP ARP: rcvd req src 192.168.20.116 00:90:27:a7:a9:c2, dst 192.168.20.111, vlan 10
IP ARP: req filtered src 192.168.20.139 00:90:27:d5:a9:1f, dst 192.168.20.82 00:
00:00:00:00:00, wrong cable, vlan 11
IP ARP: created an incomplete entry for IP address 192.168.20.77, vlan 10
- 11 -
Network Protocol Configuration Commands
The second information indicates that the switch receives an ARP request from
192.168.20.139 host on interface vlan 10. However, the interface is not in the network
the host declares according to the interface configuration on the switch. The host may
not be correctly configured. If the switch creates the ARP cache according to the
information, it may not communicate with the host that is configured the same address
and connected to the normal interface
IP ARP: req filtered src 192.168.20.139 00:90:27:d5:a9:1f, dst 192.168.20.82 00:
00:00:00:00:00, wrong cable, vlan 11
In the third information, to resolve the MAC address of host 192.168.20.77, the switch
first creates an incomplete ARP item in the ARP cache. After receiving an ARP
response, the MAC address is then added to the ARP cache. According to the location
of the switch, the host connects the interface vlan 10.
IP ARP: created an incomplete entry for IP address 192.168.20.77, vlan 10
In the fourth information, the switch sends out the ARP request from the interface vlan
10. The IP address of the switch is 192.168.20.22. The MAC address of the interface is
08:00:3e:33:33:8a. The IP address of the requested host is 192.168.20.77. The fourth
information is relative with the third information.
IP ARP: sent req src 192.168.20.22 08:00:3e:33:33:8a, dst 192.168.20.77, vlan 10
In the fifth information, the switch receives the ARP response on interface vlan 10 from
host 192.168.20.77 to host 192.168.20.22. The switch is then informed that the MAC
address of the host that returns the ARP response is 00:30:80:d5:37:e0. The
information is relative to the third and fourth information.
IP ARP: rcvd reply src 192.168.20.77 00:30:80:d5:37:e0, dst 192.168.20.22, vlan 10
Parameter
Command mode
Management mode
Instruction
The command is used to display the received or transmitted ICMP message, which
helps to solve end-to-end connection problems. To know the detailed meaning of the
command debug ip icmp, refer to RFC 792, “Internet Control Message Protocol”.
- 12 -
Network Protocol Configuration Commands
Example
switch#debug ip icmp
switch#ICMP: sent pointer indicating to 192.168.20.124 (dst was 192.168.20.22), len 48
ICMP: rcvd echo from 192.168.20.125, len 40
ICMP: sent echo reply, src 192.168.20.22, dst 192.168.20.125, len 40
ICMP: sent dst (202.96.209.133) host unreachable to 192.168.20.124, len 36
ICMP: sent dst (192.168.20.22) protocol unreachable to 192.168.20.124, len 36
ICMP: rcvd host redirect from 192.168.20.77, for dst 22.0.0.3 use gw 192.168.20.26, len 36
ICMP: rcvd dst (22.0.0.3) host unreachable from 192.168.20.26, len 36
ICMP: sent host redirect to 192.168.20.124, for dst 22.0.0.5 use gw 192.168.20.77, len 36
ICMP: rcvd dst (2.2.2.2) host unreachable from 192.168.20.26, len 36
Details about the first information are shown in the following table:
ICMP: sent pointer indicating to 192.168.20.124 (dst was 192.168.20.22), len 48
Field Description
pointer indicating ICMP message which means that the original parameters of the
IP message are incorrect and incorrect domain is pointed out
The following are other types of ICMP message:
echo reply
dst unreachable:
---net unreachable
---host unreachable
---protocol unreachable
---port unreachable
---fragmentation needed and DF set
---source route failed
---net unknown
---destination host unknown
---source host isolated
---net prohibited
---host prohibited
---net tos unreachable
---host tos unreachable
source quench
redirect messages:
---net redirect
---host redirect
---net tos redirect
---host tos redirect
- 13 -
Network Protocol Configuration Commands
echo
router advertisement
router solicitation
time exceeded :
---ttl exceeded
---reassembly timeout
parameter problem :
---pointer indicating
---option missed
---bad length
timestamp
timestamp reply
information request
information reply
mask request
mask reply
If the ICMP type is unknown, the system is to display the values
of the ICMP type and code.
(dst was 192.168.20.22) Destination address of the original message that generates the
ICMP message
Details about the second information are shown in the following table:
ICMP: rcvd echo from 192.168.20.125, len 40
Field Description
Details about the third information are shown in the following table:
ICMP: sent echo reply, src 192.168.20.22, dst 192.168.20.125, len 40
Field Description
src 192.168.20.22 Means that the source address of the ICMP message is
192.168.20.22.
dst 192.168.20.125 Means that the destination address of the ICMP message is
192.168.20.125.
- 14 -
Network Protocol Configuration Commands
According to the type of the ICMP message, the information that generates the ICMP
message adopts different formats to display the message content.
For example, the redirect message of ICMP is printed in the following format:
ICMP: rcvd host redirect from 192.168.20.77, for dst 22.0.0.3 use gw 192.168.20.26, len 36
ICMP: sent host redirect to 192.168.20.124, for dst 22.0.0.5 use gw 192.168.20.77, len 36
In the first information, an ICMP redirect message from host 192.168.20.77 is received.
Gateway 192.168.20.26 is recommended to reach the destination host 22.0.0.3. The
length of the ICMP message is 36 bytes.
In the second information, the ICMP redirect message is sent to from host
192.168.20.124 to host 22.0.0.5 through gateway 192.168.20.77. The length of the
ICMP message is 36 bytes.
The dst unreachable message of ICMP adopts the following format for printing:
ICMP: sent dst (202.96.209.133) host unreachable to 192.168.20.124, len 36
ICMP: rcvd dst (2.2.2.2) host unreachable from 192.168.20.26, len 36
In the first information, the switch cannot route a certain IP message, so it sends the
destination (202.96.209.133) unreachable message to the source host
(192.168.20.124). The length of the ICMP message is 36 bytes.
In the second information, after receiving an ICMP message from host192.168.20.26,
the switch notifies host 192.168.20.26 that the destination address (2.2.2.2) cannot be
reached. The length of the ICMP message is 36 bytes.
Parameter
Parameter Description
- 15 -
Network Protocol Configuration Commands
Command mode
Management mode
Instruction
The command is used to find the destination of each received or locally generated IP
message, which helps to detect the reason of communication problems.
The command is used in the following cases:
z forwarded
z forwarded as the multicast message or the broadcast message
z addressing failure during message forwarding
z Sending the redirect message
z Rejected because of having the original routing option
z Rejected because of illegal IP options
z Original route
z Message sent from the local machine should be segmented, but the DF is reset.
z Receiving message
z Receiving IP segment
z Sending message
z Sending broadcast/multicast
z Addressing failure when message is generated locally
z Locally generated message is segmented
z Received message is filtered
z Transmitted message is filtered
z Link layer fails to be encapsulated (only for Ethernet)
z Unknown protocol
This command may export lots of information. You'd better use it when the switch is in
the free state. Otherwise, the performance of the system will be badly affected. You are
recommended to filter the output information through the IP access control list, enabling
the system to export the useful message.
Command mode
Management mode
Example
switch#debug ip packet
switch#IP: s=192.168.20.120 (vlan 10), d=19.0.0.9 (vlan 10), g=192.168.20.1, len=60, redirected
IP: s=192.168.20.22 (local), d=192.168.20.120 (vlan 10), g=192.168.20.120, len=56, sending
IP: s=192.168.20.120 (vlan 10), d=19.0.0.9 (vlan 10), g=192.168.20.1, len=60, forward
IP: s=192.168.20.81 (vlan 10), d=192.168.20.22 (vlan 10), len=56, rcvd
Field Description
- 16 -
Network Protocol Configuration Commands
s=192.168.20.120 (vlan Source address of the IP message and the interface name that
10) receives message (for message that is not locally generated)
d=19.0.0.9 (vlan 10) Destination address of the IP message and the interface name
that sends message (if routing is successful)
redirected Means that the routing switch is to send the ICMP redirect
message to the source host. Other cases are shown in the
following:
forward --- the message is forwarded.
forward directed broadcast---the message is forwarded as the
redirect message and the message will become the physical
broadcast on the transmitting interface.
unroutable---the message addressing fails and the message will
be dropped.
source route---source route
rejected source route---the current system does not support the
source route, therefore, the message with the IP source route
is declined.
bad options---the IP option is incorrect and the message will be
dropped.
need frag but DF set---the local message need be
fragmented,while the DF is set.
rcvd---the message is locally received.
rcvd fragment---the message fragment is received.
sending---the locally generated message is sent.
sending broad/multicast---the locally generated
broadcast/muticast message is sent.
sending fragment--- the IP message locally fragmented is sent.
denied by in acl---It is declined by the access control list on the
reception interface.
denied by out acl---It is declined by the transmitter access
control on the transmitter interface.
unknown protocol--- unknown protocol
encapsulation failed---The protocol fails to be encapsulated.It is
only for the Ethernet. When the message on the Ethernet is
dropped because of the ARP resolution failure, the information
is displayed.
In the first information, the switch receives an IP message; the source address of the
received message is 192.168.20.120; the message is from the network segment the
vlan 10 interface connects; its destination address is 19.0.0.9. According to the routing
table, the transmitter interface is vlan 10, the address of the gateway is 192.168.20.1
and the message length is 60 bytes. The gateway and the source host are directly
- 17 -
Network Protocol Configuration Commands
connected in the same network, that is, the network that vlan 10 connects. In this case,
the switch sends out the ICMP redirect message.
IP: s=192.168.20.120 (vlan 10), d=19.0.0.9 (vlan 10), g=192.168.20.1, len=60, redirected
In the second information, the transimmission of the ICMP redirect message is
described. The source address is the local address 192.168.20.22. The destination
address is 192.168.20.120. The message is directly sent from the vlan 10 interface to
the destination address. Therefore, the gateway’s address is the detination address
192.168.20.120. The length of the ICMP redirect message is 56 bytes.
IP: s=192.168.20.22 (local), d=192.168.20.120 (vlan 10), g=192.168.20.120, len=56, sending
The third information shows that the IP layer receives an IP message. The source
address and destination address of the IP message are 192.168.20.120 and 19.0.0.9
respectively. The reception interface is vlan 10. By checking the routing table, the
system finds that the IP message need be forwarded to the vlan10 interface. The length
of the IP message is 60 bytes. The third information shows that the message shown in
the first information will be forwarded after the system sends the ICMP redirect
message.
IP: s=192.168.20.120 (vlan 10), d=19.0.0.9 (vlan 10), g=192.168.20.77, len=60, forward
The fourth information shows that the IP layer receives an IP message. The source
address and destination address of the IP message are 192.168.20.81 and
192.168.20.22 respectively. The reception interface is vlan 10. The length of the IP
message is 56 bytes. The IP message is locally received.
IP: s=192.168.20.81 (vlan 10), d=192.168.20.22 (vlan 10), len=56, rcvd
The following is an example about the output information after running the debug ip
packet detail command. Only the newly added parts are described.
switch#debug ip packet detail
switch#IP: s=192.168.12.8 (vlan 10), d=255.255.255.255 (vlan 10), len=328, rcvd, UDP: src=68,
dst=67
IP: s=192.168.20.26 (vlan 10), d=224.0.0.5 (vlan 10), len=68, rcvd, proto=89
IP: s=192.168.20.125 (vlan 10), d=192.168.20.22 (vlan 10), len=84, rcvd, ICMP: type=0, code = 0
IP: s=192.168.20.22 (local), d=192.168.20.124 (vlan 10), g=192.168.20.124, len=40, sending,
TCP: src=1024, dst=23, seq=75098622, ack=161000466, win=17520, ACK
Field Description
src, dst Source address and destination address of the UDP message
and the TCP message
ACK If ACK is set in the control bit of the TCP message, the
acknowledge number is valid. Other control bits include SYN,
URG, FIN, PSH and RST.
- 18 -
Network Protocol Configuration Commands
The first information indicates that the UDP message is received. The source port is
port 68 and the destination port is port 67.
IP: s=192.168.12.8 (vlan 10), d=255.255.255.255 (vlan 10), len=328, rcvd, UDP: src=68, dst=67
The second information indicates that the protocol number of the received message is
89.
IP: s=192.168.20.26 (vlan 10), d=224.0.0.5 (vlan 10), len=68, rcvd, proto=89
The third information indicates that the ICMP message is received. Both the type and
the code of the message are represented by the number 0.
IP: s=192.168.20.125 (vlan 10), d=192.168.20.22 (vlan 10), len=84, rcvd, ICMP: type=0, code = 0
The fourth information indicates that the TCP message is sent. The source port and
destination port are port 1024 and port 23 respectively. The sequence number and the
acknowledge number are 75098622 and 161000466 respectively. The size of the
receiption window is 17520. The ACK logo is set. For details, refer to RFC 793—
Transmission Control Protocol.
IP: s=192.168.20.22 (local), d=192.168.20.124 (vlan 10), g=192.168.20.124, len=40, sending,
TCP: src=1024, dst=23, seq=75098622, ack=161000466, win=17520, ACK
The access control list is described in the following. For example, if the messages with
the source address 192.168.20.125 require to be displayed, you need to define the
standard access control list to permit only the IP message whose source address is
192.168.20.125. You then run the command debug ip packet to use the access control
list.
switch#config
switch_config#ip access-list standard abc
switch_config_std_nacl#permit 192.168.20.125
switch_config_std_nacl#exit
switch_config#exit
switch#debug ip packet abc
switch#IP: s=192.168.20.125 (vlan 101), d=192.168.20.22 (vlan 101), len=48, rcvd
In the previous commands, the standard access control list is used. You can also use
the extensible access control list.
Related command
Parameter
Parameter Description
- 19 -
Network Protocol Configuration Commands
Command mode
Management mode
Instruction
The command is used to find the destination of each received or locally generated IP
message, which helps to detect the reason of communication problems.
The command is used in the following cases:
z Forwarded
z Forwarded as the multicast message or the broadcast message
z Addressing failure during message forwarding
z Sending the redirect message
z Rejected because of having the original routing option
z Rejected because of illegal IP options
z Original route
z Message sent from the local machine should be segmented, but the DF is reset.
z Receiving message
z Receiving IP segment
z Sending message
z Sending broadcast/multicast
z Addressing failure when message is generated locally
z Locally generated message is segmented
z Received message is filtered
z Transmitted message is filtered
z Link layer fails to be encapsulated (only for Ethernet)
z Unknown protocol
This command may export lots of information. You'd better use it when the switch is in
the free state. Otherwise, the performance of the system will be badly affected. You are
recommended to filter the output information through the IP access control list, enabling
the system to export the useful message.
Example
- 20 -
Network Protocol Configuration Commands
Related command
Parameter
Command mode
Management mode
Example
Field Description
- 21 -
Network Protocol Configuration Commands
seq 50659460 Means that the sequence number of the message is 50659460.
DATA 1 Means that the number of valid data bytes contained in the
message is 1.
PSH Means that PSH in the control bits of the message is set.
Other control bits include ACK, FIN, SYN, URG and RST.
WIN 4380 It is used to notify the peer reception end of the cache size. The
current cache size is 4380 sizes.
If the previous fields are not displayed, the field in the TCP message does not have the
valid value.
Related command
Parameter
Command mode
Management mode
Example
- 22 -
Network Protocol Configuration Commands
Field Description
rcvd connection attempt Means that the connection request from peer port 23 (telnet
to port 23 port) is received.
TCB 0xE88AC8 created Means a new TCP connection control block is generated and its
logo is 0xE88AC8.
state was LISTEN -> Means that the state of the TCP state machine changes from the
SYN_RCVD LISTEN state to the SYN_RCVD state.
The TCP state may be one of the following:
LISTEN---waiting for the TCP connection request from any
remote host
SYN_SENT---the connection request for creating TCP
connection negotiation has been sent and the reply is being
waited.
SYN_RCVD---the connection request from the peer has been
received and the acknowledgement information and its own
connection request have also been sent out; the acknowledge
information about the peer’s connection is being waited.
ESTABLISHED---the connection is successful; the data is being
transmitted; the data of the upper application can be received
and sent.
FIN_WAIT_1---the connection termination request has been
sent to the peer; the acknowledgement information and the
connection termination request from the peer are being waited.
FIN_WAIT_2---the connection termination request has been
sent to the peer and the acknowledgement information from the
peer has been received; the connection termination request
from the peer is being waited.
CLOSE_WAIT--- the connection termination request from the
peer has been received and the acknowledgement information
has been sent out; the local user is being waited to close the
connection. Once the user demands to close the connection, the
system sends out the connection termination request.
CLOSING--- the connection termination request has been sent
to the peer and the connection termination request from the peer
has been received and the acknowledgement information has
been sent out; the system is waiting for the local connection
termination request acknowledge from the peer.
- 23 -
Network Protocol Configuration Commands
[23 -> The first field (23) in the bracket means the local TCP port.
192.168.20.125:3828] The second field (192.168.20.125) in the bracket means the
remote IP address.
The third field (3828) in the bracket means the remote TCP port.
sending SYN Means a connection request message is sent out (SYN in the
control bits of the TCP header is set). Other TCP control bits
include SYN, ACK, FIN, PSH, RST and URG.
seq 50658312 Means that the sequence number for sending the message is
50658312.
ack 3130379657 Means that the acknowledgement number for sending the
message is 3130379657.
rcvd FIN Means that the connection termination request is received (FIN
in the control bits of the TCP header is set).
connection closed by Means that the upper application requires closing the TCP
user connection.
Related command
Parameter
Command mode
Management mode
- 24 -
Network Protocol Configuration Commands
Example
switch#debug ip udp
switch#UDP: rcvd src 192.168.20.99(520), dst 192.168.20.255(520), len = 32
UDP: sent src 192.168.20.22(20001), dst 192.168.20.43(1001), len = 1008
Field Description
src Means the source IP address of the UDP message and the UDP
port.
dst Means the destination IP address of the UDP message and the
UDP port.
The first line in the previous information shows that a UDP message is received. The
UDP message is sent from host 192.168.20.99. Both the source port and the
destination port are port 520. The destination address is 192.168.20.255. The length of
the message is 32 bytes.
The second line in the previous information shows that a UDP message is sent. The
local address and the destination address are 192.168.20.22 and 192.168.20.43
respectively. The source port and the destination port are port 20001 and port 1001
respectively. The length of the message is 1008 bytes.
2.1.10 ip mask-reply
It is used to enable the switch to reply the mask request of the IP address on the
designated interface. Run the command no ip mask-reply to disable the function.
ip mask-reply
no ip mask-reply
default ip mask-reply
Parameter
Default
Command mode
Example
interface vlan 11
ip mask-reply
- 25 -
Network Protocol Configuration Commands
2.1.11 ip mtu
It is used to set the MTU of the IP message. To reuse MTUDefault, run the command
no ip mtu.
ip mtu bytes
no ip mtu
Parameter
Parameter Description
Default
It varies with different physical media of the interface. It is the same as MTU. The
minimum value is 68 bytes.
Command mode
Instruction
If the length of the IP message exceeds IP MTU configured on the interface, the switch
fragments the message. All devices connecting on the same physical media need be
configured the same MTU. The MTU affects the IP MTU. If the value of IP MTU is the
same as that of the MTU, the value of IP MTU automatically changes to the new value
of the MTU when the MTU value changes. The change of the IP MTU does not
affectthe MTU.
The minimum value of IP MTU is 68 bytes and the maximum value of IP MTU cannot
exceed the MTU value configured on the interface.
Example
The following example shows that IP MTU on interface vlan 10 is set to 200:
interface vlan 10
ip mtu 200
Related command
mtu
2.1.12 ip redirects
It is used to send the IP ICMP redirect message. You can run the command no ip
redirects not to send the IP ICMP redirect message.
ip redirects
no ip redirects
- 26 -
Network Protocol Configuration Commands
Parameter
Default
The IP redirect message is sent by default. However, if you configure the hot standby
switch protocol, the function is disabled automatically. If the hot standby switch
protocol is cancelled, the function cannot be automatically enabled.
Command mode
Instruction
When the switch finds that the forwarding interface of the gateway is the same as the
the reception interface and the source host directly connects the logical network of the
interface, the switch sends an ICMP redirect message, notifying the source host to
take the switch as the gateway to the destination address.
If the hot standby switch protocol is configured on the interface, the message may be
dropped when the IP redirect message is sent.
Example
The following example shows that the ICMP redirect message can be sent on interface
vlan 10:
interface vlan 10
ip redirects
2.1.13 ip source-route
It is used to enable the routing switch to process the IP message with the source IP
route. To enable the routing switch to drop the IP message with the source IP route,
run the command no ip source-route.
ip source-route
no ip source-route
Parameter
None
Default
Command mode
Example
The following command enables the routing switch to process the IP message with the
source IP route.
- 27 -
Network Protocol Configuration Commands
ip source-route
Related command
ping
Parameter
Parameter Description
seconds Time for waiting for the TCP connection, which ranges from 5 to
300 seconds
Its default value is 75 seconds.
Default
75 seconds
Command mode
Instruction
When the switch originates the TCP connection, if the TCP connection is unsuccessful
after the waiting time, the switch considers that the connection fails and sends the
result to the upper application. You can set the waiting time for the successful TCP
connection. The default value is 75 seconds. The option has nothing with the TCP
connection message forwarded by the switch. However, it is relevant with the local
TCP connection of the switch.
To know the current value of the waiting time, run the command ip tcp synwait-time ?.
The value in the square bracket is the current value.
Example
The following example shows that the waiting time of the TCP connection is set to 30
seconds:
switch_config#ip tcp synwait-time 30
switch_config#ip tcp synwait-time ?
<5-300>[30] seconds -- wait time
- 28 -
Network Protocol Configuration Commands
Parameter
Parameter Description
Default
2000 bytes
Command mode
Instruction
Do not hastly modify the default value of the window size unless you have a definite
purpose. You can run the command ip tcp window-size ? to know the current value.
The value in the square bracket is the current value.
Example
The following example shows that the size of the TCP window is set to 6000 bytes:
switch_config#ip tcp window-size 6000
switch_config#ip tcp window-size ?
<1-65535>[6000] bytes -- Window size
2.1.16 ip unreachables
It is used to enable the switch to send the ICMP unreachable message. To stop sending
the message, run the command no ip unreachables.
ip unreachables
no ip unreachables
Parameter
Default
Command mode
- 29 -
Network Protocol Configuration Commands
Instruction
When the switch forwards the IP message, the message is dropped if the relevant route
is not in the routing table. In this case, the switch sends the ICMP unreachable
message to the source host. According to the information in the ICMP unreachable
message, the source host promptly detects the fault and removes it.
Example
The following example shows that the interface vlan 10 is set to send the ICMP
unreachable message:
interface vlan 10
ip unreachables
Parameter
Command mode
Management mode
Example
switch#show ip sockets
Proto Local Port Remote Port In Out
17 0.0.0.0 0 0.0.0.0 0 69 0
6 0.0.0.0 0 0.0.0.0 0 23 0
Field Description
Proto IP number
The protocol number of UDP is 17 and the number of TCP is 6.
- 30 -
Network Protocol Configuration Commands
Parameter
Command mode
Management mode
Example
switch#show ip traffic
IP statistics:
Rcvd: 0 total, 0 local destination, 0 delivered
0 format errors, 0 checksum errors, 0 bad ttl count
0 bad destination address, 0 unknown protocol, 0 discarded
0 filtered , 0 bad options, 0 with options
Opts: 0 loose source route, 0 record route, 0 strict source route
0 timestamp, 0 router alert, 0 others
Frags: 0 fragments, 0 reassembled, 0 dropped
0 fragmented, 0 fragments, 0 couldn't fragment
Bcast: 0 received, 0 sent
Mcast: 0 received, 0 sent
Sent: 230 generated, 0 forwarded
0 filtered, 0 no route, 0 discarded
ICMP statistics:
Rcvd: 0 total, 0 format errors, 0 checksum errors
0 redirect, 0 unreachable, 0 source quench
0 echos, 0 echo replies, 0 mask requests, 0 mask replies
0 parameter problem, 0 timestamps, 0 timestamp replies
0 time exceeded, 0 router solicitations, 0 router advertisements
Sent: 0 total, 0 errors
0 redirects, 0 unreachable, 0 source quench
0 echos, 0 echo replies, 0 mask requests, 0 mask replies
0 parameter problem, 0 timestamps, 0 timestamp replies
0 time exceeded, 0 router solicitations, 0 router advertisements
UDP statistics:
Rcvd: 28 total, 0 checksum errors, 22 no port, 0 full sock
Sent: 0 total
TCP statistics:
Rcvd: 0 total, 0 checksum errors, 0 no port
Sent: 3 total
IGMP statistics:
- 31 -
Network Protocol Configuration Commands
ARP statistics:
Rcvd: 8 total, 7 requests, 1 replies, 0 reverse, 0 other
Sent: 5 total, 5 requests, 0 replies (0 proxy), 0 reverse
Field Description
format errors Means that the format of the message is incorrect, such as the
incorrect length of the IP header.
bad hop count Means that the TTL value decreases to 0 when the routing
switch forwards the message. In this case, the message will be
dropped.
no route Means that the routing switch does not have relevant route
message.
Parameter
Command mode
Management mode
Example
switch#show tcp
TCB 0xE9ADC8
Connection state is ESTABLISHED, unread input bytes: 934
Local host: 192.168.20.22, Local port: 1023
Foreign host: 192.168.20.124, Foreign port: 513
- 32 -
Network Protocol Configuration Commands
Field Description
unread input bytes: Data that is processed by the lower-layer TCP and the upper
application has not received
- 33 -
Network Protocol Configuration Commands
Enqueued bytes for Bytes in the transmitter queue, including the data that is sent but
transmit: not yet acknowledged and the data that is not sent
After that, the information about the timer of the current connection is displayed,
including its startup times, timeout times and the next-time timeout time. The value 0
means that the timer does not run currently. Each connection has its own unique timer.
The timeout times is less than the startup times because the timer may be reset in its
process. For example, when the retransmission timer works, the system will receive the
acknowledgements for all data from the peer. In this case, the retransmission timer
stops running.
Timer Starts Wakeups Next(ms)
Retrans 33 1 0
TimeWait 0 0 0
SendWnd 0 0 0
KeepAlive 102 0 7199500
Field Description
TimeWait Time Waiting timer, which is used to know that the peer has
already received the acknowledgement of the connection
termination request.
- 34 -
Network Protocol Configuration Commands
After the timer is displayed, the sequence number of the TCP connection is displayed.
TCP uses the sequence number to gurantee reliable and orderly data transmission.
The local or remote host can control the traffic and send the acknowledgement
information according to the sequence number.
iss: 29139463 snduna: 29139525 sndnxt: 29139525 sndwnd: 17520
irs: 709124039 rcvnxt: 709205436 rcvwnd: 4380
Field Description
snduna: Sequence number of the first byte in the data that is already sent
but whose acknowledgement information has not been received
sndnxt: Transmission sequence number of the first data in the data that
is sent later
The transmission time recorded by the local host is displayed afterwards. The system
can adapt itself to different networks according to the transmission time.
SRTT: 15 ms, RXT: 2500 ms, RTV: 687 ms
minRXT: 1000 ms, maxRXT: 64000 ms, ACK hold: 200 ms
Field Description
ACK hold: Maximum delay time when the acknowledgement is delayed for
being sent together with the data
Field Description
max data segment is Maximum length of the data segment which is permitted by the
- 35 -
Network Protocol Configuration Commands
connection
Rcvd: Number of messages that the local host receives during the
connection procedure, including the number of the misordered
messages
Sent: Number of messages that are sent or resent by the local host
during the connection procedure
Related command
Parameter
Parameter Description
all An optional parameter, which means that all ports are displayed
If the parameter is not entered, the system does not display the
ports in the LISTEN state.
Command mode
Management mode
Example
Field Description
- 36 -
Network Protocol Configuration Commands
Related command
show tcp
show tcp tcb
Parameter
Command mode
Management mode
Example
Field Description
bad offset Number of messages showing that the data offset is incorrect
- 37 -
Network Protocol Configuration Commands
too short Number of messages showing that the message length is less
than the minimum effective length
partially dup packets Number of received messages that are partly duplicated
packets with data after Number of messages whose data exceeds the receiption
window window
packets after close Number of messages that are received after the connection is
closed
ack packets with unsent Number of received messages that are acknowledged but has
data not been sent
Sent Statistics data about messages that are sent by the routing
switch
control packets Number of the transmitted control messages (SYN, FIN or RST)
- 38 -
Network Protocol Configuration Commands
Related command
Parameter
Parameter Description
Command mode
Management mode
Example
TCB 0xEA38C8
Connection state is ESTABLISHED, unread input bytes: 0
Local host: 192.168.20.22, Local port: 23
Foreign host: 192.168.20.125, Foreign port: 1583
- 39 -
Network Protocol Configuration Commands
Related command
show tcp
show tcp brief
- 40 -
Commands for Fast Ethernet Ring
Protection Mechanism
Table of Contents
Table of Contents
Table of Contents ................................................................................................................................ I
Chapter 1 Commands for Fast Ethernet Ring Protection Mechanism ............................................... 1
1.1 Global Configuration Commands.......................................................................................... 1
1.1.1 ether-ring .................................................................................................................... 1
1.1.2 control-vlan................................................................................................................. 2
1.1.3 master-node ............................................................................................................... 2
1.1.4 transit-node ................................................................................................................ 3
1.1.5 hello-time.................................................................................................................... 4
1.1.6 fail-time....................................................................................................................... 5
1.1.7 pre-forward-time ......................................................................................................... 6
1.1.8 distributed-mode......................................................................................................... 7
1.1.9 centralized-mode........................................................................................................ 8
1.2 Port Configuration Commands ............................................................................................. 9
1.2.1 ether-ring primary-port ............................................................................................... 9
1.2.2 ether-ring secondary-port......................................................................................... 10
1.2.3 ether-ring transit-port................................................................................................ 10
1.3 Show-Related Commands.................................................................................................. 12
1.3.1 show ether-ring......................................................................................................... 12
-I-
Commands for Fast Ethernet-Ring Potection Mechanism
1.1.1 ether-ring
To configure the node of the Ethernet ring, you need enter the node configuration
mode first and then run the following command.
ether-ring id
To cancel the node of the Ethernet ring, run the following command:
no ether-ring id
Parameter
Parameter Description
id ID of the node
Default value
Command mode
Usage Explanation
Before configuring the node, you need shut down the spanning tree protocol by
running no spanning-tree.
Example
S1_config#no spanning-tree
S1_config#ether-ring 1
S1_config_ring1#
Related command
None
-1-
Commands for Fast Ethernet-Ring Potection Mechanism
1.1.2 control-vlan
To configure the control VLAN of the ring node, run the following command:
control-vlan vlan-id
Parameter
Parameter Description
vlan-id ID of the control VLAN
Value range: 1-4094
Default value
Command mode
Usage Explanation
1. Any VLAN can be configured as the control VLAN of the node. However, the
establishment of the control VLAN does not mean that the corresponding system
VLAN can be created. The user need create the system VLAN manually.
2. After the control VLAN and node types of the Ethernet ring are configured, you
cannot modify the control VLAN even if the system exits from the Ethernet ring
configuration mode because the Ethernet ring has already been started.
Example
S1_config#ether-ring 1
S1_config_ring1#control-vlan 2
Related command
ether-ring
master-node
transit-node
1.1.3 master-node
master-node
-2-
Commands for Fast Ethernet-Ring Potection Mechanism
Parameter
None
Default value
Command mode
Usage Explanation
2. After the control VLAN and node types of the Ethernet ring are configured, you
cannot modify the control VLAN even if the system exits from the Ethernet ring
configuration mode because the node of the Ethernet ring has already been started.
Example
S1_config#ether-ring 1
S1_config_ring1#control-vlan 2
S1_config_ring1#master-node
Related command
control-vlan
transit-node
1.1.4 transit-node
To configure the node type to a transit node, run the following command:
transit-node
Parameter
None
Default value
-3-
Commands for Fast Ethernet-Ring Potection Mechanism
Command mode
Usage Explanation
2. After the control VLAN and node types of the Ethernet ring are configured, you
cannot modify the control VLAN even if the system exits from the Ethernet ring
configuration mode because the node of the Ethernet ring has already been started.
Example
S1_config#ether-ring 1
S1_config_ring1#control-vlan 2
S1_config_ring1#transit-node
Related command
control-vlan
master-node
1.1.5 hello-time
To configure the cycle for the master node to transmit the HEALTH packets of the
Ethernet ring, run the following command:
hello-time value
To resume the default value of the cycle, run the following command:
no hello-time
Parameter
Parameter Description
value Stands for a time value, whose unit is second.
Default value
-4-
Commands for Fast Ethernet-Ring Potection Mechanism
Command mode
Usage Explanation
2. By default, the value of the hello-time is smaller than that of the fail-time, which
avoids the Ethernet ring protocol from being shocked. After the hello-time is modified,
the corresponding fail-time need be modified too.
Example
S1_config#ether-ring 1
S1_config_ring1#control-vlan 2
S1_config_ring1#master-node
S1_config_ring1#hello-time 2
Related command
fail-time
1.1.6 fail-time
To configure the time cap of waiting for the HEALTH packets for the secondary port of
the master node, run the following command:
fail-time value
To resume the default value of the fail-time, run the following command:
no fail-time
Parameter
Parameter Description
value Stands for a time value, whose unit is second.
Default value
-5-
Commands for Fast Ethernet-Ring Potection Mechanism
Command mode
Usage Explanation
2. By default, the value of the fail-time is triple of the fail-time, which avoids the
Ethernet ring protocol from being shocked. After the hello-time is modified, the
corresponding fail-time need be modified too.
Example
S1_config#ether-ring 1
S1_config_ring1#control-vlan 2
S1_config_ring1#master-node
S1_config_ring1#hello-time 2
S1_config_ring1#fail-time 6
Related command
hello-time
1.1.7 pre-forward-time
To configure the time of maintaining the pre-forward state on the transit port, run the
following command:
pre-forward-time value
To resume the default value of the pre-forward-time, run the following command:
no pre-forward-time
Parameter
Parameter Description
value Stands for a time value, whose unit is second.
Default value
-6-
Commands for Fast Ethernet-Ring Potection Mechanism
Command mode
Usage Explanation
2. By default, the pre-forward-time on the transit node is three times the value of the
hello-time on the master node, which avoids the network loop from being occurred
after the transmission link recovers from disconnection. After the hello-time of the
master node is modified, the corresponding pre-forward-time on the transit node need
be adjusted.
Example
S1_config#ether-ring 1
S1_config_ring1#control-vlan 2
S1_config_ring1#transit-node
S1_config_ring1#pre-forward-time 8
Related command
None
1.1.8 distributed-mode
Parameter
None
Default value
By default, the configured node of the Ethernet ring automatically works in distributed
mode.
Command mode
Usage Explanation
-7-
Commands for Fast Ethernet-Ring Potection Mechanism
2. In distributed mode, all events about the Ethernet ring such as the link disconnection
of the Ethernet ring are handled in priority by the wire card of the switch to obtain the
higher convergence performance.
Example
S1_config#ether-ring 1
S1_config_ring1#distributed-mode
Related command
centralized-mode
1.1.9 centralized-mode
To set the working mode of the Ethernet ring protection protocol to the MSU
centralized control, run centralized-mode.
Parameter
None
Default value
Command mode
Usage Explanation
2. After the MSU centralized mode is configured, the wire card of the switch does not
handle the Ethernet ring events.
Example
S1_config#ether-ring 1
S1_config_ring1#distributed-mode
Related command
distributed-mode
-8-
Commands for Fast Ethernet-Ring Potection Mechanism
To set a port to be the primary port of a master node, run the following command:
ether-ring id primary-port
To cancel the primary port configuration of a port, run the following command:
no ether-ring id primary-port
Parameter
Parameter Description
id ID of the node
Default value
Command mode
The physical port configuration mode and the converged port configuration mode
Note: The versions of switch software prior to version 2.0.1L and the versions of hi-end
switch software prior to version 4.0.0M do not support the configuration of the
converged port.
Usage Explanation
The primary port can be configured only after the control VLAN and node type of the
Ethernet ring are configured, and when the node type is the master node.
Example
Related command
master-node
ether-ring secondary-port
-9-
Commands for Fast Ethernet-Ring Potection Mechanism
To set a port to be the secondary port of a master node, run the following command:
ether-ring id secondary-port
no ether-ring id secondary-port
Parameter
Parameter Description
id ID of the node
Default value
Command mode
The physical port configuration mode and the converged port configuration mode
Note: The versions of switch software prior to version 2.0.1L and the versions of hi-end
switch software prior to version 4.0.0M do not support the configuration of the
converged port.
Usage Explanation
The secondary port can be configured only after the control VLAN and node type of the
Ethernet ring are configured, and when the node type must be the master node.
Example
Related command
master-node
ether-ring primary-port
To set a port to be the transit port of a transit node, run the following command:
- 10 -
Commands for Fast Ethernet-Ring Potection Mechanism
ether-ring id transit-port
no ether-ring id transit-port
Parameter
Parameter Description
id ID of the node
Default value
Command mode
The physical port configuration mode and the converged port configuration mode
Note: The versions of switch software prior to version 2.0.1L and the versions of hi-end
switch software prior to version 4.0.0M do not support the configuration of the
converged port.
Usage Explanation
The transit port can be configured only after the control VLAN and node type of the
Ethernet ring are configured, and when the node type must be the transit node. Two
transit ports can be configured on one transit node.
Example
S1_config_ring1#exit
S1_config#interface fastEthernet 0/1
S1_config_f0/1#ether-ring 1 transit-port
S1_config_f0/1#exit
S1_config#interface fastEthernet 0/3
S1_config_f0/3#ether-ring 1 transit-port
S1_config_f0/3#exit
Related command
transit-node
- 11 -
Commands for Fast Ethernet-Ring Potection Mechanism
To display the summary information about the Ethernet-ring node, run the following
command:
show ether-ring id
To display the detailed information about the Ethernet-ring node, run the following
command:
To display the information about the Ethernet-ring port, run the following command:
Parameter
Parameter Description
id ID of the node
Default value
None
Command mode
Usage Explanation
None
Example
None
Related command
None
- 12 -
QoS Function Configuration Commands
Table of Contents
Table of Contents
Chapter 1 QoS Service Configuration Commands ............................................................................ 1
1.1 QoS Configuration Commands............................................................................................. 1
1.1.1 cos default .................................................................................................................. 1
1.1.2 cos map...................................................................................................................... 2
1.1.3 scheduler wrr bandwidth ............................................................................................ 3
1.1.4 scheduler policy.......................................................................................................... 3
1.1.5 policy-map .................................................................................................................. 4
1.1.6 classify........................................................................................................................ 5
1.1.7 action.......................................................................................................................... 5
1.1.8 qos policy ................................................................................................................... 6
-I-
QoS Function Configuration Commands
description
parameter
parameter description
default
instruction
example
-1-
QoS Function Configuration Commands
description
parameter
parameter description
default
0 1
1 2
2 3
3 4
4 5
5 6
6 7
7 8
instruction
example
The following example maps CoS 0-2 to CoS priority queue 1and maps CoS 3 to
priority queue 2:
Switch(config-if)# cos map 1 0 1 2
Switch(config-if)# cos map 2 3
-2-
QoS Function Configuration Commands
description
parameter
parameter description
default
All CoS priority queue metrics must be the same, the eight CoS priority queue metrics
are all 12.
instruction
example
description
parameter
parameter description
-3-
QoS Function Configuration Commands
default
use SP
instruction
example
1.1.5 policy-map
description
policy-map name
no policy-map name
To set QOS policy-map, use the policy-map command
parameter
Parameter description
default
none
instruction
example
-4-
QoS Function Configuration Commands
1.1.6 classify
description
Parameter Description
mac access-group Configure the matching MAC access list name. the valid range is
mac-access-name 1 to 16 characters
vlan vlan-id Configure the matching VLAN, the valid range is 1 to 4094
cos cos Configure the matching COS value, the valid range is 0 to 7
default
instruction
example
1.1.7 action
description
-5-
QoS Function Configuration Commands
parameter
paramter description
no-match Influence all the traffic that do not meet the demand
dscp dscp-value Define the dscp field of the matching traffic as dscp-value, the
range is 0 to 63
cos cos-value Define cos field of the matching traffic as cos-value, the range is
0 to 7
default
none
instruction
example
description
paramter
parameter description
-6-
QoS Function Configuration Commands
deault
none
instruction
example
-7-
Anti-Attack Configuration Commands
Table of Contents
Table of Contents
Chapter 1 Anti-Attack Configuration Commands.................................................................................................................. 1
1.1 Anti-Attack Configuration Commands.................................................................................................................... 1
1.1.1 filter period time......................................................................................................................................... 1
1.1.2 filter threshold value .................................................................................................................................. 1
1.1.3 filter block-time value................................................................................................................................. 2
1.1.4 filter igmp................................................................................................................................................... 3
1.1.5 filter arp ..................................................................................................................................................... 3
1.1.6 filter enable................................................................................................................................................ 3
1.1.7 show filter .................................................................................................................................................. 4
-I-
Anti-Attack Configuration Commands
To configure filter period for attack, use the filter period command.
parameter
parameter Description
time The filter period for attack in seconds. It is considered as attack when the
attack source sends packets above the specified number in any filter
period time.
default
10 seconds
Command mode
example
Switch_config#filter period 15
Related commands
To configure the filter threshold value, use the filter thresholf value command.
parameter
parameter Description
value It is considered as attack when the receiving packets excddes the filter
threshold value.
-1-
Anti-Attack Configuration Commands
default
1000
command mode
example
Related commands
To configure the time to block attack resource, use the filter block-time value
command.
parameter
parameter description
Value Time to block attack source in seconds.
default
300 seconds
command mode
example
Related commands
-2-
Anti-Attack Configuration Commands
parameter
none
Command mode
example
Switch_config#filter igmp
Related commands
filter enable
parameter
none
Command mode
example
Switch_config_f0/1#filter arp
Related commands
filter enable
-3-
Anti-Attack Configuration Commands
parameter
none
Command mode
example
Switch_config#filter enable
Related commands
filter igmp
filter arp
To display working state of the anti-attack feature of the current switch, use the show
filter command.
parameter
none
command mode
non-user mode
Switch#show fil
Filter threshold: 1000 packet in any 10 seconds
Filters blocked:
Address seconds source interface
00a0.0c13.647d 27.0 FastEthernet1/2
Filters counting:
Address seconds count source interface
00a0.0c43.647d 1.84 371 FastEthernet1/2
Filters blocked: indicates MAC address of the blocked attack source, blocked time and
source interface.
Filters counting: indicates MAC address of the attack source, counting time, the
number of the receiving packets and the source interface.
-4-
Security Configuration Command
Table of Contents
Table of Contents
Chapter 1 AAA Authentication Configuration Commands .................................................................................................... 1
1.1 AAA Authentication Configuration Commands ...................................................................................................... 1
1.1.1 aaa authentication enable default ............................................................................................................. 1
1.1.2 aaa authentication login ............................................................................................................................ 2
1.1.3 aaa authentication password-prompt ........................................................................................................ 4
1.1.4 aaa authentication username-prompt........................................................................................................ 5
1.1.5 aaa group server ....................................................................................................................................... 6
1.1.6 debug aaa authentication.......................................................................................................................... 7
1.1.7 enable password ....................................................................................................................................... 8
1.1.8 server ........................................................................................................................................................ 9
1.1.9 service password-encryption................................................................................................................... 10
1.1.10 username .............................................................................................................................................. 11
Chapter 2 RADIUS Configuration Commands.................................................................................................................... 13
1.2 RADIUS Configuration Commands ..................................................................................................................... 13
1.2.1 debug radius............................................................................................................................................ 13
1.2.2 ip radius source-interface........................................................................................................................ 14
1.2.3 radius-server challenge-noecho.............................................................................................................. 15
1.2.4 radius-server deadtime............................................................................................................................ 16
1.2.5 radius-server host.................................................................................................................................... 17
1.2.6 radius-server optional-passwords ........................................................................................................... 18
1.2.7 radius-server key..................................................................................................................................... 18
1.2.8 radius-server retransmit .......................................................................................................................... 19
1.2.9 radius-server timeout............................................................................................................................... 20
1.2.10 radius-server vsa send.......................................................................................................................... 21
-I-
Security Configuration Commands
parameter
parameter description
default
If the default list is not set, only the enable password is checked. This has the same
effect as the following command:
-1-
Security Configuration Commands
command mode
Global configuration
instruction
Use the aaa authentication enable default command to create a series of authentication
methods that are used to determine whether a user can access the privileged
command level. Method keywords are described in Table 1. The additional methods of
authentication are used only if the previous method returns an error, not if it fails. To
specify that the authentication should succeed even if all methods return an error,
specify none as the final method in the command line.
Table 0-1 aaa authentication enable default Methods
Keyword Description
example
The following example creates an authentication list that first tries to contact a
TACACS+ server. If no server can be found, AAA tries to use the enable password. If
this attempt also returns an error (because no enable password is configured on the
server), the user is allowed access with no authentication.
aaa authentication enable default line enable none
related commands
enable password
-2-
Security Configuration Commands
parameter
parameter description
Default Uses the listed authentication methods that follow this argument
as the default list of methods when a user logs in.
default
If the default list is not set, only the local user database is checked. This has the same
effect as the following command:
aaa authentication login default none
command mode
Global configuration
instruction
The default and optional list names that you create with the aaa authentication login
command are used with the login authentication command.
The additional methods of authentication are used only if the previous method returns
an error, not if it fails. To ensure that the authentication succeeds even if all methods
return an error, specify none as the final method in the command line.
If authentication is not specifically set for a line, the default is to deny access and no
authentication is performed.
Table 0-2 AAA authentication login Methods
Keyword Description
example
The following example creates an AAA authentication list called TEST. This
authentication first tries to contact a TACACS+ server. If no server is found, TACACS+
-3-
Security Configuration Commands
returns an error and AAA tries to use the enable password. If this attempt also returns
an error (because no enable password is configured on the server), the user is allowed
access with no authentication.
related commands
none
parameter
parameter description
test-string String of text that will be displayed when the user is prompted to
enter a password.
default
command mode
Global configuration
instruction
Use the aaa authentication password-prompt command to change the default text that
the software displays when prompting a user to enter a password. This command
changes the password prompt for the enable password as well as for login passwords
that are not supplied by remote security servers. The no form of this command returns
the password prompt to the default value:
Password:
The aaa authentication password-prompt command does not change any dialog that is
supplied by a remote TACACS+ server.
-4-
Security Configuration Commands
example
The following example changes the text for the username prompt:
aaa authentication password-prompt YourPassword:
related commands
parameter
parameter description
text-string String of text that will be displayed when the user is prompted to
enter a username.
default
command mode
Global configuration
instruction
Use the aaa authentication username-prompt command to change the default text that
the software displays when prompting a user to enter a username. The no form of this
command returns the username prompt to the default value:
Username:
Some protocols (for example, TACACS+) have the ability to override the use of local
username prompt information. Using the aaa authentication username-prompt
command will not change the username prompt text in these instances.
Note:
-5-
Security Configuration Commands
The aaa authentication username-prompt command does not change any dialog that is
supplied by a remote TACACS+ server.
example
The following example changes the text for the username prompt:
aaa authentication username-prompt YourUsernam:
related commands
parameter
parameter description
default
command mode
Global configuration
instruction
Example
related commands
server
-6-
Security Configuration Commands
parameter
none
default
disabled
command mode
EXEC
instruction
Use this command to learn the methods of authentication being used and the results of
these methods.
example
The following is sample output from the debug aaa authentication command.
switch#debug aaa authentication
AAA: Authen start (0x1f74208), user=, authen_type=ASCII, priv=0, method-list=default
AAA: Use authen method LOCAL (0x1f74208).
AAA: Authen CONT, need username.
AAA: Authen CONT, need password.
AAA: Authen ERROR (0x1f74208)! Use next method.
AAA: Authen FAIL(0x1f74208)! Method-list polling finish.
Authen start (0x1f74208), user=, The authentication starts and the username
authen_type=ASCII, priv=0, is unknown. Uses ASCII-type authentication.
method-list=default The privileged level required for the user to
enter is 0. Uses the default authentication
method list.
UserID = 0x1f74208
Use authen method LOCAL (0x1f74208) Uses local authentication method. UserID =
0x1f74208
Authen ERROR (0x1f74208)! Use next Indicates that the local authentication fails,
-7-
Security Configuration Commands
related commands
none
parameter
parameter description
number Number between 1 and 15 that specifies the privilege level for
the user.
default
No password is defined.
command mode
Global configuration
instruction
Can not have spaces in the password that the switch configures. When using the
enable password command, you cannot input space if you enter a clear text password.
The length of the clear text password cannot exceed 126 characters.
The default level parameter is 15 without inputting the level parameter. If a privilege
level is not configured password, then no authentication is performed when a user
entering this priviledge level.
Our switch system only supports two types of encryption. The encryption type is 0 and 7
respectively. Parameter O indicates no password is defined and you enter a clear text
password in the following encrypted-password blank. Parameter 7 indicates a
-8-
Security Configuration Commands
self-defined algorithm is used for encryption and you enter encrypted text password in
the following encrypted-password blank. This encryted text password can be copied
from the configuration file of other switch.
example
The following example adds password clever for the privige level 10, uses
encryption-type 0, that is, the clear text password:
enable password 0 clever level 10
The following example adds password Oscar for the default privilege (15), uses
encryption-type 7, that is, the encrypted text password:
enable password 7 074A05190326
Assuming the encrypted text password of Oscar is 074A05190326, which is obtained
from the configuration file of other switch.
related commands
1.1.8 server
To add a server in the AAA server group, use the server command in server-group
configuration mode. To remove the associated server from the authentication,
authorization, and accounting (AAA) group server, use the no form of this command.
server A.B.C.D
no server A.B.C.D
parameter
parameter description
default
No server
command mode
Server-group configuration
instruction
-9-
Security Configuration Commands
example
related commands
service password-encryption
no service password-encryption
parameter
none
default
No encryption
command mode
global configuration
instruction
Currently in the realization of our switch system, this command is related to username
password, enable password and password. If this command is not configured on the
switch (namely default state), and the system uses the clear text storage method in the
above three commands, then the configured clear text of the password can be
displayed in the show running-config command. If this command is configured on the
switch, then the configured password of the above three commands will be encrypted,
then the configured clear text of the password cannot be displayed in the show
running-config command, even using the no service password-encryption cannot
restore the clear text of the password. Please make sure of the configured password
before using this command for encryption. The no service password-encryption
command only has effect on the password configured by the service
password-encryption command.
example
Use the following command to encrypt for the configured clear text password and also
to encrypt for the clear text password that configured after using this command.
switch_config#service password-encryption
related commands
- 10 -
Security Configuration Commands
password
1.1.10 username
To establish a username-based authentication system, use the username command in
global configuration mode. Use the no form of this command to remove an established
username-based authentication.
parameter
parameter description
default
command mode
global configuration
instruction
- 11 -
Security Configuration Commands
self-defined algorithm is used for encryption and you enter encrypted text password in
the following encrypted-password blank. This encryted text password can be copied
from the configuration file of other switch.
example
The following example adds a local user, its username is someone, its password is
someother:
username someone password someother
The following example adds a local user, its user name is Oscar, its password is Joan,
uses encryption-type 7, that is, the encrypted text password:
enable password 7 1105718265
Assuming the encrypted text password is 1105718265, which is obtained from the
configuration file of other switch.
related commands
- 12 -
Security Configuration Commands
parameter
parameter description
default
none
- 13 -
Security Configuration Commands
command mode
EXEC
instruction
Use this command to debug network system to locate the authentication failure reason.
Switch#debug radius event
RADIUS:return message to aaa, Give me your username
RADIUS:return message to aaa, Give me your password
RADIUS:inital transmit access-request [4] to 192.168.20.126 1812 <length=70>
RADIUS:retransmit access-request [4] to 192.168.20.126 1812 <length=70>
RADIUS:retransmit access-request [4] to 192.168.20.126 1812 <length=70>
RADIUS:192.168.20.126 is dead to response [4]
RADIUS:Have tried all servers,return error to aaa
return message to aaa, Give me your It needs the password that corresponds to the
password username
192.168.20.126 is dead to response [4] The server doesn’t respond after many times
of retransmittion. This serve is marked as
dead.
Have tried all servers,return error to aaa RADIUS cannot complete this authentication
and returns to error.
example
- 14 -
Security Configuration Commands
no ip radius source-interface
parameter
parameter description
interface-name Name of the interface that RADIUS uses for all of its outgoing
packets.
default
command mode
global configuration
instruction
Use this command to set the IP address of a subinterface to be used as the source
address for all outgoing RADIUS packets. The IP address is used as long as the
subinterface is in the up state. In this way, the RADIUS server can use one IP address
entry for every network access client instead of maintaining a list of IP addresses.
This command is especially useful in cases where the router has many subinterfaces
and you want to ensure that all RADIUS packets from a particular router have the same
IP address.
The specified subinterface must have an IP address associated with it. If the specified
subinterface does not have an IP address or is in the down state, then RADIUS reverts
to the default. To avoid this, add an IP address to the subinterface or bring the
subinterface to the up state.
example
The following example shows how to configure RADIUS to use the IP address of vlan 1
for all outgoing RADIUS packets:
ip radius source-interface vlan 1
related commands
ip tacacs source-interface
parameter
none
- 15 -
Security Configuration Commands
default
command mode
global configuration
instruction
none
example
radius-server challenge-noecho
parameter
parameter description
default
command mode
global configuration
instruction
Use this command to cause the software to mark as "dead" any RADIUS servers that
fail to respond to authentication requests, thus avoiding the wait for the request to time
out before trying the next configured server. A RADIUS server marked as "dead" is
skipped by additional requests for the duration of minutes or unless there are no
servers not marked "dead."
example
The following example specifies five minutes deadtime for RADIUS servers that fail to
respond to authentication requests:
radius-server deadtime 5
- 16 -
Security Configuration Commands
related commands
radius-server host
radius-server retransmit
radius-server timeout
parameter
parameter Description
default
command mode
global configuration
instruction
You can use multiple radius-server host commands to specify multiple hosts. The
software searches for hosts in the order in which you specify them.
example
The following example specifies host 1.1.1.1 as the RADIUS server and uses default
ports for both accounting and authentication
radius-server host 1.1.1.1
The following example specifies port 12 as the destination port for authentication
requests and port 16 as the destination port for accounting requests on the RADIUS
host named host1:
- 17 -
Security Configuration Commands
related commands
aaa authentication
radius-server key
tacacs server
username
parameter
default
disabled
command mode
global configuration
instruction
When the user enters the login name, the login request is transmitted with the name
and a zero-length password. If accepted, the login procedure completes. If the RADIUS
server refuses this request, the server software prompts for a password and tries again
when the user supplies a password. The RADIUS server must support authentication
for users without passwords to make use of this feature.
example
The following example configures the first login to not require RADIUS verification:
radius-server optional-passwords
related commands
radius-server host
- 18 -
Security Configuration Commands
no radius-server key
parameter
parameter description
default
command mode
Global configuration
instruction
The key entered must match the key used on the RADIUS daemon. All leading spaces
are ignored, and all white spaces cannot be included in the encrypted key.
example
The following example sets the encryption key to " firstime ":
radius-server key firstime
related commands
radius-server host
tacacs server
username
parameter
parameter description
- 19 -
Security Configuration Commands
default
3 attemps
command mode
global configuration
instruction
This command is generally used with the radius-server timeout command, indicating
the interval for which a router waits for a server host to reply before timing out and the
times of retry after timing out.
example
related commands
radius-server timeout
parameter
parameter description
default
5 seconds
command mode
global configuration
instruction
- 20 -
Security Configuration Commands
example
Use this command to set the number of seconds a router waits for a server host to reply
before timing out.
radius-server timeout 10
related commands
none
parameter
parameter description
default
disabled
command mode
global configuration
instruction
The Internet Engineering Task Force (IETF) draft standard specifies a method for
communicating vendor-specific information between the network access server and the
RADIUS server by using the vendor-specific attribute (attribute 26). Vendor-specific
attributes (VSAs) allow vendors to support their own extended attributes not suitable for
general use. The radius-server vsa send command enables the network access server
to recognize and use both accounting and authentication vendor-specific attributes.
Use the accounting keyword with the radius-server vsa send command to limit the set
of recognized vendor-specific attributes to just accounting attributes. Use the
authentication keyword with the radius-server vsa send command to limit the set of
recognized vendor-specific attributes to just authentication attributes.
example
The following example configures the network access server to recognize and use
vendor-specific accounting attributes:
radius-server vsa send accounting
- 21 -
Security Configuration Commands
related commands
radius-server host
- 22 -
EPON OAM Configuration Commands
Table of Contents
Table of Contents
Chapter 1 OAM Configuration Commands......................................................................................... 1
1.1 OAM Configuration Commands............................................................................................ 1
1.1.1 ethernet oam timeout ................................................................................................. 1
1.1.2 ethernet oam log ........................................................................................................ 2
1.1.3 ethernet oam log discovery ........................................................................................ 2
1.1.4 ethernet oam log link-monitor..................................................................................... 3
1.1.5 ethernet oam remote-loopback {start | stop | test} ..................................................... 4
1.1.6 show ethernet oam statistics...................................................................................... 5
1.1.7 show ethernet oam configuration ............................................................................... 6
1.1.8 show ethernet oam ctc version-negotiation-result ..................................................... 6
1.1.9 show ethernet oam loopback-test-result .................................................................... 7
1.1.10 show ethernet oam status ........................................................................................ 8
-I-
EPON OAM Configuration Command
Syntax
Parameter
Default value
Command mode
Instruction
This command can be used to configure some optional parameters for establishing the
OAM connection.
Example
The following example shows how to set the timeout time of connection to five
seconds.
switch_config#ethernet oam timeout 5
-1-
EPON OAM Configuration Command
Syntax
Parameter
None
Default value
enable
Command mode
Instruction
This command can be used to display or limit the EPON OAM log (including the OAM
discovery state machine and the link monitor). It is recommended to enable this log.
Example
The following example shows how to set and limit the EPON OAM log.
switch_config# ethernet oam log disable
Syntax
To display or restrain the discovery log of EPON OAM, run the previous command.
Parameter
None
-2-
EPON OAM Configuration Command
Default value
enable
Command mode
Instruction
This command is used to restrain the discovery log of EPON OAM, however, it is
recommended to enable this log.
Example
The following example shows how to display or restrain the discovery log of EPON
OAM:
switch_config# ethernet oam log discovery disable
Syntax
Parameter
None
Default value
enable
Command mode
Instruction
This command is used to restrain the link monitor log of EPON OAM, however, it is
recommended to enable this log.
-3-
EPON OAM Configuration Command
Example
The following example shows how to display or restrain the link monitor log of EPON
OAM:
switch_config# ethernet oam log link-monitor disable
Syntax
Parameter
Default value
None
Command mode
Privileged mode
Remarks
The remote OAM loopback cannot be enabled on the physical interface that belongs to
the aggregation interface.
Example
The following example shows how to positively start the remote OAM loopback on
interface EPON 0/1:1.
switch#ethernet oam remote-loopback start interface EPON0/1:1
-4-
EPON OAM Configuration Command
Syntax
Parameter
Default value
None
Remarks
None
Example
The following example shows how to display the number of the OAM packets which
are classified by packet types on interface EPON0/1:1.
switch#show ethernet oam statistics interface EPON0/1:1
Interface: E0/1:1
Counters:
---------
Information OAMPDU Tx : 494
Information OAMPDU Rx : 494
Unique Event Notification OAMPDU Tx :0
Unique Event Notification OAMPDU Rx :0
Duplicate Event Notification OAMPDU TX: 0
Duplicate Event Notification OAMPDU RX: 0
Loopback Control OAMPDU Tx :0
Loopback Control OAMPDU Rx :0
Variable Request OAMPDU Tx :0
Variable Request OAMPDU Rx :0
Variable Response OAMPDU Tx :0
Variable Response OAMPDU Rx :0
Organization Specific OAMPDU Tx :1
-5-
EPON OAM Configuration Command
Syntax
Parameter
None
Default value
None
Remarks
None
Example
Syntax
Parameter
-6-
EPON OAM Configuration Command
Default value
None
Remarks
None
Example
The following example shows how to display the OAM Runtime information on
interface E0/1:1.
switch# show ethernet oam ctc version-negotiation-result interface E0/1:1
Interface : E0/1:1
ctc_OAM_Ext_Status : 0x3
OUI : 11:11:11
ctc_OAM_Ext_version: 0x20
Syntax
Parameter
Default value
None
Remarks
None
-7-
EPON OAM Configuration Command
Example
The following example shows how to display the OAM loopback result on interface
E0/1:1.
Syntax
Parameter
Default value
None
Remarks
None
Example
The following example shows how to display the OAM status on interface E0/1:1.
switch#show ethernet oam status
Interface: E0/1:1
oam_table:
----------
Admin state: Enabled
Operational status: 108270576
-8-
EPON OAM Configuration Command
Mode: 4662140
Maximum oam pdu: 1518
Configuration revision: 0
Function supported: 7
peer_table:
-----------
Status: 4662140
MAC address: 00:13:25:ff:ff:81
Vendor OUI: 00:13:25
Vendor info: 0
mode: Passive
Maximum oam pdu: 1518
Configuration revision: 1
Function supported: 7
loopback_table:
--------------
Status:
-9-
Flow Encryption Configuration Commands
Table of Contents
Table of Contents
Chapter 1 Encryption Configuration Commands................................................................................ 1
1.1 Encryption Configuration Commands ................................................................................... 1
1.1.1 epon encryption triple-churning rekeying-timer-value ........................................... 1
1.1.2 epon encryption {enable | disable} ........................................................................ 2
-I-
Flow Encryption Configuration Commands
Syntax
no epon encryption
To enable or disable the global encryption of OLT, run the previous two commands
respectively.
Parameter
Default value
The default value of the encryption mode is triple-chuming and the time for key
update is 10000ms.
Command mode
Remarks
Only when the encryption function of the LLID port is enabled at the same time, the
underline encryption function can take effect.
-1-
Flow Encryption Configuration Commands
Example
The following example shows how to set the encryption mode of OLT to
triple-chuming.
switch_config# epon encryption triple-churning
Syntax
To enable or disable the underline encryption function of the LLID port, run the
previous two commands respectively.
Parameter
None
Default value
Command mode
Remarks
This command takes effect only when it is used together with the command epon
encryption triple-churning rekeying-timer-value.
Example
The following example shows how to disable the encryption function of interface
EPON0/1:1.
switch_config# interface EPON0/1:1
switch_config_epon0/1:1# epon encryption disable
-2-
EPON Multicast Configuration Commands
Table of Contents
Table of Contents
Chapter 1 OLT IGMP Multicast Configuration Commands ................................................................ 1
1.1.1 ip mcst {enable | disable} ........................................................................................... 2
1.1.2 ip mcst mc-vlan vlan_id range A.B.C.D&<1-n> ....................................................... 2
1.1.3 ip mcst vlan vlan_id static A.B.C.D interface intf ..................................................... 3
1.1.4 ip mcst timer router-age timer_value.................................................................. 4
1.1.5 ip mcst timer response-time timer_value ................................................................... 4
1.1.6 ip mcst mrouter interface inft_name........................................................................... 5
1.1.7 ip igmp-proxy enable.................................................................................................. 6
1.1.8 ip mcst querier{enable | disable} ................................................................................ 6
1.1.9 ip mcst querier address [ip_addr]............................................................................... 7
1.1.10 ip igmp-proxy last-member-query {count value1| interval value2} ........................... 8
1.1.11 ip mcst compatible {enable | disable} ....................................................................... 9
1.1.12 ip mcst mode ............................................................................................................ 9
1.1.13 ip mcst preview time............................................................................................... 10
1.1.14 show ip mcst............................................................................................................11
1.1.15 show ip mcst timer ................................................................................................. 12
1.1.16 show ip mcst groups............................................................................................... 12
1.1.17 show ip mcst statistics............................................................................................ 13
1.1.18 show ip igmp-proxy ................................................................................................ 14
1.1.19 debug ip mcst packet ............................................................................................. 14
1.1.20 debug ip mcst timer................................................................................................ 15
1.1.21 debug ip mcst timer................................................................................................ 16
1.1.22 debug ip mcst event ............................................................................................... 16
1.1.23 debug ip mcst error ................................................................................................ 17
1.1.24 debug ip igmp-proxy............................................................................................... 17
Chapter 2 Commands for OLT MLD Multicast Settings ................................................................... 19
2.1.1 ip mld-snooping {enable | disable} ........................................................................... 19
2.1.2 ip mld-snooping solicitation ...................................................................................... 20
2.1.3 ip mld-snooping mc-vlan vlan_id range A.B.C.D&<1-n>....................................... 21
2.1.4 ip mld-snooping vlan vlan_id static X:X:X:X::X interface intf ................................. 21
2.1.5 ip mld-snooping timer router-age timer_value .................................................... 22
2.1.6 ip mld-snooping timer response-time timer_value ................................................... 23
2.1.7 ip mld-snooping mrouter interface inft_name........................................................... 23
2.1.8 ip mld-proxying enable ............................................................................................. 24
2.1.9 ip mld-proxying querier address [ip_addr]................................................................ 25
2.1.10 ip mld-proxying last-member-query {count value1| interval value2} ...................... 25
2.1.11 show ip mld-snooping............................................................................................. 26
2.1.12 show ip mld-snooping timer ................................................................................... 27
2.1.13 show ip mld-snooping groups ................................................................................ 28
2.1.14 show ip mld-snooping statistics.............................................................................. 28
2.1.15 show ip mld-proxying ............................................................................................. 29
-I-
Table of Contents
- II -
EPON Multicast Configuration Commands
z ip igmp-proxy enable
z ip mcst mode
z ip mcst permission
z show ip mcst
z show ip igmp-proxy
z debug ip igmp-proxy
-1-
EPON Multicast Configuration Commands
Syntax
ip mcst enable
To enable and disable the IGMP snooping function, run epon onu mcst enable; to
resume the default value, run {no epon onu mcst | epon onu mcst disable}.
Parameter
None
Default value
Remarks
After IGMP snooping is enabled, when DLF occurs on multicast packets (that is, the
destination address is not registered in the swap chip through the igmp-snooping), all
multicast packets whose destination addresses are not registered on any port will be
dropped.
Example
The following example shows how to enable the IGMP snooping function:
switch_config# ip mcst enable
Syntax
Parameter
vlan_id VLAN ID
-2-
EPON Multicast Configuration Commands
Default value
None
Remarks
This command has two functions: one is that only the Report and Leave packets
whose destination IP addresses have been added to a multicast VLAN can be
received by IGMP snooping; the other one is that the VLAN tag which transforms
the next multicast flow is the multicast VLAN tag. One multicast VLAN can
include multiple continuous or discontinuous multicast IP addresses, while one
multicast IP address can only belong to one multicast VLAN.
Example
The following command is used to add multicast group 225.1.1.1 to multicast VLAN2:
switch_config#ip mcst mc-vlan 2 range 225.1.1.1
Note:
224.0.0.0-224.0.0.255, as unroutable multicast addresses, cannot be registered on each port.
Syntax
Parameter
inft An interface
Default value
None
Remarks
This command is used to configure the static multicast address of VLAN. Its negative
form is used to cancel the static multicast address.
-3-
EPON Multicast Configuration Commands
Example
The following example shows how to add the static multicast address 234.5.6.7 to port
EPON0/1:1.
switch_config# ip mcst vlan 1 static 234.5.6.7 interface EPON0/1:1
switch_config#
Note:
Syntax
Parameter
Default value
260 seconds
Remarks
This command is used to query the time of the timer of IGMP-Snooping. The negative
form of this command is used to resume the default value.
Example
The following example shows how to set the query time of the router to 300 seconds.
switch_config# ip mcst timer router-age 300
switch_config#
Syntax
-4-
EPON Multicast Configuration Commands
Parameter
Default value
15 seconds
Remarks
None
Example
The following example shows how to set the query response time of IGMP snooping to
20 seconds.
switch_config# ip mcst timer response-time 20
Syntax
To configure the port of the static multicast router of IGMP snooping, run ip mcst
mrouter interface inft_name.
Parameter
inft_name Shows the port type, the slot and the port ID.
Default value
15 seconds
-5-
EPON Multicast Configuration Commands
Remarks
None
Example
The following example shows how to set port G0/4 to the port of the static multicast
router of IGMP snooping.
switch_config# ip mcst timer mrouter interface G0/4
Syntax
ip igmp-proxy enable
To enable IGMP proxy, run ip mcst enable. To resume the default value, run {no ip
mcst | ip mcst disable}.
Parameter
None
Default value
Remarks
None
Example
Syntax
-6-
EPON Multicast Configuration Commands
To enable or disable the querier port in OLT, run ip mcst querier enable; to resume
the default settings, run no ip mcst querier | ip mcst querier disable.
Parameter
None
Default value
Remarks
After the querier port of OLT is added, this port can transmit the query packets
automatically in a regular time.
Example
The following example shows how to enable the querier port of OLT.
switch_config# ip mcst querier enable
Syntax
To set the source IP address of the automatic query packet, run ip mcst querier
address ip_addr. The negative form of this command is used to resume the default
value.
Parameter
Default value
-7-
EPON Multicast Configuration Commands
Remarks
None
Example
The following example shows how to set the source IP address of the query packet to
11.1.1.200:
switch_config# ip mcst querier address 11.1.1.200
Syntax
To set the source IP address of the automatic query packet, run ip igmp-proxy
last-member-query {count value1| interval value2}. The negative form of this
command is used to resume the default value.
Parameter
Default value
Remarks
None
Example
-8-
EPON Multicast Configuration Commands
Syntax
Parameter
None
Default value
Remarks
After the multicast compatible mode is enabled, OLT can support the IGMP snooping
multicast mode and the dynamic multicast mode by taking the LLID port as a unit. Only
in the default mode can the multicast mode of OLT be set and OLT only supports one
kind of multicast process at this case.
Example
The following example shows how to disable the multicast compatible function of OLT:
switch_config# ip mcst compatible disable
Syntax
Parameter
None
-9-
EPON Multicast Configuration Commands
Default value
Igmp-snooping mode
Remarks
After the OLT multicast mode is switched over, the multicast modes of all ONUs will be
automatically switched over to the same mode. The users therefore are free of the
trouble of setting ONUs one by one.
Example
The following example shows how to set the multicast mode to the controllable
multicast:
switch_config# ip mcst mode dynamic-controllable
Syntax
Parameter
Default value
None
Remarks
None
Example
- 10 -
EPON Multicast Configuration Commands
Syntax
show ip mcst
Parameter
None
Default value
None
Remarks
Example
The following example shows how to display the information about the IGMP-snooping
settings.
switch# show ip mcst
switch#
- 11 -
EPON Multicast Configuration Commands
Syntax
Parameter
None
Default value
None
Remarks
This command is used to display the information about the IGMP-snooping clock.
Example
The following example shows how to display the information about the IGMP-snooping
clock.
switch#show ip mcst timers
switch#
Querier on port G0/4: 251 means the timeout time of the ageing timer of the router.
vlan 2 multicast address 0100.5e01.0101 response time : This shows the time period from
receiving a multicast query packet to the present; if there is no host to respond when the timer
times out, the port will be canceled.
Syntax
Parameter
None
- 12 -
EPON Multicast Configuration Commands
Default value
None
Remarks
This command is used to display the information about the multicast group of
IGMP-snooping.
Example
The following example shows how to display the information about the multicast group
of IGMP-snooping.
switch# show ip mcst timer
Syntax
Parameter
None
Default value
None
Remarks
Example
The following example shows how to display the information about IGMP-snooping
statistics.
switch#show ip mcst statistics
v1_packets:0 Number of the IGMPv1 packets
v2_packets:6 Number of the IGMPv2 packets
- 13 -
EPON Multicast Configuration Commands
Syntax
show ip igmp-proxy
Parameter
None
Default value
None
Remarks
Example
The following example shows how to display the information about IGMP proxy.
switch#show ip igmp-proxy
Global IGMP proxy configuration
-------------------------------
Status : Disable
Last member query interval: 2
Last member query count :2
switch#
Syntax
- 14 -
EPON Multicast Configuration Commands
Parameter
None
Default value
None
Remarks
Example
The following example shows how to enable the debugging switch of MCST packets.
switch# debug ip mcst packet
switch#
Syntax
Parameter
None
Default value
None
Remarks
Example
- 15 -
EPON Multicast Configuration Commands
Syntax
Parameter
None
Default value
None
Remarks
Example
Syntax
Parameter
None
Default value
None
- 16 -
EPON Multicast Configuration Commands
Remarks
Example
Syntax
Parameter
None
Default value
None
Remarks
Example
The following example shows how to enable the error debugging switch of IGMP
snooping.
switch# debug ip mcst error
Syntax
no debug ip igmp-proxy
- 17 -
EPON Multicast Configuration Commands
Parameter
None
Default value
None
Remarks
Example
The following example shows how to enable the debugging switch of IGMP proxy.
switch# debug ip igmp-proxy
switch#
- 18 -
EPON Multicast Configuration Commands
z ip mld-proxying enable
z show ip mld-snooping
z show ip mld-proxying
Syntax
ip mld-snooping enable
To set the MLD snooping function, run ip mld-snooping enable; to resume the default
value, run {no ip mld-snooping | ip mld-snooping disable}.
Parameter
None
- 19 -
EPON Multicast Configuration Commands
Default value
Remarks
After MLD snooping is enabled, when DLF occurs on multicast packets (that is, the
destination address is not registered in the swap chip through the MLD-snooping), all
multicast packets whose destination addresses are not registered on any port will be
dropped.
Example
The following example shows how to enable the MLD snooping function:
switch_config# ip mld-snooping enable
Syntax
ip mld-snooping solicitation
no ip mld-snooping solicitation
Parameter
None
Default value
Remarks
None
Example
The following example shows how to enable the hardware forward of the multicast
group.
switch_config#ip mld-snooping solicitation
- 20 -
EPON Multicast Configuration Commands
Syntax
Parameter
vlan_id VLAN ID
Default value
None
Remarks
This command has two functions: one is that only the Report and Leave packets
whose destination IP addresses have been added to a multicast VLAN can be
received by MLD snooping; the other one is that the VLAN tag which transforms
the next multicast flow is the multicast VLAN tag. One multicast VLAN can
include multiple continuous or discontinuous multicast IP addresses, while one
multicast IP address can only belong to one multicast VLAN.
Example
The following command shows how to add multicast group ff12::5 to multicast VLAN2:
switch_config#ip mld-snooping mc-vlan 2 range ff12::5
Syntax
Parameter
- 21 -
EPON Multicast Configuration Commands
inft An interface
Default value
None
Remarks
This command is used to configure the static multicast address of VLAN. Its negative
form is used to cancel the static multicast address.
Example
The following example shows how to add the static multicast address ff12::5 to port
EPON0/1:1.
switch_config# ip mld-snooping vlan 1 static ff12::5 interface EPON0/1:1
switch_config#
Syntax
Parameter
Default value
260 seconds
Remarks
This command is used to query the time of the timer of MLD-Snooping. The negative
form of this command is used to resume the default value.
Example
The following example shows how to set the query time of the router to 300 seconds.
switch_config# ip mld-snooping timer router-age 300
- 22 -
EPON Multicast Configuration Commands
switch_config#
Syntax
Parameter
Default value
15 seconds
Remarks
None
Example
The following example shows how to set the query response time of IGMP snooping to
20 seconds.
switch_config# ip mld-snooping timer response-time 20
Syntax
To configure the port of the static multicast router of IGMP snooping, run ip mcst
mrouter interface inft_name.
Parameter
- 23 -
EPON Multicast Configuration Commands
inft_name Shows the port type, the slot and the port ID.
Default value
15 seconds
Remarks
None
Example
The following example shows how to set port G0/4 to the port of the static multicast
router of MLD snooping.
switch_config# ip mld-snooping timer mrouter interface G0/4
Syntax
ip igmp-proxy enable
To enable IGMP proxy, run ip igmp-proxy enable. To resume the default value, run
{no ip igmp-proxy enable}.
Parameter
None
Default value
Remarks
None
Example
- 24 -
EPON Multicast Configuration Commands
Syntax
To set the source IP address of the automatic query packet, run ip mcst querier
address ip_addr. The negative form of this command is used to resume the default
value.
Parameter
Default value
源 IP 地址默认为 FE80::3FF:FEFE:FD00:1。
Remarks
None
Example
The following example shows how to set the source IP address of the query packet to
FE80::3FF:FEFE:FD00:2:
switch_config# ip mld-proxying querier address FE80::3FF:FEFE:FD00:2
Syntax
To set the source IP address of the automatic query packet, run ip mld-proxying
last-member-query {count value1| interval value2}. The negative form of this
command is used to resume the default value.
Parameter
- 25 -
EPON Multicast Configuration Commands
value1 1-5
Default value
Remarks
None
Example
Syntax
show ip mld-snooping
Parameter
None
Default value
None
Remarks
Example
The following example shows how to display the information about MLD snooping.
switch#show ip mld-snooping
- 26 -
EPON Multicast Configuration Commands
None
switch#
Syntax
Parameter
None
Default value
None
Remarks
This command is used to display the information about the MLD-snooping clock.
Example
The following example shows how to display the information about the MLD-snooping
clock.
switch#show ip mld-snooping timers
switch#
Querier on port G0/4: 251 means the timeout time of the ageing timer of the router.
vlan 2 multicast address 3333.0000.0005 response time : This shows the time period from
receiving a multicast query packet to the present; if there is no host to respond when the timer
times out, the port will be canceled.
- 27 -
EPON Multicast Configuration Commands
Syntax
Parameter
None
Default value
None
Remarks
This command is used to display the information about the multicast group of
MLD-snooping.
Example
The following example shows how to display the information about the multicast group
of MLD-snooping.
switch# show ip mld-snooping timer
Syntax
Parameter
None
Default value
None
- 28 -
EPON Multicast Configuration Commands
Remarks
Example
The following example shows how to display the information about MLD-snooping
statistics.
switch#show ip mld-snooping statistics
v1_packets:0 Number of the IGMPv1 packets
v2_packets:6 Number of the IGMPv2 packets
v3_packets:0 Number of the IGMPv3 packets
general_query_packets:5 Number of the general query packets
special_query_packets:0 Number of the special query packets
listener_packets:6 Number of the Report packets
leave_packets:0 Number of the Leave packets
err_packets:0 Number of the error packets
Syntax
show ip mld-proxying
Parameter
None
Default value
None
Remarks
Example
The following example shows how to display the information about MLD proxy.
switch#show ip mld-proxying
Global MLD Proxying configuration
-------------------------------
Status : Disable
Last member query interval: 1
Last member query count :2
- 29 -
EPON Multicast Configuration Commands
switch#
- 30 -
EPON Multicast Configuration Commands
z epon onu port port_id ctc mcst mc-vlan {add vlanmap| delete
vlanmap|clear}
Syntax
To enable and disable the IGMP snooping function, run epon onu mcst enable; to
resume the default value, run {no epon onu mcst | epon onu mcst disable}.
Parameter
None
Default value
Remarks
After IGMP snooping is enabled, when DLF occurs on multicast packets (that is, the
destination address is not registered in the swap chip through the igmp-snooping), all
multicast packets whose destination addresses are not registered on any port will be
dropped. ONU only supports IGMP snooping V1 and IGMP snooping V2.
- 31 -
EPON Multicast Configuration Commands
Example
The following example shows how to enable the IGMP snooping function:
switch_config#interface e0/1:1
switch_config_e0/1:1#epon onu mcst enable
Syntax
To enable the ONU multicast mode, run epon onu ctc mcst switch
{ dynamic-controllable | igmp-snooping }; to resume the default value, run no epon
onu ctc mcst switch.
Parameter
None
Default value
Remarks
None
Example
The following example shows how to switch the ONU multicast mode over to the
controllable multicast:
switch_config#interface e0/1:1
switch_config_epon0/1:1#epon onu ctc mcst switch dynamic-controllable
Syntax
{no epon onu ctc mcst fast-leave | epon onu ctc mcst fast-leave disable}
- 32 -
EPON Multicast Configuration Commands
To configure the fast-leave attribute, run epon onu ctc mcst fast-leave enable; to
resume the default value, run {no epon onu ctc mcst fast-leave | epon onu ctc
mcst fast-leave disable}.
Parameter
None
Default value
Remarks
The configuration of the fast-leave attribute makes the ONU delete the corresponding
port in the port list of the corresponding multicast group shortly after ONU receives the
leave packet, while the timer is not enabled any more for waiting to see whether other
hosts will be added to the multicast group; if other hosts of a same port also belong to
this multicast group and are reluctant to leave, the multicast communication of these
hosts may be affected and in this case the fast-leave function should not be enabled.
Example
Syntax
Parameter
Default value
None
- 33 -
EPON Multicast Configuration Commands
Remarks
None
Example
The following example shows how to configure UNI 1 of ONU to forward the multicast
flow of the multicast 225.1.1.1.
switch_config#ip mcst permission interface E3/1:2 uni 1 range 225.1.1.1 permit
Syntax
{no epon onu port port_id ctc mcsttag-stripe | epon onu port port_id ctc mcst
tag-stripe disable}
To configure the tag-stripe attribute, which is used to remove the VLAN tag of the next
multicast packet that ONU receives, run epon onu port port_id ctc mcst tag-stripe
enable.
Parameter
Default value
Disable
Remarks
None
Example
The following example shows how to enable the Tag-Stripe function on UNI1 of ONU.
switch_config_epon0/1:1#epon onu port 1 ctc mcst tag-stripe enable
- 34 -
EPON Multicast Configuration Commands
Syntax
To configure the max-group-number attribute, which enables the UNI port of ONU to
limit the number of the concurrently forwarded multicast groups, run epon onu port
port_id ctc mcst max-group-number value.
Parameter
Default value
Remarks
None
Example
The following example shows how to configure UNI1 of ONU to allow 64 concurrent
multicast flows simultaneously: 1 最多同时允许 64 条组播流。
switch_config_epon0/1:1#epon onu port 1 ctc mcst max-group-number 64
3.1.7 epon onu port port_id ctc mcst mc-vlan {add vlanmap| delete
vlanmap|clear}
Syntax
epon onu port port_id ctc mcst mc-vlan {add vlanmap| delete vlanmap|clear}
To configure the correlation of the UNI port and the multicast VLAN so that ONU can
remove the VLAN tag of the downlink multicast packets, run the command above.
Parameter
- 35 -
EPON Multicast Configuration Commands
Default value
None
Remarks
None
Example
The following example shows how to configure UNI 1 of ONU to forward the multicast
flow of the multicast VLAN2.
switch_config_e0/1:1#epon onu port 1 ctc mcst mc-vlan add 2
- 36 -
Optical Fiber Protection Shift Commands
Table of Contents
Table of Contents
Chapter 1 Optical Fiber Protection Shift Commands ......................................................................... 1
1.1 epon b-psg ............................................................................................................................ 1
1.2 epon c-psg ............................................................................................................................ 2
1.3 epon psg member ................................................................................................................. 2
1.4 epon psg switch .................................................................................................................... 3
-I-
Optical Fiber Protection Shift Commands
Syntax
The commands above are used to create and delete a B-type PSG port respectively.
Parameter
Default value
If the sequence number of the logic port is not designated, you should take the unused
minimum value between 1 and 8.
Command mode
Remarks
This command is used to create a virtual port ; after the virtual port is successfully
created, you have to run epon psg member active epon-port standby epon-port
immediately to bind the to-be-protected PON port.
Example
-1-
Optical Fiber Protection Shift Commands
Syntax
The commands above are used to create and delete a C-type PSG port respectively.
Parameter
Default value
If the sequence number of the logic port is not designated, you should take the unused
minimum value between 1 and 8.
Command mode
Remarks
This command is used to create a virtual port ; after the virtual port is successfully
created, you have to run epon psg member active epon-port standby epon-port
immediately to bind the to-be-protected PON port.
Example
Syntax
The first command is used to add a protected PON port to the PSG port.
-2-
Optical Fiber Protection Shift Commands
Parameter
Default value
None
Command mode
Remarks
This command is to add the actually to-be-protected PON port to the PSG port.
Currently only when two PON ports are on the same OLT chip can they be supported.
Example
The following example shows how to bind EPON0/1 and EPON0/4 to PSG0/1:
switch_config#epon b-psg sequence 1
switch_config#interface psg 0/1
switch_config_psg0/1#epon psg member active e0/1 standby e0/4
Syntax
It is used to force the switchover of the key PON port of B-type PSG.
Parameter
Default value
None
Command mode
Privileged mode
-3-
Optical Fiber Protection Shift Commands
Remarks
This command is used to force the switchover of the PSG port only on the CTC B-type
protection mechanism.
Example
The following example shows how to switch over the PSG port mandatorily.
switch_config# epon psg switch interface psg 0/1
-4-
ONU Management Configuration
Commands
Table of Contents
Table of Contents
Chapter 1 Local ONU Management Commands ............................................................................... 1
1.1 Local ONU Management Commands................................................................................... 1
1.2 epon onu-registration-method mac....................................................................................... 2
1.3 epon bind-onu ....................................................................................................................... 2
1.4 epon onu-authen-method manual......................................................................................... 3
1.5 epon mpcp-registration-mode............................................................................................... 4
1.6 epon onu description ............................................................................................................ 5
1.7 epon conform-onu................................................................................................................. 6
1.8 epon deregister-onu.............................................................................................................. 6
1.9 clear epon dynamic-binding.................................................................................................. 7
1.10 epon dynamic-binding-timeout {disable | enable}............................................................... 8
1.11 epon dynamic-binding-timeout value .................................................................................. 9
1.12 epon ctc-oam-discovery-timeout {disable | enable}............................................................ 9
1.13 epon ctc-oam-discovery-timeout value............................................................................. 10
1.14 epon ace-reset-delay value count......................................................................................11
1.15 epon dying-gasp-log {disable | enable}............................................................................. 12
1.16 epon snmp-ipaddress ....................................................................................................... 12
1.17 serial-bridge remote.......................................................................................................... 13
1.18 show epon basic-info ........................................................................................................ 14
1.19 show epon encryption....................................................................................................... 15
1.20 show epon mpcp-registration-mode ................................................................................. 15
1.21 show epon onu-authen-method ........................................................................................ 16
1.22 show epon onu-registration-method ................................................................................. 17
1.23 show epon onu-information .............................................................................................. 18
Chapter 2 Global Remote Control Commands of ONU ................................................................... 19
2.1 Global Remote Control Commands of ONU....................................................................... 19
2.2 epon reboot onu.................................................................................................................. 20
2.3 epon update onu image ...................................................................................................... 21
2.4 epon commit-onu-image-update......................................................................................... 22
2.5 epon update onu eeprom-image......................................................................................... 22
2.6 epon ace-recover ................................................................................................................ 23
2.7 epon switch-onu-pon .......................................................................................................... 24
2.8 epon switch-onu-pon-and-back .......................................................................................... 25
2.9 epon onu encryption ........................................................................................................... 25
2.10 epon onu mac address-table static................................................................................... 26
2.11 epon onu clear mac address-table dynamic ..................................................................... 27
2.12 epon onu mac address-table learning .............................................................................. 28
2.13 epon onu mac address-table aging-time .......................................................................... 28
2.14 epon onu scheduler policy ................................................................................................ 29
2.15 epon onu scheduler wrr bandwidth................................................................................... 30
2.16 epon onu cos map ............................................................................................................ 31
-I-
Table of Contents
- II -
ONU Management Configuration Commands
z epon bind-onu
z epon mpcp-registration-mode
z epon conform-onu
z epon deregister-onu
z epon ace-reset-delay
z epon dying-gasp-log
z epon snmp-ipaddress
z serial-bridge remote
-1-
ONU Management Configuration Commands
Syntax
no epon onu-registration-method
To open the checkup mechanism of the ONU MAC address during MPCP registration,
run epon onu-registration-method mac.
Parameter
None
Default value
Command mode
Remarks
After the checkup of the ONU MAC address is enabled during MPCP registration,
successful registration can only be conducted to those ONUs that has been bound to
static entries through the running of the epon bind-onu mac-address llid-sequence
command.
Example
The following example shows how to open the checkup of MAC address' registration
on ONU of interface EPON0/1.
switch_config# interface EPON0/1
switch_config_epon0/1# epon onu-registration-method mac
Syntax
-2-
ONU Management Configuration Commands
To bind the MAC address of ONU to the EPON port and the LLID sequence number,
run this command.
Parameter
Default value
The MAC address has no default value, while the default value of llid-sequence is the
unoccupied minimum LLID sequence.
Command mode
Remarks
Only when this command is used together with the epon onu-registration-method
mac command can it take effect.
Example
The following example shows how to bind LLID sequence 1 of port EPON0/1 to ONU
00e0.0f00.00001:
switch_config# interface EPON0/1
switch_config_epon0/1# epon bind-onu 00e0.0f00.00001 1
Syntax
Parameter
None
-3-
ONU Management Configuration Commands
Default value
If the ONU authentication is not conducted, the registration then automatically passes
the authentication.
Command mode
Remarks
Example
The following example shows how to set the ONU authentication mode on port
EPON0/1 to the manual authentication:
switch_config# interface EPON0/1
switch_config_epon0/1#epon onu-authen-method manual
Syntax
Parameter
Default value
Command mode
-4-
ONU Management Configuration Commands
Remarks
None
Example
The following example shows how to set the delay of MPCP of port EPON0/1 to 30ms.
OLT_config_epon0/1# epon mpcp-registration-mode ctc 20
Syntax
To add the description string for ONU, run the previous command.
Parameter
Default value
None
Command mode
Remarks
None
Example
The following example shows how to set the description string of ONU on port
EPON0/1:1 to p1004.
-5-
ONU Management Configuration Commands
Syntax
To enable the registered ONU to pass authentication, run the previous command.
Parameter
slot/port[:sequence] The slot parameter stands for the slot number, the port
parameter stands for the EPON port number and the sequence
parameter stands for the LLID sequence.
Default value
None
Command mode
Privileged mode
Remarks
None
Example
The following example shows how to get ONU authenticated on port EPON0/1:1.
Switch# epon conform-onu interface epon 0/1:1
Syntax
Parameter
-6-
ONU Management Configuration Commands
slot/port[:sequence] The slot parameter stands for the slot number, the port
parameter stands for the EPON port number and the sequence
parameter stands for the LLID sequence.
Default value
None
Command mode
Privileged mode
Remarks
None
Example
The following example shows how to deregister the registered ONU on port
EPON0/1:1.
Switch# epon deregister-onu interface epon0/1:1
Syntax
To remove the information about dynamic ONU binding, run the previous command.
Parameter
Default value
None
Command mode
Privileged mode
-7-
ONU Management Configuration Commands
Remarks
Only when ONU does not pass authentication and after ONU is deregistered can the
information about dynamic ONU binding be removed.
Example
The following example shows how to remove the information about dynamic ONU
binding on port EPON0/1:1 manually.
switch# clear epon dynamic-binding interface epon0/1:1
Syntax
To remove the information about dynamic ONU binding automatically, run the previous
command.
Parameter
None
Default value
disable
Command mode
Remarks
None
Example
The following example shows how to remove the information about dynamic ONU
binding automatically.
OLT_config#epon dynamic-binding-timeout enable
-8-
ONU Management Configuration Commands
Syntax
To set the timeout time of the automatic removal of the information about dynamic
ONU binding , run the previous command.
Parameter
Default value
300s
Command mode
Remarks
None
Example
The following example shows how to set the timeout time of the automatic removal of
the information about dynamic ONU binding to 200s.
OLT_config# epon dynamic-binding-timeout 200
Syntax
To enable or disable ONU registration when the successful discovery of CTC OAM of
ONU times out, run this command.
Parameter
None
-9-
ONU Management Configuration Commands
Default value
disable
Command mode
Remarks
None
Example
The following example shows that ONU registration is disabled when the successful
discovery of CTC OAM of ONU times out.
OLT_config#epon ctc-oam-discovery-timeout enable
Syntax
To set the timeout time for waiting for successful CTC OAM discovery of ONU, run this
command.
Parameter
Default value
60s
Command mode
Remarks
None
- 10 -
ONU Management Configuration Commands
Example
The following example shows how to set the timeout time for waiting for successful
CTC OAM discovery of ONU.
OLT_config# epon ctc-oam-discovery-timeout 200
Syntax
To set the waiting time and transmission times of OAM transmission after the initial
registration of ACE ONU is resumed, run the above-mentioned command.
Parameter
count 1-10
Default value
3000ms, 3 times
Command mode
Remarks
None
Example
The following example shows that the waiting time and transmission times of OAM
transmission after the initial registration of ACE ONU are set to 4000ms and 5 times
respectively.
OLT_config# epon ace-reset-delay 4000 5
- 11 -
ONU Management Configuration Commands
Syntax
To enable and disable the print of ONU power-off alarm log, run the above-mentioned
command.
Parameter
None
Default value
enable
Command mode
Remarks
None
Example
The following example shows how to shut down the print of the ONU power-off alarm
log.
OLT_config#epon dying-gasp-log disable
Syntax
Parameter
- 12 -
ONU Management Configuration Commands
Default value
None
Command mode
Remarks
Example
The following example shows how to set the IP address of OLT manager to
192.168.1.10.
OLT_config# epon snmp-ipaddress 192.168.1.10
Syntax
To set the IP address of the bridge of the serial interface of ONU, run serial-bridge
remote index address A.B.C.D.
Parameter
Default value
None
Command mode
- 13 -
ONU Management Configuration Commands
Remarks
This command is used to set the index and IP address of the front bridge.
Example
The following example shows how to set the bridge 10.0.0.1 to 1.。
OLT_config# serial-bridge remote 1 address 10.0.0.1
Syntax
Parameter
None
Default value
None
Command mode
Remarks
Relevant information will not be displayed unless the OLT chip is hot plugged.
Example
- 14 -
ONU Management Configuration Commands
Syntax
Parameter
None
Default value
None
Command mode
Remarks
None
Example
The following example shows how to display the information about EPON encryption
configuration:
Switch#show epon encryption
Encryption mode rekey time(ms)
--------------- --------------
ctc churning 10000
Syntax
- 15 -
ONU Management Configuration Commands
To display the MPCP registration mode of the EPON port, run the previous command.
Parameter
Default value
None
Command mode
Remarks
None
Example
The following example shows how to display the ONU MPCP registration mode of the
EPON port.
Switch# show epon mpcp-registration-mode interface epon 0/1
MPCP registeration is delay time enabled on E0/1, and delay time is 20 ms
Syntax
Parameter
Default value
None
- 16 -
ONU Management Configuration Commands
Command mode
Remarks
None
Example
The following example shows how to display the ONU registration mode of the
EPON0/1 port.
Switch# show epon onu-authen-method interface epon 0/1
ONU authentication mode is manual on E0/1.
Syntax
To display the ONU MAC address checkup mode, run the previous command.
Parameter
Default value
None
Command mode
Remarks
None
Example
The following example shows how to display the ONU MAC address checkup mode of
the EPON0/1 port.
- 17 -
ONU Management Configuration Commands
Syntax
Parameter
Default value
None
Command mode
Remarks
None
Example
The following example shows how to display all ONU binding information on port
epon0/1.
Switch# show epon onu-information interface epon0/1
OLT#show epon onu-information interface e0/1
Interface EPON0/1 has registered 2 ONUs:
Intf Name MAC Address Description Bind Type Status Distance(m)
RTT(TQ)
---------- -------------- --------------- --------- --------------- ----------- -------
EPON0/1:1 00e0.0fa7.0150 N/A static deregistered N/A
N/A
EPON0/1:2 0025.5e1a.dbe6 N/A static auto_configured 52
2407
- 18 -
ONU Management Configuration Commands
z epon ace-recover
z epon commit-onu-image-update
z epon switch-onu-pon
z epon switch-onu-pon-and-back
- 19 -
ONU Management Configuration Commands
Syntax
Parameter
slot/port[:sequence] The slot parameter stands for the slot number, the port
parameter stands for the EPON port number and the sequence
parameter stands for the LLID sequence.
Default value
None
Command mode
Privileged mode
Remarks
None
Example
The following example shows how to restart the registered ONU on port EPON0/1:1.
switch# epon reboot onu interface epon0/1:1
- 20 -
ONU Management Configuration Commands
Syntax
To update the ONU version remotely through OLT, run the previous command.
Parameter
slot/port[:sequence] The slot parameter stands for the slot number, the port
parameter stands for the EPON port number and the sequence
parameter stands for the LLID sequence.
Default value
None
Command mode
Privileged mode
Remarks
1. Unless the to-be-updated software matches the corresponding ONU type can this
software not be updated.
2. During the update process of ONU software, do not cut off the power of ONU.
After the completion of ONU update, OLT will notify users of the successful ONU
update by the way of log, and ONU will use the updated version for rebooting.
3. After the ONU version is updated and restarted, you need to run epon
commit-onu-image-update on OLT to confirm the ONU version.
Example
The following example shows how to update the ONU version on port EPON0/1:1.
OLT# epon update onu image onu_bin interface epon epon0/1:1
- 21 -
ONU Management Configuration Commands
Syntax
To confirm the update of the ONU version, run the above-mentioned command.
Parameter
slot/port[:sequence] The slot parameter stands for the slot number, the port
parameter stands for the EPON port number and the sequence
parameter stands for the LLID sequence.
Default value
None
Command mode
Privileged mode
Remarks
This command is used after the ONU version is upgraded, restarted and re-registered.
Example
The following example shows how to confirm the upgrade of the ONU version on port
EPON0/1:1.
switch# epon commit-onu-image-update interface epon0/1:1
Syntax
The ONU EEPROM file has saved the MAC address and the sequence ID of ONU. If
the information need be altered, the ONU EEPROM file need be updated. This
command is used to update the ONU EEPROM file remotely from OLT.
- 22 -
ONU Management Configuration Commands
Parameter
slot/port:sequence The slot parameter stands for the slot number, the port
parameter stands for the EPON port number and the sequence
parameter stands for the LLID sequence.
Default value
None
Command mode
Privileged mode
Remarks
1. After the ONU EEPROM file is updated, ONU need be restarted and then the
newly configured information takes effect.
2. During the update process of ONU software, do not cut off the power of ONU.
Example
The following example shows how to use the onu_eeprom.dat file to update the ONU
EEPROM on port EPON0/1:1.
OLT# epon update onu eeprom-image onu_eeprom.dat interface epon epon0/1:1
Syntax
To resume the default settings of ACE ONU, run the above-mentioned command.
Parameter
slot/port[:sequence] The slot parameter stands for the slot number, the port
parameter stands for the EPON port number and the sequence
parameter stands for the LLID sequence.
- 23 -
ONU Management Configuration Commands
Default value
None
Command mode
Privileged mode
Remarks
Example
The following example shows how to resume the default settings of ACE ONU on port
EPON0/1:1.
Switch# epon ace-recover interface epon0/1:1
Syntax
To switch the current PON port on ONU, run the above-mentioned command.
Parameter
Default value
None
Command mode
Privileged mode
Remarks
This command is only valid for ONU with dual PON ports.
- 24 -
ONU Management Configuration Commands
Example
The following example shows how to switch the current PON port of ONU on port
epon0/1:1.
switch# epon switch-onu-pon interface epon0/1:1
Syntax
To switch the current PON port of ONU and then switch back to the original PON port,
run the above-mentioned command.
Parameter
Default value
None
Command mode
Privileged mode
Remarks
This command is only valid for ONU with dual PON ports.
Example
The following example shows how to switch the current PON port of ONU and then
switch back to the original PON port on port epon0/1:1.
switch# epon switch-onu-pon-and-back interface epon0/1:1
Syntax
- 25 -
ONU Management Configuration Commands
To set the ONU encryption mode, run epon onu encryption triple-churning.
Parameter
None
Default value
Command mode
Remarks
The encryption function must be set for OLT and ONU simultaneously and the
encryption modes are same, and then the encryption function can take effect.
Example
The following example shows how to set the ONU encryption mode on port EPON0/1:1
to triple churning.
switch_config# interface EPON0/1:1
switch_config_epon0/1:1# epon onu encryption triple-churning
Syntax
To add a static MAC address, run mac address-table static mac-addr vlan vlan-id
interface interface-id. To cancel the static MAC address, run no mac address-table static
mac-addr vlan vlan-id interface interface-id.
Parameter
- 26 -
ONU Management Configuration Commands
Default value
None
Remarks
Example
The following example shows how to bind the MAC address, 0004.5600.67ab, to the
UNI2 port.
switch_config#interface e0/1:1
Syntax
epon onu clear mac address-table dynamic [ address H.H.H | port num]
To clear the dynamic MAC address of ONU, run the previous command.
Parameter
Default value
None
Remarks
Example
The following example shows how to remove the MAC address of the UNI1 port, which
is corresponded by the LLID port, epon0/1:1.
- 27 -
ONU Management Configuration Commands
Syntax
To configure the learning of ONU MAC address table, run epon onu mac
address-table learning { disable | svl }.
Parameter
Default value
Remarks
Example
The following example shows how to shut down ONU MAC address learning which
corresponds to the LLID port, epon0/1:1.
Syntax
- 28 -
ONU Management Configuration Commands
To set the aging time of the MAC address table of ONU, run epon onu mac
address-table aging-time { 0 | time }.
Parameter
Stands for the aging time of the MAC address, which ranges
time
from 15 to 3825 seconds.
Default value
300S
Remarks
Example
The following example shows how to set the aging time of the MAC address of ONU
which corresponds to the LLID port, epon0/1:1.
Syntax
To set the schedule policy of the ONU CoS priority queue, run epon onu scheduler
policy { sp | wrr }.
Parameter
- 29 -
ONU Management Configuration Commands
Default value
Remarks
Example
The following example shows how to set the ONU CoS priority queue of the LLID port,
epon0/1:1, to wrr.
Syntax
To set the bandwidth of the ONU CoS priority queue, run epon onu scheduler wrr
bandwidth weight1...weightn.
Note:
At present, the ONU chip does not support the bandwidth settings of the priority queue.
The bandwidth settings is a fixed value, 1:2:4:8. 2 : 4 : 8。
Parameter
Default value
Remarks
- 30 -
ONU Management Configuration Commands
Example
The following example shows how to set the bandwidth of the ONU CoS priority queue
of the LLID port, epon0/1:1, to 10, 50, 100, or 200.
Syntax
To set the ONU CoS priority queue, run epon onu cos map quid cos1..cosn.
Parameter
cos1 ... cosn CoS value defined by IEEE802.1p, ranging between 0 and 7
Default value
0, 1 1
2, 3 2
4, 5 3
6,7 4
Remarks
Example
The following example shows how to map ONU priority values (3, 4, 5) of the LLID
epon0/1:1 port to queue 3.
- 31 -
ONU Management Configuration Commands
Syntax
To set the schedule policy of the uplink ONU CoS priority queue, run epon onu
scheduler-pon policy { sp | wrr }.
Parameter
Default value
Remarks
Example
The following example shows how to set the uplink priority queue of ONU, which
corresponds to the LLID port (epon0/1:1), to wrr.
Syntax
- 32 -
ONU Management Configuration Commands
To set the bandwidth of the ONU CoS priority queue, run epon onu scheduler wrr
bandwidth weight1...weightn.
Parameter
Default value
The following example shows how to set the weight values of eight CoS priority
queues to 1, 1, 1, 1, 1, 1, 1 and 1 respectively.
Remarks
Example
The following example shows how to set the bandwidth of the ONU CoS priority queue
of the LLID port, epon0/1:1, to 1, 2, 4, or 8.
Syntax
To set the ONU CoS priority queue, run epon onu cos map quid cos1..cosn.
Parameter
cos1 ... cosn CoS value defined by IEEE802.1p, ranging between 0 and 7
Default value
- 33 -
ONU Management Configuration Commands
0 1
1 2
2 3
3 4
4 5
5 6
6 7
7 8
Remarks
Example
The following example shows how to map ONU priority values (3, 4, 5) of the LLID
epon0/1:1 port to queue 3.
Syntax
Parameter
Default value
- 34 -
ONU Management Configuration Commands
Remarks
Example
The following example shows how to enable the isolation of the ONU port which
corresponds to the LLID port, epon0/1:1.
Syntax
ONU,命令如下:
bstar ONU,命令如下:
epon onu ip address A.B.C.D netmask A.B.C.D gateway A.B.C.D vlan value
To set the ONU IP address, run epon onu ip address { dhcp | static ip-address
netmask}.
Parameter
A.B.C.D Address
Value Vlan id
Default value
- 35 -
ONU Management Configuration Commands
Remarks
Example
The following example shows how to set the ONU IP address mode to static and set
the IP address to 172.0.0.10.
Syntax
Parameter
Default value
Remarks
Example
- 36 -
ONU Management Configuration Commands
Syntax
epon onu mirror session num destination dest-port source src-port [both | rx | tx]
配置 ONU 镜像功能。
Parameter
num 镜像会话编号
dest-port 镜像目的端口号
src-port 镜像源端口号
both 镜像入口和出口
rx 镜像入口
tx 镜像出口
Default value
无镜像配置
Remarks
Example
Syntax
- 37 -
ONU Management Configuration Commands
配置 ONU 防攻击功能。
Parameter
Default value
无防攻击功能
Remarks
Example
Syntax
Parameter
udp udp模式
port-value tcp或udp端口号,1-65535
- 38 -
ONU Management Configuration Commands
timeout-value 超时时间,只有在tcp-server模式下才可以配置,1-65535,单位S
Default value
关闭串口
Remarks
Example
switch_config#interface e0/1:1
Syntax
Parameter
index 前置机索引
Default value
无前置机 IP 地址。
Remarks
- 39 -
ONU Management Configuration Commands
Example
switch_config#interface e0/1:1
Syntax
Parameter
Default value
None
Remarks
Example
- 40 -
ONU Management Configuration Commands
Syntax
Parameter
Default value
None
Command mode
Remarks
Example
- 41 -
ONU Management Configuration Commands
- 42 -
ONU Management Configuration Commands
Syntax
To display the CTC-defined basic ONU information, run the previous command.
Parameter
Default value
None
Command mode
Remarks
The basic CTC-defined ONU information cannot be displayed until ONU is registered.
Example
- 43 -
ONU Management Configuration Commands
Syntax
To display the ONU MAC address table, run the previous command.
Parameter
Default value
None
Remarks
Example
The following information shows the ONU MAC address table of the LLID port,
epon0/1:1.
switch#show epon interface epon 0/1:1 onu mac address-table
- 44 -
ONU Management Configuration Commands
- 45 -
ONU Management Configuration Commands
Syntax
epon onu port port-num ctc vlan mode {transparent | tag value | translation value |
vlan-stacking value | aggregation value }
To set the processing mode of UNI VLAN Tag of ONU, run the previous command.
Parameter
Default value
Command mode
Remarks
None
Example
The following example shows how to set the processing mode of UNI VLAN tag of
ONU to tag.
switch_config_e0/1:1# epon onu port 1 ctc vlan mode tag pvid 3
Syntax
- 46 -
ONU Management Configuration Commands
This command is used to set the translation entries of the ONU UNI port.
Parameter
new-vid Stands for the value of the CVLAN translation entries of the
UUI port, which ranges between 1 and 4094.
Default value
None
Command mode
Remarks
The translation entry takes effect only when the VLAN of the ONU UNI port is in
translation or vlan-stacking mode.
Example
The following example shows how to set the number of the translation entries of UNI1
of ONU on the EPON0/1:1 to 1000 to 2000.
Syntax
This command is used to set the translation entries of the ONU UNI port.
Parameter
- 47 -
ONU Management Configuration Commands
new-vid Stands for the value of the CVLAN translation entries of the
UUI port, which ranges between 1 and 4094.
Default value
None
Command mode
Remarks
The translation entry takes effect only when the VLAN of the ONU UNI port is in
aggregation mode.
Example
The following example shows how to set the number of the VLAN aggregation entries
of UNI1 of ONU on the EPON0/1:1 to 101-108 to 2000.
Syntax
To configure flow control for an ONU interface, run epon onu port num flow-control.
Parameter
Default value
- 48 -
ONU Management Configuration Commands
Remarks
Example
The following example shows how to enable the flow control of ONU UNI port 1 which
corresponds to the LLID port, epon0/1:1.
Syntax
To configure the maximum number of MAC addresses for a port, run the first one of the
previous two commands.
Parameter
Default value
Remarks
Example
The following example shows how to set the maximum number of MAC addresses of
ONU UNI port 2 which corresponds to the LLID port, epon0/1:1.
- 49 -
ONU Management Configuration Commands
Syntax
To configure storm control for an ONU UNI port, run epon onu port port-num
storm-control mode mode-num threshold count.
Parameter
Default value
Remarks
Example
The following example shows how to set the storm control rate of the ONU UNI1 port,
which corresponds to the Epon0/1:1 port, to 1000.
- 50 -
ONU Management Configuration Commands
Syntax
To configure the rate limitation for an ONU port, run epon onu port port-num
rate-limit band { ingress | egress}.
Parameter
Means the rate of the flow. The flow rate for the 100M port is
band
from 64Kbps to 100Mbps and the step is 1Kbps.
Default value
Remarks
Example
The following example shows how to set rate limitation of ONU UNI port 1, which
corresponds to the LLID port, epon0/1:1, to 128Kbps.
Syntax
- 51 -
ONU Management Configuration Commands
To configure loopback detection for an ONU UNI port, run epon onu port port-num
loopback detect.
Parameter
Default value
Remarks
Example
The following example shows how to enable loopback detection on ONU UNI port 1.
Syntax
To configure the duplex mode on the ONU UNI port, run epon onu port port-num
duplex { half | full | auto }.
Parameter
- 52 -
ONU Management Configuration Commands
Default value
Remarks
Example
The following example shows how to set ONU UNI port 1, which corresponds to the
LLID port, epon0/1:1, to full deplex.
Syntax
To configure the speed of ONU UNI port, run epon onu port port-num speed { 10 |
100 | auto }.
Parameter
Default value
Automatic negotiation
Remarks
- 53 -
ONU Management Configuration Commands
Example
The following example shows how to set the speed of ONU UNI port 1, which
corresponds to the LLID port, epon0/1:1, to 100M.
Syntax
The above-mentioned commands are used to enable or disable the auto negotiation of
the ONU UNI port.
Parameter
Default value
Remarks
Example
The following example shows how to enable the auto-negotiation of ONU which
corresponds to the LLID port, epon0/1:1.
- 54 -
ONU Management Configuration Commands
Syntax
epon onu port port-num epon onu port port-num block mac {src H.H.H | dest
H.H.H}
no epon onu port port-num epon onu port port-num block mac {src H.H.H | dest
H.H.H}
To set the frame filtration of ONU UNI port, run epon onu port port-num epon onu
port port-num block mac {src H.H.H | dest H.H.H}.
Parameter
Default value
None
Remarks
Example
The following example shows how to set the speed of ONU UNI port 1, which
corresponds to the LLID port, epon0/1:1, to 100M.
switch_config_epon0/1:1# epon onu port 1 block mac src 0.0.1 dest 0.0.2
Syntax
- 55 -
ONU Management Configuration Commands
To set the default CoS Value of the ONU UNI port, run epon onu port port-num
default-cos value.
Parameter
Default value
Remarks
Example
The following example shows how to set the default CoS value of ONU UNI port 1,
which corresponds to the LLID port, epon0/1:1, to 2.
Syntax
To enable the ONU UNI port, run epon onu port num ctc shutdown. To disable the
ONU UNI port, run no epon onu port num ctc shutdown.
Parameter
Default value
- 56 -
ONU Management Configuration Commands
Remarks
Example
The following example shows how to set ONU UNI port 1, which corresponds to the
LLID port, epon0/1:1.
Syntax
To configure the QoS policy of the ONU UNI port, run epon onu port num qos policy
name.
Parameter
Default value
None
Remarks
At present, the policy map only supports the following actions: drop, forward,
bandwidth and edit the vlan tag of the outer layer.
Example
The following example shows how to apply the QoS policy map, pmap, on ONU port 1,
which corresponds to the LLID port, epon0/1:1.
- 57 -
ONU Management Configuration Commands
Syntax
To set the QoS policy of the ONU UNI port, run epon onu port num ctc qos policy
name.
Parameter
Default value
None
Remarks
At present, the action of the policy map only supports cos and queue, which of course
depends on different ONUs.
Example
The following example shows how to apply the QoS policy map, pmap, on ONU, which
corresponds to the LLID port, epon0/1:1.
Syntax
- 58 -
ONU Management Configuration Commands
To set the MAC access list of the ONU UNI port, run epon onu port num mac
access-group name.
Parameter
Default value
None
Remarks
Example
The following example shows how to apply the MAC access list, mac1, on port 1 of
ONU, which corresponds to the LLID port, epon0/1:1.
Syntax
To set the IP access list of the ONU UNI port, run epon onu port num ip
access-group name.
Parameter
- 59 -
ONU Management Configuration Commands
Default value
None
Remarks
Example
The following example shows how to apply the IP access list, p1, on port 1 of ONU,
which corresponds to the LLID port, epon0/1:1.
Syntax
To set the attributes of a serial interface of ONU, run the first one of the previous two
commands.
Parameter
- 60 -
ONU Management Configuration Commands
Default value
Speed: 9600
databits: 8
stopbits: 1
bus-type: RS485
duplex: half
Remarks
Example
The following example shows how to set the speed to 115200, databits to 7, stopbits to
1, parity to odd, flow control to hardware, bus type to RS232 and duplex to half for
serial interface 1 of ONU, which corresponds to the LLID port, epon0/1:1.
switch_config#interface e0/1:1
- 61 -
ONU Management Configuration Commands
Syntax
To set the buffer of the serial interface of ONU, run the first one of the previous two
commands.
Parameter
Default value
read-interval:
read-bytes:
Remarks
Example
The following example shows how to set the maximum read time of the buffer of serial
interface 1, which corresponds to the LLID port, epon0/1:1, to 50ms.
- 62 -
ONU Management Configuration Commands
Syntax
epon onu serial num serial-keepalive idle idle-value timeout timeout-value count
count-value
To set the keepalive function of the serial interface of ONU, run the first one of the
previous two commands.
Parameter
Default value
Remarks
Example
The following example shows how to enable keepalive function of serial interface 1,
that is, the idle time is set to 5000ms, the timeout time to 2000ms and the transmission
times to 3.
Syntax
- 63 -
ONU Management Configuration Commands
To configure loopback detection for an ONU serial interface, run epon onu serial
serial-num loopback detect.
Parameter
Default value
Remarks
Example
The following example shows how to enable loopback detection of serial interface 1.
switch_config#interface e0/1:1
Syntax
To display packet statistics on the ONU port, run the previous command.
Parameter
Default value
None
- 64 -
ONU Management Configuration Commands
Remarks
This command is used to show the transmission and reception of packets on the ONU
port.
Example
The following example shows how to show the transmission and reception of packets
on ONU UNI port 1 which corresponds to the LLID port, epon0/1:1.
Syntax
- 65 -
ONU Management Configuration Commands
Parameter
Default value
None
Remarks
This command is used to display the link state of the ONU UNI port.
Example
The following example shows how to display the state of ONU UNI port 1, which
corresponds to the LLID port, epon0/1:1.
Syntax
To display VLAN configuration and state of the UNI port, run the previous command.
Parameter
Default value
None
- 66 -
ONU Management Configuration Commands
Remarks
This command is used to display VLAN settings and its state on the ONU UNI port.
Example
The following example shows how to display the VLAN state of ONU UNI port 1, which
corresponds to the LLID port, epon0/1:1.
Switch#show epon interface e0/1:1 onu port 1 ctc vlan
Interface : E0/1:1
UNI :1
VLAN mode : translate
Default VLAN ID : 3
TPID : 0x0
Translation table
Old VLAN ID Old TPID New VLAN ID New TPID
----------- -------- ----------- --------
- 67 -