PDF

Basic Configuration Commands
Table of Contents
Table of Contents
Chapter 1 System Management Commands........................................................................................................................ 1
1.1 Configuring File Management Commands............................................................................................................ 1
1.1.1 Copy.......................................................................................................................................................... 1
1.1.2 Delete........................................................................................................................................................ 2
1.1.3 dir .............................................................................................................................................................. 2
1.1.4 ip address.................................................................................................................................................. 3
1.1.5 ip route ...................................................................................................................................................... 3
1.1.6 show configuration .................................................................................................................................... 4
1.1.7 format ........................................................................................................................................................ 4
1.1.8 more .......................................................................................................................................................... 5
1.2 BasicSystemManagementCommands .................................................................................................................. 5
1.2.1 boot flash................................................................................................................................................... 6
1.2.2 cd............................................................................................................................................................... 7
1.2.3 chinese...................................................................................................................................................... 7
1.2.4 chram ........................................................................................................................................................ 8
1.2.5 date ........................................................................................................................................................... 8
1.2.6 english....................................................................................................................................................... 9
1.2.7 md ........................................................................................................................................................... 10
1.2.8 pwd.......................................................................................................................................................... 10
1.2.9 rd ............................................................................................................................................................. 11
1.2.10 rename .................................................................................................................................................. 11
1.2.11 reboot .................................................................................................................................................... 12
1.2.12 alias....................................................................................................................................................... 12
1.2.13 boot system flash .................................................................................................................................. 13
1.2.14 help........................................................................................................................................................ 14
1.2.15 history.................................................................................................................................................... 14
1.2.16 show alias.............................................................................................................................................. 15
1.2.17 show job ................................................................................................................................................ 16
1.2.18 show break............................................................................................................................................ 17
1.2.19 show memory........................................................................................................................................ 17
1.3 HTTP Configuration Command ........................................................................................................................... 18
1.3.1 ip http access-class................................................................................................................................. 18
1.3.2 ip http port ............................................................................................................................................... 19
1.3.3 ip http server............................................................................................................................................ 19
1.3.4 debug ip http............................................................................................................................................ 20
Chapter 2 Terminal Service Configuration Command........................................................................................................ 21
2.1 Telnet Configuration Command ........................................................................................................................... 21
2.1.1 telnet........................................................................................................................................................ 21
2.1.2 ip telnet.................................................................................................................................................... 23
2.1.3 ctrl-shift-6+x (the current connection is mounted) ................................................................................... 24
2.1.4 where....................................................................................................................................................... 25
2.1.5 resume .................................................................................................................................................... 26
2.1.6 disconnect ............................................................................................................................................... 27
-I-
Table of Contents
2.1.7 switchkey................................................................................................................................................. 28
2.1.8 switchmsg................................................................................................................................................ 29
2.1.9 sequence-char......................................................................................................................................... 29
2.1.10 clear telnet............................................................................................................................................. 31
2.1.11 show telnet ............................................................................................................................................ 32
2.1.12 debug telnet........................................................................................................................................... 32
2.2 Terminal Configuration Command ....................................................................................................................... 33
2.2.1 attach-port ............................................................................................................................................... 34
2.2.2 autocommand.......................................................................................................................................... 34
2.2.3 clear line.................................................................................................................................................. 35
2.2.4 connect.................................................................................................................................................... 35
2.2.5 disconnect ............................................................................................................................................... 35
2.2.6 exec-timeout............................................................................................................................................ 36
2.2.7 length....................................................................................................................................................... 36
2.2.8 line........................................................................................................................................................... 37
2.2.9 location.................................................................................................................................................... 37
2.2.10 login authentication ............................................................................................................................... 38
2.2.11 monitor................................................................................................................................................... 38
2.2.12 no debug all........................................................................................................................................... 38
2.2.13 password............................................................................................................................................... 39
2.2.14 resume .................................................................................................................................................. 39
2.2.15 switchkey............................................................................................................................................... 40
2.2.16 sequence-char....................................................................................................................................... 40
2.2.17 show debug........................................................................................................................................... 41
2.2.18 show line ............................................................................................................................................... 41
2.2.19 switchmsg.............................................................................................................................................. 41
2.2.20 terminal length....................................................................................................................................... 42
2.2.21 terminal monitor..................................................................................................................................... 43
2.2.22 terminal width ........................................................................................................................................ 43
2.2.23 terminal-type.......................................................................................................................................... 44
2.2.24 where..................................................................................................................................................... 44
2.2.25 width...................................................................................................................................................... 45
Chapter 3 Network Management Configuration Commands .............................................................................................. 46
3.1 SNMP Commands............................................................................................................................................... 46
3.1.1 snmp-server community.......................................................................................................................... 46
3.1.2 snmp-server contact................................................................................................................................ 47
3.1.3 snmp-server host..................................................................................................................................... 48
3.1.4 snmp-server location............................................................................................................................... 49
3.1.5 snmp-server packetsize .......................................................................................................................... 50
3.1.6 snmp-server queue-length ...................................................................................................................... 50
3.1.7 snmp-server trap-source ......................................................................................................................... 51
3.1.8 snmp-server trap-timeout ........................................................................................................................ 52
3.1.9 snmp-server view .................................................................................................................................... 52
3.1.10 snmp-server udp-port............................................................................................................................ 54
3.1.11 snmp-server source-addr ...................................................................................................................... 54
3.1.12 snmp-server encryption......................................................................................................................... 55
- II -
Table of Contents
3.1.13 show snmp ............................................................................................................................................ 56

3.1.14 debug snmp........................................................................................................................................... 58
3.2 Configuring RMON Commands........................................................................................................................... 60
3.2.1 rmon alarm .............................................................................................................................................. 60
3.2.2 rmon event .............................................................................................................................................. 61
3.2.3 rmon collection stat ................................................................................................................................. 62
3.2.4 rmon collection history............................................................................................................................. 62
3.2.5 show rmon............................................................................................................................................... 63
3.3 Configuring PDP Commands .............................................................................................................................. 63
3.3.1 pdp timer ................................................................................................................................................. 64
3.3.2 pdp holdtime............................................................................................................................................ 64
3.3.3 pdp version.............................................................................................................................................. 65
3.3.4 pdp run .................................................................................................................................................... 65
3.3.5 pdp enable............................................................................................................................................... 66
3.3.6 show pdp traffic ....................................................................................................................................... 66
3.3.7 show pdp neighbour................................................................................................................................ 67
Chapter 4 Maintenance and Debugging Tool Commands.................................................................................................. 68
4.1 Network Testing Tool Commands ........................................................................................................................ 68
4.1.1 ping.......................................................................................................................................................... 68
4.2 System Debugging Commands........................................................................................................................... 70
4.3 Fault Diagnosis Commands ................................................................................................................................ 70
4.3.1 logging..................................................................................................................................................... 70
4.3.2 logging buffered....................................................................................................................................... 71
4.3.3 logging console ....................................................................................................................................... 72
4.3.4 logging facility.......................................................................................................................................... 73
4.3.5 logging monitor........................................................................................................................................ 74
4.3.6 logging on................................................................................................................................................ 75
4.3.7 logging trap.............................................................................................................................................. 77
4.3.8 service timestamps.................................................................................................................................. 78
4.3.9 clear logging............................................................................................................................................ 78
4.3.10 show break............................................................................................................................................ 79
4.3.11 show controller ...................................................................................................................................... 80
4.3.12 show debug........................................................................................................................................... 82
4.3.13 show logging ......................................................................................................................................... 83
Chapter 5 SSH Configuration Commands.......................................................................................................................... 84
5.1.1 ip sshd enable ......................................................................................................................................... 84
5.1.2 ip sshd timeout ........................................................................................................................................ 84
5.1.3 ip sshd auth-method................................................................................................................................ 85
5.1.4 ip sshd access-class ............................................................................................................................... 85
5.1.5 ip sshd auth-retries.................................................................................................................................. 86
5.1.6 ip sshd clear ............................................................................................................................................ 87
5.1.7 ssh........................................................................................................................................................... 87
5.1.8 show ssh ................................................................................................................................................. 88
5.1.9 show ip sshd............................................................................................................................................ 89
Chapter 6 Other system Command.................................................................................................................................... 90
- III -
Table of Contents
6.1 The link scan command....................................................................................................................................... 90
- IV -
Baisc Configuration Commands
Chapter 1 System Management Commands

1.1 Configuring File Management Commands
z copy
z delete
z dir
z ip address
z ip route
z show configuration
z format
z more
1.1.1 Copy
To read a file from the tftp server to a switch, use the copy command.
copy tftp<:filename> {flash<:filename>|rom} [ip_addr]
Parameter
Parameter Description
tftp<:filename> Read a file from the tftp server. Filename indicates the relevant
filename. If not specified the filename, the system will prompt
user to input the filename after executing the copy command.
flash <:filename> Write a file to the flash memory of the switch. Filename
indicates the relevant filename. If not specified the filename,
the system will prompt user to input the filename after executing
the copy command.
rom Updates bootrom for the switch.
ip_addr Specifies the IP address of tftp srever. If not specified, the

system will prompt user to input the IP address after executing
the copy command.
Default
none
Command mode
monitor mode
Instrution
none
-1-
Example
monitor#copy tftp:switch.bin flash:switch.bin 192.2.2.1

The example shows how to read the switch.bin file from the tftp server to the
flash memory of the switch.
Related commands
none
1.1.2 Delete
To delete a file, use the delete command.
delete file-name
Parameter
file-name Specifies the filename (maximum 20 characters)
Default
If the file name is not specified, the system will delete the startup-config file
by default.
Command mode
monitor mode
Instruction
none
Related commands
none
1.1.3 dir
To display filename, use the dir command.
dir file-name
Parameter
file-name Specifies the filename (maximum 20 characters)
-2-
Default
none
Command mode
monitor mode
Instruction
none
Related commands
none
1.1.4 ip address
To set an IP address for an Ethernet interface, use the ip address command.
ip address ip-address mask
Parameter
ip-address IP address
mask IP network mask
Default
none
Command mode
monitor mode
Instruction
none
Example
monitor#ip address 192.168.1.1 255.255.255.0
Related commands
ip route
ping
1.1.5 ip route
To specify a default gateway, use the ip route default command.
ip route default gw_ip_addr
-3-
Parameter
gw_ip_addr Default gateway address
Default
none
Command mode
monitor mode
Instrution
none
Example
monitor#ip route default 192.168.1.3
Related commands
ip address
1.1.6 show configuration

To display the running configuration file, use the show configuration command.
show configuration
Parameter
none
Default
none
Command mode
monitor mode
Instrution
none
Related commands
none
1.1.7 format
To format file system, use the format command.
-4-
format
Parameter
none
Default
none
Command mode
EXEC
Instrution
All files in the file system will de deleted after executing the format command.
Related commands
none
1.1.8 more
To display the contents of a file, use the more command.
more file-name
Parameter
file-name Specifies the name of a file (maximum 20 characters)
Default
none
Command mode
EXEC
Instrution
If all files are displayable characters, they will be displayed in ASCII format, or they will
be displayed binary format.
Related commands
none
1.2 BasicSystemManagementCommands
z bootflash
-5-
z cd
z chinese
z english
z chram
z date
z debub job
z md
z pwd
z rd
z rename
z reboot
z show break
z show memory
z alias
z boot system flash
z help
z history
z job
z jobd
z show alias
z show job
1.2.1 boot flash

To enable the system from the specified file in monitor mode, use the boot flash
command.
boot flash filename
parameter
parameter Description
filename The specified file name.
default
none
command mode
monitor mode
command mode
Use the boot flash command to enable the device after user entering the monitor mode.
-6-
example
monitor#boot flash switch.bin
related commands
none
1.2.2 cd
To change the current directory, use the cd command.
cd directory|..
parameter:
parameter description
directory Name of the directory. (maximum 20 characters)
.. Upper directory.
default
none
command mode
monitor mode
command mode
none
example
monitor#cd my_dir
related commands
pwd
1.2.3 chinese
To switch command prompt to chinese mode, use the chinese command.
parameter
(1) none
default
none
-7-
command mode
monitor mode
command mode
none
example
none
related commands
none
1.2.4 chram
To modify memory data, use the chram command.
chram mem_addr value
parameter
mem_addr Memory address in Hex format. Range is from 0 to 0x01FFFF00

(it depends on the memory volume of the switch)
value Memory data in Hex format
default
none
command mode
Monitor mode
command mode
This is a debugging command which is not recommended for user to use.
example
none
related commands
none
1.2.5 date
To set the absolute time, use the date command.
-8-
parameter
none
default
none
command mode
monitor mode
command mode
This command is used to set the abslute time for the system. For the switch with a
battery-powered clock, the clock will be powered by the battery. If the clock doesn’t
keep good time, you need to change the battery.
st
For the swich without a battery-powered clock, the system date is configured to July 1 ,
1970 after the reboot of the switch, and user needs to set the current time each time
when starting the switch.
example
monitor#date
The current date is 2000-7-27 21:17:24
Enter the new date(yyyy-mm-dd):2000-7-27
Enter the new time(hh:mm:ss):21:17:00
related commands
1.2.6 english
To switch the command prompt to english mode, use the english command.
parameter
none
default
none
command mode
monitor
instruction
none
-9-
example
none
related commands
none
1.2.7 md
md directory
parameter
directory Name of directory (maximum 20 characters)
default
none
command mode
monitor
instruction
To set a directory, use the md command
related commands
none
1.2.8 pwd
parameter
none
default
none
command mode
monitor mode
instruction
to display the current directory, use the pwd command
- 10 -
related commands
none
1.2.9 rd
rd directory
parameter
directory Name of the directory( maximum 20 characters)
default
none
command mode
monitor mode
instruction
The system prompts if the directory is not empty. The system prompts if the directory
doesn’t exist. To delete a command, use the rd command.
related commands
none
1.2.10 rename
To rename a file in a file system, use the rename command.
rename old_file_name new_file_name
parameter
old_file_name The original filename.
new_file_name The new filename.
default
none
command mode
monitor mode
- 11 -
instruction
none
related commands
none
1.2.11 reboot
To reboot a switch, use the reboot command.
parameter
none
default
none
command mode
monitor mode
instruction
none
related commands
none
1.2.12 alias
[no] history [ + <count> | - <count> | clear]
parameter
+ <count> To display the count<1-20> historial command from the

beginning to the end
- <count> To display the count<1-20> historial command from the end to

the beginning
default
If there are no more than 20 commands executed, all historical command lines will be
displayed from the beginning to the end. If there are more than 20 commands executed,
all historical command lines will be displayed from the beginning to the end.
comand mode
Random command mode
- 12 -
explanation
The modularized switch can save up to 20 historical commands. You can invoke these
commands with the "up" or “down” key or directly use it after edition. The command is
used to browse the history command. You can run the [no] history command to delete
the history command.
example
The following example shows the latest five historical commands from the end to the
beginning:
switch#history - 5
config
int e0/1
no ip addr
ip addr 192.2.2.49 255.255.255.0
exit
relative command
None
1.2.13 boot system flash

Run the boot system flash command to specify the systematic mirroring files when the
system is started up. Run the no boot system flash command to delete the previous
configuration.
boot system flash filename
no boot system flash filename
Parameter
It is the specified filename, which contains no more than 20

filename
characters.
Default
None
Command mode
Global configuration mode
Instruction
If you have not configured the command, the system will execute the first systematic
mirroring file in the flash file system. If you have configured multiple commands, the
system will execute the mirroring files one by one. If the file does not exist or the check
sum is wrong, the system will execute the next file. If both fail, the system will run at the
monitoring state.
- 13 -
Example
config#boot system flash switch.bin
Relative command
None
1.2.14 help
help
Parameter
None
Default
None
Command mode
Management mode
Instruction
The command is used to display the help system of the switch.
Example
After you enter the command, the help system of the switch is displayed.
switch# help
Help may be requested at any point in a command by entering a question mark '?',If nothing
matches, the help list will be empty and you must backup until entering a '?' shows the available
options.
Two styles of help are provided:
1. Full help is available when you are ready to enter a command argument (e.g.'show ?') and
describes each possible argument.
2. Partial help is provided when an abbreviated argument is entered and you want to know what
arguments match the input (e.g. 'interface e?'.)
Relative command
None
1.2.15 history
The command is used to check the historical commands. Run the [no] history
command to delete the historical commands.
[no] history [ + <count> | - <count> | clear]
Parameter
- 14 -
+ <count> Displays the count<1-20> historial command from the beginning

to the end.
- <count> Displays the count<1-20> historial command from the end to the
beginning.
Default
If there are no more than 20 commands executed, all historical command lines will be
displayed from the beginning to the end. If there are more than 20 commands executed,
all historical command lines will be displayed from the beginning to the end.
Command mode
Abandom command mode
Instruction
The modularized switch can save up to 20 historical commands. You can invoke these
commands with the "up" or “down” key or directly use it after edition.
Example
The following example shows the latest five commands from the end to the beginning:
switch#history - 5
config
int e1/1
no ip addr
ip addr 192.2.2.49 255.255.255.0
exit
Relative command
None
1.2.16 show alias

It is used to display all aliases or the designated alias.
show alias [<alias name>]
Parameter
alias name The alias of the command
Default
Display all aliases according the format “alias name=command line”.
Command mode
Management mode or configuration mode
- 15 -
Instruction
None
Example
The following example shows how to display all aliases of the current system:
switch_config#show alias
hualab=date
router=snmp
Relative command
alias
1.2.17 show job

It is used to display the parameters of the job and the information about job execution:
show job {paramter | status}
Parameter
paramter Displays the parameters of the job.

status Displays the execution state of the job.
Default
None
Command mode
Management mode or configuration mode
Instruction
Run the show job command to browse the defined parameters and the dynamic
execution state of the job.
Example
The following example shows how to display the parameters of the job:
switch_config#show job parameter
<showver> fires interval, first at 5, re-fires per 5 secs, on error stop
will do "show ver"
The following example shows how to display the dynamic execution state of the job:
Jobd disabled at 245218 seconds
Name: job's name
Type: none - Not scheduled, interval - Fire interval, one-shot - Fire once
Status: null - Not scheduled, idle - To fire first
started - Fired ever, to fire again, stopped - Can't fire
- 16 -
First: first time to fire

Last: last time of firing or restarting
Next-due: next time to fire(after now)
Times: times fired ever
Cause: auto - Automatic, error - Error meeting, command - By command
Job's status and statistics
===========================
Name Type State First Last Next-due Times Cause
------------------------------------------------------------------------------
showver interval idle 5 * * 2 auto
------------------------------------------------------------------------------
Total 1 jobs, 0 null, 1 idle, 0 started, 0 stopped
Relative command
debug job
job
jobd
1.2.18 show break

It is used to display the abnormal information of the system. The system stores all
abnormal information in the latest running. The abnormal information contains the times
of abnormity, the stack content and the invoked functions when abnormity occurs.
Parameter
None
Default
None
Command mode
Monitoring state
Instruction
The command is only used for debugging.
Relative command
None
1.2.19 show memory

It is used to display the content of the system memory.
show memory mem_addr
Parameter
- 17 -
Memory address in hex, which ranges from 0 to 0x01FFFF00

mem_addr
(decided by the memory capacity of the switch).
Default
None
Command mode
Monitoring state
Instruction
None
Relative command
None
1.3 HTTP Configuration Command

The following are HTTP configuration commands:
z ip http access-class
z ip http port
z ip http server
z debug ip http
1.3.1 ip http access-class
Command description
ip http access-class string

no ip http access-class
Run the command ip http access-class to ensure the designated HTTP query is
accepted.
Parameter
string The designated standard access list whose range is N/A.
Default
no ip http access-class
Instruction
Set the designated standard access list before running the command.
Run the command no ip http access-class to cancel the HTTP service limitation of the
access list.
- 18 -
Command mode
Example
switch_config# ip access-list standard http-acl

switch_config_std_nacl# permit 192.2.2.37 255.255.255.0
switch _config_std_nacl# exit
switch _config# ip http access-class http-acl
1.3.2 ip http port
Command description
ip http port number

Run the command ip http port to designate the listening port of the http service.
Parameter
number The service port number, ranging from 1 to 65535
Default
The default HTTP service port number of the browser is 80.
Explanation
After running the http port command, shut down the previous listening port and then
use the designated port to accept the http service request if the http service is started
up. If the http service is not started, the ip http port command is temporarily useless.
Command mode
Example
The following example shows how to modify the http port from 80 to 90:
switch _config# ip http server
switch _config# ip http port 90
1.3.3 ip http server
Command description
ip http server
no ip http server
To start up the http service, run the command ip http server.
- 19 -
Parameter
None
Default
no ip http server
Instruction
Run the command ip http server to enable the switch to accept the HTTP service
request through the designated port, handle the request and return the result to the
browser.
Command mode
Example
The following example shows how to start up the http service:

switch _config# ip http server
1.3.4 debug ip http
Command description
debug ip http
The previous command is used to export the debugging information during http service
running. You can use the no command to resume the default value.
Parameter
None
Default
no debug ip http
Instruction
None
Command mode
Example
The following example shows how to enable HTTP debugging output:

switch# debug ip http
switch#
- 20 -
Chapter 2 Terminal Service Configuration Command

2.1 Telnet Configuration Command
The chapter describes telnet and relative commands. The telnet command is used to
establish a session with the remote server. The telnet command is always working at
the UNIX operating systems. Option negotiation is required. Telnet does not provide
itself the login authentication. Telnet is different from Rlogin because telnet does not
provide itself password check.
The following are telnet configuration commands:
z telnet
z ip telnet
z where
z disconnect
z resume
z switchkey
z switchmsg
z sequence-char
z clear Telnet
z show Telnet
z debug Telnet
2.1.1 telnet
The following is a command sentence for establishing a telnet session:
telnet server-ip-addr/server-host-name [/port port][/source-interface interface] [/local
local-ip-addr] [/debug][echo/noecho] [/script scriptname]
Parameter
server-ip-addr Dotted-decimal IP address of the remote server
Name of the remote server, which is configured by the ip host

server-host-name
command
port Telnet port of the remote server
interface Local interface where the telnet connection is originated
local-ip-addr Local IP address where the telnet connection is originated
A negotiation process for openning the debug at the client side

/debug
and printing the connection
echo/noecho Enable or disable the local echo. The default value is noecho.
scriptname A script name used for auto login
- 21 -
Default
The default port number is 23. The interface has no default number.
Command mode
Management mode
Instruction
You can use one of the following command lines to establish a remote login.
telnet server-ip-addr/server-host-name
In this case, the application program directly sends the telnet login request to port 23 of
the remote server. The local IP address is the IP address which is nearest to the peer
and found by the routing table.
telnet server-ip-addr/server-host-name /port port
In this case, the application program sends a telnet login request to the port of the peer.
telnet server-ip-addr/server-host-name /source-interface interface
In this case, the application program uses the IP address on the interface ass the local
IP address.
telnet server-ip-addr/server-host-name /debug
In this case, the application program opens the debug and exports the connection at the
client side.
telnet server-ip-addr/server-host-name echo/noecho
In this case, the application program enables or disables the local echo. The local echo
is disabled by default. The echo is completed at the server side. Only when the server
is not in charge of echo is the local echo enabled.
telnet server-ip-addr/server-host-name /script scriptname
Before executing the automatic login command of the script, run the command ip telnet
script to configure the script.
The previous commands can be used together.
During the session with the remote server, you can press the Q button to exit the
session. If the session is not manually closed, the session will be complete after a
10-second timeout.
Example
Suppose you want to telnet server 192.168.20.124, the telnet port of the server is port
23 and port 2323, and the local two interfaces are e1/1(192.168.20.240) and
s1/0(202.96.124.240). You can run the following operations to complete the remote
login.
1．telnet 192.168.20.124 /port 2323
In this case, the telnet connection with port 2323 of the peer is to be established. The
local IP address of the peer is 192.168.20.240.
2．telnet 192.168.20.124 /source-interface s1/0
In this case, the telnet connection with port 23 of the peer is to be established. The local
IP address of the peer is 202.96.124.240.
3．telnet 192.168.20.124 /local 192.168.20.240
- 22 -
In this case, the telnet connection with port 23 of the peer is to be established. The local
IP address of the peer is 192.168.20.240.
4．telnet 192.168.20.124 /debug
In this case, the telnet connection negotiation with port 23 of the peer will be printed out.
5．telnet 192.168.20.124 /echo
In this case, the local echo is enabled. If the echo is also enabled at the server side, all
input will be echoed twice.
6．telnet 192.168.20.124 /script s1
Use login script S1 for automatic login.
2.1.2 ip telnet
The following are the configuration command formats of the telnet session:
ip telnet source-interface vlan value
ip telnet access-class accesslist
ip telnet listen-port start-port [end-port]
ip telnet script scriptname ‘user_prompt’ user_answer ‘pwd_prompt’ pwd_answer
Parameter
value Local interface where the telnet request is originated
Access list name to limit the source address when the local
accesslist
client receives the connection
start-port Starting port number designated at the listening port area
end-port End port number designated at the listening port area
scriptname Name of the login script
user_prompt Username prompt returned by the telnet server
user_answer Username response information from the client side
pwd_prompt Password prompt returned by the telnet server
pwd_answer Password response information submitted by the client side
Default
None
Command mode
Global configuration
Instruction
z Run the following command to configure the local interface for originating the
telnet connection:
ip telnet source-interface interface
- 23 -
In this case, all telnet connections originated afterwards are through the interface.
The configuration command is similar to the command telnet source-interface
interface. However, the telnet command has no interface parameters followed.
When the interface is configured and the telnet command has interface
parameters, the interface followed the telnet command is used.
z Run the following command to configure the name of the access list which
performs limitation on local telnet connection reception.
ip telnet access-class accesslist
In this case, the access list will be checked when the server accepts all telnet
connections.
z Run the following command to configure a port, except the default port 23, to
receive the telnet service.
ip telnet listen-port start-port [end-port]
Explanation: If the end port number is not designated, the listening will be
executed at a specific port. The number of the designated ports cannot be
bigger than 16 and the port number ranges between 3001 and 3999.
z Run the following command to configure the telnet login script.
ip telnet script s1 ‘login:’ switch ‘Password:’ test
Explanation: When the script is configured, the username prompt and password
prompt and their answers must be correctly matched, especially the prompt
information is capital sensitive and has inverted comma (‘’). If one of them is
wrongly configured, the automatic login cannot be performed.
Note:
You can add the NO prefix on the above four commands and then run them to cancel
previous configuration.
Example
1．ip telnet source-interface s1/0

In this case, the s1/0 interface will be adopted to originate all telnet connections
afterwards.
2．ip telnet access-class abc
In this case, all the received telnet connections use access list abc to perform the
access list check.
3．ip telnet listen-port 3001 3010
Except port 23, all ports from port 3001 to port 3010 can receive the telnet connection.
4．ip telnet script s1 ‘login:’ switch ‘Password:’ test
The login script s1 is configured. The username prompt is login: and the answer is
switch. The password prompt is Password: and the answer is test.
2.1.3 ctrl-shift-6+x (the current connection is mounted)

Run the following command to mount the current telnet connection:
ctrl-shift-6+x
- 24 -
Parameter
None
Default
None
Command mode
Any moment in the current telnet session
Instruction
You can use the shortcut key to mount the current telnet connection at the client side.
Example
switchA>telnet 192.168.20.1
Welcome to Multi-Protocol 2000 Series switch
switchB>ena
switchB#(press ctrl-shift-6+x)
switchA>
You press ctrl-shift-6+x to mount the telnet connection to switch B and return to the
current state of switch A.
2.1.4 where
Run the following command to check the currently mounted telnet session:
where
Parameter
None
Default
None
Command mode
Instruction
You can use the command to check the mounted outward telnet connection at the client
side. The displayed information contains the serial number, peer address, local
address and local port.
Note:
The where command is different from the show telnet command. The former is used at
the client side and the displayed information is the outward telnet connection. The latter
is used at the server and the displayed information is the inward telnet connection.
- 25 -
Example
switchB>ena
switchB#(Press ctrl-shift-6+x)
switchA> telnet 192.168.20.2
switchC>ena
switchC#(Press ctrl-shift-6+x)
switchA>where
NO. Remote Addr Remote Port Local Addr Local Port
1 192.168.20.1 23 192.168.20.180 20034
2 192.168.20.2 23 192.168.20.180 20035
Enter where at switch A. The mounted outward connection is displayed.
2.1.5 resume
It is used to resume the currently mounted outward telnet connection:
resume no
Parameter
Number of the currently mounted telnet session that is checked

no
through the where command
Default
None
Command mode
Instruction
The command can be used to resume the currently mounted outward telnet connection
at the client side.
Example
switchB>ena
switchB#( press ctrl-shift-6+x)
switchC>ena
switchC#( press ctrl-shift-6+x)
switchA>where
- 26 -

1 192.168.20.1 23 192.168.20.180 20034
2 192.168.20.2 23 192.168.20.180 20035
switchA>Resume 1
[Resuming connection 1 to 192.168.20.73 . . . ]
(enter)
switchB#
After you enter where at switch A and the mounted outward connection of switch A is
displayed, enter Resume1. You will be prompted that connection 1 is resumed. The
command prompts of switch B are displayed after the Enter key is pressed.
2.1.6 disconnect
The following command is used to clear the currently mounted outward telnet session:
disconnect no
Parameter
Number of the currently mounted telnet session that is checked

no
through the where command
Default
None
Command mode
Instruction
The command can be used to clear the currently mounted outward telnet connection at
the client side.
Note:
The disconnect command is different from the clear telnet command. The former is
used at the client side and clears the outward telnet connection. The latter is used at
the server and clears the inward telnet connection.
Example
switchB>ena
switchB#(press ctrl-shift-6+x)
switchC>ena
switchC#(press ctrl-shift-6+x)
switchA>where
1 192.168.20.1 23 192.168.20.180 20034
- 27 -
2 192.168.20.2 23 192.168.20.180 20035

switchA>disconnect 1
<Closing connection to 192.168.20.1> <y/n>y
Connection closed by remote host.

switchA>
After you enter where at switch A and the mounted outward connection of switch A is
displayed, enter disconnect 1. You will be prompted whether the connection of switch
B is closed. After you enter Y, the connection is closed.
2.1.7 switchkey
The following is a command to configure the terminal switch key on the line.
switchkey key cmdalias server-name
Parameter
Compound key can be the ctrl key plus any key from A to Z,
key
except the letter h.
cmdalias Alias of the connect command
Name of the remote host, which appears in the switchover

server－name
prompt and the switchover menu
Default
None
Command mode
Line configuration mode
Instruction
The command is used to configure the terminal switchover key and the corresponding
command alias, and the name of the remote host on the line.
Note:
1) The parameter cmdalias must be applied at a correct command.
2) The parameter key cannot be ctrl-h.
3) The parameter server-name will appear at the switchover prompt and the
switchover menu.
4) The parameter autocommand cannot be configured at the line, or the terminal
switchover function is invalid.
Example
switchA>switchkey ctrl-a cona ServerA

The previous command is to configure the switchover key ctrl-a. The alias of the used
command is cona. You switch to Server A.
- 28 -
2.1.8 switchmsg
The following command is used to configure whether the prompt information about the
terminal switchover is exported:
switchmsg enable/disable
Parameter
enable Exports the terminal switchover prompt.
disable Do not export the terminal switchover prompt.
Default
disable
Command mode
Instruction
The command can be used to decide whether the switchover prompt information is
exported when the terminal is switched.
Example
switchA>switchmsg enable
When the terminal is switched, export the switchover prompt information.
2.1.9 sequence-char
The following is a command to configure the terminal switchover key on the line:
sequence-char key char1 char2 char3 …
Parameter
Compound key can be the ctrl key plus any key from A to Z,
key
except the letter h.
char1 char2 char3 … Screen character sequence relative to the specific terminal
Default
None
Command mode
- 29 -
Instruction
The command can be used to configure the switchover key and the corresponding
terminal character sequence on the line.
Note:
1) The key parameter can not be ctrl-h.
2) The character sequence parameter is relative to the detailed terminal. You can
find it by checking the terminal manual.
3) The character sequence parameter must be a hex value and starts from 0x. Each
character is differentiated by space.
Example
Switch_config_line# sequence-char ctrl-a 0x1b 0x21 0x38 0x51

Set the character sequence of the switchover key ctrl-a to 0x1b 0x21 0x38 0x5.
For other commands about alias and async, refer to relative configuration explanation.
Application Example:
The switch is configured as follows:
…
…
…
interface Serial1/1
physical-layer mode async
no ip directed-broadcast
async mode interactive
line tty 1
switchkey CTRL-U cona ServerA
sequence-char CTRL-U 0x1b 0x21 0x38 0x51
switchkey CTRL-V conb ServerB
sequence-char CTRL-V 0x1b 0x21 0x39 0x51
switchkey CTRL-W conc ServerC
sequence-char CTRL-W 0x1b 0x21 0x31 0x30 0x51
switchmsg enable
…
...
alias cona connect 192.168.20.1
alias conb connect 192.168.20.2
alias conc connect 192.168.20.3
When all the configurations are complete and the connection is established, open the
terminal. The switchover menu automatically appears. After you press CTRL-U, the
system automatically switches to server A and exports the prompt information about
server A. After you press CTRL-V, the system automatically switches to server B on
the new screen and exports the prompt information about server B. After you press
CTRL-W, the system automatically switches to server C on the new screen and
exports the prompt information about server C. If you press CTRL-\, the switchover
menu appears on the current screen and add the asterisk mark (*) behind the current
server.
The following is a result after you press CTRL-\:
- 30 -
======================================
Terminal Switch Menu
1) CTRL-U ServerA *
2) CTRL-V ServerB
3) CTRL-W ServerC
Note:
4) During multiple connection operations, if the system exits from one connection,
the system will take the first connection as the current connection and the
interface of the first host will appear. If the system has already exited from the first
connection, it will take the second connection as the current connection and the
interface of the second host will appear.
5) After all services are complete, you are recommended to directly shut down the
terminal no matter how many connections are currently open.
6) Before other connections exit, you'd better not enable the system to exit from the
first connection.
7) Try not to exit from a connection during operations. Switching connections is a
better choice. After all operations are completer, shut down the terminal.
8) During terminal switchover, the functions to mount and resume the connection by
pressing ctrl-shift-6+x are forbidden.
2.1.10 clear telnet

The following is a command format to clear the telnet session at the server:
clear telnet no
Parameter
Number of the telnet session that is displayed after the show

no
telnet command is run
Default
None
Command mode
Management mode
Instruction
The command is used to clear the telnet session at the server.
Example
clear telnet 1
The telnet session whose sequence number is 1 is cleared at the server.
- 31 -
2.1.11 show telnet

The following is a command format to display the telnet session at the server:
show telnet
Parameter
None
Default
None
Command mode
All command modes except the user mode
Instruction
The command is used to display the telnet session at the server. The displayed
information includes the sequence number, peer address, peer port, local address and
local port.
Example
Switch# show telnet

If you run the previous command, the result is shown as follows:
1 192.168.20.220 1097 192.168.20.240 23
2 192.168.20.180 14034 192.168.20.240 23
2.1.12 debug telnet

The following is a format of the debug command for the telnet session:
debug telnet
Parameter
None
Default
None
Command mode
Management mode
Instruction
The command is used to open the switch of the telnet debug.

If the switch of the telnet debug is opened, the negotiation processes of all the incoming
telnet sessions are printed on the window that the debug command invokes. The
- 32 -
debug telnet command is different from the telnet debug command. The former is to
export the debug information of the telnet session connected to the server. The latter is
to export the debug information of the telnet session that the client originates.
Example
debug telnet
The debug information of the telnet session that is connected to the server is displayed.
2.2 Terminal Configuration Command

The following are terminal configuration commands:
z attach-port
z autocommand
z clear line
z connect
z disconnect
z exec-timeout
z length
z line
z location
z login authentication
z monitor
z no debug all
z password
z printer enable
z printer start
z printer stop
z resume
z script activation
z script callback
z script connection
z script dialer
z script reset
z script startup
z sequence-char
z show debug
z show line
z show tty-status
z switchkey
z switchmsg
- 33 -
z terminal-type
z terminal monitor
z terminal width
z terminal length
z where
z width
2.2.1 attach-port
The following command is to bind the telnet listening port to the line vty number and
enable the telnet connection at a specific port generates vty according to the
designated sequence number.
[no] attach-port PORT
Parameter
port Listening port of the telnet server (3001-3999)
Default
None
Command mode
Example
Bind listening port 3001 to line vty 2 3.

switch_config# line vty 2 3
switch_config_line#attach-port 3001
2.2.2 autocommand
It is used to set the automatically-run command when user logs in to the terminal. The
connection is cut off after the command is executed.
autocommand LINE
no autocommand
Parameter
LINE Command to be executed
Command mode
- 34 -
Example
switch_conf#line vty 1
switch_conf_line#autocommand pad 123456
After you successfully log in, the host whose X.121 address is 123456 will be
automatically padded.
2.2.3 clear line

It is to clear the designated line.
clear line [aux | tty | vty] [number]
Parameter
Similar to the line command
Command mode
Management mode
Example
switch#clear line vty 0
2.2.4 connect
It is to connect the telnet server.
connect server-ip-addr/server-host-name {[/port port][/source-interface interface]
[/local local-ip-addr]}
Parameter
server-ip-addr/server-host-name IP address of the server or the host name of the server
port Port number
interface Name of the interface where the connection is originated
local-ip-addr Local IP address where the connection is originated
Command mode
All configuration modes
Example
switch# connect 192.168.20.1
2.2.5 disconnect
It is used to delete the mounted telnet session.
disconnect N
- 35 -
Parameter
N Number of the mounted telnet session
Command mode
Example
switch#disconnect 1
2.2.6 exec-timeout
It is to set the maximum spare time for the terminal.
[no] exec-timeout [time]
Parameter
time Spare time whose unit is second
Default
0 (No time-out limitation)
Command mode
Example
Set the spare time of the line to one hour.

switch_config_line#exec-timeout 3600
2.2.7 length
It is used to set the line number on the screen of the terminal.
[no] length [value]
Parameter
A value between 0 and 512

value
The value 0 means there is no pause.
- 36 -
Default
24
Command mode
2.2.8 line
It is used to enter the line configuration mode.
line [aux | console | tty | vty] [number]
Parameter
aux Auxiliary line, which has only one number 0
console Monitoring line, which has only one number 0
tty Asynchronous line
vty Virtual lines such as Telnet, PAD and Rlogin
number Number in the line of the type
Command mode
Example
The following example shows how to enter the line configuration mode of VTY 0 to 10.
switch_config#line vty 0 10
2.2.9 location
It is used to recoded the description of the current line.
location [LINE]
no location
Parameter
LINE Description of the current line
Command mode
- 37 -
2.2.10 login authentication

It is used to set line login authentication:
[no] line login authentication [default | WORD]
Parameter
default Default authentication mode
WORD Name of the authentication list
Command mode
Example
switch_conf_line#login authentication test

In the example, the authentication list of the line is set to test.
2.2.11 monitor
It is used to export the log and debugging information to the line:
[no] monitor
Parameter
None
Command mode
Example
switch_config_line#monitor
2.2.12 no debug all

It is used to shut down all debugging output of the current VTY:
no debug all
Parameter
None
Command mode
Management mode
- 38 -
Example
switch#no debug all
2.2.13 password
It is used to set the password for the terminal:
password {password | [encryption-type] encrypted-password }
no password
Parameter
Password configured on the line, which is entered in the

password
plaintext form and whose maximum length is 30 bits.
encryption-type means the encryption type of the password.

Currently, products only support two encryption modes: 0 and 7.
The number 0 means the password is not encrypted and the
[encryption-type] plaintext of password is directly entered. It is the same as the
encrypted-password way of directly entering the password. The number 7 means
the password is encrypted through an algorithm . You need to
enter the encryption text for the encrypted password. The
encryption text can be copied from the configuration files of
other switches.
For password encryption, refer to the explanation of the commands service

password-encryption and enable password.
Command mode
(2) Line configuration mode
Example
switch_conf#line vty 1
switch_conf_line#password test
The previous example shows the login password of VTY1 is set to test.
2.2.14 resume
It is used to resume the mounted telnet session:
resume N
Parameter
N Number of the mounted telnet session
- 39 -
Command mode
Example
switch#resume 1
2.2.15 switchkey
It is used to configure the terminal switchover key:
switchkey key cmdalias server-name
Parameter
key Terminal switchover key, ranging from CTRL-A to CTRL-Z

except CTRL-H
cmdalias Alias of the command that is executed when terminal switchover

is performed
server-name Server name of each terminal's screen corresponds to
Command mode
Example
The following example shows how to connect to the sco1 server by the con_sco
command when the switchover is performed through pressing ctrl-a:
switch_config_line#switchkey ctrl-a con_sco sco1
2.2.16 sequence-char
It is used to configure the character sequence of terminal call-back when the terminal is
switched:
sequence-char key char1 char2 char3 …
Parameter
key Terminal switchover key
char1 char2 char3 … Character sequence for call-back
Command mode
- 40 -
Example
The following example shows how to configure the character sequence of terminal
call-back to 0x1b 0x21 0x38 0x51 when the terminal is switched.
switch_config_line#sequence-char ctrl-a 0x1b 0x21 0x38 0x51
2.2.17 show debug

It is used to display all debugging information of the current VTY:
show debug
Parameter
None
Command mode
Management mode or global configuration mode
Example
Switch# show debug

http authentication debug is on
http cli debug is on
http request debug is on
http response debug is on
http session debug is on
http erro debug is on
http file debug is on
TELNET:
Incoming Telnet debugging is on
2.2.18 show line

It is used to display the status of the current effective line:
show line {[console | aux | tty | vty] [number]}
Parameter
(3) If there is no parameter followed, the status of all effective lines will be displayed.
The definition of other parameters is similar to that of the line command.
Command mode
All configuration modes except the user mode
2.2.19 switchmsg
It is used to decide whether the prompt information is displayed when the terminal is
switched:
switchmsg enable
switchmsg disable
- 41 -
Parameter
Parameter Parameter
enable Displays the prompt information when the terminal is switched.
Does not display the prompt information when the terminal is

disable
switched.
Default
disable
Command mode
Example
The following example shows how to display the prompt information when the terminal
is switched:
switch_config_line#switchmsg enable
2.2.20 terminal length

It is used to change the line number on the current terminal screen. The parameter can
be obtained by the remote host. The rlogin protocol uses the parameter to notify the
remote UNIX host. Run the no terminal length command to resume the default value:
terminal length length
no terminal length
Parameter
length Line number displayed on each screen
Default
Pause when 24 lines are displayed on the screen.
Command mode
Instruction
The command is effective only to the current terminal. When the session is complete, the terminal
attribute is invalid.
Example
switch#terminal length 40
- 42 -
Relative command
line
2.2.21 terminal monitor

It is used to display the debugging output information and system faulty information at the current
terminal. The negative form of the command is used to disable the monitoring:
terminal monitor
no terminal monitor
Parameter
None
Default
The system monitoring port (console) is open by default. Other terminals are closed by
default.
Command mode
Instruction
The command is effective only to the current terminal. When the session is complete,
the terminal attribute is invalid.
Example
switch#terminal monitor
Relative command
line
debug
2.2.22 terminal width

In default settings, the switch is to export 80 characters in each line. If the default settings cannot
meet your requirements, you can reset it. The parameter can be obtained by the remote host. Run
the terminal width command to set the character number in each line. Run the no terminal width
command to resume to the default value.
terminal width number
no terminal width
Parameter
number Character number of each line
- 43 -
Default
80 characters in each line
Command mode
Instruction
The command is effective only to the current terminal. When the session is complete,
the terminal attribute is invalid.
Example
switch#terminal width 40
Relative command
line
2.2.23 terminal-type
It is used to set the terminal type:
[no] terminal-type [name]
Parameter
Terminal name
name Terminal types currently supported are VT100, ANSI and
VT100J.
Default
ANSI
Command mode
2.2.24 where
It is used to check the currently mounted outward telnet session at the client side:
where
Parameter
None
Command mode
- 44 -
Example
switch#where
2.2.25 width
It is used to set the terminal width of the line:
[no] width [value]
Parameter
A value between 0 and 512

value
The value 0 means no execution.
Default
80
Command mode
- 45 -
Chapter 3 Network Management Configuration

Commands
3.1 SNMP Commands
The following are SNMP commands:
z snmp-server community
z snmp-server contact
z snmp-server host
z snmp-server location
z snmp-server packetsize
z snmp-server queue-length
z snmp-server trap-source
z snmp-server trap-timeout
z snmp-server view
z show snmp
z debug snmp
3.1.1 snmp-server community

Run the command snmp-server community in global configuration mode to permit
accessing the community character string of SNMP. Use the negative form of the
command to delete the designated community character string.
snmp-server community string [view view-name] [ro | rw] [word]
no snmp-server community string
Parameter
string Community character string to access SNMP as the password

does
view view-name View name that is predefined (optional)

The view defines the MIB objects effective to the community.
ro Designates the read-only permission (optional). The authorized

management station can only read MIB objects.
rw Designates the read-write permission (optional). The authorized

management station can read and modify MIB objects.
word Designates the access list name of the SNMP agent which can
be accessed through the community character string.
- 46 -
Default
The SNMP community character string can only read all objects.
Command mode
Instruction
If no parameter is followed, the configuration information of all community character

strings are listed.
Example
The following example shows how to distribute the character string comaccess to the
SNMP, how to permit the read-only access and how to designate the IP access list
allowed to use the community character string:
snmp-server community comaccess ro allowed
The following example shows how to distribute the character string mgr to the SNMP,
how to permit the read-write access to the objects in the restricted view:
snmp-server community mgr view restricted rw
In the following example, the community comaccess is deleted:
no snmp-server community comaccess
Relative command
access-list
snmp-server view
3.1.2 snmp-server contact

Run the command snmp-server contact in global configuration mode to set the
sysContact information of the management node. Run the negative form of the
command to delete the sysContact information.
snmp-server contact text
no snmp-server contact
Parameter
text Character string of the sysContact information of the node
Default
The sysContact information of the node is not set.
Command mode
- 47 -
Instruction
It corresponds to the sysContact value of the MIB variable in the system group.
Example
The following is an example of the node contact:

snmp-server contact Dial_System_Operator_at_beeper_#_27345
3.1.3 snmp-server host

Run the command snmp-server host in global configuration mode to designate the
receiver of SNMP trap operation. Run the command no snmp-server host to cancel
the designated host.
snmp-server host host community-string [trap-type]
no snmp-server host host
Parameter
host Host name or internet address
community-string Password-like community string sent with the trap operation
trap-type If no trap is designated, all traps will be sent to the host.

Authentication: allowing to send the traps with wrong
authentication
Configure: allowing to send SNMP-configure traps
Snmp: allowing to send all SNMP traps
Default
The command is invalid by default. The trap is not sent. If the command with keyword is not entered,
all traps are sent by default.
Command mode
Instruction
If the snmp-server host command is not entered, the trap is not sent. To configure the
switch to send SNMP traps, you need to run the snmp-server host command. If the
command without the keyword trap-type is entered, all types of traps of the host are
activated. If the command with the keyword trap-type is entered, you can designate
multiple trap types in each host.
When you specify multiple snmp-server host commands at the same host, the SNMP trap
information sent to the host will be filtered according to the character string and the trap type in the
command. To the same host and the community character string, only one trap type can be
configured.
The usability of the option trap-type depends on the switch type and the characteristics
of the routing software supported by the switch.
- 48 -
Example
In the following example, the SNMP trap defined by RFC1157 to the host whose IP
address is 10.20.30.40. The community character string is comaccess.
snmp-server host 10.20.30.40 comaccess snmp
In the following example, the switch uses the community character string public to send
all types of traps to the host whose IP address is 10.20.30.40.
snmp-server host 10.20.30.40 public
In the following example, only authentication traps are valid and can be sent to host
bob.
snmp-server host bob public authentication
Relative command
snmp-server queue-length
snmp-server trap-source
snmp-server trap-timeout
3.1.4 snmp-server location

Run the command snmp-server location in global configuration mode to set the character string of
the node location. Run the negative form of the command to delete the location character string.
snmp-server location text
no snmp-server location
Parameter
text Describes the character string of the node location.
Default
The character string of the node location is not set.
Command mode
Instruction
It corresponds to the value of sysLocation of the MIB variable in the system group.
Example
In the following example, the actual location of the switch is defined:

snmp-server location Building_3/Room_214
Relative command
snmp-server contact
- 49 -
3.1.5 snmp-server packetsize

Run the command snmp-server packetsize in global configuration mode to define the
maximum SNMP packet size when the SNMP server receives the request or generates
the response:
snmp-server packetsize byte-count
no snmp-server packetsize
Parameter
byte-count Integer byte ranging between 484 and 17940

The default value is 3000 bytes.
Default
3000 bytes
Command mode
Instruction
It corresponds to the value of sysLocation of the MIB variable in the system group.
Example
In the following example, a filter is created for the packet with maximum length of 1024
bytes:
snmp-server location Building_3/Room_214
Relative command
3.1.6 snmp-server queue-length

Run the command snmp-server queue-length in global configuration mode to set the
queue length for each trap host:
snmp-server queue-length length
Parameter
length Trap event number that can be saved in the queue (1～1000)
Default
10 events
- 50 -
Command mode
Instruction
The command is used to define the queue length for each trap host. Once the trap message is
successfully transmitted, the switch will clear the queue.
Example
The following example shows that a message queue that can capture four events is created.
snmp-server queue-length 4
Relative command
snmp-server packetsize
3.1.7 snmp-server trap-source

Run the command snmp-server trap-source in global configuration mode to designate a source
address of an interface for all traps. Run no snmp-server trap-source to delete the interface with
such a source address.
snmp-server trap-source interface
no snmp-server trap-source
Parameter
interface Interface where the SNMP trap occurs

It contains the interface type with specific platform syntax mode
and the sequence number.
Default
No interface is designated.
Command mode
Instruction
When the SNMP server sends the SNMP trap, the SNMP trap has a trap address no matter from
which interface it is sent out. If you want use the trap address to track the trap, you can use the
command.
Example
The following example shows that the address of the Ethernet’s 1/0 interface is designated as the
source address of all traps.
snmp-server trap-source ethernet 1/0
- 51 -
The following example shows that the IP address of the Ethernet’s 1/0 interface is
designated as the source address of all traps.
snmp-server trap-source ethernet 1/0
Relative command
snmp-server host
3.1.8 snmp-server trap-timeout

Run the command snmp-server trap-timeout in global configuration mode to define the timeout
value of resending the trap message.
snmp-server trap-timeout seconds
Parameter
seconds An interval integer from 1 to 1000 (unit: second), which is set for
resending the message
Default
30 seconds
Command mode
Instruction
Before the switch software sends the trap, it will look for the route of the destination
address. If there is no route, the trap is stored in the resending queue. The command
server trap-timeout decides the interval for resending the trap.
Example
The following example shows the trap message at the resending queue will be resent after an
interval of 20 seconds:
snmp-server trap-timeout 20
Relative command
snmp-server host
3.1.9 snmp-server view
Run the command snmp-server view in global configuration mode to create or update an MIB view.
Run the command no snmp-server view to delete a view of the SNMP server.
- 52 -
snmp-server view view-name oid-tree {included | excluded}
no snmp-server view view-name
Parameter
view-name Updates or creates a logo of the view.
oid-tree Object identifier of the ASN.1 sub-tree contained or declined by

the view
Identify the sub-tree, specify a character string containing
numbers, such as 1.3.6.2.4 or a system sub-tree. The sub-tree
name can be the name which can be found in the MIB tree.
included excluded Type of the view

The parameter included or excluded must be designated.
Default
None
Command mode
Instruction
If other SNMP commands need a view as a parameter, you can run the command to
create a view to take as the parameter of these SNMP commands. In default settings,
the view need not be defined. You can see all objects, which is similar to the
everything view predefined by Cisco. You can use the command to define the objects
that can seen from the view.
Example
The following example shows that the views of all objects in the MIB-II sub-tree are
created:
snmp-server view mib2 mib-2 included
The following example shows that the views of all objects in the system group are
created:
snmp-server view phred system included
The following example shows that the views of all objects in the system group are created, while all
objects in sysServices.7 and in the No.1 interface of the interface group are excluded.
snmp-server view agon system included
snmp-server view agon system.7 excluded
Relative command
snmp-server community
- 53 -
3.1.10 snmp-server udp-port

Run the command snmp-server trap-source in global configuration mode to designate a port for
all traps sent by the destination port. Run the command no snmp-server trap-source to
disable the designated function.
snmp-server trap-source ipaddress
no snmp-server trap-source
Parameter
Udp-port Send SNMP traps to the destination port number. Can’t use the
commonly used port number.
Default
The default trap destination port ,port 161
Command mode
Instruction
When the issue SNMP traps from the SNMP server, specify a special destination port
number can use this command.
Example
The following example shows that trap sent to host the 1234 port.
snmp-server udp-port 1234
Relative command
Snmp-server host
3.1.11 snmp-server source-addr

Run the command snmp-server source-addr in global configuration mode to designate a source
address for the SNMP message. Run the command no snmp-server source-addr to disable
the designated function.
snmp-server source-addr ipaddress
no snmp-server source-addr
Parameter
ipaddress Designates the source address where the SNMP generates the
message. The parameter is the set IP address of the device.
- 54 -
Default
The interface is not designated.
Command mode
Instruction
The command is used to configure the source address of the SNMP message.
Example
The following example shows that the IP address of the Ethernet’s 1/0 interface is
designated as the source address of all SNMP messages.
snmp-server source-addr 192.168.213.15
Relative command
None
3.1.12 snmp-server encryption
Run the command snmp-server encryption in global configuration mode the configured snmp
community,SHA encrypted passwords amd MD5 encrypted password ciphertext. The command
is a one-time command, it can not to save,not to cancel with NO command. Command format is
as follows:
snmp-server encryption
Parameter
NONE
Default
The default is expressly show snmp community, SHA encrypted passwords and MD5
encrypted password.
Command mode
Instruction
The SNMP community SHA encrypted passwords and MD5 encrypted password
ciphertext display. Used to ensure password security.
- 55 -
Example
In the following example, configure the snmp community ,SHA encrypted passwords and MD5
encryption password ciphertext for the remote host 90.0.0.3 .
snmp-server encryption
Relative command
snmp-server community
3.1.13 show snmp

Run the command show snmp to monitor the SNMP input or output statistics, including the
incorrect community character string, the number of faults and requests.
Run the command show snmp host to display information about the SNMP trap host.
Run the command show snmp view to display the information about SNMP views. The
following is the format of the command:
show snmp [ host | view ]
Parameter
host Displays information about the SNMP trap host.
view Displays the information about SNMP views.
Default
None
Command mode
Management mode,Global configuration
Instruction
Run the command show snmp to monitor the SNMP input or output statistics.
Run the command show snmp host to display information about the SNMP trap host.
Run the command show snmp view to display the information about SNMP views.
Example
The following example shows that the SNMP input or output statistics is listed out:
#show snmp
37 SNMP packets input
0 Bad SNMP version errors
4 Unknown community name
- 56 -
0 Illegal operation for community name supplied

0 Snmp encoding errors
24 Number of requested variables
0 Number of altered variables
0 Get-request PDUs
28 Get-next PDUs
0 Set-request PDUs
78 SNMP packets output
0 Too big errors (Maximum packet size 1500)
0 No such name errors
0 Bad values errors
0 General errors
24 Get-response PDUs PDUs
13 SNMP trap PDUs
The fields for the SNMP Agent to send and receive the message statistics information are shown as
follows:
Field Meaning
Unknown community name Community name that can not be recognized
Illegal operation for community name supplied Incorrect operation
Encoding errors Errors that occurs in encoding
Get-request PDUs Get-request message
Get-next PDUs Get-next message
Set-request PDUs Set-request message
Too big errors Response message is too big to be generated.
No such name errors No specified instance exists.
Bad values errors The value type is wrongly set.
General errors Common errors
Get-response PDUs Get-response message
Trap PDUs SNMP trap message
In the following example, the information about the SNMP trap message is displayed:
#show snmp host
Notification host: 192.2.2.1 udp-port: 162 type: trap
user: public security model: v1
In the following example, information about SNMP views is displayed:
#show snmp view
mib2 mib-2 - included permanent active
Relative command
snmp-server host
snmp-server view
- 57 -
3.1.14 debug snmp

It is used to display the SNMP event, message sending and receiving, and errors:
debug snmp [ error | event | packet ]
Run the command no debug snmp to stop displaying information.
Parameter
error Enables the debug switch of the SNMP errors.
event Enables the debug switch of SNMP events.
packet Enables the debug switch of SNMP incoming or outgoing

message.
Command mode
Management mode
Instruction
After the switch of the SNMP debugging information is enabled, SNMP events and
information about message sending and receiving are exported. The exported
information helps to diagnose SNMP faults.
Example
The following example shows how to debug SNMP message receiving and sending:
switch#debug snmp packet
Received 49 bytes from 192.168.0.29:1433
0000: 30 82 00 2D 02 01 00 04 06 70 75 62 6C 69 63 A0 0..-.....public.
0016: 82 00 1E 02 02 7D 01 02 01 00 02 01 00 30 82 00 .....}.......0..
0032: 10 30 82 00 0C 06 08 2B 06 01 02 01 01 03 00 05 .0.....+........
0048: 00 .
Sending 52 bytes to 192.168.0.29:1433
0000: 30 82 00 30 02 01 00 04 06 70 75 62 6C 69 63 A2 0..0.....public.
0016: 82 00 21 02 02 7D 01 02 01 00 02 01 00 30 82 00 ..!..}.......0..
0032: 13 30 82 00 0F 06 08 2B 06 01 02 01 01 03 00 43 .0.....+.......C
0048: 03 00 F4 36 ...6
Received 51 bytes from 1192.168.0.29:1434
0000: 30 82 00 2F 02 01 00 04 06 70 75 62 6C 69 63 A0 0../.....public.
0016: 82 00 20 02 02 6B 84 02 01 00 02 01 00 30 82 00 .. ..k.......0..
0032: 12 30 82 00 0E 06 0A 2B 06 01 02 01 02 02 01 02 .0.....+........
0048: 01 05 00 ...
Sending 62 bytes to 192.168.0.29:1434
0000: 30 82 00 3A 02 01 00 04 06 70 75 62 6C 69 63 A2 0..:.....public.
0016: 82 00 2B 02 02 6B 84 02 01 00 02 01 00 30 82 00 ..+..k.......0..
0032: 1D 30 82 00 19 06 0A 2B 06 01 02 01 02 02 01 02 .0.....+........
0048: 01 04 0B 45 74 68 65 72 6E 65 74 30 2F 31 ...Ethernet0/1
- 58 -
Field Description
Received SNM receives message.
192.168.0.29 Source IP address
1433 Port number of the source

address
51 bytes Length of the received

message
30 82 00 2D 02 01 00 04 06 70 75 62 6C 69 63 A0 Message after being encoded

82 00 1E 02 02 7D 01 02 01 00 02 01 00 30 82 00 by SNMP ASN
10 30 82 00 0C 06 08 2B 06 01 02 01 01 03 00 05
00
0..-.....public. Presentation of the ASCII code

.....}.......0.. which is used to receive
message
.0.....+........ Content that is not in the scope
. of ASCII code is presented by
the full stop.
sending SNMP sends message.
192.168.0.29 Destination IP address
1433 Port number of the destination

address
52 bytes Length of the sent message
30 82 00 30 02 01 00 04 06 70 75 62 6C 69 63 A2 Message encoded by SNMP

82 00 21 02 02 7D 01 02 01 00 02 01 00 30 82 00 ASN
13 30 82 00 0F 06 08 2B 06 01 02 01 01 03 00 43
03 00 F4 36
0..0.....public. Presentation of the ASCII code

..!..}.......0.. which is used to receive
message
.0.....+.......C Content that is not in the scope
...6 of ASCII code is presented by
the full stop.
The following example shows how to debug the SNMP event:

switch#debug snmp event
Received SNMP packet(s) from 192.2.2.51
SNMP: GETNEXT request
-- ip.ipReasmFails.0
SNMP: Response
>> ip.ipFragOKs.0 = 1
-- ip.ipFragOKs.0
SNMP: Response
>> ip.ipFragFails.0 = 0
-- ip.ipFragFails.0
- 59 -
SNMP: Response
>> ip.ipFragCreates.0 = 2
Field Description
SNMP SNMP is currently being debugged.
GETNEXT request getnext request of SNMP
RESPONSE SNMP response
-- Receiving message
>> Sending message
ip.ipReasmFails.0 MIB OID that requires to be accessed
ip.ipFragOKs.0 = 1 Accessed MIB OID and the returned value
3.2 Configuring RMON Commands

The following are RMON configuration commands:
z rmon alarm
z rmon event
z rmon collection stat
z rmon collection history
z show rmon
3.2.1 rmon alarm
Command description
Run the following command to configure a rmon alarm item:

rmon alarm index variable interval {absolute | delta} rising-threshold value [eventnumber]
falling-threshold value [eventnumber] [owner string]
Parameter
variable Objects that need be monitored

Value range: oid of the monitored objects
interval Interval for the sampling

Value range: 1-4294967295 seconds
value Alarm threshold

Value range: -2147483648-2147483647
eventnumber Index of the event that is triggered when the threshold is

reached
Value range: 1-65535
string Holder description information

Value range: 1-127 characters
- 60 -
Default
eventnumberDefault is not set.
Instruction
The command is configured in global configuration mode. It is used to monitor the value
of the designated object. When the value exceeds the threshold, the specified event is
triggered.
Example
In the following example, an alarm item is configured. The monitored object is

ifInOctets.2. The sampling interval is 10. When the rising threshold value exceeds 15,
event 1 is triggered. When the falling threshold value exceeds 25, event 2 is triggered.
rmon alarm 1 1.3.6.1.2.1.2.2.1.10.2 10 absolute rising-threshold 15 1 falling-threshold 25 2 owner
switch
3.2.2 rmon event
Command description
It is used to configure an rmon event item:

rmon event index [description des-string] [log] [owner owner-string] [trap community]
Parameter
index Index of the event item

des-string Character string of event description

owner-string Character string of event description

community Community name when the trap is generated

Default
None
Instruction
It is used to configure an rmon event item for alarm usage.
Example
In the following example, an rmon event item is configured. The index is 6. The
description character string is example. When the event is triggered, items will be
added to the log table and the trap will be generated by taking public as the community
name.
- 61 -
rmon event 6 log trap public description example owner switch
3.2.3 rmon collection stat
Command description
rmon collection stat index [owner string]

The previous command is used to configure the rmon statistics function
Parameter
index Index of the statistics table

string Character string for the owner

Default
None
Instruction
It is configured in interface mode and used for the statistics on the interface.
Example
In the following example, the statistics function is enabled on interface 8 of fast

Ethernet.
int f 0/8
rmon collection stats 2 owner switch
3.2.4 rmon collection history
Command description
rmon collection history index [buckets bucket-number] [interval second] [owner

owner-name]
The previous command is used to configure a history control item.
Parameter
index Its value ranges from 1 to 65535.
bucket-number Among the data collected in the history control table, the latest
bucket-number items are saved.
second Interval, whose value ranges from 1 to 3600
owner-name Character string of the owner
- 62 -
Default
The value of bucket-numberDefault is 50. The value of secondDefault is 1800.
Instruction
It is configured in interface mode and used for adding an item to the history control
table.
Example
In the following example, the history control item is added to interface 8 of fast Ethernet. The
statistics data in the latest 20 intervals is saved. The interval is 20 seconds.
int f 0/8
rmon collection history 2 buckets 20 interval 10 owner switch
3.2.5 show rmon
Command description
show rmon [alarm] [event] [statistics] [history]

The previous command is used to display the rmon configuration.
Parameter
None
Default
None
Instruction
It is used to display the rmon configuration.
Example
In the following example, the rmon configuration is displayed.

show rmon
3.3 Configuring PDP Commands

The following are RMON configuration commands:
z pdp timer
z pdp holdtime
z pdp version
z pdp run
z pdp enable
z show pdp traffic
- 63 -
z show pdp neighbour
3.3.1 pdp timer
Command description
[no|default] pdp timer seconds

The previous command is to configure the time of the PDP timer.
Parameter
seconds Interval of sending message out by the PDP

Value range: 5-24
Unit: seconds
Default
60 seconds
Instruction
It is configured in global configuration mode.
Example
In the following example, the switch is configured to send out the PDP message every five seconds.
pdp timer 5
3.3.2 pdp holdtime
Command description
[no|default] pdp holdtime seconds

The previous command is used to configure the PDP timer's time.
Parameter
seconds Duration from when the neighbour information is received to

when the neighbour information is deleted from the database
Value range: 10-255
Default
180 seconds
Instruction
- 64 -
Example
In the following example, the switch is configured to save the received neighbour information for 15
seconds
pdp holdtime 15
3.3.3 pdp version
Command description
[no] pdp version <1|2>

The previous command is used to configure the PDP version.
Parameter
version PDP version

Version 1 or 2 can be selected.
Default
Version 2
Instruction
Example
In the following example, the PDP version of the switch is set to version 1:
pdp version 1
3.3.4 pdp run
Command description
[no] pdp run

The previous command is to start up the PDP.
Parameter
None.
Default
PDP is started up.
Instruction
- 65 -
Example
In the following example, PDP is forbidden.

no pdp run
3.3.5 pdp enable
Command description
[no] pdp enable

The previous command is used to enable PDP.
Parameter
None
Default
PDP is configured to enable.
Instruction
It is configured in interface configuration mode. PDP must be enabled in port mode and
global mode. PDP can then be effective. Generally, PDP is forbidden only on several
ports.
Example
In the following example, PDP is forbidden on port f0/1.

switch_config_f0/1#no pdp enable
3.3.6 show pdp traffic
Command description
show pdp traffic

The previous command is used to display the number of the received or sent PDP
messages.
Parameter
None
Default
None
Instruction
It is used to check PDP running.
Example
config#show pdp traffic
- 66 -
Packets output: 253491, Input: 0

Hdr syntax: 0, Chksum error: 0
No memory: 0, Invalid packet: 0
3.3.7 show pdp neighbour
Command description
show pdp neighbour

The previous command is used to display the PDP neighbour.
Parameter
None
Default
None
Instruction
It is used to check the running PDP neighbour.
Example
config#show pdp neighbors

Capability Codes:R - Router, T - Trans Bridge, B - Source Route Bridge S - Switch, H -
Host, I - IGMP, r - Repeater
Device ID Local IntrfceHoldtmeCapabilityPlatform Port ID
joeEth 0 133 4500 Eth 0
samEth 0 152 R AS5200 Eth 0
- 67 -
Chapter 4 Maintenance and Debugging Tool

Commands
4.1 Network Testing Tool Commands
4.1.1 ping
It is used to test host accessibility and network connectivity. After the ping command is
run, an ICMP request message is sent to the destination host, and then the destination
host returns an ICMP response message.
ping [-f] [-i {source-ip-address | source-interface}] [-j host1 [host2 host3 …]] [–k
host1 [host2, host3 …]] [-l length] [-n number] [-r hops] [-s tos] [-t ttl] [-v] [-w waittime]
host
Parameter
-f Sets the DF digit (message is not segmented).

If the message required to be sent is larger than the MTU of the
path, the message will be dropped by the routing switch on the
path and the routing switch will then return an ICMP error
message to the source host. If network performance has
problems, one node in the network may be configured to a small
MTU. You can use the –f option to decide the smallest MTU on
the path.
Default value: No resetting
-i Sets the source IP address of the message or the IP address of

an interface.
Default value: Main IP address of the message-sending
interface
source-ip-address Source IP address adopted by the message
source-interface Message takes the IP address of the source-interface interface

as the source address.
-j host1 [host2 host3…] Sets the relaxation source route.

Default: Not set
-k host1 [host2 host3…] Sets the strict source route

Default: Not set
-l length Sets the length of ICMP data in the message.

Default: 56 bytes
-n number Sets the total number of messages.

Default: 5 messages
-r hops Records routes.

Up to hops routes are recorded.
Default: not record
- 68 -
-s tos Sets IP TOS of the message to tos.

Default: 0
-t ttl Sets IP TTL of the message to ttl.

Default: 255
-v Detailed output
Default: simple output
-w waittime Time for each message to wait for response

Default: 2 seconds
host Destination host
Command mode
Management mode, global configuration mode and interface configuration mode
Instruction
The command supports that the destination address is the broadcast address or the multicast
address. If the destination address is the broadcast address (255.255.255.255) or the multicast
address, the ICMP request message is sent on all interfaces that support broadcast or multicast.
The routing switch is to export the addresses of all response hosts. By pinging multicast address
224.0.0.1, you can obtain the information about all hosts in directly-connected network segment
that support multicast transmission.
Press the Q key to stop the ping command.
Simple output is adopted by default.
! A response message is received.
. Response message is not received in the timeout time.
U The message that the ICMP destination cannot be reached is

received.
Q The ICMP source control message is received.
R The ICMP redirection message is received.
T The ICMP timeout message is received.
P The ICMP parameter problem message is received.
The statistics information is exported:
packets transmitted Number of transmitted messages
packets received Number of received response messages, excluding other ICMP

messages
packet loss Rate of messages that are not responded to
round-trip min/avg/max Minimum/average/maximum time of a round trip (ms)
- 69 -
Example
switch#ping -l 10000 -n 30 192.168.20.125

PING 192.168.20.125 (192.168.20.125): 10000 data bytes
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
--- 192.168.20.125 ping statistics ---
30 packets transmitted, 30 packets received, 0% packet loss
round-trip min/avg/max = 50/64/110 ms
4.2 System Debugging Commands

4.3 Fault Diagnosis Commands
The chapter describes the commands used for fault diagnosis. All the following
commands are used to detect the reason of the fault. You can use other commands to
remove the fault, such as the debug command.
The following are fault diagnosis commands:

z logging
z logging buffered
z logging console
z logging facility
z logging monitor
z logging on
z logging trap
z service timestamps
z clear logging
z show break
z show controller
z show debug
z show logging
4.3.1 logging
It is used to record the log information to the syslog server.
logging A.B.C.D
no logging A.B.C.D
Parameter
A.B.C.D IP address of the syslog server
- 70 -
Default:
The log information is not recorded to the server.
Command mode
Instruction
It is used to record the log information to the designated syslog server. It can be used
for many times to designate multiple syslog servers.
Example
logging 192.168.1.1
Relative command
logging trap
4.3.2 logging buffered

It is used to record the log information to the memory of the switch.
logging buffered [size | level | dump ]
no logging buffered
Parameter
size Size of memory cache

Value range: 4096-2147483647
Unit: byte
level Information level of the log recorded to memory cache

Refer to table 1.
dump When the system has abnormality, the information in the current
memory is currently recorded to the flash and the information is
resumed after the system is restarted.
Default
The information is not recorded to the memory cache.
Command mode
- 71 -
Instruction
The command records the log information to the memory cache of the switch. The
memory cache is circularly used. After the memory cache is fully occupied, the latter
information will cover the previous information.
You can use the show logging command to display the log information recorded in the
memory cache of the switch.
Do not use big memory for it causes the shortage of memory.
Table 1 Level of log recording
Prompt Level Description Syslog Definition
emergencies 0 System unusable LOG_EMERG
alerts 1 Immediate action LOG_ALERT

needed
critical 2 Critical conditions LOG_CRIT
errors 3 Error conditions LOG_ERR
warnings 4 Warning conditions LOG_WARNING
notifications 5 Normal but significant LOG_NOTICE

condition
informational 6 Informational LOG_INFO

messages only
debugging 7 Debugging messages LOG_DEBUG
Relative command
clear logging
show loggin
4.3.3 logging console

Run the command logging console to control the information volume displayed on the
console.
Run the command no logging console to forbid the log information to be displayed on the console:
logging console level
no logging console
Parameter
level Information level of the logs displayed on the console

Refer to table 2.
Default
None
- 72 -
Command mode
Instruction
After the information level is specified, information of this level or the lower level will be displayed on
the console.
Run the command show logging to display the currently configured level and the statistics
information recorded in the log.
emergencies 0 System unusable LOG_EMERG

needed

condition

messages only
Example
logging console alerts
Relative command
logging facility
show logging
4.3.4 logging facility

Run the command logging facility to configure to record specified error information. To
restore to local7, run the command no logging facility.
logging facility facility-type
no logging facility
Parameter
Facility type
facility-type
Refer to table 3.
- 73 -
Default
local7
Command mode
Instruction
Table 3 Facility type
Type Description
auth Authorization system
cron Cron facility
daemon System daemon
kern Kernel
local0-7 Reserved for locally defined messages
lpr Line printer system
mail Mail system
news USENET news
sys9 System use
sys10 System use
sys11 System use
sys12 System use
sys13 System use
sys14 System use
syslog System log
user User process
uucp UNIX-to-UNIX copy system
Example
logging facility kern
Relative command
logging console
4.3.5 logging monitor

Run the command logging monitor to control the information volume displayed on the
terminal line.
Run the command no logging monitor to forbid the log information to be displayed on
the terminal line.
- 74 -
logging monitor level

no logging monitor
Parameter
level Information level of the logs displayed on the terminal line

Refer to table 4.
Default
debugging
Command mode
Instruction
emergencies 0 System is unusable LOG_EMERG

needed

condition

messages only
Example
logging monitor errors
Relative command
terminal monitor
4.3.6 logging on
Run the command logging on to control the recording of error information.
Run the command no logging on to forbid all records.
logging on
- 75 -
no logging on
Parameter
None
Default
logging on
Command mode
Example
switch_config# logging on
switch_config# ^Z
switch#
Configured from console 0 by DEFAULT
switch# ping 192.167.1.1
switch#ping 192.167.1.1
PING 192.167.1.1 (192.167.1.1): 56 data bytes
!!!!!
--- 192.167.1.1 ping statistics ---
switch#IP: s=192.167.1.111 (local), d=192.167.1.1 (FastEthernet0/0), g=192.167.1.1, len=84,
sending
IP: s=192.167.1.1 (FastEthernet0/0), d=192.167.1.111 (FastEthernet0/0), len=84,rcvd
IP: s=192.167.1.111 (local), d=192.167.1.1 (FastEthernet0/0), g=192.167.1.1, len=84, sending
switch_config# no logging on
switch_config# ^Z
switch#
switch# ping 192.167.1.1
PING 192.167.1.1 (192.167.1.1): 56 data bytes
!!!!!
--- 192.167.1.1 ping statistics ---
Relative command
logging
- 76 -
logging buffered
logging monitor
logging console
4.3.7 logging trap

Run the command logging trap to control the information volume recorded to the syslog server.
Run the command no logging trap to forbid the information to be recorded to the
syslog server.
logging trap level

no logging trap
Parameter
level Information level of the logs displayed on the syslog server

Refer to table 5.
Default
Informational
Command mode
Instruction
Description
Prompt Level Syslog Definition
emergencies 0 System is unusable LOG_EMERG

needed

condition

messages only
- 77 -
Example
logging 192.168.1.1
logging trap notifications
Relative command
logging
4.3.8 service timestamps

Run the command service timestamps to configure the time stamp that is added when the system
is debugged or records the log information.
Run the command no service timestamps to cancel the time stamp that is added
when the system is debugged or records the log information.
service timestamps [log|debug] [uptime| datetime]

no service timestamps [log|debug]
Parameter
log Adds the time stamp before the log information.
debug Adds the time stamp before the debug information.
uptime Duration between the startup of the switch and the current time
datetime Real-time clock time
Default
service timestamps log date

service timestamps debug date
Command mode
Instruction
The time stamp in the uptime form is displayed like HHHH:MM:SS, meaning the
duration from the start-up of the switch to the current time.
The time stamp in the date form is displayed like YEAR-MON-DAY HH:MM:SS,
meaning the real-time clock time.
Example
service timestamps debug uptime
4.3.9 clear logging

It is used to clear the log information recorded in the memory cache.
- 78 -
clear logging
Parameter
None
Command mode
Management mode
Relative command
logging buffered
show logging
4.3.10 show break

It is used to display the information about abnormal breakdown of the switch.
show break [map-filename]
Parameter
map-filename Specifies the filename of the function mapping table.
Default
None
Command mode
Management mode
Instruction
It is used to display the information about abnormal breakdown of the switch, helping to
find the cause of the abnormality.
Example
switch#sh break
Exception Type:1400-Data TLB error
BreakNum: 1 s date: 2000-1-1 time: 0:34:6
r0 r1 r2 r3 r4 r5 r6
00008538-01dbc970-0054ca18-00000003-80808080-fefefeff-01dbcca1-
r7 r8 r9 r10 r11 r12 r13
00000000-00009032-00000000-7ffffff0-00008588-44444444-0054c190-
r14 r15 r16 r17 r18 r19 r20
000083f4-000083f4-00000000-00000000-00000000-00000000-00000000-
r21 r22 r23 r24 r25 r26 r27
00000000-0000000a-00000001-00000000-00000000-004d6ce8-01dbd15c-
r28 r29 r30 r31 spr8 spr9 ip
00000002-00467078-00010300-00000300-00000310-00008588-00000370-
- 79 -
Variables :
00008538-44444444-01dbd15c-01dbcaac-00000002-00000000-004d6ce8-
01dbca18-
00008538 --- do_chram_mem_sys_addr---bspcfg.o
0001060c --- subcmd---cmdparse.o---libcmd.a
000083e4 --- do_chram_mem_sys---bspcfg.o
0000fb24 --- lookupcmd---cmdparse.o---libcmd.a
0000f05c --- cmdparse---cmdparse.o---libcmd.a
003e220c --- vty---vty.o---libvty.a
00499820 --- pSOS_qcv_broadcast---ksppc.o---os\libsys.a
The whole displayed content can be divided into six parts:
1 RROR:file function.map not found
The prompt information means that the system has not been installed the software function.map,
which does not affect the system running.
If the version of the software function.map is not consistent with that of the switch, the system
prompts that the version is not consistent.
2 Exception Type—Abnormal hex code plus abnormal name
3 BreakNum
It is the current abnormal number. It means the number of abnormalities that the system
has since it is powered on in the latest time. It is followed by the time when the
abnormality occurs.
4 Content of the register

The common content of the register is listed out.
5 Variable area
The content in the stack is listed out.
6 数的调用关系 Calling relationship of the number

If the map file is not installed on the system, only the function's address is displayed. If
the map file is installed on the system, the corresponding function name, .o file name
and .a file name are displayed.
The calling relationship is from bottom to top.
4.3.11 show controller

It is used to display the information about the interface control of the switch.
show controller [interface]
Parameter
interface Specifies the interface name.
- 80 -
Default
None
Command mode
Management mode
Instruction
It is used to display the controller state and the configuration information of the specified
interface. When the fault occurs, you can analyze the data to discover the cause of the
fault.
Example
switch#show controller s1/0

Interface Serial1/0
Hardware is PowerQUICC MPC860T
SCC Registers:
General [GSMR]=0x68034:0x22, Protocol-specific [PSMR]=0x3000
Events [SCCE]=0, Mask [SCCM]=0xcf, Status [SCCS]=0x3
Transmit on Demand [TODR]=0, Data Async [DSR]=0x7e7e
Interrupt Registers:
[CICR]=00e49f80 [CIPR]=4000c006 [CIMR]=48000000, [CISR]=00000000
Command register [CR]=0x6c0
SICR=0900002c, BRG=00000000:00010288:00000000:00000000 (aux=0)
Statistics: scc4, port3
int 751229 bad_first 0 too_long 0 drop 0
tx_count 1 bk_count 0 h_Q 81 s_Q 0
Port A [PADIR]=0000 [PAPAR]=53c3 [PAODR]=0000 [PADAT]=fefe
Port B [PBDIR]=00021001 [PBPAR]=00001020 [PBODR]=0000 [PBDAT]=0001e3be
Port C [PCDIR]=0000 [PCPAR]=0008 [PCSO]=0438 [PCDAT]=0fe7 [PCINT]=0008
Receive Ring
rmd(fff02320): status=9000 length=0000 address=01155f58
rmd(fff02328): status=9000 length=0000 address=01156c90
rmd(fff02330): status=9000 length=0000 address=01156b18
rmd(fff02338): status=9000 length=0000 address=011569a0
rmd(fff02340): status=9000 length=0000 address=01156828
rmd(fff02348): status=9000 length=0000 address=011566b0
rmd(fff02350): status=9000 length=0000 address=01156538
rmd(fff02358): status=b000 length=0000 address=01156f80
Transmit Ring
tmd(fff02360): status=0000 length=0000 address=00000000
tmd(fff02388): status=9000 length=0051 address=01156df4
SCC GENERAL PARAMETER RAM (at 0xfff03f00)
Rx BD Base [RBASE]=0x2320, Fn Code [RFCR]=0x15
Tx BD Base [TBASE]=0x2360, Fn Code [TFCR]=0x15
Max Rx Buff Len [MRBLR]=252
- 81 -
Current Rx(2) State [RSTATE]=0x9000, BD Ptr [RBPTR]=0x1156b18

Current Tx(5) State [TSTATE]=0x9000, BD Ptr [TBPTR]=0x1156df4
SCC UART PARAMETER RAM (at 0xfff03f30)
Maximum idle characters 1
Break Character 1
Received Parity Error 58445
Received Frame Error 65261
Received Noise Error 39256
Number of break conditions 22595
Last Received Break length 1524
uart1 63220 uart2 1
Transmit Out of sequence 0
cc[0] = 4011 cc[1] = 4013 cc[2] = 8000 cc[3] = 4011
cc[4] = 4013 cc[5] = 8000 cc[6] = 9c80 cc[7] = 7051
rccm = c0ff rccr = bf28 rlbc = a6fe
RxBufSiz 254 flow 1
flag=00000120, size=00000008, X=11, Xoff=13
DCR_B3#
The whole displayed information can be divided into the following parts:
(4) Name and type of interface control
Here it is MPC860 and SCC.
(5) Running state of the controller
Statistics data about breakdown, error and resetting
Length of the receiving and transmitting queue
(6) Controller configuration parameter
Register content parameter
Controller partial parameter
Physical protocol parameter
(7) State when BD is received or sent
The length, state and indicator of BD are listed out.
The location where BD is received or sent and relative states
4.3.12 show debug

It is used to display all the enabled debugging options of the switch.
show debug
Parameter
None
Command mode
Management mode
Example
switch# show debug
- 82 -
Crypto Subsystem:
Crypto Ipsec debugging is on
Crypto Isakmp debugging is on
Crypto Packet debugging is on
Relative command
debug
4.3.13 show logging

It is used to display the state of logging (syslog).
show logging
Parameter
None
Command mode
Management mode
Instruction
It is used to display the state of logging (syslog), including the login information about the console,
monitor and syslog.
Example
switch# show logging
Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)

Console logging: level debugging, 12 messages logged
Monitor logging: level debugging, 0 messages logged
Buffer logging: level debugging, 4 messages logged
Trap logging: level informations, 0 message lines logged
Log Buffer (4096 bytes):

2000-1-4 00:30:11 Configured from console 0 by DEFAULT
2000-1-4 00:30:28 User DEFAULT enter privilege mode from console 0, level = 15
Relative command
clear logging
- 83 -
Chapter 5 SSH Configuration Commands

5.1.1 ip sshd enable
Command description
ip sshd enable
no ip sshd enable
Parameter
None
Default
1024 bits
Instruction
It is used to generate the rsa encryption key and then monitor the connection to the ssh
server. The process of generating encryption key is a process of consuming the
calculation time. It takes one or two minutes.
Command mode
Example
In the following example, the SSH service is generated.

device_config#ip sshd enable
5.1.2 ip sshd timeout
Command description
ip sshd timout time-length

no ip timeout
Parameter
time-length Maximum time from the establishment of connection to the authentication

approval
Default
180 seconds
- 84 -
Instruction
To prevent the illegal user from occupying the connection resources, the connections
that are not approved will be shut down after the set duration is exceeded.
Command mode
Example
In the following example, the timeout time is set to 360 seconds:

device_config#ip sshd timeout 360
5.1.3 ip sshd auth-method
Command description
ip sshd auth-method method

no sshd auth-method
Parameter
method Sets authentication method list.
Default
The default authentication method list is used.
Instrunction
The ssh server uses the authentication method list of the login type.
Command mode
Example
In the following example, an auth-ssh authentication method list is configured and it is

applied to the ssh server:
device_config#aaa authentication login auth-ssh local
device_config#ip sshd auth-method auth-ssh
5.1.4 ip sshd access-class
Command description
ip sshd access-class access-list

no ip sshd access-class
- 85 -
Parameter
access-list Standard IP access list
Default
No access control list
Instrunction
It is used to configure the access control list for the ssh server. Only the connections
complying with the regulations in the access control list can be approved.
Command mode
Example
In the following example, an ssh-accesslist access control list is configured and

applied in the ssh server:
device_config# ip access-list standard ssh-accesslist
device_config_std_nacl#deny 192.168.20.40
device_config#ip sshd access-class ssh-accesslist
5.1.5 ip sshd auth-retries
Command description
ip sshd auth-retries times

no ip sshd auth-retries
Parameter
times Maximum re-authentication times

Default
3 times
Instrunction
The connection will be shut down when the re-authentication times exceeds the set
times.
Command mode
- 86 -
Example
In the following example, the maximum re-authentication times is set to five times:
device_config#ip sshd auth-retries 5
5.1.6 ip sshd clear
Command description
ip sshd clear ID
Parameter
ID Number of the SSH connection to the local device

Default
N/A
Instruction
It is used to mandatorily close the incoming ssh connection with the specified number.
You can run the command show ip sshd line to check the current incoming
connection’s number.
Command mode
Example
In the following example, the No.0 incoming connection is mandatorily closed:

device_config#ip sshd clear 0
5.1.7 ssh
Command description
ssh –l userid –d destIP [-c {des|3des|blowfish }] [-o numberofpasswdprompts] [-p

port]
Parameter
–l userid User account on the server
–d destI Destination IP address in the dotted decimal system
-o Re-authentication times after the first authentication fails

numberofpasswdpr Actual re-authentication times is the set value plus the smallest value set
ompts
- 87 -
on the server. Its default value is three times.

-p port Port number that the server monitors

Its default value is 22.
-c Encryption algorithm used during communication

{des|3des|blowfis The encryption algorithm is 3des by default.
h}
Default
N/A
Instruction
The command is used to create a connection with the remote ssh server.
Command mode
Privileged mode
Example
In the following example, a connection with the ssh server whose IP address is
192.168.20.41 is created. The account is zmz and the encryption algorithm is blowfish:
device#ip ssh –l zmz –d 192.168.20.41 –c blowfish
5.1.8 show ssh
Command description
show ssh
Parameter
None
Default
N/A
Instrunction
It is used to display the sessions on the ssh server.
Command mode
Privileged mode
Example
In the following example, the sessions on the ssh server are displayed:
device#show ssh
- 88 -
5.1.9 show ip sshd
Command description
show ip sshd
Parameter
None
Default
N/A
Instrunction
It is used to display the current state of the ssh server.
Command mode
Privileged mode
Example
In the following example, the current state of the ssh server is displayed:
device#show ip sshd
- 89 -
Chapter 6 Other system Command

6.1 The link scan command
Command description
This command is to configure the scan interval of the port

[no] link scan time
Parameter
time Port scan interval,the range of 10 to 1000 milliseconds
Default
Default IES model is 10ms, and the general switch models is 1000ms.
Command mode
Example
In the following example, Configure the switch every 20 milliseconds to do a port scan:
Link scan 20
- 90 -
Interface Configuration Commands
Table of Contents
Table of Contents
Chapter 1 Interface Configuration Commands................................................................................... 1
1.1 Interface Configuration Commands ...................................................................................... 1
1.1.1 description .................................................................................................................. 1
1.1.2 bandwidth ................................................................................................................... 2
1.1.3 delay........................................................................................................................... 2
-I-
Chapter 1 Interface Configuration Commands
1.1 Interface Configuration Commands
Interface configuration commands include：
z description
z bandwidth
z delay
1.1.1 description
description
To configure the description information on an interface, use the description command.

[no] description line
parameter
Specifies the description character string, including the spaces
line
in the middle of the line.
default
disabled
instruction
Use this command in the interface configuration mode.
example
The following example configures ‘up link’ as the interface f0/1 description:
Switch(config)# interface FastEthernet0/1
Switch(Switch_config_g0/1)# description up link
-1-
1.1.2 bandwidth
description
To configure the bandwidth on an interface, use the bandwidth command.
bandwidth kilobps
parameter
Specifies the interface bandwidth. The value is the same as the
kilobps
interface type.
default
default:10000.
instruction
Use this command in the interface configuration mode.
Note：
The configured bandwidth isn’t the actural bandwidth of the interface. It is only used to
compute the interface cost by certain protocols (like spanning-tree).
Example
The following example configures 1000000 as the interface f0/1 bandwidth:

Switch(config)# interface FastEthernet1/1
Switch(config-if)# bandwidth 10000000
1.1.3 delay
description
To set a delay value for an interface, use the delay command in interface configuration
mode.
delay tensofmicroseconds
-2-
parameter
tensofmicroseconds specifies the interface delay.
default
instruction
Use this command in the interface configuration come.
example
The following example configures 10 as the delay value for an interface:

Switch(config-if)# delay 10
-3-
Port Additional Characteristics Configuration
Commands
Table of Contents
Table of Contents
Chapter 1 Port Security ...................................................................................................................... 1
1.1 switchport port-security mode static ..................................................................................... 1
1.2 switchport port-security mode dynamic ................................................................................ 1
1.3 switchport port-security static mac-address.......................................................................... 1
1.4 switchport port-security dynamic maximum.......................................................................... 1
Chapter 2 Port Protection................................................................................................................... 2
2.1 switchport protected.............................................................................................................. 2
Chapter 3 Port Storm Control............................................................................................................. 3
3.1 storm-control ......................................................................................................................... 3
Chapter 4 Port Rate Limitation ........................................................................................................... 4
4.1 switchport rate-limit ............................................................................................................... 4
-I-
Port Additional Characteristics Configuration Commands
Chapter 1 Port Security

1.1 switchport port-security mode static
Command description
switchport port-security mode static {accept | reject}

no switchport port-security mode
Set the static mode of the security port.
1.2 switchport port-security mode dynamic

Command description
switchport port-security mode dynamic

no switchport port-security mode
Add/delete the dynamic mode of the security port.
1.3 switchport port-security static mac-address

Command description
switchport port-security static mac-address mac-addr

no switchport port-security static mac-address
Configure the static MAC address of the security port.
1.4 switchport port-security dynamic maximum

Command description
switchport port-security dynamic maximum value

no switchport port-security dynamic maximum
Add/delete the maximum number of dynamic MAC addresses of the security port.
-1-
Chapter 2 Port Protection

2.1 switchport protected
Command description
[no] switchport protected

Configure the port isolation function.
Parameter
None
Default
The port is not isolated.
Explanation
The command must be configured in layer-2 port configuration mode.
Example
Configure port f0/1 not to forward the unknown unicast frame.

Switch(config)# interface fastethernet0/1
Switch(config-if)# switchport protected
-2-
Chapter 3 Port Storm Control

3.1 storm-control
Command description
Configure the storm control function of the port.

storm-control {broadcast | multicast | unicast} threshold count
no storm-control {broadcast | multicast | unicast} threshold count
Parameter
broadcast | multicast | Defines the storm control of the broadcast, multicast and
unicast unicast.
Defines the flow percent of the storm control. The count

threshold count parameter defines the flow caps that lead to the storm.
<1-127>, n*64Kbps(n<=28);(n-27)Mbps(n>28)
Default
The storm control function is not enabled.
Explanation
The command must be configured in layer-2 port configuration mode.
Example
Set the storm control of the unknown unicast frame on port f0/1 to 192 Kbps.
Switch(config)# interface fastethernet0/1
Switch(config-f0/1)# storm-control unicast threshold 3
-3-
Chapter 4 Port Rate Limitation

4.1 switchport rate-limit
Command description
[no] switchport rate-limit band { ingress|egress}

Configure the flow rate limitation for the port.
Parameter
Band Flow rate

n*64Kbps(n<=28); (n-27)Mbps(n>28)
ingress Functions at the incoming port.
egress Functions at the outgoing port.
Default
The port has no port rate limitation.
Explanation
Layer-2 port configuration mode
Example
Set the incoming flow rate limitation on port f0/1 to 1M.

Switch(config)# interface f0/1
Switch(config-if)# switchport rate-limit 28 ingress
-4-
Interface Range Command
Table of Contents
Table of Contents
Chapter 1 Interface range command.................................................................................................. 1
1.1 interface range ...................................................................................................................... 1
-I-
Interface Range Commands
Chapter 1 Interface Range Command
1.1 Interface Range
Description
interface range type slot/<port1 - port2 | port3>[<port1 - port2|port3>]
Parameter
Name Description Description

type Interface type All legal interface types except for the management
interface on the main contril board of the rack-mounted
switch.
slot Slot number All legal slot numbers
port1 Beginning value of the port All legal port numbers on the slot.
number
port2 Ending value of the port All legal port numbers on the slot except for port 1.
number
port3 A single port. All legal port numbers on the slot.
Default
none
Instruction
Use this command to enter the interface range mode.
Example
Use the following command to enter the enterface configuration mode, including slot 0
and fast Ethernet port 1,2,3,6,8,10,11,12:
switch_config#interface range 1 - 3 , 6 , 8 , 10 - 12
switch_config_if_range#
-1-
Port Mirroring Configuration Commands
Table of Contents
Table of Contents
Chapter 1 Configuring Port Mirroring Commands.............................................................................. 1
1.1 Port Mirroring Configuration Commands .............................................................................. 1
1.1.1 mirror .......................................................................................................................... 1
1.1.2 show mirror................................................................................................................. 1
-I-
Chapter 1 Configuring Port Mirroring Commands

1.1 Port Mirroring Configuration Commands
The following are port mirroring configuration commands:
z mirror
z show mirror
1.1.1 mirror
Description
[no] mirror session session_number {destination {interface interface-id } | source

{interface interface-id [, | -] [both | rx | tx ] }
It is used to configure the command.
Parameters
session_number Number of port mirroring, whose value is 1
destination Information about the destination port mirroring
source Information about the mirrored port
both | rx | tx Data flow that will be mirrored

rx means that the input data is mirrored. tx means that the
output data is mirrored. both means that input and output data
are mirrored.
Instruction
Configure the command at the global configuration mode.
Example
Port g0/2 functions as the output mirror of port g0/1.

Switch(config)# mirror session 1 destination interface g0/2
Switch(config)# mirror session 1 source interface g0/1 tx
1.1.2 show mirror
Description
show mirror [session session_number]

It is used to display the port mirroring information.
-1-
Parameter
session_number Number of port mirroring, whose value is 1
Default
None
Instruction
It is used to display the port mirroring information.
Example
All port mirroring information are displayed.

Switch# show mirror
Session 1
---------
Source Ports:
RX Only: Fe0/3
TX Only: None
Both: None
Source VLANs:
RX Only: None
TX Only: None
Both: None
-2-
VLAN Configuration Commands
Table of Contents
Table of Contents
Chapter 1 VLAN Configuration Commands ....................................................................................... 1
1.1 VLAN Configuration Commands........................................................................................... 1
1.1.1 vlan............................................................................................................................. 1
1.1.2 name .......................................................................................................................... 2
1.1.3 switchport pvid............................................................................................................ 3
1.1.4 switchport mode ......................................................................................................... 3
1.1.5 switchport trunk .......................................................................................................... 4
1.1.6 show vlan ................................................................................................................... 6
-I-
Chapter 1 VLAN Configuration Commands
1.1 VLAN Configuration Commands
VLAN configuration commands include：
z vlan
z name
z switchport pvid
z switchport mode
z switchport trunk
z show vlan
1.1.1 vlan
To add a VLAN, use the vlan command. Use the no form of this command to delete a
VLAN.
[no] vlan vlan-id
Parameter
vlan-id ID of the VLAN. Range is from 1 to 4094。
Default
none
Command mode
global
Instruction
Use this command to enter VLAN configuration mode and to modify some attributes of
the VLAN.
-1-
Example
This example shows how to add a new VLAN:

Switch_config#
Switch_config#vlan 2
Switch_config_vlan_2#
1.1.2 name
To assign a name to a VLAN, use the name command. Use the no form of this
command to remove the name assigned to a VLAN.
[no] name str
Parameter
str Name of the defined VLAN。The name consists of up to 32
characters.
Default
The default VLAN name is ‘Default’. Other VLAN name is VLANxxxx (xxxx is 4-digit
stack ID)
Command mode
VLAN configuration mode
Instruction
This command can modify VLAN name to indicate special VLAN according to special
requirements.
Example
The following command modify vlan200 to main405.

Switch_config#
Switch_config#
Switch_config#vlan 200
Switch_config_vlan_200#name ?
WORD The ascii name of VLAN(32bytes)
Switch_config_vlan_200#name main405
-2-
1.1.3 switchport pvid
To configure port VLAN of in the access mode, use the switchport pvid command.
switchport pvid vlan-id
no switchport pvid
Parameter
vlan-id VLAN ID of the port。 Range is from 1 to 4094。
Default
All ports are subordinate to VLAN 1.
Command mode
interface configuration mode
Instruction
Vlan of the pvid must exist before configuring this command. The port can be access
mode or frame relay mode.
Example
The following example configures interface fastethernet 0/1 as the access interface of
VLAN 10:
Switch(config)#interface f0/1
Switch(config)#vlan10
Switch(config-f0/1)#switchport pvid 10
1.1.4 switchport mode
To configure the interface mode, use the switchport mode command.
switchport mode {access | dot1q-tunnel | trunk}
Parameter
access Sets a nontrunking, nontagged single VLAN Layer 2 interface.
-3-
dot1q-tunnel Sets the trunking mode to TUNNEL unconditionally.
trunk Specifies a trunking VLAN Layer 2 interface.
Default
Access mode
Command mode
Instruction
If you enter access mode, the interface goes into permanent nontrunking mode and
negotiates to convert the link into a nontrunk link even if the neighboring interface does
not agree to the change.
If you enter trunk mode, the interface goes into permanent trunking mode and
negotiates to convert the link into a trunk link even if the neighboring interface does not
agree to the change.
If you enter dot1q-tunnel mode, the port is set unconditionally as an 802.1Q tunnel
port.
The switchport mode command conflicts with 802.1X protocol. You cannot configure
802.1X protocol in trunk mode. 802.1X protocol is valid only in access mode.
Example
The following example configures the port to the trunk mode:

Switch(config-f0/1)#switchport mode trunk
1.1.5 switchport trunk
To set the trunk characteristics, use the switchport trunk commands. To reset all of the
trunking characteristics back to the original defaults, use the no form of this command.
[no] switchport trunk {vlan-allowed vlan-list} | {vlan-untagged vlan-list }
Parameter
vlan-allowed Sets the list of allowed VLANs that transmit traffic from this
interface in tagged format. Value is from 1 to 4094.
vlan-untagged Sets the list of allowed VLANs that transmit traffic from this
interface in untagged format.Value is from 1 to 4094.
-4-
Default
The default native vlan ID is 1.
The valid VLAN ID is from 1 to 4094 (all VLANs).
Command mode
interface configuration
Instruction
You can use this command on an interface no matter it is in access or trunk mode. But
this command is valid only when the interface is in trunking mode.
The vlan-allowed parameter sets the list of allowed VLANs that transmit traffic from this
interface in tagged format. The vlan-untagged parameter sets the list of allowed VLANs
that transmit traffic from this interface in untagged format.
The vlan-list format is all | none | add | remove | except vlan-list[,vlan-list...] where:
•all—Specifies all VLANs from 1 to 1005. Beginning with Cisco IOS Release 12.4(15)T,
the valid VLAN ID range is from 1 to 4094.
•none—Indicates an empty list. This keyword is not supported in the switchport trunk
allowed vlan form of the command.
•add—Adds the defined list of VLANs to those currently set instead of replacing the
list.
•remove—Removes the defined list of VLANs from those currently set instead of
replacing the list.
•except—Lists the VLANs that should be calculated by inverting the defined list of
VLANs.
•vlan-list—Is either a single VLAN number from 1 to 1005 or a continuous range of

VLANs described by two VLAN numbers, the lesser one first, separated by a hyphen
that represents the VLAN IDs of the allowed VLANs when this port is in trunking mode.
Beginning with Cisco IOS Release 12.4(15)T, the valid VLAN ID range is from 1 to
4094.
Example
The following example configures VLAN ID range to 1-10:

Switch(config-f0/1)#switchport trunk vlan-allowed 1-10,20-30,55
Switch(config-f0/1)#switchport trunk vlan-untagged 2-1000
-5-
1.1.6 show vlan
To display VLAN information, use the show vlan command.
show vlan [id vlan-id | interface intf-id]
Parameter
id Displays information about a single VLAN that is identified by a
VLAN ID number; valid values are from 1 to 4094.
interface Displays the specified interface
Default
none
Command mode
EXEC/ All configuration modes
Instruction
none
Example
The following example shows all VLAN information:

Switch#sho vlan
VLAN Status Name Ports
---- ------- ---------------- -------------------------------------------------
1 Static Default F0/1, F0/2, F0/3, F0/4, F0/5, F0/6, F0/7, F0/8
F0/9, F0/10, F0/11, F0/12, F0/13, F0/14, F0/15
F0/16, F0/17, F0/18, F0/19, F0/20, F0/21, F0/22
F0/23, F0/24, G1/1, G2/1, P1
2 Static VLAN0002 F0/3
Status： indicates the source of VLAN. Static: indicates the VLAN is formed by
configuration. Dynamic: indicates the VLAN is dynamically formed by GVRP protocol.
The following example shows the concrete information of a VLAN:
-6-
Switch> show vlan id 1

VLAN id: 1, Name: default, TotalPorts:11
Ports Atttributes
-----------------------------------------------------------------
F0/1 Trunk,Untagged
F0/2 Access
F0/5 Trunk,Untagged
F0/7 Trunk,Tagged
F0/8 Trunk,Tagged
F0/9 Trunk,Tagged
F0/11 Access
F0/12 Access
F0/14 Trunk,Tagged
F0/15 Trunk,Tagged
F0/16 Trunk,Untagged
The following example shows the relevant information about a VLAN on an interface:
Switch#sho vlan int f0/6
Interface VLAN
Name Property PVID Vlan-Map uTagg-VLan-Map
-------------------- -------- ---- ---------------- ----------------
FastEthernet0/6 Trunk 1 3,5,7,9,11,13,15 none
17,19
Switch#sho vlan int f0/7
Interface VLAN
Name Property PVID Vlan-Map uTagg-VLan-Map
-------------------- -------- ---- ---------------- ----------------
FastEthernet0/7 Access 7 7 ----
-7-
STP Configuration Commands
Table of Contents
Table of Contents
Chapter 1 STP Configuration Commands ............................................................................................................................ 1
1.1 SSTP Configuration Commands ........................................................................................................................... 1
1.1.1 spanning-tree mode .................................................................................................................................. 1
1.1.2 spanning-tree sstp priority......................................................................................................................... 2
1.1.3 spanning-tree sstp hello-time .................................................................................................................... 2
1.1.4 spanning-tree sstp max-age...................................................................................................................... 3
1.1.5 spanning-tree sstp forward-time................................................................................................................ 4
1.1.6 spanning-tree sstp cost ............................................................................................................................. 5
1.1.7 spanning-tree cost..................................................................................................................................... 6
1.1.8 spanning-tree sstp port-priority.................................................................................................................. 7
1.1.9 spanning-tree port-priority ......................................................................................................................... 8
1.1.10 show spanning-tree................................................................................................................................. 9
1.2 RSTP Configuration Commands ......................................................................................................................... 10
1.2.1 spanning-tree mode rstp ......................................................................................................................... 10
1.2.2 spanning-tree rstp forward-time .............................................................................................................. 10
1.2.3 spanning-tree rstp hello-time................................................................................................................... 11
1.2.4 spanning-tree rstp max-age .................................................................................................................... 12
1.2.5 spanning-tree rstp priority........................................................................................................................ 13
1.2.6 spanning-tree rstp cost............................................................................................................................ 13
1.2.7 spanning-tree rstp port-priority ................................................................................................................ 14
1.2.8 spanning-tree rstp migration-check......................................................................................................... 15
Chapter 2 MSTP Configuration Commands ....................................................................................................................... 16
2.1 MSTP Configuration Command........................................................................................................................... 16
2.1.1 spanning-tree mode mstp........................................................................................................................ 16
2.1.2 spanning-tree mstp name........................................................................................................................ 16
2.1.3 spanning-tree mstp revision .................................................................................................................... 17
2.1.4 spanning-tree mstp instance ................................................................................................................... 18
2.1.5 spanning-tree mstp root .......................................................................................................................... 19
2.1.6 spanning-tree mstp priority...................................................................................................................... 20
2.1.7 spanning-tree mstp hello-time................................................................................................................. 21
2.1.8 spanning-tree mstp forward-time............................................................................................................. 21
2.1.9 spanning-tree mstp max-age................................................................................................................... 22
2.1.10 spanning-tree mstp diameter................................................................................................................. 23
2.1.11 spanning-tree mstp max-hops ............................................................................................................... 24
2.1.12 spanning-tree mstp port-priority ............................................................................................................ 24
2.1.13 spanning-tree mstp cost........................................................................................................................ 25
2.1.14 spanning-tree mstp mst-compatible ...................................................................................................... 26
2.1.15 spanning-tree mstp migration-check ..................................................................................................... 27
2.1.16 show spanning-tree mstp ...................................................................................................................... 27
2.1.17 show spanning-tree mstp region ........................................................................................................... 29
2.1.18 show spanning-tree mstp detail............................................................................................................. 29
-I-
Table of Contents
2.1.19 show spanning-tree mstp interface ....................................................................................................... 31
- II -
Chapter 1 STP Configuration Commands
1.1 SSTP Configuration Commands
1.1.1 spanning-tree mode
description
To switch between RSTP and SSTP modes, use the spanning-tree mode command.
To return to the default settings, use the no form of this command.
spanning-tree mode {rstp|sstp}
no spanning-tree mode
parameter
rstp Enables RSTP mode
sstp Enbales SSRP mode
default
SSTP
instruction
none
command mode
global configuration
example
The following example enables SSTP mode:

Switch(config)# spanning-tree mode sstp
Switch(config)#
-1-
1.1.2 spanning-tree sstp priority
description
To set the sstp bridge priority, use the spanning-tree sstp priority command. To return
to the default settings, use the no form of this command.
spanning-tree sstp priority value
no spanning-tree sstp priority
parameter
value Value is from 0 to 61440.
default
32768
Instruction
The switch becomes the root of the whole network spanning-tree when configured the
priority value. You can set the bridge priority in increments of 4096 only. When you set
the priority, valid values are 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672,
32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440.
Command mode
example
This example shows how to set the SSTP priority:

Switch(config)# spanning-tree sstp priority 4096
Switch(config)#
1.1.3 spanning-tree sstp hello-time
description
To set the hello-time delay timer, use the spanning-tree sstp hello-time command. To
return to the default settings, use the no form of this command.
spanning-tree sstp hello-time time
-2-
no spanning-tree sstp hello-time
parameter
time Number of seconds to set the hello-time delay timer; valid
values are from 1 to 10 seconds.
default
4s
Instruction
The hello-time configured by the local switch is valid only when the local switch is the
root switch.
Command mode
Example
The following example sets the SSTP hello-time to 8 seconds:

Switch(config)# spanning-tree sstp hello-time 8
Switch(config)#
1.1.4 spanning-tree sstp max-age
description
To set the SSTP max-age timer, use the spanning-tree sstp max-age command. To
spanning-tree sstp max-age time
no spanning-tree sstp max-age
parameter
seconds Number of seconds to set the max-age timer; valid values are
from 6 to 40 seconds.
-3-
default
20s
instruction
none
command mode
example
This example shows how to set the max-age timer：

Switch(config)# spanning-tree sstp max-age 24
Switch(config)#
1.1.5 spanning-tree sstp forward-time
description
To set the forward-delay timer, use the spanning-tree sstp forward-time command in
global configuration mode. To return to the default settings, use the no form of this
command.
spanning-tree sstp forward-time time
no spanning-tree sstp forward-time
parameter
time Number of seconds to set the forward-delay timer; valid values
are from 4 to 30 seconds.
default
15 seconds
instruction
none
-4-
command mode
example
The following example shows how to set forward delay timer:

Switch(config)# spanning-tree sstp forward-delay 20
Switch(config)#
1.1.6 spanning-tree sstp cost
description
To set the path cost of the interface for SSTP calculations, use the spanning-tree sstp
cost command in interface configuration mode. To revert to the default value, use the
no form of this command.
spanning-tree sstp cost value
no spanning-tree sstp cost
parameter
value Path cost. Valid values are from 1 to 200000000
default
10M Ethernet:100 。
100M Ethernet: 19 。
1000M Ethernet: 1 。
instruction
none
command mode
-5-
example
This example shows how to set a path cost value of 100 for the spanning tree VLAN
associated with the interface F1/10:
Switch(config_f0/10)#spanning-tree sstp cost 100
Switch(config_f0/10)#
1.1.7 spanning-tree cost
description
To set the path cost of the interface for Spanning Tree Protocol (STP) calculations,
use the spanning-tree cost command in interface configuration mode. To revert to the
default value, use the no form of this command.
spanning-tree cost value
no spanning-tree cost
parameter
value Path cost; valid values are from 1 to 200000000
default
The default path cost is computed from the bandwidth setting of the interface.
instruction
The configuration result of this command is valid to all spanning-tree modes. In STP
mode, the path cost of all VLAN spanning-trees on the interface will be updated. In
MSTP mode, the path cost of all spanning-tree examples will be updated.
But the configuration result of the command will not influence the independent
configuration in various modes. For example, the switch respectively configured with
the spanning-tree sstp cost 100 and the spanning-tree cost 110 in SSTP mode, the
port priority will be 100.
command mode
-6-
example
This example shows how to set a path cost value of 24 for the spanning tree VLAN
associated with that interface:
Switch(config_f0/0)# spanning-tree cost 24
1.1.8 spanning-tree sstp port-priority
description
To set the priority value in SSTP mode, use the spanning-tree sstp port-priority
command. Use the no form of this command to restore the default value.
spanning-tree sstp port-priority value
no spanning-tree sstp port-priority
parameter
value Port priority。Value is from 0 to 255
default
128（0x80）
instruction
The port priority must be set in increments of 16 only.
command mode
example
The following example sets 32 as the priority value on interface f0/0:

Switch(config_f0/0)# spanning-tree sstp port-priority 32
-7-
1.1.9 spanning-tree port-priority
description
To prioritize an interface when two bridges compete for position as the root bridge, use
the spanning-tree port-priority command. The priority you set breaks the tie. To revert
to the default setting, use the no form of this command.
spanning-tree port-priority value
no spanning-tree port-priority
parameter
parameter parameter
value Port priority。Value is from 0 to 255，
default
Port priority value is 128
instruction
The configuration result of this command is valid to all spanning-tree modes. In STP
mode, the priority of all VLAN spanning-trees on the interface will be updated. In MSTP
mode, the priority of all spanning-tree examples will be updated.
But the configuration result of the command will not influence the independent
configuration in various modes. For example, the switch respectively configured with
the spanning-tree sstp port-priority 100 and the spanning-tree port-priority 110 in SSTP
mode, the port priority will be 100.
command mode
example
This example shows how to set the priority value:

Switch(config_f1/10)#spanning-tree port-priority 16
-8-
1.1.10 show spanning-tree
description
To display spanning-tree information for the specified spanning-tree instances, use the
show spanning-tree command.
show spanning-tree [detail | interface intf-i]
parameter
intf-i Pory name，like F0/10, G1/1
default
none
instruction
Show spanning-tree state.
command mode
Interface configuration/EXEC/global configuration
example
Switch_config#show span
Spanning tree enabled protocol SSTP
SSTP
Root ID This bridge is the root
Bridge ID Priority 32768
Address 00E0.0F64.8365
Hello/MaxAge/FwdDly 4/20/15(s)
Intf Port ID Designated Port ID
Name Pri.Nbr Role Sts Cost Bridge ID Pri.Nbr Cost
-------- ------- ---- --- --------- -------------------- ------- ---------
F0/47 128.47 Desg LIS 12 32768 00E0.0F64.8365 128.47 0
Switch_config#
-9-
1.2 RSTP Configuration Commands
1.2.1 spanning-tree mode rstp
description
To enable RSTP feature, use the spanning-tree mode rstp command. Use the no form
of this command to disable RSTP.
spanning-tree mode rstp
parameter
none
default
RSTP disabled，SSTP enabled
instruction
none
example
The following example enables rstp on the switch:

switch(config)# spanning-tree mode rstp
switch(config)#
1.2.2 spanning-tree rstp forward-time
description
To set the rstp forward-delay timer, use the spanning-tree rstp forward-time command
in global configuration mode. To return to the default settings, use the no form of this
command.
spanning-tree rstp forward-time time
no spanning-tree rstp forward-time
- 10 -
parameter
time Number of seconds to set the forward-delay timer; valid values
are from 4 to 30 seconds.
default
15 seconds
instruction
none
example
The following example sets 20 seconds as the rstp forward-delay timer:

switch(config)# spanning-tree rstp forward-time 20
switch(config)#
1.2.3 spanning-tree rstp hello-time
description
To set the RSTP hello-time delay timer, use the spanning-tree rstp hello-time
command in global configuration mode. To return to the default settings, use the no
form of this command.
spanning-tree rstp hello-time time
no spanning-tree rstp hello-time
parameter
time Number of seconds to set the hello-time delay timer; valid
values are from 1 to 10 seconds.
default
4 seconds
- 11 -
instruction
The hello-time configured by the local switch is valid only when the local switch is the
root switch.
example
The following example sets 8 seconds as the rstp hello-time:

switch(config)# spanning-tree rstp hello-time 8
switch(config)#
1.2.4 spanning-tree rstp max-age
description
To set the RSTP max-age timer, use the spanning-tree rstp max-age command. To
spanning-tree rstp max-age time
no spanning-tree rstp max-age
parameter
time Number of seconds to set the max-age timer; valid values are
default
20 seconds
instruction
none
example
The following example sets 24 seconds as the rstp max-age timer:

switch(config)# spanning-tree rstp max-age 24
switch(config)#
- 12 -
1.2.5 spanning-tree rstp priority
description
To set the rstp bridge priority, use the spanning-tree rstp priority command. To return to
the default settings, use the no form of this command.
spanning-tree rstp priority value
no spanning-tree rstp priority
parameter
value Bridge priority。Value is from 0 to 61440，
default
32768
instruction
none
example
The following example sets 4096 as the bridge priority:

switch(config)# spanning-tree rstp priority 4096
switch(config)#
1.2.6 spanning-tree rstp cost
description
To set the path cost of the interface, use the spanning-tree rstp cost command. To
revert to the default value, use the no form of this command.
spanning-tree rstp cost value
no spanning-tree rstp cost
parameter
value Path cost; valid values are from 1 to 200000000
- 13 -
default
The default path cost is computed from the bandwidth setting of the interface
10 Mbps: 2000000
100 Mbps: 200000
1000 Mbps: 20000
instruction
none
example
The following example sets a path cost value of 24 for the interface f0/0:
switch(config_f0/0)# spanning-tree rstp cost 24
switch(config_f0/0)#
1.2.7 spanning-tree rstp port-priority
description
To set an interface priority, use the spanning-tree rstp port-priority command. To revert
to the default value, use the no form of this command.
spanning-tree rstp port-priority value
no spanning-tree rstp port-priority
parameter
value Port priority; valid values are from 0 to 255.
default
128
instruction
none
- 14 -
example
The following example sets 24 as the priority value on interface f0/0:

switch(config_f0/0)# spanning-tree rstp port-priority 24
1.2.8 spanning-tree rstp migration-check
Command description
spanning-tree rstp migration-check
Restart the protocol coversion check at the port of the RSTP.
Parameter
None
Default
None
Usage description
It is used to restart the protocol coversion check at the port, change the port from the
STP-compatible mode to the RSTP mode, enabling the port to send RSTP BPDU.
The command is supported only in the switches that support IEEE 802.1D 2004 RSTP.
Command mode
Global/port configuration mode
Example
The following example shows the protocol coversion check is performed on port F0/10:
Switch(config_f0/10)#spanning-tree rstp migration-check
Switch(config_f0/10)
- 15 -
Chapter 2 MSTP Configuration Commands
2.1 MSTP Configuration Command
2.1.1 spanning-tree mode mstp
Command description
spanning-tree mode mstp
Run the spanning-tree mode mstp command to set the running mode of STP to
MSTP. Run the no spanning-tree mode command to disable STP.
Parameter
None
Default
The MSTP mode is closed, while the SSTP mode is running.
Usage description
None
Example
The following commands are used to enable the MSTP protocol on the switch:
switch(config)# spanning-tree mode mstp
switch(config)#
2.1.2 spanning-tree mstp name
Command description
spanning-tree mstp name string
no spanning-tree mstp name
- 16 -
Run the spanning-tree mstp name string command to configure the regional name
of the STP. Run the no spanning-tree mstp name command to resume the default
name.
Parameter
String Configures the character string of the name. The character string can
have up to 32 characters, capital sensitive. The default value is in the form
of character string like the MAC address of the switch.
Default
Character string form of the switch’s MAC address
Usage description
None
Example
The following commands are used to set the configuration name of the switch’s STP to
reg-01.
switch(config)# spanning-tree mstp name reg-01
switch(config)#
2.1.3 spanning-tree mstp revision
Command description
spanning-tree mstp revision value
no spanning-tree mstp revision
Run the spanning-tree mstp revision value command to generate the revision
number of STP. Run the no spanning-tree mstp revision to restore the revision
number to the default value.
Parameter
Value Revision number: 0 ~65535
- 17 -
Default
The default value of the revision number is 0.
Usage description
None
Example
The following commands are used to set the regional revision number of STP to 100.
switch(config)# spanning-tree mstp revision 100
switch(config)#
2.1.4 spanning-tree mstp instance
Command description
spanning-tree mstp instance instance-id vlan vlan-list
no spanning-tree mstp instance instance-id
Run the command spanning-tree mstp instance instance-id vlan vlan-list to map
the VLAN to the MSTI. Run the command no spanning-tree mstp instance
instance-id to re-map the VLAN to the CIST.
Parameter
instance-id Instance number of the STP, meaning an MSTI which ranges
from 1 to 15.
vlan-list VLAN list which is mapped to the STP, ranging from 1 to 4094.
Default
All VLANs are mapped to the CIST (MST00).
Usage description
instance-id is an unique value representing an STP instance.
vlan-list represents a VLAN group, such as “1,2,3”, “1-5” and “1,2,5-10”.
- 18 -
Example
The following commands map VLAN1 to instance 1 of STP, and VLAN5,7,10-20 to

instance 2 of STP, and then re-map these VLANs to MST00.
switch(config)# spanning-tree mstp instance 1 vlan 2
switch(config)# spanning-tree mstp instance 2 vlan 5,7,10-20
switch(config)# no spanning-tree mstp instance 2
2.1.5 spanning-tree mstp root
Command description
spanning-tree mstp instance-id root {primary | secondary}
[ diameter net-diameter [ hello-time seconds ] ]
no spanning-tree mstp root
Configure the specified MSTP instance to the primary/secondary root. Run its negative
form to restore the priority of MSTP instance to the default value.
Both the diameter command and the hello-time command can modify the network
diameter and the HelloTime parameter of the MSTP when they are setting the root.
Parameter
instance-id MSTP instance, ranging from 0 to 15
Primary Sets the MSTP instance to the primary root.
Secondary Sets the MSTP instance to the secondary root.
net-diameter Network diameter, which is optional
When the instance-id parameter is 0, it is effective.
It ranges from 2 to 7.
Seconds Hello time, an optional parameter, which ranges from 1 to 10

seconds
Default
The priority value of all default roots of all MSTP instances are 32768, the network
diameter is 7 and the HelloTime is 2 seconds.
Usage description
Both the diameter command and the hello-time command are valid only when
instanc-id is 0.
- 19 -
Generally, after you run the command to set the primary root, the protocol
automatically checks the ID of the current network root and then sets the priority field
of the root identifier to 24576 if this value gurantees the current switch to be the root of
the MSTP instance. If the priority value of the root is smaller than 24576, the protocol
will automatically set the MSTP priority of the current root to a value which is 4096
smaller than the root’s priority. Here, 4069 is the step of the root priority.
Different from the configuration of the primary root, the protocol directly sets the MSTP
priority of the switch to 28672 after the command for configuring the secondary root is
run. Thus, the current switch can be the secondary root when the priorities of other
switches are the default value 28672.
Example
The following commands are used to set tbe switch to the primary root in the CIST and
recalculate the time parameter of the MSTP through network diameter 3 and
HelloTime3, and at last set the switch to the secondary root in the MST01.
switch(config)# spanning-tree mstp 0 root primary diameter 3 hello-time 3
switch(config)# spanning-tree mstp 1 root secondary
2.1.6 spanning-tree mstp priority
Command description
spanning-tree mstp instance-id priority value
no spanning-tree mstp priority
It is used to configure the bridge priority of the MSTP instance. Its negative form is
used to resume the default value of the priority.
Parameter
instance-id MSTP instance number, ranging from 0 to 15
Value Bridge priority, which can be one of the given values:
0, 4096, 8192, 12288, 16384, 20480, 24576, 28672,
32768, 36864, 40960, 45056, 49152, 53248, 57344, 61440
Default
The default priority of the bridges of all MSTP instances is 32768.
Usage description
Each priority value in the MSTP instance is independent and can be configured
independently.
- 20 -
Example
The following commands are used to set the priority of the switch in the CIST and
MST01 to 4096 and 8192 respectively.
switch(config)# spanning-tree mstp 0 priority 4096
switch(config)# spanning-tree mstp 1 priority 8192
2.1.7 spanning-tree mstp hello-time
Command description
spanning-tree mstp hello-time seconds
no spanning-tree mstp hello-time
It is used to configure the hello-time of the MSTP, and its negative form is used to
resume the default settings of the HelloTime.
Parameter
Seconds It ranges from 1 to 10 seconds. Its default value is 2 seconds.
Default
Two seconds
Usage description
None
Example
The following commands are used to set the HelloTime of the MSTP to 10.
switch(config)# spanning-tree mstp hello-time 10
switch(config)# no spanning-tree mstp hello-time
2.1.8 spanning-tree mstp forward-time
Command description
spanning-tree mstp forward-time seconds
no spanning-tree mstp forward-time
- 21 -
It is used to configure the Forward Delay of the MTSP. Its negative is used to resume
the default settings.
Parameter
Seconds It ranges from 4 to 30 seconds. Its default value is 15 seconds.
Default
15 seconds
Usage description
None
Example
The following commands are used to set the Forward Delay parameter of the MTSP
to 10.
switch(config)# spanning-tree mstp forward-time 10
switch(config)# no spanning-tree mstp forward-time
2.1.9 spanning-tree mstp max-age
Command description
spanning-tree mstp max-age seconds
no spanning-tree mstp max-age
It is used to configure the Max Age parameter of the MSTP. Its negative is used to
resume the default settings.
Parameter
Seconds Range: 6 – 40 seconds
The default value is 20 seconds.
Default
20 seconds
- 22 -
Usage description
None
Example
The following commands are used to set the MaxAge parameter of the MSTP to 10.
switch(config)# spanning-tree mstp max-age 10
switch(config)# no spanning-tree mstp max-age
2.1.10 spanning-tree mstp diameter
Command description
spanning-tree mstp diameter net-diameter
no spanning-tree mstp diameter
It is used to configure the network diameter of the MSTP. Its negative is used to
resume the default settings.
net-diameter Range: 2 – 7
Default
The default network diameter is 7.
Usage description
The net-diameter parameter is not saved as an independent settings in the switch.

The time parameter that is modified through network diameter configuration can be
saved. The net-diameter parameter is valid in the CIST. After settings, the three time
parameters of the STP can be automatically updated to a relatively advantageous
value.
It is recommended to set the time parameters of the STP through root configuration or
network diameter configuration. In this way, the reasonability of the time parameters
can be assured.
Example
The following first command is to set the bridge diameter of MSTP to 5. The second
command is to resume the default value of the bridge diameter.
switch(config)# spanning-tree mstp diameter 5
- 23 -
switch(config)# no spanning-tree mstp diameter
2.1.11 spanning-tree mstp max-hops
Command description
spanning-tree mstp max-hops hop-count
no spanning-tree mstp max-hops
The spanning-tree mstp max-hops hop-count command is used to set the

maximum number of hops of the MSTP BPDU. Its negative is used to resume the
default settings.
Parameter
hop-count Range: 1 -40
Default
The default vaue of the maximum hop counts is 20.
Usage description
None
Example
The first command is to set the maximum hop counts of the MSTP BPDU to 5. The
second command is to restore the default value of the maximum hop counts.
switch(config)# spanning-tree mstp max-hops 5
switch(config)# no spanning-tree mstp max-hops
2.1.12 spanning-tree mstp port-priority
Command description
spanning-tree mstp instance-id port-priority value
no spanning-tree instance-id port-priority
The spanning-tree mstp instance-id port-priority value command is used to the

port priority in the specified STP instance. Its negative is used to resume the default
settings.
- 24 -
Parameter
instance-id Number of the STP instance, ranging from 0 to 15
Value Port priority, which is one of the following values:
0, 16, 32, 48, 64, 80, 96, 112
128, 144, 160, 176, 192, 208, 224, 240
Default
The default priority value of the port in all STP instances is 128.
Usage description
None
Example
The first command is to set the priority of port F0/1 in the CIST to 16. The second
command is to resume the default value.
switch(config_f0/1)# spanning-tree mstp 0 port-priority 16
switch(config_f0/1)# no spanning-tree mstp 0 port-priority
2.1.13 spanning-tree mstp cost
Command description
spanning-tree mstp instance-id cost value
no spanning-tree mstp instance-id cost
The command spanning-tree mstp instance-id cost value is used to set the path
cost of the port in the specified STP instance. Its negative is used to resume the
default settings.
Parameter
Value Path cost of the port, ranging from 1 to 200000000
Default
It depends on the connection rate of the port:
- 25 -
10 Mbps: 2000000
100 Mbps: 200000
1000 Mbps: 20000
Usage description
None
Example
The following commands are used to set the path cost of port F0/1 in the CIST to 200.
switch(config_f0/1)# spanning-tree mstp 0 cost 200
2.1.14 spanning-tree mstp mst-compatible
Command description
spanning-tree mstp mst-compatible
no spanning-tree mstp mst-compatible
Activate or shut down the MST-compatible mode.
Parameter
None
Default
The MSTP-compatible mode is not activated.
Usage description
After the MST-compatible mode is enabled, configure other connected switches that
are running other MSTP protocols to the roots of CIST, ensuring that the switch can
enter the MSTP-compatible mode by receiving the message.
Example
The following command is to activate the MST-compatible mode in global configuration

mode:
switch(config)#spanning-tree mstp mst-compatible
- 26 -
2.1.15 spanning-tree mstp migration-check
Command description
spanning-tree mstp migration-check
Clear the STP information that is checked by the port, and restart the protocol
conversion process.
Parameter
None
Default
None
Usage description
The command is valid in global configuration mode and in port configuration mode.
Example
The following commands are used to check the protocol conversion on all ports first,
and then check the protocol conversion on port F0/1 again.
switch(config)# spanning-tree mstp migration-check
switch(config)# interface f 0/1
switch(config_f0/1)# spanning-tree mstp migration-check
2.1.16 show spanning-tree mstp
Command description
show spanning-tree mstp [ instance instance-id ]
The command above is used to check the MSTP information. If you run the command
show spanning-tree mstp, the information about all STP instances is displayed.
Parameter
- 27 -
Default
None
Usage description
It is valid in monitoring mode, global configuration mode or port mode.
Example
The following shows how to view all STP instances through the command. Here,
MST00 stands for CIST, and the Type field stands for the port connection type.
Switch#show spanning-tree mstp
MST00 Vlans Mapped: 1,4-4094

Root Address 00E0.0F64.8365 Priority 32768 (32768 mst-id 0)
Root This root is the CIST and regional root
Configured Hello Time 2, Forward Delay 15, Max Age 20, Max Hops 20
Root Times Hello Time 2, Forward Delay 15, Max Age 20
Interface Role Sts Cost Pri.Nbr Type

---------------- ---- --- --------- ------- --------------------------------
F0/1 Desg FWD 200000 128.1 P2p
F0/3 Back BLK 200000 128.3 P2p
F0/47 Desg FWD 200000 128.47 Edge
MST01 Vlans Mapped: 2

Root This root for MST01

---------------- ---- --- --------- ------- --------------------------------
F0/1 Desg FWD 200000 128.1 P2p


---------------- ---- --- --------- ------- --------------------------------
F0/1 Desg FWD 200000 128.1 P2p
- 28 -
2.1.17 show spanning-tree mstp region
Command description
show spanning-tree mstp region
Check the regional configuration information about the MSTP.
Parameter
None
Default
None
Usage description
None
Example
See the following information. MST Config Table shows the relation between VLAN
and STP instance.
switch(config)# show spanning-tree mstp region
MST Region:
Name: [reg01]
Revision:[0]
MST Config Table:

Instance VLAN IDs
---------- ----------
0 1,4-4094
1 2
2 3
2.1.18 show spanning-tree mstp detail
Command description
show spanning-tree mstp detail
The command above is used to check the detailed information about MSTP.
- 29 -
Parameter
None
Default
None
Usage description
None
Example
The following example shows the detailed STP information after the command is run,
including the port connection type and optional characteristics:
Switch#show spanning-tree mstp detail
MST00 Vlans Mapped: 1,4-4094

Root This root is the CIST and regional root
Configured Hello Time 2, Forward Delay 15, Max Age 20, Max Hops 20
Root Times Hello Time 2, Forward Delay 15, Max Age 20
FastEthernet0/1 of MST00 is designated forwarding

Port Info Port ID 128.1 Priority 128 Cost 200000
Designated Root Address 00E0.0F64.8365 Priority 32768 Cost 0
CIST Regional Root Address 00E0.0F64.8365 Priority 32768 Cost 0
Designated Root Address 00E0.0F64.8365 Priority 32768 Port ID 128.1
Edge Port: disabled Link Type: point-to-point (auto)
Bpdu Guard: disabled (default) Root Guard: disabled (default)
Loop Guard: disabled (default)
Timers: message expires in 0 sec, forward delay 0 sec, up time 662 sec
Number of transitions to forwarding state: 1
Bpdu sent 335, received 5
FastEthernet0/3 of MST00 is backup blocking

- 30 -


Edge Port: enabled (auto) Link Type: point-to-point (auto)


Desingated Root Address 00E0.0F64.8365 Priority 32769 Port ID 128.1
MST Config Message transmitted 335, received 0


2.1.19 show spanning-tree mstp interface
Command description
show spanning-tree mstp interface interface-id
- 31 -
The command above is used to check the information about the port which is run
under MSTP.
Parameter
interface-id Port name, such as F0/1 and FastEtnernet0/3
Default
None
Usage description
None
Example
The following example shows the information about port F0/1 after you run the command show
spanning-tree mstp interface f0/1:
Switch#show spanning-tree mstp interface f0/1



- 32 -

Instance Role Sts Cost Pri.Nbr Vlans Mapped

-------- ---- --- --------- ------- --------------------
0 Desg FWD 200000 128.1 1,4-4094
1 Desg FWD 200000 128.1 2
2 Desg FWD 200000 128.1 3show spanning-tree mstp protocol-migration
Command description
show spanning-tree mstp protocol-migration
The command above is used to check the protocol conversion information when the
port is running under MSTP.
Parameter
None
Default
None
Usage description
None
Example
The following example shows the information about protocol conversion after the
command show spanning-tree mstp protocol-migration is run. Note that port F0/2
has transferred to the 802.1D STP mode.
Switch#show spanning-tree mstp protocol-migration
MSTP Port Protocol Migration
Interface Protocol Info

---------------- ---------- ------------------------------------------------
F0/2 802.1D
- 33 -
STP Optional Characteristic Configuration
Commands
Table of Contents
Table of Contents
Chapter 1 STP Optional Characteristic Configuration Commands .................................................... 1
1.1 STP Optional Characteristic Configuration Commands ....................................................... 1
1.1.1 spanning-tree portfast ................................................................................................ 1
1.1.2 spanning-tree bpduguard ........................................................................................... 2
1.1.3 spanning-tree bpdufilter ............................................................................................. 3
1.1.4 spanning-tree uplinkfast ............................................................................................. 4
1.1.5 spanning-tree backbonefast....................................................................................... 4
1.1.6 spanning-tree guard ................................................................................................... 5
1.1.7 spanning-tree loopguard ............................................................................................ 6
-I-
STP Optional Characteristic Configuration Commands
Chapter 1 STP Optional Characteristic

Configuration Commands
1.1 STP Optional Characteristic Configuration Commands
1.1.1 spanning-tree portfast
description
To enable bridge protocol data unit (BPDU) filtering by default on all PortFast ports,
use the spanning-tree portfast bpdufilter default command in global configuration mode.
To return to the default settings, use the no form of this command.
spanning-tree portfast {bpdufilter default | bpduguard default | default}
no spanning-tree portfast {bpdufilter default | bpduguard default | default}
To enable PortFast mode where the interface is immediately put into the forwarding
state upon linkup without waiting for the timer to expire, use the spanning-tree portfast
command in interface configuration mode. To return to the default settings, use the no
spanning-tree portfast [disable | trunk]
no spanning-tree portfast
parameter
bpdufilter default Enables bpdu flter.
bpduguard default Enables bpdu guard.
default Specifies the default method.
default
disabled
instruction
In SSTP/PVST mode, the Port Fast characteristic makes a port immediately enter
Forwarding state without experiencing any status change process. This configuration is
invalid in RSTP/MSTP mode.
-1-
After configuring Port Fast, BPDU Guard or BPDU Filter needs to be configured for
protection.
command mode
global and interface configuration mode
example
This example shows how to enable PortFast mode globally:

Switch(config)# spanning-tree portfast default
Switch(config)#
This example shows how to enable PortFast mode on the interface f0/0:
Switch(config_f0/0)# spanning-tree portfast
1.1.2 spanning-tree bpduguard
description
To enable bridge protocol data unit (BPDU) guard on the interface, use the
spanning-tree bpduguard command in interface configuration mode. To return to the
default settings, use the no form of this command.
spanning-tree bpduguard {disable | enable}
no spanning-tree bpduguard
parameter
none
default
disabled
instruction
In SSTP/PVST mode, if a port that configured BPDU Guard and Port Fast receives
BPDU, this port will be forced to shutdown. User can restore it by the manual
configuration. In RSTP/MSTP mode, if a port that configured BPDU Guard receives
BPDU, this port will be configured to Blocking state for a period of time.
-2-
command mode
example
This example shows how to enable BPDU guard on this interface:

Switch(config_f0/0)# spanning-tree bpduguard enable
1.1.3 spanning-tree bpdufilter
description
To enable bridge protocol data unit (BPDU) filtering on the interface, use the
spanning-tree bpdufilter command in interface configuration mode. To return to
the default settings, use the no form of this command.
spanning-tree bpdufilter {disable | enable}
no spanning-tree bpdufilter
parameter
none
default
disabled
instruction
In SSTP/PVST mode, if a port that configured BPDU Filter and Port Fast receives
BPDU, the BPDU Filter and Port Fast characteristics on that port will be disabled
automatically to restore the port to an ordinary port. Then this port must endure the
wait from Listening to Learning before entering Forwarding state.
This feature is invalid in RSTP/MSTP mode.
command mode
example
This example shows how to enable BPDU filtering on this interface:

Switch(config_f0/0)# spanning-tree bpdufilter enable
-3-
1.1.4 spanning-tree uplinkfast
description
To enable the debugging of the spanning-tree UplinkFast events, use the debug
spanning-tree uplinkfast command. To disable the debugging output, use the no form
of this command.
spanning-tree uplinkfast [max-update-rate pkts-per-second]
no spanning-tree uplinkfast [max-update-rate]
parameter
none
default
disabled
instruction
Uplink Fast characteristic is only valid in SSTP/PVST mode.
command mode
example
The following example enables uplinkfast characteristic:

Switch(config)# spanning-tree uplinkfast
Switch(config)#
1.1.5 spanning-tree backbonefast
description
To enable debugging of the spanning-tree BackboneFast events, use the debug

spanning-tree backbonefast command. To disable the debugging output, use the no
spanning-tree backbonefast
-4-
no spanning-tree backbonefast
parameter
none
default
disabled
instruction
Backbone Fast characteristic is only valid in SSTP/PVST mode.
command mode
example
The following command enables backbonefast characteristic:

Switch(config)# spanning-tree backbonefast
Switch(config)#
1.1.6 spanning-tree guard
description
To enable or disable the guard mode, use the spanning-tree guard command in
interface configuration mode. To return to the default settings, use the no form of this
command.
spanning-tree guard {loop | none | root}
no spanning-tree guard
parameter
loop Enables the loop-guard mode on the interface. Value is from 1
to 0xfe.
none Sets the guard mode to none. Value is 48-bit.
root Enables root-guard mode on the interface.
-5-
default
disabled
instruction
Root Guard characteristic can prevent a port from becoming Root port due to receving
high priority BPDU.
Loop Guard characteristic can protect a Root Port or a Alternate Port when it becomes
the Designated Port. This function can prevent a port from occuring the loop when it
cannot continuously receive BPDU.
command mode
example
This example shows how to enable root guard:

Switch(config_f0/0)# spanning-tree guard root
1.1.7 spanning-tree loopguard
description
To enable loop guard as a default on all ports of a given bridge, use the spanning-tree
loopguard default command in global configuration mode. To disable loop guard, use
the no form of this command.
spanning-tree loopguard default
parameter
none
default
none
instruction
none
-6-
command mode
example
The following command enables loopguard function:

Switch(config)# spanning-tree loopguard default
Switch(config)#
-7-
MAC Address Table Characteristics
Table of Contents
Table of Contents
Chapter 1 MAC Address Table Characteristics Configuration Commands ....................................... 1
1.1 MAC Address Table Characteristic Configuration Commands ............................................. 1
1.1.1 mac address-table static ............................................................................................ 1
1.1.2 mac address-table aging-time.................................................................................... 1
1.1.3 show mac address-table ............................................................................................ 2
1.1.4 clear mac address-table ............................................................................................. 3
-I-
MAC Address Table Characteristics Configuration Commands
Chapter 1 MAC Address Table Characteristics

1.1 MAC Address Table Characteristic Configuration Commands
1.1.1 mac address-table static
description
To add/delete a static MAC address, use the mac address-table static command.
[no] mac address-table static mac-addr vlan vlan-id interface interface-id
parameter
mac-addr MAC address. Value format: H.H.H.
vlan-id Vlan id of the MAC address, in the range from 1 to 4094.
interface-id Interface id of the MAC address.
Default
none
command mode
example
The following example binds the MAC address 0004.5600.67ab to the interface g0/2 of
VLAN 1:
Switch(config)# mac address-table static 0004.5600.67ab vlan 1 interface g0/2
1.1.2 mac address-table aging-time
description
To configure the maximum aging time for MAC address table, use the
mac-address-table aging-time command in global configuration mode.
mac address-table aging-time [0 | 10-1000000]
parameter
0 The aging time for MAC address table is disabled.
10-1000000 The aging time for MAC address table. Valid values are from 10
-1-
to 1000000 seconds.
Default
none
command mode
global configuration mode
example
The following example configures the aging time for MAC address table to 100
seconds:
Switch(config)# mac address-table aging-time 100
1.1.3 show mac address-table
description
To display the content of the switch MAC address table, use the show mac
address-table command.
show mac address-table {dynamic [interface interface-id | vlan vlan-id] | static}
parameter
dynamic The MAC address table that acquires dynamically.
interface-id Interface name
vlan-id VLAN ID, in the range from 1 to 4094.
static The static MAC address table.
default
none
instruction
Use this command to display MAC address table.
example
The following example displays all static MAC address tables:

Switch# show mac address-table static
Mac Address Table
------------------------------------------
Vlan Mac Address Type Ports
---- ----------- ---- -----
All 0000.0000.0001 STATIC CPU
-2-

All 0180.c200.000b STATIC CPU
All 0180.c200.000c STATIC CPU
All 0180.c200.000d STATIC CPU
All 0180.c200.0010 STATIC CPU
1.1.4 clear mac address-table
description
To delete a dynamic MAC address, use the clear mac address-table

clear mac address-table dynamic [address mac-addr | interface interface-id | vlan
vlan-id]
parameter
dynamic The dynamic MAC address
address mac-addr The MAC address. Value range: H.H.H.
interface-id Layer 2 interface name.
vlan-id VLAN ID, in the range from 1 to 4094.
default
none
command mode
EXEC
example
The following example deletes all MAC addresses that acquire dynamically on interface
f0/2:
Switch# clear mac address-table dynamic interface f0/2
-3-
Link Aggregation Configuration
Commands
Table of Contents
Table of Contents
Chapter 1 Link Aggregation Configuration Commands...................................................................... 1
1.1 Link Aggregation Configuration Commands ......................................................................... 1
1.1.1 aggregator-group ....................................................................................................... 1
1.1.2 aggregator-group load-balance.................................................................................. 2
1.1.3 show aggregator-port ................................................................................................. 3
1.1.4 show interface port-aggregator .................................................................................. 4
1.1.5 debug lacp errors ....................................................................................................... 5
1.1.6 debug lacp state ......................................................................................................... 6
1.1.7 debug lacp packet ...................................................................................................... 7
-I-
Link Aggregation Configuration Commands
Chapter 1 Link Aggregation Configuration

Commands
1.1 Link Aggregation Configuration Commands
1.1.1 aggregator-group
description
To configure interface aggregation, use the aggregator-group command. Use the no

form of this command to restore the default value.
aggregator-group id mode {lacp-negotiation |static }
no aggregator-group
parameter
id ID number of the logical port. Value range: none.
lacp-negotiation Uses LACP negotiation. Value range:N/A.
static Negotiation is not used on an port. Value range:N/A.
default
disabled
instruction
Port link aggregation is to bind several ports with the familiar attrubute to one logical
port. LACP negotiation can be used to form binding process. Also the binding process
can be forced to be formed without any LACP negotiation .
If the static aggregation is used, please make sure the attribute of the ports to be
binded is the same,that is, they are all full-duplex mode and with the same rate.
Meantime make sure the connection of the ports to be binded is peer-to-peer
connection. Also the remote ports of the peer-to-peer connection are also binded to
one logical port.
You can select LACP negotiation mode when configuring port aggregation.
Active—Places a port into an active negotiating state, in which the port initiates
negotiations with remote ports by sending LACP packets. Passive—Places a
-1-
port into a passive negotiating state, in which the port responds to LACP
packets it receives but does not initiate LACP negotiation.
Switches of partial models doesn’t support dynamic negotiation mode, therefore

relevant configuration commands are not provided.
Command mode
example
Switch(config_f0/24)#aggregator-group 3 mode lacp-negotiation

Creating a port-aggregator interface Port-aggregator3
Switch(config_f0/24)#int f0/23
Switch(config_f0/23)#aggregator-group 3 mode lacp-negotiation
1.1.2 aggregator-group load-balance
description
To configure the load balance after port aggregation, use the aggregator-group
load-balance command. Use the no form of this command to restore the default value.
aggregator-group load-balance { dst-mac| src-mac| both-mac | src-ip | dst-ip |

both-ip }
no aggregator-group load-balance
parameter
dst-mac Sets destination mac address as standard. Value range: N/A.
src-mac Sets source mac address as standard. Value range: N/A.
both-mac Sets source and destination mac address as standard. Value

range:N/A.
dst-ip Sets destination ip address as standard. Value range:N/A.
src-ip Sets source ip address as standard. Value range:N/A.
both-ip Sets source and destination ip address as standard. Value

range:N/A.
default
dst-mac
-2-
instruction
To ensure load balance of each physical port after port aggregation, use this command
to equably distribute data flow on each physical port.
When dst-mac mode is selected, the distribution of data flow sets destination MAC
address of the data packet as standard. The same MAC address is only sent out on a
certain physical interface. The src-mac uses source MAC address as standard.
The supporting capability in load balance policy varies according to different models of
switches. The command prompt only shows the sharing policy that the switch supports.
If the switch doesn’t support any sharing polich or just supports one of them, the
relevant subcommands will not be displayed.
Command mode
Example
The following command modifies load balance of the port-aggregator 3 to src mode:
Switch(config)#port-aggregator load-balance 3 src-mac
Switch(config)#
1.1.3 show aggregator-port
description
To show the concrete information of aggregator-group, use the show aggregator-port

command.
show aggregator-port [id] {detail|brief|summary}
parameter
id THE CONCRETE LOGICAL PORT ID.
default
none
instruction
This command is used to show port aggregation information.
-3-
Command mode
EXEC/ All configuration modes
1.1.4 show interface port-aggregator
description
To show concrete information of the aggregator-group, use the show interface

port-aggregator command.
show interface port-aggregator id
parameter
id The concrete port ID, in the range from 1 to 16.
default
none
instruction
This command is used to show port aggregation information.
Command mode
EXEC/All configuration modes
example
The following example shows information about port-aggregator 1.

Switch#sho int po1
Port-aggregator1 is down, line protocol is down
Hardware is PortAggregator, Address is 0000.0000.0000(0000.0000.0000)
MTU 1500 bytes, BW 1000 kbit, DLY 2000 usec
Encapsulation ARPA, loopback not set
Members in this Aggregator:
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 multicasts
-4-
0 input errors, 0 input discards

0 CRC, 0 frame, 0 overrun, 0 ignored
0 packets output, 0 bytes, 0 underruns
Transmited 0 broadcasts, 0 multicasts
0 output errors, , 0 discards
0 output buffer failures, 0 output buffers swapped out
Note: Members in this Aggregator indicates the physical port aggregated to the logical
port.
Statistics descriptions are as follows：
Packets input indicates total number of error-free packets received by the system,
including unicasts, multicasts and broadcasts.
Bytes indicate total number of in the error-free packets received by the system.
Broadcasts indicate total number of broadcast packets received by the interface.
Multicasts indicate total number of multicast packets received by the interface.
Input errors indicate the received error packets.
Input discards indicate the received packets are discarded, like the received packets
when the interface protocol is down.
Packets output indicates total number of messages transmitted by the system,

including unicasts, multicasts and broadcasts.
Bytes indicate total number of bytes transmitted by the system.
Broadcasts indicate total number of broadcast packets transmitted by the system.
Multicasts indicate total number of multicast packets transmitted by the system.
Input errors indicate the sending error packets.
Input discards indicate the sending packets are discarded, like the sending packets
when the interface protocol is down.
1.1.5 debug lacp errors
description
To debug LACP errors information, use the debug lacp errors command.
debug lacp errors
no debug lacp errors
-5-
parameter
none
default
none
instruction
This command is used to debug all errors information during lacp operation to locate
the error.
Command mode
EXEC
example
Switch# debug lacp error

Switch#
1.1.6 debug lacp state
description
To debug lacp state, use the debug lacp state command.
debug lacp state
no debug lacp state
parameter
none
default
none
command mode
EXEC
-6-
example
Switch# debug lacp state

Switch#
1.1.7 debug lacp packet
description
To debug lacp packet information, use the debug lacp packet command.
debug lacp packet
no debug lacp packet
parameter
none
default
none
command mode
EXEC
example
Switch# debug lacp packet

Switch#
-7-
MAC Address List Characteristic
Table of Contents
Table of Contents
Chapter 1 MAC Access List Configuration Commands........................................................................................................ 1
1.1 MAC Access List Configuration Commands.......................................................................................................... 1
1.1.1 mac access-list.......................................................................................................................................... 1
1.1.2 permit ........................................................................................................................................................ 1
1.1.3 deny........................................................................................................................................................... 2
1.1.4 mac access-group..................................................................................................................................... 3
-I-
MAC Address List Characteristic Configuration Commands
Chapter 1 MAC Access List Configuration

Commands
1.1 MAC Access List Configuration Commands
z mac access-list
z permit
z deny
z mac access-group
1.1.1 mac access-list
description
To add a MAC access list, use the mac access-list command. To delete a MAC access
list, use the mac access-list command.
[no] mac access-list name
parameter
name MAC access list name.
default
none
command mode
example
The following example establishes MAC access list named mac-acl:

Switch-config_# mac access-list mac-acl
Switch-config-macl#
1.1.2 permit
description
To add a permit entry to the MAC access list, use the permit command. Use the no form
of this command to delete a permit entry from the MAC access list.
[no] permit {any | host src-mac-addr} {any | host dst-mac-addr}[ethertype]
-1-
parameter
parameter description Value range
any Any value －
host Host －
src-mac-addr Source MAC address H.H.H
dst-mac-addr Destination MAC address H.H.H
ethertype Types of the matching ethernet data 0-0xFFFF

packet.
default
deny all
command mode
MAC access list configuration mode
example
The following example permits host whose source MAC address is 1234.5678.abcd:
Switch-config-macl#permit host 1234.5678.abcd any 0x806
1.1.3 deny
description
To add a deny entry to the MAC access list, use the deny command. Use the no form of
this command to delete a deny entry from the MAC access list.
[no] deny {any | host src-mac-addr} {any | host dst-mac-addr}[ethertype]
parameter
parameter Description Value range
any Any value －
host Host －
src-mac-addr Source MAC address H.H.H
dst-mac-addr Destination MAC address H.H.H
ethertype Types of the matching ethernet data 0-0xFFFF

packet.
default
deny all
-2-
comamnd mode
MAC access list configuration mode
example
The following example denies host whose source MAC address is 1234.5678.abcd:
Switch-config-macl#deny host 1234.5678.abcd any 0x806
1.1.4 mac access-group
description
To apply the configured MAC access list in global configuration mode, use the mac
access-group command. Use the no form of this comand to delete the mac access-list.
[no] mac access-group name
parameter
name Name of the MAC access list.
default
No MAC access list is applied.
Command mode
example
The following example configures MAC access list named macacl:

Switch_config#mac access-group macacl
-3-
IP Access List Configuration Commands
Table of Contents
Table of Contents
Chapter 1 Configuring Physical Interface IP Access List Command ................................................. 1
1.1 IP Access List Configuration Commands Based on Physical Interface................................ 1
1.1.1 deny............................................................................................................................ 1
1.1.2 ip access-group .......................................................................................................... 3
1.1.3 ip access-list............................................................................................................... 4
1.1.4 permit ......................................................................................................................... 5
1.1.5 show ip access-list ..................................................................................................... 7
-I-
Physical Interface IP Access List Configuration Commands
Chapter 1 Configuring Physical Interface IP Access

List Command
1.1 IP Access List Configuration Commands Based on Physical
Interface
z deny
z ip access-group
z ip access-list
z permit
z show ip access-list
1.1.1 deny
To set conditions in a named IP access list that will deny packets, use the deny
command in access list configuration mode. To remove a deny condition from an
access list, use the no form of this command.
deny source [source-mask]
no deny source [source-mask]
deny protocol source source-mask destination destination-mask [tos tos]
no deny protocol source source-mask destination destination-mask [tos tos]
Internet Control Message Protocol (ICMP)
deny icmp source source-mask destination destination-mask [icmp-type] [tos tos]
Internet Group Management Protocol (IGMP)
deny igmp source source-mask destination destination-mask [igmp-type] [tos tos]
Transmission Control Protocol (TCP)
deny tcp source source-mask [operator port] destination destination-mask [operator
port ] [tos tos]
User Datagram Protocol (UDP)
deny udp source source-mask [operator port] destination destination-mask [operator
port] [tos tos]
parameter
protocol Name or number of an Internet protocol. The protocol argument

can be one of the keywords eigrp, gre, icmp, igmp, ip, ipinip,
nos, ospf, tcp, or udp, or an integer in the range from 0 to 255
representing an Internet protocol number.
source Number of the network or host from which the packet is being sent.
There are two alternative ways to specify the source. Use a 32-bit
Use the any keyword
quantity in four-part dotted-decimal format.
as an abbreviation for a source and source-wildcard of 0.0.0.0
-1-
0.0.0.0.
source-mask Source address network masn. Use the any keyword as an

abbreviation for the source mask and source of 0.0.0.0 0.0.0.
destination Number of the network or host to which the packet is being sent.
There are two alternative ways to specify the destination:
Use a 32-bit quantity in four-part dotted-decimal format.
Use the any keyword as an abbreviation for the destination and
destination-wildcard of 0.0.0.0 255.255.255.255.
destination-mask Destination address network mask. Use the any keyword as an

abbreviation for the destination address and destination address
mask of 0.0.0.0 0.0.0.
tos tos (Optional) Packets can be filtered by type of service (ToS) level,
as specified by a number from 0 to 15, or by a name as listed in
the "Usage Guidelines" section of the access-list (IP extended)
command.
icmp-type (Optional) ICMP packets can be filtered by ICMP message type.

The type is a number from 0 to 255.
igmp-type (Optional) IGMP packets can be filtered by IGMP message type

or message name. A message type is a number from 0 to 15.
IGMP message names are listed in the "Usage Guidelines"
section of the access-list (IP extended) command.
operator (Optional) Compares source or destination ports. Operators

include lt (less than), gt (greater than), eq (equal), neq (not
equal), and range (inclusive range).
If the operator is positioned after the source and source-wildcard

arguments, it must match the source port. If the operator is
positioned after the destination and destination-wildcard
arguments, it must match the destination port.
port (Optional) The decimal number or name of a TCP or UDP port. A

port number is a number from 0 to 65535.
Command mode
IP Access List Configuration Mode
Instruction
Use this command following the ip access-list command to specify conditions under
which a packet cannot pass the named access list. The time-range keyword allows you
to identify a time range by name. The time-range, absolute, and periodic commands
specify when this deny statement is in effect.
Note:
-2-
After initially establishing an access list, any subsequent adding content(which can be
input by terminal) is put in the bottom of the list.
example
The following example denies the network range 192.168.5.0:

ip access-list standard filter
deny 192.168.5.0 255.255.255.0
Note:
IP access table is concluded in a crytic deny rule.
Related commands
ip access-group
ip access-list
permit
show ip access-list
1.1.2 ip access-group
To apply an access control list to control packet access, use the ip access-group
command in the appropriate configuration mode. To remove the specified access group,
use the no form of this command.
ip access-group {access-list-name}
no ip access-group {access-list-name}
parameter
access-list-name Name of an IP access list as specified by an ip access-list

command.
Command mode
Interface configuration mode
Instruction
Access lists can be applied on either outbound or inbound interfaces. For standard
inbound access lists, after receiving a packet, the Cisco IOS software checks the
source address of the packet against the access list. For extended access lists, the
router also checks the destination access list. If the access list permits the address, the
software continues to process the packet. If the access list rejects the address, the
software discards the packet and returns an ICMP host unreachable message. If the
specified access list does not exist, all packets are passed.
example
The following example applies list on packets outbound from Ethernet interface
g0/10::
-3-
Interface f0/10
ip access-group filter
related commands
ip access-list
show ip access-list
1.1.3 ip access-list
To define an IP access list by name or number, use the ip access-list command in
global configuration mode. To remove the IP access list, use the no form of this
command.
ip access-list {standard | extended} name
no ip access-list {standard | extended} name
parameter
standard Specifies a standard IP access list.
extended Specifies an extended IP access list.
name Name of the access list. Names cannot contain a space or

quotation mark, and must begin with an alphabetic character to
prevent ambiguity with numbered access lists.
default
No IP access list is defined.
Command mode
instruction
Use this command to configure a named or numbered IP access list. This command will
place the router in access-list configuration mode, where you must define the denied or
permitted access conditions with the deny and permit commands.
example
The following example defines a standard access list:

deny 192.168.1.0 255.255.255.0
permit any
related commands
deny
ip access-group
-4-
permit
show ip access-list
1.1.4 permit
To set conditions to allow a packet to pass a named IP access list, use the permit
command in access list configuration mode. To remove a permit condition from an
access list, use the no form of this command.
permit source [source-mask]
no permit source [source-mask]
permit protocol source source-mask destination destination-mask [tos tos]
no permit protocol source source-mask destination destination-mask [tos tos]
Internet Control Message Protocol (ICMP)
permit icmp source source-mask destination destination-mask [icmp-type] [tos tos]
Internet Group Management Protocol (IGMP)
permit igmp source source-mask destination destination-mask [igmp-type] [tos tos]
Transmission Control Protocol (TCP)
permit tcp source source-mask [operator port] destination destination-mask
[operator port ] [tos tos]
User Datagram Protocol (UDP)
permit udp source source-mask [operator port [port]] destination destination-mask
[tos tos]
parameter
protocol Name or number of an Internet protocol. The protocol argument

can be one of the keywords eigrp, gre, icmp, igmp, ip, ipinip,
nos, ospf, tcp, or udp, or an integer in the range from 0 to 255
representing an Internet protocol number.
source Number of the network or host from which the packet is being
sent. There are two alternative ways to specify the source: Use a
32-bit quantity in four-part dotted-decimal format. Use the any
keyword as an abbreviation for a source and source-wildcard of
0.0.0.0 0.0.0.0.
source-mask Source address network masn. Use the any keyword as an

abbreviation for the source mask and source of 0.0.0.0 0.0.0.
destination Number of the network or host to which the packet is being sent.
There are two alternative ways to specify the destination:
Use a 32-bit quantity in four-part dotted-decimal format.
Use the any keyword as an abbreviation for the destination and
destination-wildcard of 0.0.0.0 255.255.255.255.
destination-mask Destination address network mask. Use the any keyword as an

abbreviation for the destination address and destination address
-5-
mask of 0.0.0.0 0.0.0.
tos tos (Optional) Packets can be filtered by type of service (ToS) level,
as specified by a number from 0 to 15, or by a name as listed in
the "Usage Guidelines" section of the access-list (IP extended)
command.
icmp-type (Optional) ICMP packets can be filtered by ICMP message type.

The type is a number from 0 to 255.
igmp-type (Optional) IGMP packets can be filtered by IGMP message type

or message name. A message type is a number from 0 to 15.
IGMP message names are listed in the "Usage Guidelines"
section of the access-list (IP extended) command.
operator (Optional) Compares source or destination ports. Operators

include lt (less than), gt (greater than), eq (equal), neq (not
equal), and range (inclusive range).
If the operator is positioned after the source and source-wildcard

arguments, it must match the source port. If the operator is
positioned after the destination and destination-wildcard
arguments, it must match the destination port.
port (Optional) The decimal number or name of a TCP or UDP port. A

port number is a number from 0 to 65535.
Command mode
Access list configuration
Instruction
Use this command following the ip access-list command to define the conditions under
which a packet passes the named access list.
The time-range keyword allows you to identify a time range by name. The time-range,
absolute, and periodic commands specify when this permit statement is in effect.
Note:
After initially establishing an access list, any subsequent adding content(which can be
input by terminal) is put in the bottom of the list.
example
The following example permits network range 192.168.5.0:

permit 192.168.5.0 255.255.255.0
Note:
IP access table is concluded in a crytic deny rule.
-6-
Related commands
deny
ip access-group
ip access-list
show ip access-list
1.1.5 show ip access-list

To display the contents of all current IP access lists, use the show ip access-list
command in user EXEC or privileged EXEC mode.
show ip access-list[access-list-name]
parameter
access-list-name Name of the IP access list to display.
default
All standard and extended IP access lists are displayed.
Command mode
EXEC
Instruction
The show ip access-list command provides output identical to the show access-lists
command, except that it is IP-specific and allows you to specify a particular access list
example
The following is sample output from the show ip access-list command when the name
of a specific access list is not requested::
Switch# show ip access-list
ip access-list standard aaa
permit 192.2.2.1
permit 192.3.3.0 255.255.255.0
ip access-list extended bbb
permit tcp any any eq 25
permit ip any any
The following is sample output from the show ip access-list command when the name
of a specific access list is requested::
ip access-list extended bbb
permit tcp any any eq 25
permit ip any any
-7-
Network Protocol Configuration Commands
Table of Contents
Table of Contents
Chapter 1 IP Address Configuration Commands.................................................................................................................. 1
1.1 IP Address Configuration Commands ................................................................................................................... 1
1.1.1 arp ............................................................................................................................................................. 1
1.1.2 arp timeout ................................................................................................................................................ 2
1.1.3 clear arp-cache.......................................................................................................................................... 3
1.1.4 ip address.................................................................................................................................................. 3
1.1.5 ip host........................................................................................................................................................ 4
1.1.6 ip default-gateway ..................................................................................................................................... 5
1.1.7 show arp.................................................................................................................................................... 6
1.1.8 show hosts ................................................................................................................................................ 6
1.1.9 show ip interface ....................................................................................................................................... 7
Chapter 2 IP Service Configuration Commands................................................................................................................... 9
2.1 IP Service Configuration Commands .................................................................................................................... 9
2.1.1 clear tcp..................................................................................................................................................... 9
2.1.2 clear tcp statistics.................................................................................................................................... 11
2.1.3 debug arp ................................................................................................................................................ 11
2.1.4 debug ip icmp.......................................................................................................................................... 12
2.1.5 debug ip packet....................................................................................................................................... 15
2.1.6 debug ip raw............................................................................................................................................ 19
2.1.7 debug ip tcp packet ................................................................................................................................. 21
2.1.8 debug ip tcp transactions ........................................................................................................................ 22
2.1.9 debug ip udp............................................................................................................................................ 24
2.1.10 ip mask-reply......................................................................................................................................... 25
2.1.11 ip mtu..................................................................................................................................................... 26
2.1.12 ip redirects............................................................................................................................................. 26
2.1.13 ip source-route ...................................................................................................................................... 27
2.1.14 ip tcp synwait-time................................................................................................................................. 28
2.1.15 ip tcp window-size ................................................................................................................................. 28
2.1.16 ip unreachables..................................................................................................................................... 29
2.1.17 show ip sockets..................................................................................................................................... 30
2.1.18 show ip traffic ........................................................................................................................................ 31
2.1.19 show tcp ................................................................................................................................................ 32
2.1.20 show tcp brief ........................................................................................................................................ 36
2.1.21 show tcp statistics ................................................................................................................................. 37
2.1.22 show tcp tcbI ......................................................................................................................................... 39
-I-
Chapter 1 IP Address Configuration

Commands
1.1 IP Address Configuration Commands
IP address configuration commands include：
z arp
z arp timeout
z clear arp-cache
z ip address
z ip directed-broadcast
z ip forward-protocol
z ip helper-address
z ip host
z ip default-gateway
z ip proxy-arp
z show arp
z show hosts
z show ip interface
1.1.1 arp
To add a static and permanent entry in the Address Resolution Protocol (ARP) cache,
use the arp command in global configuration mode. To remove an entry from the ARP
cache, use the no form of this command.
arp ip-address hardware-address [alias]
no arp ip-address
parameter
ip-address IP address corresponding to the local data-link address.
hardware-address Physical address of local data-link address
alias (optional) router responds to ARP requests as if it were the

interface of the specified address.
default
No entries are permanently installed in the ARP cache.
-1-
command mode
instruction
The common host all supports dynamic ARP analysis, so user doesn’t need to
configure static ARP entries for host.
Example
The following is an example of a static ARP entry for a typical Ethernet host:
arp 1.1.1.1 00:12:34:56:78:90
related commands
clear arp-cache
1.1.2 arp timeout

To configure the exist time that a dynamic ARP entry remains in the Address Resolution
Protocol (ARP) cache, use the arp timeout. To restore the default value, use the no
form of this command or default arp timeout command.
arp timeout seconds
no arp timeout
default arp timeout
parameter
seconds Time in seconds that an entry remains in the ARP

cache. A value of zero means that entries are never
cleared from the cache.
default
14400 seconds (4 hours)
mode
instruction
This command is ignored when it is not configured on interfaces using ARP. The show
interface command displays the ARP timeout value, as seen in the following example
from the show interfaces command:
ARP type: ARPA, ARP timeout 04:00:00
-2-
example
The following example sets the ARP timeout to 900 seconds on Ethernet 1/0 to allow
entries to time out more quickly than the default
interface vlan 10
arp timeout 900
related commands
show interface
1.1.3 clear arp-cache
To clear all dynamic entries from the ARP cache, use the clear arp-cache
command.
clear arp-cache [ ip-address [ mask ] ]
parameter
ip-address IP or subnets
mask Subnets mask
mode
EXEC
example
The following example removes all dynamic entries from the ARP cache:
clear arp-cache
related commands
arp
1.1.4 ip address
To set an IP address and mask for an interface, use the ip address command.
Currently, there is no strict regulation to distinguish A.B.C IP address. But multicast
address and broadcast address can not be used( all host section is ‘1’). Other than the
Ethernet,multiple interfaces of other types can be connected to the same network.
Other than the unnumbered interface, the configured network range ot the Ethernet
interface can not be the same as the arbitrary interfaces of other types. You should
configure the primary address before configuring the secondary address. Also you
should delete all secondary addresses before deleting the primary address. IP packets
generanted by the system, if the upper application does not specify the soruce address,
the router will use the IP address configured on the sending interface that on the same
network range with the gateway as the source address of the packet. If the IP address
is uncertain (like interface route), the router will use the primary address of the sending
interface. If the ip address is not configured on an interface, also it is not the
-3-
unnumbered interface, and then this interface will not deal with any IP packet.To
remove an IP address or disable IP processing, use the no form of this command.
ip address ip-address mask [secondary]
no ip address ip-address mask
no ip address
parameter
ip-address IP address
mask IP mask
secondary (optional) Specifies that the configured address is a secondary

IP address. If this keyword is omitted, the configured address is
the primary IP address.
default
No IP address is defined for the interface.
command mode
instruction
If any router on a network segment uses a secondary address, all other devices on that
same segment must also use a secondary address from the same network or subnet.
Inconsistent use of secondary addresses on a network segment can very quickly cause
routing loops. When you are routing using the Open Shortest Path First (OSPF)
algorithm, ensure that all secondary addresses of an interface fall into the same OSPF
area as the primary addresses
example
In the following example, 202.0.0.1 is the primary address, 255.255.255.0 is the mask
and 203.0.0.1 and 204.0.0.1 are secondary addresses for Ethernet interface 1/0:
interface vlan 10
ip address 202.0.0.1 255.255.255.0
ip address 203.0.0.1 255.255.255.0 secondary
ip address 204.0.0.1 255.255.255.0 secondary
1.1.5 ip host
To define a static host name-to-address mapping in the host cache, use the ip host
command in global configuration mode. To remove the host name-to-address mapping,
ip host name address
-4-
no ip host name
parameter
name Host name

Address IP address
default
disabled
command mode
example
The following example shows how to configure host name dns-server to IP host
address 202.96.1.3:
ip host dns-server 202.96.1.3
1.1.6 ip default-gateway
TO configure the default gateway of switch, use the ip default-gateway command. To
delete the default gateway of switch, use the no form of this command.
ip default-gateway address
no ip default-gateway
parameter
address IP address
default
no configuration
mode
example
The following example configure the IP address 202.96.1.3 as default-gateway

ip default-gateway 202.96.1.3
-5-
1.1.7 show arp

To display the entries in the Address Resolution Protocol (ARP) table, including the
ARP mapping of interface IP address, the static ARP mapping that user configures and
the dynamic ARP mapping, use the show arp command.
show arp
parameter
this command has no parameters or keywords
mode
EXEC
instruction
The display includes:
Protocol Displays the type of the network address that maps

with the physical address. IP, for example.
Address Displays the network address that maps with the

physical address. IP address, for example.
Age Displays the age in seconds. The router will refresh the
time to 0 when using this ARP entry.
Hardware Address Displays the physical address that corresponds to the

network address. It is empty for the unanalyzed
entries.
Type Specifies request encapsulation types that the

interface use, including ARPA, SNAP and so on.
example
The following command displays ARP cache.

switch#show arp
Protocol IP Address Age(min) Hardware Address Type Interface
IP 192.168.20.77 11 00:30:80:d5:37:e0 ARPA vlan 10
IP 192.168.20.33 0 Incomplete
IP 192.168.20.22 - 08:00:3e:33:33:8a ARPA vlan 10
IP 192.168.20.124 0 00:a0:24:9e:53:36 ARPA vlan 10
IP 192.168.0.22 - 08:00:3e:33:33:8b ARPA vlan 11
1.1.8 show hosts

To display all entries of the host name—address cathe, use the show hosts command.
-6-
show hosts
parameter
This command has no parameters or keywords.
command mode
EXEC
example
The following command shows how to display all host names/address mappings.
show hosts
related commands
clear host
1.1.9 show ip interface

To display the IP configuration on interface, use the show ip interface command
show ip interface [type number]
parameter
type (Optional) Interface type.
number (Optional) Interface number.
command mode
EXEC
instruction
If the interface link layer is usable, the line protocol is marked "Protocol up." If you
configure IP address on this interface, the router will add a direct route to the routing
table. If the link layer protocol is marked “Protocol down”, the direct route will be deleted.
This command displays the specified interface information if specified interface type
and number, or IP configuration information of all interfaces will be displayed.
Example
The following example shows how to display IP configuration on interface e0/1.
switch#show ip interface vlan 11

vlan 10 is up, line protocol is up
IP address : 192.168.20.167/24
Broadcast address : 192.168.20.255
-7-
Helper address : not set

MTU : 1500(byte)
Forward Directed broadcast : OFF
Multicast reserved groups joined:
224.0.0.9 224.0.0.6 224.0.0.5 224.0.0.2
224.0.0.1
Outgoing ACL : not set
Incoming ACL : not set
IP fast switching : ON
IP fast switching on the same interface : OFF
ICMP unreachables : ON
ICMP mask replies : OFF
ICMP redirects : ON
display description :
domain description
Ethernet1/0 is up If the interface hardware is usable, the interface is

marked "up." For an interface to be usable, both the
interface hardware and line protocol must be up.
line protocol is up If the interface can provide two-way communication, the

line protocol is marked "up." For an interface to be
usable, both the interface hardware and line protocol
must be up.
IP address IP address and mask for interface
Broadcast address Displays broadcast address
MTU Displays the MTU value set on the interface.
-8-
Chapter 2 IP Service Configuration

Commands
2.1 IP Service Configuration Commands
The following are IP service configuration commands:
z clear tcp
z clear tcp statistics
z debug arp
z debug ip icmp
z debug ip packet
z debug ip raw
z debug ip tcp packet
z debug ip tcp transactions
z debug ip udp
z ip mask-reply
z ip mtu
z ip redirects
z ip route-cache
z ip source-route
z ip tcp synwait-time
z ip tcp window-size
z ip unreachables
z show ip cache
z show ip irdp
z show ip sockets
z show ip traffic
z show tcp
z show tcp brief
z show tcp statistics
z show tcp tcb
2.1.1 clear tcp

It is used to delete a TCP connection.
clear tcp {local host-name port remote host-name port | tcb address}
-9-
Parameter
local host-name port IP address and TCP port of the local host
remote host-name port IP address and TCP port of the remote host
tcb address TCB address of the to-be-deleted TCP connection

TCB is an identifier of TCP connection in the inner system,
which can be obtained by the command show tcp brief.
Command mode
Management mode
Instruction
The clear tcp command is mainly used to delete the terminated TCP connection. In
some cases, such as faulty in communication lines, restarting TCP connection or the
peer host, the TCP connections are terminated in fact. However, the system cannot
obtain information about the terminated TCP connection because there is no
communication on the TCP connections. In this case, you can run the clear tcp
command to terminate these invalid TCP connections. The command clear tcp local
host-name port remote host-name port is used to terminate the connections
between the specified host's IP address/port and the remote host’s IP address/port. The
command clear tcp tcb address is used to terminate the TCP connections identified
by the TCB address.
Example
The following example shows that the TCP connection between 192.168.20.22:23 and
192.168.20.120:4420 is deleted. The show tcp brief command is used to show the
information about the local host and the remote host in TCP connection.
switch#show tcp brief
TCB Local Address Foreign Address State
0xE85AC8 192.168.20.22:23 192.168.20.120:4420 ESTABLISHED
0xEA38C8 192.168.20.22:23 192.168.20.125:1583 ESTABLISHED
switch#clear tcp local 192.168.20.22 23 remote 192.168.20.120 4420
In the following example, the TCP connection whose TCB address is 0xea38c8 is
deleted. The command show tcp brief displays the TCB address of the TCP
connection.
switch#clear tcp tcb 0xea38c8
- 10 -
Related command
show tcp
show tcp brief
show tcp tcb
2.1.2 clear tcp statistics

It is used to clear the TCP statistics data.
clear tcp statistics
Parameter
The command has no parameter or keyword.
Command mode
Management mode
Example
The following command is used to delete the TCP statistics data:

switch#clear tcp statistics
Related command
show tcp statistics
2.1.3 debug arp

It is used to display the ARP interaction information, such as sending ARP requests,
receiving ARP requests, sending ARP response and receiving ARP response. When
the switch cannot communicate with the host, the command is used to analyze the ARP
interaction. You can run the no debug arp command to stop displaying the relative
information.
debug arp
no debug arp
Parameter
Command mode
Management mode
Example
switch#debug arp
switch#IP ARP: rcvd req src 192.168.20.116 00:90:27:a7:a9:c2, dst 192.168.20.111, vlan 10
IP ARP: req filtered src 192.168.20.139 00:90:27:d5:a9:1f, dst 192.168.20.82 00:
00:00:00:00:00, wrong cable, vlan 11
IP ARP: created an incomplete entry for IP address 192.168.20.77, vlan 10
- 11 -
IP ARP: sent req src 192.168.20.22 08:00:3e:33:33:8a, dst 192.168.20.77, vlan 10

IP ARP: rcvd reply src 192.168.20.77 00:30:80:d5:37:e0, dst 192.168.20.22, vlan 10
The first information indicates: the switch receives an ARP request on interface vlan 10; the IP
address of the host that sends the ARP request is 192.168.20.116 and the MAC address of the
host is 00:90:27:a7:a9:c2; the MAC address of the host 192.168.20.111 is IP ARP: rcvd req src
192.168.20.116 00:90:27:a7:a9:c2, dst 192.168.20.111, vlan 10.
The second information indicates that the switch receives an ARP request from
192.168.20.139 host on interface vlan 10. However, the interface is not in the network
the host declares according to the interface configuration on the switch. The host may
not be correctly configured. If the switch creates the ARP cache according to the
information, it may not communicate with the host that is configured the same address
and connected to the normal interface
IP ARP: req filtered src 192.168.20.139 00:90:27:d5:a9:1f, dst 192.168.20.82 00:
00:00:00:00:00, wrong cable, vlan 11
In the third information, to resolve the MAC address of host 192.168.20.77, the switch
first creates an incomplete ARP item in the ARP cache. After receiving an ARP
response, the MAC address is then added to the ARP cache. According to the location
of the switch, the host connects the interface vlan 10.
IP ARP: created an incomplete entry for IP address 192.168.20.77, vlan 10
In the fourth information, the switch sends out the ARP request from the interface vlan
10. The IP address of the switch is 192.168.20.22. The MAC address of the interface is
08:00:3e:33:33:8a. The IP address of the requested host is 192.168.20.77. The fourth
information is relative with the third information.
IP ARP: sent req src 192.168.20.22 08:00:3e:33:33:8a, dst 192.168.20.77, vlan 10
In the fifth information, the switch receives the ARP response on interface vlan 10 from
host 192.168.20.77 to host 192.168.20.22. The switch is then informed that the MAC
address of the host that returns the ARP response is 00:30:80:d5:37:e0. The
information is relative to the third and fourth information.
IP ARP: rcvd reply src 192.168.20.77 00:30:80:d5:37:e0, dst 192.168.20.22, vlan 10
2.1.4 debug ip icmp

It is used to display the ICMP interaction information. You can run the command no
debug ip icmp to close the debugging output.
debug ip icmp
no debug ip icmp
Parameter
Command mode
Management mode
Instruction
The command is used to display the received or transmitted ICMP message, which
helps to solve end-to-end connection problems. To know the detailed meaning of the
command debug ip icmp, refer to RFC 792, “Internet Control Message Protocol”.
- 12 -
Example
switch#debug ip icmp
switch#ICMP: sent pointer indicating to 192.168.20.124 (dst was 192.168.20.22), len 48
ICMP: rcvd echo from 192.168.20.125, len 40
ICMP: sent echo reply, src 192.168.20.22, dst 192.168.20.125, len 40
ICMP: sent dst (202.96.209.133) host unreachable to 192.168.20.124, len 36
ICMP: sent dst (192.168.20.22) protocol unreachable to 192.168.20.124, len 36
ICMP: rcvd host redirect from 192.168.20.77, for dst 22.0.0.3 use gw 192.168.20.26, len 36
ICMP: rcvd dst (22.0.0.3) host unreachable from 192.168.20.26, len 36
ICMP: sent host redirect to 192.168.20.124, for dst 22.0.0.5 use gw 192.168.20.77, len 36
Details about the first information are shown in the following table:
ICMP: sent pointer indicating to 192.168.20.124 (dst was 192.168.20.22), len 48
Field Description
ICMP Information about the ICMP message
Sent Sending the ICMP message
pointer indicating ICMP message which means that the original parameters of the
IP message are incorrect and incorrect domain is pointed out
The following are other types of ICMP message:
echo reply
dst unreachable:
---net unreachable
---host unreachable
---protocol unreachable
---port unreachable
---fragmentation needed and DF set
---source route failed
---net unknown
---destination host unknown
---source host isolated
---net prohibited
---host prohibited
---net tos unreachable
---host tos unreachable
source quench
redirect messages:
---net redirect
---host redirect
---net tos redirect
---host tos redirect
- 13 -
echo
router advertisement
router solicitation
time exceeded :
---ttl exceeded
---reassembly timeout
parameter problem :
---pointer indicating
---option missed
---bad length
timestamp
timestamp reply
information request
information reply
mask request
mask reply
If the ICMP type is unknown, the system is to display the values
of the ICMP type and code.
to 192.168.20.124 Destination address of the ICMP message, which is also the

source address of the original message that generates the ICMP
message
(dst was 192.168.20.22) Destination address of the original message that generates the
ICMP message
len 48 Length of the ICMP message, excluding the length of the IP

header
Details about the second information are shown in the following table:
ICMP: rcvd echo from 192.168.20.125, len 40
Field Description
rcvd Receiving the ICMP message
echo Echo request message, which is a type of the ICMP message
from 192.168.20.125 Source address of the ICMP message
Details about the third information are shown in the following table:
ICMP: sent echo reply, src 192.168.20.22, dst 192.168.20.125, len 40
Field Description
src 192.168.20.22 Means that the source address of the ICMP message is
192.168.20.22.
dst 192.168.20.125 Means that the destination address of the ICMP message is
192.168.20.125.
- 14 -
According to the type of the ICMP message, the information that generates the ICMP
message adopts different formats to display the message content.
For example, the redirect message of ICMP is printed in the following format:
ICMP: rcvd host redirect from 192.168.20.77, for dst 22.0.0.3 use gw 192.168.20.26, len 36
ICMP: sent host redirect to 192.168.20.124, for dst 22.0.0.5 use gw 192.168.20.77, len 36
In the first information, an ICMP redirect message from host 192.168.20.77 is received.
Gateway 192.168.20.26 is recommended to reach the destination host 22.0.0.3. The
length of the ICMP message is 36 bytes.
In the second information, the ICMP redirect message is sent to from host
192.168.20.124 to host 22.0.0.5 through gateway 192.168.20.77. The length of the
ICMP message is 36 bytes.
The dst unreachable message of ICMP adopts the following format for printing:
ICMP: sent dst (202.96.209.133) host unreachable to 192.168.20.124, len 36
In the first information, the switch cannot route a certain IP message, so it sends the
destination (202.96.209.133) unreachable message to the source host
(192.168.20.124). The length of the ICMP message is 36 bytes.
In the second information, after receiving an ICMP message from host192.168.20.26,
the switch notifies host 192.168.20.26 that the destination address (2.2.2.2) cannot be
reached. The length of the ICMP message is 36 bytes.
2.1.5 debug ip packet

It is used to display the IP interaction information. The command no debug ip packet is
used to stop displaying information.
debug ip packet [detail] [ip-access-list-name]
no debug ip packet
Parameter
detail An optional parameter, which is used to export the protocol

information about IP message encapsulation, such as protocol
number, UDP, TCP port number and ICMP message type
ip-access-list-name An optional parameter, which is used to filter the names of the IP

access control list in the exported information
Only the information about the IP message in the specified IP
access control list can be exported.
access-group An optional parameter, which is used to filter the names of the IP

interface An optional parameter, which is used to filter the port name of

the exported information
Only the information about the IP message satisfied the
designated port can be exported.
- 15 -
Command mode
Management mode
Instruction
The command is used to find the destination of each received or locally generated IP
message, which helps to detect the reason of communication problems.
The command is used in the following cases:
z forwarded
z forwarded as the multicast message or the broadcast message
z addressing failure during message forwarding
z Sending the redirect message
z Rejected because of having the original routing option
z Rejected because of illegal IP options
z Original route
z Message sent from the local machine should be segmented, but the DF is reset.
z Receiving message
z Receiving IP segment
z Sending message
z Sending broadcast/multicast
z Addressing failure when message is generated locally
z Locally generated message is segmented
z Received message is filtered
z Transmitted message is filtered
z Link layer fails to be encapsulated (only for Ethernet)
z Unknown protocol
This command may export lots of information. You'd better use it when the switch is in
the free state. Otherwise, the performance of the system will be badly affected. You are
recommended to filter the output information through the IP access control list, enabling
the system to export the useful message.
Command mode
Management mode
Example
switch#debug ip packet
switch#IP: s=192.168.20.120 (vlan 10), d=19.0.0.9 (vlan 10), g=192.168.20.1, len=60, redirected
IP: s=192.168.20.22 (local), d=192.168.20.120 (vlan 10), g=192.168.20.120, len=56, sending
IP: s=192.168.20.120 (vlan 10), d=19.0.0.9 (vlan 10), g=192.168.20.1, len=60, forward
IP: s=192.168.20.81 (vlan 10), d=192.168.20.22 (vlan 10), len=56, rcvd
Field Description
IP Means that the information is about the IP message.
- 16 -
s=192.168.20.120 (vlan Source address of the IP message and the interface name that
10) receives message (for message that is not locally generated)
d=19.0.0.9 (vlan 10) Destination address of the IP message and the interface name
that sends message (if routing is successful)
g=192.168.20.1 Next-hop destination address of the IP message, which may be

the gateway’s address or the destination address
len Length of the IP message
redirected Means that the routing switch is to send the ICMP redirect
message to the source host. Other cases are shown in the
following:
forward --- the message is forwarded.
forward directed broadcast---the message is forwarded as the
redirect message and the message will become the physical
broadcast on the transmitting interface.
unroutable---the message addressing fails and the message will
be dropped.
source route---source route
rejected source route---the current system does not support the
source route, therefore, the message with the IP source route
is declined.
bad options---the IP option is incorrect and the message will be
dropped.
need frag but DF set---the local message need be
fragmented,while the DF is set.
rcvd---the message is locally received.
rcvd fragment---the message fragment is received.
sending---the locally generated message is sent.
sending broad/multicast---the locally generated
broadcast/muticast message is sent.
sending fragment--- the IP message locally fragmented is sent.
denied by in acl---It is declined by the access control list on the
reception interface.
denied by out acl---It is declined by the transmitter access
control on the transmitter interface.
unknown protocol--- unknown protocol
encapsulation failed---The protocol fails to be encapsulated.It is
only for the Ethernet. When the message on the Ethernet is
dropped because of the ARP resolution failure, the information
is displayed.
In the first information, the switch receives an IP message; the source address of the
received message is 192.168.20.120; the message is from the network segment the
vlan 10 interface connects; its destination address is 19.0.0.9. According to the routing
table, the transmitter interface is vlan 10, the address of the gateway is 192.168.20.1
and the message length is 60 bytes. The gateway and the source host are directly
- 17 -
connected in the same network, that is, the network that vlan 10 connects. In this case,
the switch sends out the ICMP redirect message.
IP: s=192.168.20.120 (vlan 10), d=19.0.0.9 (vlan 10), g=192.168.20.1, len=60, redirected
In the second information, the transimmission of the ICMP redirect message is
described. The source address is the local address 192.168.20.22. The destination
address is 192.168.20.120. The message is directly sent from the vlan 10 interface to
the destination address. Therefore, the gateway’s address is the detination address
192.168.20.120. The length of the ICMP redirect message is 56 bytes.
IP: s=192.168.20.22 (local), d=192.168.20.120 (vlan 10), g=192.168.20.120, len=56, sending
The third information shows that the IP layer receives an IP message. The source
address and destination address of the IP message are 192.168.20.120 and 19.0.0.9
respectively. The reception interface is vlan 10. By checking the routing table, the
system finds that the IP message need be forwarded to the vlan10 interface. The length
of the IP message is 60 bytes. The third information shows that the message shown in
the first information will be forwarded after the system sends the ICMP redirect
message.
IP: s=192.168.20.120 (vlan 10), d=19.0.0.9 (vlan 10), g=192.168.20.77, len=60, forward
The fourth information shows that the IP layer receives an IP message. The source
address and destination address of the IP message are 192.168.20.81 and
192.168.20.22 respectively. The reception interface is vlan 10. The length of the IP
message is 56 bytes. The IP message is locally received.
IP: s=192.168.20.81 (vlan 10), d=192.168.20.22 (vlan 10), len=56, rcvd
The following is an example about the output information after running the debug ip
packet detail command. Only the newly added parts are described.
switch#debug ip packet detail
switch#IP: s=192.168.12.8 (vlan 10), d=255.255.255.255 (vlan 10), len=328, rcvd, UDP: src=68,
dst=67
IP: s=192.168.20.26 (vlan 10), d=224.0.0.5 (vlan 10), len=68, rcvd, proto=89
IP: s=192.168.20.125 (vlan 10), d=192.168.20.22 (vlan 10), len=84, rcvd, ICMP: type=0, code = 0
IP: s=192.168.20.22 (local), d=192.168.20.124 (vlan 10), g=192.168.20.124, len=40, sending,
TCP: src=1024, dst=23, seq=75098622, ack=161000466, win=17520, ACK
Field Description
UDP Name of the protocol, such as UDP, ICMP and TCP

Other protocols are represented by their protocol number.
type, code Type and code of the ICMP message
src, dst Source address and destination address of the UDP message
and the TCP message
seq Sequence number of the TCP message
ack Acknowledge number of the TCP message
win Window value of the TCP message
ACK If ACK is set in the control bit of the TCP message, the
acknowledge number is valid. Other control bits include SYN,
URG, FIN, PSH and RST.
- 18 -
The first information indicates that the UDP message is received. The source port is
port 68 and the destination port is port 67.
IP: s=192.168.12.8 (vlan 10), d=255.255.255.255 (vlan 10), len=328, rcvd, UDP: src=68, dst=67
The second information indicates that the protocol number of the received message is
89.
IP: s=192.168.20.26 (vlan 10), d=224.0.0.5 (vlan 10), len=68, rcvd, proto=89
The third information indicates that the ICMP message is received. Both the type and
the code of the message are represented by the number 0.
IP: s=192.168.20.125 (vlan 10), d=192.168.20.22 (vlan 10), len=84, rcvd, ICMP: type=0, code = 0
The fourth information indicates that the TCP message is sent. The source port and
destination port are port 1024 and port 23 respectively. The sequence number and the
acknowledge number are 75098622 and 161000466 respectively. The size of the
receiption window is 17520. The ACK logo is set. For details, refer to RFC 793—
Transmission Control Protocol.
IP: s=192.168.20.22 (local), d=192.168.20.124 (vlan 10), g=192.168.20.124, len=40, sending,
TCP: src=1024, dst=23, seq=75098622, ack=161000466, win=17520, ACK
The access control list is described in the following. For example, if the messages with
the source address 192.168.20.125 require to be displayed, you need to define the
standard access control list to permit only the IP message whose source address is
192.168.20.125. You then run the command debug ip packet to use the access control
list.
switch#config
switch_config#ip access-list standard abc
switch_config_std_nacl#permit 192.168.20.125
switch_config_std_nacl#exit
switch_config#exit
switch#debug ip packet abc
switch#IP: s=192.168.20.125 (vlan 101), d=192.168.20.22 (vlan 101), len=48, rcvd
In the previous commands, the standard access control list is used. You can also use
the extensible access control list.
Related command
debug ip tcp packet
2.1.6 debug ip raw

It is used to display the IP interaction information. Run the command no debug ip raw
to stop displaying the information.
debug ip raw [detail] [access-list-group] [interface]
no debug ip raw
Parameter
detail An optional parameter, which is used to export the protocol

information about IP message encapsulation, such as protocol
number, UDP, TCP port number and ICMP message type
- 19 -
access-group An optional parameter, which is used to filter the names of the IP

interface An optional parameter, which is used to filter the port name of

the exported information
Only the information about the IP message satisfied the
designated port can be exported.
Command mode
Management mode
Instruction
The command is used to find the destination of each received or locally generated IP
message, which helps to detect the reason of communication problems.
The command is used in the following cases:
z Forwarded
z Forwarded as the multicast message or the broadcast message
z Addressing failure during message forwarding
z Sending the redirect message
z Rejected because of having the original routing option
z Rejected because of illegal IP options
z Original route
z Message sent from the local machine should be segmented, but the DF is reset.
z Receiving message
z Receiving IP segment
z Sending message
z Sending broadcast/multicast
z Addressing failure when message is generated locally
z Locally generated message is segmented
z Received message is filtered
z Transmitted message is filtered
z Link layer fails to be encapsulated (only for Ethernet)
z Unknown protocol
This command may export lots of information. You'd better use it when the switch is in
the free state. Otherwise, the performance of the system will be badly affected. You are
recommended to filter the output information through the IP access control list, enabling
the system to export the useful message.
Example
Similar to the debug ip packet command
- 20 -
Related command
debug ip tcp packet 8.1content
2.1.7 debug ip tcp packet

It is used to display the TCP message. To stop displaying the TCP message, run the
command no debug ip tcp packet.
debug ip tcp packet
no debug ip tcp packet
Parameter
Command mode
Management mode
Example
switch#debug ip tcp packet

switch#tcp: O ESTABLISHED 192.168.20.22:23 192.168.20.125:3828 seq 50659460
DATA 1 ACK 3130379810 PSH WIN 4380
tcp: I ESTABLISHED 192.168.20.22:23 192.168.20.125:3828 seq 3130379810
DATA 2 ACK 50659460 PSH WIN 16372
tcp: O ESTABLISHED 192.168.20.22:23 192.168.20.125:3828 seq 50659461
DATA 50 ACK 3130379812 PSH WIN 4380
tcp: O FIN_WAIT_1 192.168.20.22:23 192.168.20.125:3828 seq 50659511
ACK 3130379812 FIN WIN 4380
tcp: I FIN_WAIT_1 192.168.20.22:23 192.168.20.125:3828 seq 3130379812
ACK 50659511 WIN 16321
tcp: I FIN_WAIT_1 192.168.20.22:23 192.168.20.125:3828 seq 3130379812
ACK 50659512 WIN 16321
tcp: I FIN_WAIT_2 192.168.20.22:23 192.168.20.125:3828 seq 3130379812
ACK 50659512 FIN WIN 16321
tcp: O TIME_WAIT 192.168.20.22:23 192.168.20.125:3828 seq 50659512
ACK 3130379813 WIN 4380
tcp: I LISTEN 0.0.0.0:23 0.0.0.0:0 seq 3813109318
DATA 2 ACK 8057944 PSH WIN 17440
tcp: O LISTEN 0.0.0.0:23 0.0.0.0:0 seq 8057944
RST
Field Description
tcp: Information about the TCP message
O Sending the TCP message
ESTABLISHED Current state of the TCP connection

For the description of the TCP connection state, refer to the
description of the command debug ip tcp transactions.
192.168.20.22:23 Means that the source address of the message is 192.168.20.22

and the source port is port 23.
- 21 -
192.168.20.125:3828 Means that the destination address of the message is

192.168.20.125 and the destination port is port 3828.
seq 50659460 Means that the sequence number of the message is 50659460.
DATA 1 Means that the number of valid data bytes contained in the
message is 1.
ACK 3130379810 Means that the acknowledge number of the message is

3130379810.
PSH Means that PSH in the control bits of the message is set.
Other control bits include ACK, FIN, SYN, URG and RST.
WIN 4380 It is used to notify the peer reception end of the cache size. The
current cache size is 4380 sizes.
I Receiving the TCP message
If the previous fields are not displayed, the field in the TCP message does not have the
valid value.
Related command
debug ip tcp transactions
2.1.8 debug ip tcp transactions

It is used to display the TCP interaction information, such as the change of the TCP
connection state. Run the command no debug ip tcp transactions to stop displaying
the information.
debug ip tcp transactions
no debug ip tcp transactions
Parameter
Command mode
Management mode
Example
switch#debug ip tcp transactions

switch#TCP: rcvd connection attempt to port 23
TCP: TCB 0xE88AC8 created
TCP: state was LISTEN -> SYN_RCVD [23 -> 192.168.20.125:3828]
TCP: sending SYN, seq 50658312, ack 3130379657 [23 -> 192.168.20.125:3828]
TCP: state was SYN_RCVD -> ESTABLISHED [23 -> 192.168.20.125:3828]
TCP: connection closed by user, state was LISTEN [23 -> 0.0.0.0:0]
TCP: state was TIME_WAIT -> CLOSED [23 -> 192.168.20.125:3827]
TCP: TCB 0xE923C8 deleted
TCP: TCB 0xE7DBC8 created
TCP: connection to 192.168.20.124:513 from 192.168.20.22:1022, state was CLOSED to
SYN_SENT
- 22 -
TCP: sending SYN, seq 52188680, ack 0 [1022 -> 192.168.20.124:513]

TCP: state was SYN_SENT -> ESTABLISHED [1022 -> 192.168.20.124:513]
TCP: rcvd FIN, state was ESTABLISHED -> CLOSE_WAIT [1022 -> 192.168.20.124:513]
TCP: connection closed by user, state was CLOSE_WAIT [1022 -> 192.168.20.124:513]
TCP: sending FIN [1022 -> 192.168.20.124:513]
TCP: connection closed by user, state was LAST_ACK [1022 -> 192.168.20.124:513]
TCP: state was LAST_ACK -> CLOSED [1022 -> 192.168.20.124:513]
TCP: TCB 0xE7DBC8 deleted
Field Description
TCP: Means that the TCP interaction information is displayed.
rcvd connection attempt Means that the connection request from peer port 23 (telnet
to port 23 port) is received.
TCB 0xE88AC8 created Means a new TCP connection control block is generated and its
logo is 0xE88AC8.
state was LISTEN -> Means that the state of the TCP state machine changes from the
SYN_RCVD LISTEN state to the SYN_RCVD state.
The TCP state may be one of the following:
LISTEN---waiting for the TCP connection request from any
remote host
SYN_SENT---the connection request for creating TCP
connection negotiation has been sent and the reply is being
waited.
SYN_RCVD---the connection request from the peer has been
received and the acknowledgement information and its own
connection request have also been sent out; the acknowledge
information about the peer’s connection is being waited.
ESTABLISHED---the connection is successful; the data is being
transmitted; the data of the upper application can be received
and sent.
FIN_WAIT_1---the connection termination request has been
sent to the peer; the acknowledgement information and the
connection termination request from the peer are being waited.
sent to the peer and the acknowledgement information from the
peer has been received; the connection termination request
from the peer is being waited.
CLOSE_WAIT--- the connection termination request from the
peer has been received and the acknowledgement information
has been sent out; the local user is being waited to close the
connection. Once the user demands to close the connection, the
system sends out the connection termination request.
CLOSING--- the connection termination request has been sent
to the peer and the connection termination request from the peer
has been received and the acknowledgement information has
been sent out; the system is waiting for the local connection
termination request acknowledge from the peer.
- 23 -
LAST_ACK---The system has received the connection

termination request from the peer and acknowledged it; the
system has already sent out connection termination request; the
acknowledge is being waited for.
TIME_WAIT---the period when the system waits for the peer to
receive the acknowledgement of the connection termination
request
CLOSED---the connection is closed.
For details, refer to RFC 793, Transmission Control Protocol.
[23 -> The first field (23) in the bracket means the local TCP port.
192.168.20.125:3828] The second field (192.168.20.125) in the bracket means the
remote IP address.
The third field (3828) in the bracket means the remote TCP port.
sending SYN Means a connection request message is sent out (SYN in the
control bits of the TCP header is set). Other TCP control bits
include SYN, ACK, FIN, PSH, RST and URG.
seq 50658312 Means that the sequence number for sending the message is
50658312.
ack 3130379657 Means that the acknowledgement number for sending the
message is 3130379657.
rcvd FIN Means that the connection termination request is received (FIN
in the control bits of the TCP header is set).
connection closed by Means that the upper application requires closing the TCP
user connection.
connection timed out Means that connection timeout is closed.
Related command
debug ip tcp packet “8.1content"
2.1.9 debug ip udp

It is used to display the UDP interaction information. Run the command no debug ip
udp to stop displaying the information.
debug ip udp
no debug ip udp
Parameter
Command mode
Management mode
- 24 -
Example
switch#debug ip udp
switch#UDP: rcvd src 192.168.20.99(520), dst 192.168.20.255(520), len = 32
UDP: sent src 192.168.20.22(20001), dst 192.168.20.43(1001), len = 1008
Field Description
UDP: Means that the information is about the UDP message.
rcvd Means that the message is received.
sent Means that the message is sent.
src Means the source IP address of the UDP message and the UDP
port.
dst Means the destination IP address of the UDP message and the
UDP port.
len Means the length of the UDP message.
The first line in the previous information shows that a UDP message is received. The
UDP message is sent from host 192.168.20.99. Both the source port and the
destination port are port 520. The destination address is 192.168.20.255. The length of
the message is 32 bytes.
The second line in the previous information shows that a UDP message is sent. The
local address and the destination address are 192.168.20.22 and 192.168.20.43
respectively. The source port and the destination port are port 20001 and port 1001
respectively. The length of the message is 1008 bytes.
2.1.10 ip mask-reply
It is used to enable the switch to reply the mask request of the IP address on the
designated interface. Run the command no ip mask-reply to disable the function.
ip mask-reply
no ip mask-reply
default ip mask-reply
Parameter
Default
The mask request of the IP address is not replied.
Command mode
Example
interface vlan 11
ip mask-reply
- 25 -
2.1.11 ip mtu
It is used to set the MTU of the IP message. To reuse MTUDefault, run the command
no ip mtu.
ip mtu bytes
no ip mtu
Parameter
bytes Maximum transmission unit of the IP message, which is

calculated by byte
Default
It varies with different physical media of the interface. It is the same as MTU. The
minimum value is 68 bytes.
Command mode
Instruction
If the length of the IP message exceeds IP MTU configured on the interface, the switch
fragments the message. All devices connecting on the same physical media need be
configured the same MTU. The MTU affects the IP MTU. If the value of IP MTU is the
same as that of the MTU, the value of IP MTU automatically changes to the new value
of the MTU when the MTU value changes. The change of the IP MTU does not
affectthe MTU.
The minimum value of IP MTU is 68 bytes and the maximum value of IP MTU cannot
exceed the MTU value configured on the interface.
Example
The following example shows that IP MTU on interface vlan 10 is set to 200:
interface vlan 10
ip mtu 200
Related command
mtu
2.1.12 ip redirects
It is used to send the IP ICMP redirect message. You can run the command no ip
redirects not to send the IP ICMP redirect message.
ip redirects
no ip redirects
- 26 -
Parameter
Default
The IP redirect message is sent by default. However, if you configure the hot standby
switch protocol, the function is disabled automatically. If the hot standby switch
protocol is cancelled, the function cannot be automatically enabled.
Command mode
Instruction
When the switch finds that the forwarding interface of the gateway is the same as the
the reception interface and the source host directly connects the logical network of the
interface, the switch sends an ICMP redirect message, notifying the source host to
take the switch as the gateway to the destination address.
If the hot standby switch protocol is configured on the interface, the message may be
dropped when the IP redirect message is sent.
Example
The following example shows that the ICMP redirect message can be sent on interface
vlan 10:
interface vlan 10
ip redirects
2.1.13 ip source-route
It is used to enable the routing switch to process the IP message with the source IP
route. To enable the routing switch to drop the IP message with the source IP route,
run the command no ip source-route.
ip source-route
no ip source-route
Parameter
None
Default
The IP message with the source IP route is processed.
Command mode
Example
The following command enables the routing switch to process the IP message with the
source IP route.
- 27 -
ip source-route
Related command
ping
2.1.14 ip tcp synwait-time

It is used to set the timeout time, which is used in the case when the switch waits for the
successful TCP connection. To resume to the default time, run the command no ip tcp
synwait-time.
ip tcp synwait-time seconds
no ip tcp synwait-time
Parameter
seconds Time for waiting for the TCP connection, which ranges from 5 to
300 seconds
Its default value is 75 seconds.
Default
75 seconds
Command mode
Instruction
When the switch originates the TCP connection, if the TCP connection is unsuccessful
after the waiting time, the switch considers that the connection fails and sends the
result to the upper application. You can set the waiting time for the successful TCP
connection. The default value is 75 seconds. The option has nothing with the TCP
connection message forwarded by the switch. However, it is relevant with the local
TCP connection of the switch.
To know the current value of the waiting time, run the command ip tcp synwait-time ?.
The value in the square bracket is the current value.
Example
The following example shows that the waiting time of the TCP connection is set to 30
seconds:
switch_config#ip tcp synwait-time 30
switch_config#ip tcp synwait-time ?
<5-300>[30] seconds -- wait time
2.1.15 ip tcp window-size

It is used to set the size of the TCP window. To resume to the default value, run the
command no ip tcp window-size.
- 28 -
ip tcp window-size bytes

no ip tcp window-size
Parameter
bytes Size of the window whose unit is second

The maximum size is 65535 bytes. The default size is 2000
bytes.
Default
2000 bytes
Command mode
Instruction
Do not hastly modify the default value of the window size unless you have a definite
purpose. You can run the command ip tcp window-size ? to know the current value.
The value in the square bracket is the current value.
Example
The following example shows that the size of the TCP window is set to 6000 bytes:
switch_config#ip tcp window-size 6000
switch_config#ip tcp window-size ?
<1-65535>[6000] bytes -- Window size
2.1.16 ip unreachables
It is used to enable the switch to send the ICMP unreachable message. To stop sending
the message, run the command no ip unreachables.
ip unreachables
no ip unreachables
Parameter
Default
The ICMP unreachable message is sent.
Command mode
- 29 -
Instruction
When the switch forwards the IP message, the message is dropped if the relevant route
is not in the routing table. In this case, the switch sends the ICMP unreachable
message to the source host. According to the information in the ICMP unreachable
message, the source host promptly detects the fault and removes it.
Example
The following example shows that the interface vlan 10 is set to send the ICMP
unreachable message:
interface vlan 10
ip unreachables
2.1.17 show ip sockets

It is used to display the socket information.
show ip sockets
Parameter
Command mode
Management mode
Example
switch#show ip sockets
Proto Local Port Remote Port In Out
17 0.0.0.0 0 0.0.0.0 0 161 0
6 0.0.0.0 0 0.0.0.0 0 513 0
17 0.0.0.0 0 0.0.0.0 0 1698 0
17 0.0.0.0 0 0.0.0.0 0 69 0
6 0.0.0.0 0 0.0.0.0 0 23 0
17 0.0.0.0 0 0.0.0.0 0 137 122590
Field Description
Proto IP number
The protocol number of UDP is 17 and the number of TCP is 6.
Remote Remote address
Port Remote port
Local Local address
Port Local port
- 30 -
In Total number of the received bytes
Out Total number of the transmitted bytes
2.1.18 show ip traffic

It is used to display the statistics information about the IP traffic.
show ip traffic
Parameter
Command mode
Management mode
Example
switch#show ip traffic
IP statistics:
Rcvd: 0 total, 0 local destination, 0 delivered
0 format errors, 0 checksum errors, 0 bad ttl count
0 bad destination address, 0 unknown protocol, 0 discarded
0 filtered , 0 bad options, 0 with options
Opts: 0 loose source route, 0 record route, 0 strict source route
0 timestamp, 0 router alert, 0 others
Frags: 0 fragments, 0 reassembled, 0 dropped
0 fragmented, 0 fragments, 0 couldn't fragment
Bcast: 0 received, 0 sent
Mcast: 0 received, 0 sent
Sent: 230 generated, 0 forwarded
0 filtered, 0 no route, 0 discarded
ICMP statistics:
Rcvd: 0 total, 0 format errors, 0 checksum errors
0 redirect, 0 unreachable, 0 source quench
0 echos, 0 echo replies, 0 mask requests, 0 mask replies
0 parameter problem, 0 timestamps, 0 timestamp replies
0 time exceeded, 0 router solicitations, 0 router advertisements
Sent: 0 total, 0 errors
0 redirects, 0 unreachable, 0 source quench
0 echos, 0 echo replies, 0 mask requests, 0 mask replies
0 parameter problem, 0 timestamps, 0 timestamp replies
0 time exceeded, 0 router solicitations, 0 router advertisements
UDP statistics:
Rcvd: 28 total, 0 checksum errors, 22 no port, 0 full sock
Sent: 0 total
TCP statistics:
Rcvd: 0 total, 0 checksum errors, 0 no port
Sent: 3 total
IGMP statistics:
- 31 -
Rcvd: 0 total, 0 format errors, 0 checksum errors

0 host queries, 0 host reports
Sent: 0 host reports
ARP statistics:
Rcvd: 8 total, 7 requests, 1 replies, 0 reverse, 0 other
Sent: 5 total, 5 requests, 0 replies (0 proxy), 0 reverse
Field Description
format errors Means that the format of the message is incorrect, such as the
incorrect length of the IP header.
bad hop count Means that the TTL value decreases to 0 when the routing
switch forwards the message. In this case, the message will be
dropped.
no route Means that the routing switch does not have relevant route
message.
2.1.19 show tcp

It is used to display the state of all TCP connections.
show tcp
Parameter
Command mode
Management mode
Example
switch#show tcp
TCB 0xE9ADC8
Connection state is ESTABLISHED, unread input bytes: 934
Local host: 192.168.20.22, Local port: 1023
Foreign host: 192.168.20.124, Foreign port: 513
Enqueued bytes for transmit: 0, input: 934 mis-ordered: 0 (0 packets)
Timer Starts Wakeups Next(ms)

Retrans 33 1 0
TimeWait 0 0 0
SendWnd 0 0 0
KeepAlive 102 0 7199500
iss: 29139463 snduna: 29139525 sndnxt: 29139525 sndwnd: 17520

irs: 709124039 rcvnxt: 709205436 rcvwnd: 4380
SRTT: 15 ms, RXT: 2500 ms, RTV: 687 ms

minRXT: 1000 ms, maxRXT: 64000 ms, ACK hold: 200 ms
- 32 -
Datagrams (max data segment is 1460 bytes):

Rcvd: 102 (out of order: 0), with data: 92, total data bytes: 81396
Sent: 104 (retransmit: 0), with data: 31, total data bytes: 61
Field Description
TCB 0xE77FC8 Internal identifier of the TCP connection control block
Connection state is Currrent state of the TCP connection

ESTABLISHED The TCP connection may be in one of the following state:
LISTEN---waiting for the TCP connection request from any
remote host
SYN_SENT---the connection request has been sent and the
reply is being waited.
SYN_RCVD---the connection request from the peer has been
received and the acknowledgement information and its own
connection request have also been sent out; the acknowledge
information about the peer’s connection is being waited.
ESTABLISHED---the connection is successful; the data is being
transmitted; the data of the upper application can be received
and sent.
sent to the peer; the acknowledgement information and the
connection termination request from the peer are being waited.
sent to the peer and the acknowledgement information from the
peer has been received; the connection termination request
from the peer is being waited.
CLOSE_WAIT--- the connection termination request from the
peer has been received and the acknowledgement information
has been sent out; the local user is being waited to close the
connection. Once the user demands to close the connection, the
system sends out the connection termination request.
CLOSING--- the connection termination request has been sent
to the peer and the connection termination request from the peer
has been received and the acknowledgement information has
been sent out; the system is waiting for the local connection
termination request acknowledge from the peer.
LAST_ACK---The system has received the connection
termination request from the peer and acknowledged it; the
system has already sent out connection termination request; the
acknowledgement is being waited for.
TIME_WAIT---the period when the system waits for the peer to
receive the acknowledgement of the connection termination
request
CLOSED---the connection is closed.
For details, refer to RFC 793, Transmission Control Protocol.
unread input bytes: Data that is processed by the lower-layer TCP and the upper
application has not received
- 33 -
Local host: Local IP address
Local port: Local TCP port
Foreign host: Remote IP address
Foreign port: Remote TCP port
Enqueued bytes for Bytes in the transmitter queue, including the data that is sent but
transmit: not yet acknowledged and the data that is not sent
input: Bytes in the reception queue

After sorting, these data waits for the upper application to
accept.
mis-ordered: Number of bytes and messages in the misordered queue

After other data is received, these data can enter the receiption
queue in turn and then can be received by the upper
application. For example, after messages 1, 2, 4, 5 and 6 are
received, messages 1 and 2 can enter the receiption queue,
but messages 4, 5 and 6 have to enter the misordered queue
and wait for message 3.
After that, the information about the timer of the current connection is displayed,
including its startup times, timeout times and the next-time timeout time. The value 0
means that the timer does not run currently. Each connection has its own unique timer.
The timeout times is less than the startup times because the timer may be reset in its
process. For example, when the retransmission timer works, the system will receive the
acknowledgements for all data from the peer. In this case, the retransmission timer
stops running.
Retrans 33 1 0
TimeWait 0 0 0
SendWnd 0 0 0
KeepAlive 102 0 7199500
Field Description
Timer Name of the timer
Starts Startup times of the timer
Wakeups Timeout times of the timer
Next(ms) Next-time timeout time (unit: ms)

The value 0 means the timer does not run.
Retrans Retransmission timer, which is used to trigger resending data

The timer is started up after the data is sent. If the data is not
acknowledged by the peer within the timeout time, the data will
be resent.
TimeWait Time Waiting timer, which is used to know that the peer has
already received the acknowledgement of the connection
termination request.
SendWnd Timer of the transmission window, which is used to asure that

the transmission wind resume to the normal size after the TCP
- 34 -
acknowledgement information is dropped
KeepAlive Keep-alive timer, which is used to asure that the communication

link is in normal state and the peer is still in the connection
state
It triggers the testing message to be sent for testing the state of
the communication link and the peer.
After the timer is displayed, the sequence number of the TCP connection is displayed.
TCP uses the sequence number to gurantee reliable and orderly data transmission.
The local or remote host can control the traffic and send the acknowledgement
information according to the sequence number.
Field Description
iss: Sequence number of original transmission
snduna: Sequence number of the first byte in the data that is already sent
but whose acknowledgement information has not been received
sndnxt: Transmission sequence number of the first data in the data that
is sent later
sndwnd: TCP window size of the remote host
irs: Original receiption sequence number, that is, original

transmission sequence number of the remote host
rcvnxt: Receiption sequence number that is acknowledged recently
rcvwnd: TCP window size of the local host
The transmission time recorded by the local host is displayed afterwards. The system
can adapt itself to different networks according to the transmission time.
Field Description
SRTT: Round-trip time after smooth processing
RXT: Retransmission timeout time
RTV: Change value of the round-trip time
MinRXT: Permissible minimum retransmission timeout time
MaxRXT: Permissible maximum retransmission timeout time
ACK hold: Maximum delay time when the acknowledgement is delayed for
being sent together with the data

Field Description
max data segment is Maximum length of the data segment which is permitted by the
- 35 -
connection
Rcvd: Number of messages that the local host receives during the
connection procedure, including the number of the misordered
messages
with data: Number of messages that contain valid data
total data bytes: Number of data bytes contained by the message
Sent: Number of messages that are sent or resent by the local host
during the connection procedure
with data: Number of messages that contain valid data
total data bytes: Number of data bytes contained by the message
Related command
show tcp brief

show tcp tcb
2.1.20 show tcp brief

It is used to display the brief information about the TCP connection.
show tcp brief [all]
Parameter
all An optional parameter, which means that all ports are displayed
If the parameter is not entered, the system does not display the
ports in the LISTEN state.
Command mode
Management mode
Example

0xE9ADC8 192.168.20.22:1023 192.168.20.124:513 ESTABLISHED
Field Description
TCB Internal identifier of the TCP connection
Local Address Local IP address and the TCP port
Foreign Address Remote IP address and the TCP port
State State of the connection

For details, refer to the description of the show tcp command.
- 36 -
Related command
show tcp
show tcp tcb
2.1.21 show tcp statistics

It is used to display the TCP statistics data.
show tcp statistics
Parameter
Command mode
Management mode
Example
switch#show tcp statistics

Rcvd: 148 Total, 0 no port
0 checksum error, 0 bad offset, 0 too short
131 packets (6974 bytes) in sequence
0 dup packets (0 bytes)
0 partially dup packets (0 bytes)
0 out-of-order packets (0 bytes)
0 packets (0 bytes) with data after window
0 packets after close
0 window probe packets, 0 window update packets
0 dup ack packets, 0 ack packets with unsend data
127 ack packets (247 bytes)
Sent: 239 Total, 0 urgent packets
6 control packets
123 data packets (245 bytes)
0 data packets (0 bytes) retransmitted
110 ack only packets (101 delayed)
0 window probe packets, 0 window update packets
4 Connections initiated, 0 connections accepted, 2 connections established
3 Connections closed (including 0 dropped, 1 embryonic dropped)
5 Total rxmt timeout, 0 connections dropped in rxmt timeout
1 Keepalive timeout, 0 keepalive probe, 1 Connections dropped in keepalive
Field Description
Rcvd: Statistics data about the messages received by the routing

switch
Total Total number of the received messages
no port Number of messages showing the destination port does not

exist
checksum error Number of messages showing that sum check is incorrect
bad offset Number of messages showing that the data offset is incorrect
- 37 -
too short Number of messages showing that the message length is less
than the minimum effective length
packets in sequence Number of messages that are received in turn
dup packets Number of received duplicate messages
partially dup packets Number of received messages that are partly duplicated
out-of-order packets Number of misordered messages
packets with data after Number of messages whose data exceeds the receiption
window window
packets after close Number of messages that are received after the connection is
closed
window probe packets Number of received messages about window probe
window update packets Number of received messages about window update
dup ack packets Number of received messages that are duplicately

acknowledged
ack packets with unsent Number of received messages that are acknowledged but has
data not been sent
ack packets Number of received messages that are acknowledged
Sent Statistics data about messages that are sent by the routing
switch
Total Total number of the transmitted messages
urgent packets Number of the transmitted urgent messages
control packets Number of the transmitted control messages (SYN, FIN or RST)
data packets Number of the transmitted data messages
data packets Number of the retransmitted data messages

retransmitted
ack only packets Number of the purely acknowledged messages
window probe packets Number of the transmitted window probe messages
window update packets Number of the transmitted window update messages
Connections initiated Number of the locally initiated connections
connections accepted Number of the locally received connections
connections established Number of the locally established connections
Connections closed Number of the locally closed connections
Total rxmt timeout Total number of retransmission timeouts
Connections dropped in Number of the connections dropped because of retransmission

rxmit timeout timeout
Keepalive timeout Number of Keepalive timeouts
keepalive probe Number of the transmitted messages for keepalive probe
- 38 -
Connections dropped in Number of the connections dropped because of Keepalive

keepalive
Related command
clear tcp statistics 8.1content
2.1.22 show tcp tcbI

It is used to display the state of a certain TCP connection.
show tcp tcb address
Parameter
address TCB address of the TCP connection

TCB is an identifier of the TCP connection in the system, which
can be obtained by the command show tcp brief.
Command mode
Management mode
Example
For detailed explanation, refer to the command show tcp.

switch_config#show tcp tcb 0xea38c8
TCB 0xEA38C8
Connection state is ESTABLISHED, unread input bytes: 0
Local host: 192.168.20.22, Local port: 23
Foreign host: 192.168.20.125, Foreign port: 1583
Enqueued bytes for transmit: 0, input: 0 mis-ordered: 0 (0 packets)

Retrans 4 0 0
TimeWait 0 0 0
SendWnd 0 0 0
KeepAlive +5 0 6633000



- 39 -
Related command
show tcp
show tcp brief
- 40 -
Commands for Fast Ethernet Ring
Protection Mechanism
Table of Contents
Table of Contents
Table of Contents ................................................................................................................................ I
Chapter 1 Commands for Fast Ethernet Ring Protection Mechanism ............................................... 1
1.1 Global Configuration Commands.......................................................................................... 1
1.1.1 ether-ring .................................................................................................................... 1
1.1.2 control-vlan................................................................................................................. 2
1.1.3 master-node ............................................................................................................... 2
1.1.4 transit-node ................................................................................................................ 3
1.1.5 hello-time.................................................................................................................... 4
1.1.6 fail-time....................................................................................................................... 5
1.1.7 pre-forward-time ......................................................................................................... 6
1.1.8 distributed-mode......................................................................................................... 7
1.1.9 centralized-mode........................................................................................................ 8
1.2 Port Configuration Commands ............................................................................................. 9
1.2.1 ether-ring primary-port ............................................................................................... 9
1.2.2 ether-ring secondary-port......................................................................................... 10
1.2.3 ether-ring transit-port................................................................................................ 10
1.3 Show-Related Commands.................................................................................................. 12
1.3.1 show ether-ring......................................................................................................... 12
-I-
Commands for Fast Ethernet-Ring Potection Mechanism
Chapter 1 Commands for Fast Ethernet Ring

Protection Mechanism
1.1 Global Configuration Commands
1.1.1 ether-ring
To configure the node of the Ethernet ring, you need enter the node configuration
mode first and then run the following command.
ether-ring id
To cancel the node of the Ethernet ring, run the following command:
no ether-ring id
Parameter
id ID of the node
Default value
By default, the node of the Ethernet ring is not configured.
Command mode
Usage Explanation
Before configuring the node, you need shut down the spanning tree protocol by
running no spanning-tree.
Example
S1_config#no spanning-tree
S1_config#ether-ring 1
S1_config_ring1#
Related command
None
-1-
1.1.2 control-vlan
To configure the control VLAN of the ring node, run the following command:
control-vlan vlan-id
Parameter
vlan-id ID of the control VLAN
Value range: 1-4094
Default value
By default, the control VLAN of a node is not configured.
Command mode
Node configuration mode for the Ethernet ring
Usage Explanation
1. Any VLAN can be configured as the control VLAN of the node. However, the
establishment of the control VLAN does not mean that the corresponding system
VLAN can be created. The user need create the system VLAN manually.
2. After the control VLAN and node types of the Ethernet ring are configured, you
cannot modify the control VLAN even if the system exits from the Ethernet ring
configuration mode because the Ethernet ring has already been started.
Example
S1_config_ring1#control-vlan 2
Related command
ether-ring
master-node
transit-node
1.1.3 master-node
To configure an Ethernet ring as a master node, run the following command:
master-node
-2-
Parameter
None
Default value
By default, the node type is not configured.
Command mode
Node configuration mode
Usage Explanation
1. A node can be set to be a master node or a transit node.
configuration mode because the node of the Ethernet ring has already been started.
Example
S1_config_ring1#master-node
Related command
control-vlan
transit-node
1.1.4 transit-node
To configure the node type to a transit node, run the following command:
transit-node
Parameter
None
Default value
By default, the node type is not configured.
-3-
Command mode
Node configuration mode
Usage Explanation
1. A node can be set to be a master node or a transit node.
configuration mode because the node of the Ethernet ring has already been started.
Example
S1_config_ring1#transit-node
Related command
control-vlan
master-node
1.1.5 hello-time
To configure the cycle for the master node to transmit the HEALTH packets of the
Ethernet ring, run the following command:
hello-time value
To resume the default value of the cycle, run the following command:
no hello-time
Parameter
value Stands for a time value, whose unit is second.
The default value is one second. The value ranges between 1

and 10 seconds.
Default value
By default, the hello-time is one second.
-4-
Command mode
Usage Explanation
1. The hello-time configuration validates only on the master node.
2. By default, the value of the hello-time is smaller than that of the fail-time, which
avoids the Ethernet ring protocol from being shocked. After the hello-time is modified,
the corresponding fail-time need be modified too.
Example
S1_config_ring1#hello-time 2
Related command
fail-time
1.1.6 fail-time
To configure the time cap of waiting for the HEALTH packets for the secondary port of
the master node, run the following command:
fail-time value
To resume the default value of the fail-time, run the following command:
no fail-time
Parameter
The default value is three seconds. The value ranges between

3 and 30 seconds.
Default value
By default, the fail-time is 3 seconds.
-5-
Command mode
Usage Explanation
1. The fail-time configuration validates only on the master node.
2. By default, the value of the fail-time is triple of the fail-time, which avoids the
Ethernet ring protocol from being shocked. After the hello-time is modified, the
corresponding fail-time need be modified too.
Example
S1_config_ring1#hello-time 2
S1_config_ring1#fail-time 6
Related command
hello-time
1.1.7 pre-forward-time
To configure the time of maintaining the pre-forward state on the transit port, run the
following command:
pre-forward-time value
To resume the default value of the pre-forward-time, run the following command:
no pre-forward-time
Parameter
The default value is three seconds. The value ranges between

3 and 30 seconds.
Default value
By default, the pre-forward-time is 3 seconds.
-6-
Command mode
Usage Explanation
1. The pre-forward-time configuration validates only on the transit node.
2. By default, the pre-forward-time on the transit node is three times the value of the
hello-time on the master node, which avoids the network loop from being occurred
after the transmission link recovers from disconnection. After the hello-time of the
master node is modified, the corresponding pre-forward-time on the transit node need
be adjusted.
Example
S1_config_ring1#transit-node
S1_config_ring1#pre-forward-time 8
Related command
None
1.1.8 distributed-mode
To configure the protection of wire-card-distributed Ethernet ring, run

distributed-mode.
Parameter
None
Default value
By default, the configured node of the Ethernet ring automatically works in distributed
mode.
Command mode
Usage Explanation
1. The command validates only on S6800 and S8500.
-7-
2. In distributed mode, all events about the Ethernet ring such as the link disconnection
of the Ethernet ring are handled in priority by the wire card of the switch to obtain the
higher convergence performance.
Example
S1_config_ring1#distributed-mode
Related command
centralized-mode
1.1.9 centralized-mode
To set the working mode of the Ethernet ring protection protocol to the MSU
centralized control, run centralized-mode.
Parameter
None
Default value
By default, the Ethernet-ring protection protocol works in distributed mode.
Command mode
Usage Explanation
1. The command validates only on S6800 and S8500.
2. After the MSU centralized mode is configured, the wire card of the switch does not
handle the Ethernet ring events.
Example
S1_config_ring1#distributed-mode
Related command
distributed-mode
-8-
1.2 Port Configuration Commands
1.2.1 ether-ring primary-port
To set a port to be the primary port of a master node, run the following command:
ether-ring id primary-port
To cancel the primary port configuration of a port, run the following command:
no ether-ring id primary-port
Parameter
id ID of the node
Default value
The primary port is not configured by default.
Command mode
The physical port configuration mode and the converged port configuration mode
Note: The versions of switch software prior to version 2.0.1L and the versions of hi-end
switch software prior to version 4.0.0M do not support the configuration of the
converged port.
Usage Explanation
The primary port can be configured only after the control VLAN and node type of the
Ethernet ring are configured, and when the node type is the master node.
Example
S1_config#interface fastEthernet 0/1

S1_config_f0/1#ether-ring 1 primary-port
S1_config_f0/1#exit
Related command
master-node
ether-ring secondary-port
-9-
1.2.2 ether-ring secondary-port
To set a port to be the secondary port of a master node, run the following command:
ether-ring id secondary-port
To cancel the secondary port configuration, run the following command:
no ether-ring id secondary-port
Parameter
id ID of the node
Default value
The secondary port on the master node is not configured by default.
Command mode
converged port.
Usage Explanation
The secondary port can be configured only after the control VLAN and node type of the
Ethernet ring are configured, and when the node type must be the master node.
Example

S1_config_f0/3#ether-ring 1 secondary-port
S1_config_f0/3#exit
Related command
master-node
ether-ring primary-port
1.2.3 ether-ring transit-port
To set a port to be the transit port of a transit node, run the following command:
- 10 -
ether-ring id transit-port
To cancel the transit port, run the following command:
no ether-ring id transit-port
Parameter
id ID of the node
Default value
The transit port on the transit node is not configured by default.
Command mode
converged port.
Usage Explanation
The transit port can be configured only after the control VLAN and node type of the
Ethernet ring are configured, and when the node type must be the transit node. Two
transit ports can be configured on one transit node.
Example
S1_config_ring1#exit
S1_config_f0/1#ether-ring 1 transit-port
S1_config_f0/1#exit
S1_config_f0/3#ether-ring 1 transit-port
S1_config_f0/3#exit
Related command
transit-node
- 11 -
1.3 Show-Related Commands
1.3.1 show ether-ring
To display the summary information about the Ethernet-ring node, run the following
command:
show ether-ring id
To display the detailed information about the Ethernet-ring node, run the following
command:
show ether-ring id detail
To display the information about the Ethernet-ring port, run the following command:
show ether-ring id interface intf-name
Parameter
id ID of the node
intf-name Name of an interface
Default value
None
Command mode
Monitoring mode, global configuration mode, node configuration mode or port

configuration mode
Usage Explanation
None
Example
None
Related command
None
- 12 -
QoS Function Configuration Commands
Table of Contents
Table of Contents
Chapter 1 QoS Service Configuration Commands ............................................................................ 1
1.1 QoS Configuration Commands............................................................................................. 1
1.1.1 cos default .................................................................................................................. 1
1.1.2 cos map...................................................................................................................... 2
1.1.3 scheduler wrr bandwidth ............................................................................................ 3
1.1.4 scheduler policy.......................................................................................................... 3
1.1.5 policy-map .................................................................................................................. 4
1.1.6 classify........................................................................................................................ 5
1.1.7 action.......................................................................................................................... 5
1.1.8 qos policy ................................................................................................................... 6
-I-
Chapter 1 QoS Service Configuration Commands

1.1 QoS Configuration Commands
QoS Configuration Commands include:
cos default
cos map
scheduler wrr bandwidth
scheduler policy
policy-map
classify
action
qos policy
1.1.1 cos default
description
cos default cos

no cos default
To configure the default value of CoS, use the cos default command. To disable the
configuration, use the no form of this command.
parameter
cos Default cos value. The range is 0-7
default
The default CoS value is 0
instruction
Layer 2 interface configuration mode
example
Set the CoS value of no-label frame received on ge0/1 interface as 4

Switch(config)# interface gigabitethernet0/1
Switch(config-if)# cos default 4
-1-
1.1.2 cos map
description
cos map quid cos1..cosn

no cos map
To set the CoS priority queues, use the cos map command.
parameter
quid ID of CoS priority queues. The range is 1 to 8
cos1..cosn CoS value defined by IEEE802.1p. The range is 0 to 7
default
CoS value Priority queues
0 1
1 2
2 3
3 4
4 5
5 6
6 7
7 8
instruction
Layer 2 interface configuration mode and the global configuration mode

Using this command in the global configuration mode will affect all CoS priority queue;
while configuring this command in layer 2 interface command will only affect CoS
priority queue of the interface.
example
The following example maps CoS 0-2 to CoS priority queue 1and maps CoS 3 to
priority queue 2:
Switch(config-if)# cos map 1 0 1 2
Switch(config-if)# cos map 2 3
-2-
1.1.3 scheduler wrr bandwidth
description
scheduler wrr bandwidth weight1...weightn

no scheduler wrr bandwidth
To configure cos priotiry queue bandwidth, use the scheduler wrr bandwidth
command
parameter
weight1…weight8 WRR 8 CoS priority queue metrics the range is 1to 5。
default
All CoS priority queue metrics must be the same, the eight CoS priority queue metrics
are all 12.
instruction
It works in the global configuration mode

Using this command will affect the priority queue broadband of all interfaces. It enables
only when queue debug mode is configured wrr. It defines the CoS priority queue
broadband metrics when wrr debug policy is applied.
example
Configure the eight CoS priority queue metrics as 1，2，3，4，5，6，7，8

Switch(config)# scheduler wrr bandwidth 1，2，3，4，5，6，7，8
1.1.4 scheduler policy
description
scheduler policy { sp | wrr }

no scheduler policy
To set CoS priority queue debug policy, use the scheduler policy command.
parameter
sp Use the sp debug stratefgy.
wrr Use the wrr debug strategy
-3-
default
use SP
instruction
the global configuration mode

After configure the command, the interface send debug mode is configured to specified
value.
example
Configure interface send debug mode as wrr.

Switch(config)#scheduler policy wrr
1.1.5 policy-map
description
policy-map name
no policy-map name
To set QOS policy-map, use the policy-map command
parameter
Parameter description
name Name of the policy map , the value range is 1 to 16 characters
default
none
instruction
the global configuration mode

After inputting this command, the system will enter QoS policy mapping configuration
mode. There are following commands in this mode:
classify: it is used to configure QoS flow.
description：it is used to describe QoS policy mapping.
exit：it is used to quit from QoS policy mapping configuration mode.
no：it is used to cancel the command that formerly inputs.
action：it is used to define QoS action.
example
The following example shows how to configure QoS policy map:

Switch(config)# policy-map myqos
-4-
1.1.6 classify
description
classify {ip access-group access-list-name | dscp dscp-value | mac access-group

mac-access-name | vlan vlan-id | cos cos | any }
no classify {ip access-group access-list-name | dscp dscp-value | mac
access-group mac-access-name | vlan vlan-id | cos cos | any }
To configure the matching data traffic of QoS policy, use the classify command
ip access-group Configure the matching IP access list name, the range is 1 to 16

access-list-name characters
dscp dscp-value diffserv field in IP packet. The valid range is 0 to 63
mac access-group Configure the matching MAC access list name. the valid range is
mac-access-name 1 to 16 characters
vlan vlan-id Configure the matching VLAN, the valid range is 1 to 4094
cos cos Configure the matching COS value, the valid range is 0 to 7
any match any data packets
default
match any data packets
instruction
QoS policy map configuration mode

All data traffic in one QoS policy map must have the identical mask value, interface
number in the ip access-list must be definite rather than a scope.
Only one item of rule can be included in the ip access list that used to match data flow,
or the configuration fails. When the action (permit or deny) of the rule is permit, this rule
is used to separate data flow; when the action of the rule is deny, this rule has no effect,
that is, it will not be used to match data flow.
example
Switch(config-qos)# classify ip access-group ipacl1 cos 3
1.1.7 action
description
action [no-match] {bandwidth max-band | cos cos-value | dscp dscp-value | redirect

interface-id | drop | stat | monitor }
To configure the matching data traffic policy of QoS policy map, use the action
command
-5-
parameter
paramter description
no-match Influence all the traffic that do not meet the demand
bandwidth max-band maximum bandwidth to a class ，the range is 1 to 1000kbps。
dscp dscp-value Define the dscp field of the matching traffic as dscp-value, the
range is 0 to 63
cos cos-value Define cos field of the matching traffic as cos-value, the range is
0 to 7
redirect interface-id redirect the exit of the matching traffic
drop drops the configured packets
stat Switch stat information of the related matching traffic
monitor 将该数据包发送到镜像端口。 Send the packets to monitor

interface
default
none
instruction
QoS policy map configuration mode.

One QoS policy mapping can only configures one kind of policy. Bandwidth and stat
can only influence the match packets, and the above actions can be enabled at the
same time, if the action is empty, then it means to forward, which means allowing the
data traffic to pass.
example
Switch(config-qos)# action redirect interface g0/1
1.1.8 qos policy
description
[no] qos policy name { ingress|egress}

To configure the QoS policy on interface, use the qos policy command.
paramter
name Name of QoS policy maps
ingress Affect the entrance
egress Affect the exit
-6-
deault
none
instruction
layer 2 interface configuration mode
example
Apply the QoS policy named pmap on the f0/1 interface

Switch(config)# interface Gigaethernet0/1
Switch(config-if)# qos policy pmap ingress
-7-
Anti-Attack Configuration Commands
Table of Contents
Table of Contents
Chapter 1 Anti-Attack Configuration Commands.................................................................................................................. 1
1.1 Anti-Attack Configuration Commands.................................................................................................................... 1
1.1.1 filter period time......................................................................................................................................... 1
1.1.2 filter threshold value .................................................................................................................................. 1
1.1.3 filter block-time value................................................................................................................................. 2
1.1.4 filter igmp................................................................................................................................................... 3
1.1.5 filter arp ..................................................................................................................................................... 3
1.1.6 filter enable................................................................................................................................................ 3
1.1.7 show filter .................................................................................................................................................. 4
-I-
Chapter 1 Anti-Attack Configuration Commands
1.1 Anti-Attack Configuration Commands
1.1.1 filter period time
To configure filter period for attack, use the filter period command.
parameter
time The filter period for attack in seconds. It is considered as attack when the
attack source sends packets above the specified number in any filter
period time.
default
10 seconds
Command mode
example
Switch_config#filter period 15
Related commands
filter threshold value
1.1.2 filter threshold value
To configure the filter threshold value, use the filter thresholf value command.
parameter
value It is considered as attack when the receiving packets excddes the filter
threshold value.
-1-
default
1000
command mode
example
Switch_config#filter threshold 1500
Related commands
filter period time
1.1.3 filter block-time value
To configure the time to block attack resource, use the filter block-time value
command.
parameter
Value Time to block attack source in seconds.
default
300 seconds
command mode
example
Switch_config#filter block-time 600
Related commands
filter period time
filter threshold value
-2-
1.1.4 filter igmp
To filter IGMP attack, use the filter igmp command.
parameter
none
Command mode
example
Switch_config#filter igmp
Related commands
filter enable
1.1.5 filter arp
To fliter ARP attack, use the filter arp command.
parameter
none
Command mode
physical interface configuration mode
example
Switch_config_f0/1#filter arp
Related commands
filter enable
1.1.6 filter enable
To enable filter feature, use the filter enable command.
-3-
parameter
none
Command mode
example
Switch_config#filter enable
Related commands
filter igmp
filter arp
1.1.7 show filter
To display working state of the anti-attack feature of the current switch, use the show
filter command.
parameter
none
command mode
non-user mode
Switch#show fil
Filter threshold: 1000 packet in any 10 seconds
Filters blocked:
Address seconds source interface
00a0.0c13.647d 27.0 FastEthernet1/2
Filters counting:
Address seconds count source interface
00a0.0c43.647d 1.84 371 FastEthernet1/2
Filters blocked: indicates MAC address of the blocked attack source, blocked time and
source interface.
Filters counting: indicates MAC address of the attack source, counting time, the
number of the receiving packets and the source interface.
-4-
Security Configuration Command
Table of Contents
Table of Contents
Chapter 1 AAA Authentication Configuration Commands .................................................................................................... 1
1.1 AAA Authentication Configuration Commands ...................................................................................................... 1
1.1.1 aaa authentication enable default ............................................................................................................. 1
1.1.2 aaa authentication login ............................................................................................................................ 2
1.1.3 aaa authentication password-prompt ........................................................................................................ 4
1.1.4 aaa authentication username-prompt........................................................................................................ 5
1.1.5 aaa group server ....................................................................................................................................... 6
1.1.6 debug aaa authentication.......................................................................................................................... 7
1.1.7 enable password ....................................................................................................................................... 8
1.1.8 server ........................................................................................................................................................ 9
1.1.9 service password-encryption................................................................................................................... 10
1.1.10 username .............................................................................................................................................. 11
Chapter 2 RADIUS Configuration Commands.................................................................................................................... 13
1.2 RADIUS Configuration Commands ..................................................................................................................... 13
1.2.1 debug radius............................................................................................................................................ 13
1.2.2 ip radius source-interface........................................................................................................................ 14
1.2.3 radius-server challenge-noecho.............................................................................................................. 15
1.2.4 radius-server deadtime............................................................................................................................ 16
1.2.5 radius-server host.................................................................................................................................... 17
1.2.6 radius-server optional-passwords ........................................................................................................... 18
1.2.7 radius-server key..................................................................................................................................... 18
1.2.8 radius-server retransmit .......................................................................................................................... 19
1.2.9 radius-server timeout............................................................................................................................... 20
1.2.10 radius-server vsa send.......................................................................................................................... 21
-I-
Security Configuration Commands
Chapter 1 AAA Authentication Configuration

Commands
1.1 AAA Authentication Configuration Commands
This chapter describes the commands used to configure AAA authentication methods.
Authentication identifies users before they are allowed access to the network and
network services.
For information on how to configure authentication using AAA methods, refer to the
"Configuring Authentication" chapter. For configuration examples using the commands
in this chapter, refer to the "Authentication Examples" section located at the end of the
"Configuring Authentication" chapter.
AAA Authentication Configuration Commands include：

z aaa authentication enable default
z aaa authentication login
z aaa authentication password-prompt
z aaa authentication username-prompt
z aaa group server
z debug aaa authentication
z enable password
z server
z service_password-encryption
z username
1.1.1 aaa authentication enable default

To enable AAA authentication to determine if a user can access the privileged
command level, use the aaa authentication enable default global configuration
command. Use the no form of this command to disable this authentication method.
aaa authentication enable default method1 [method2...]

no aaa authentication enable default method1 [method2...]
parameter
method At least one of the keywords described in Table 1.
default
If the default list is not set, only the enable password is checked. This has the same
effect as the following command:
-1-
aaa authentication enable default enable

On the console, the enable password is used if it exists. If no password is set, the
process will succeed anyway.
command mode
instruction
Use the aaa authentication enable default command to create a series of authentication
methods that are used to determine whether a user can access the privileged
command level. Method keywords are described in Table 1. The additional methods of
authentication are used only if the previous method returns an error, not if it fails. To
specify that the authentication should succeed even if all methods return an error,
specify none as the final method in the command line.
Table 0-1 aaa authentication enable default Methods
Keyword Description
group name Uses the server group for authentication.
enable Uses the enable password for authentication.
line Uses the line password for authentication.
none Uses no authentication.
group radius Uses RADIUS authentication.
example
The following example creates an authentication list that first tries to contact a
TACACS+ server. If no server can be found, AAA tries to use the enable password. If
this attempt also returns an error (because no enable password is configured on the
server), the user is allowed access with no authentication.
aaa authentication enable default line enable none
related commands
enable password
1.1.2 aaa authentication login

To set authentication, authorization, and accounting (AAA)authentication at login, use
the aaa authentication login command in global configuration mode. To disable AAA
authentication, use the no form of this command.
aaa authentication login {default | list-name} method1 [method2...]
no aaa authentication login {default | list-name} method1 [method2...]
-2-
parameter
Default Uses the listed authentication methods that follow this argument
as the default list of methods when a user logs in.
list-name Character string used to name the list of authentication methods

activated when a user logs in.
method At least one of the keywords described in Table 2.
default
If the default list is not set, only the local user database is checked. This has the same
effect as the following command:
aaa authentication login default none
command mode
instruction
The default and optional list names that you create with the aaa authentication login
command are used with the login authentication command.
The additional methods of authentication are used only if the previous method returns
an error, not if it fails. To ensure that the authentication succeeds even if all methods
return an error, specify none as the final method in the command line.
If authentication is not specifically set for a line, the default is to deny access and no
authentication is performed.
Table 0-2 AAA authentication login Methods
Keyword Description
enable Uses the enable password for authentication.
group Uses the server group for authentication.
line Uses the line password for authentication.
local Uses the local username database for authentication.
local-case Uses case-sensitive local username authentication.
none Uses no authentication.
group radius Used RADIUS for authentication.
example
The following example creates an AAA authentication list called TEST. This
authentication first tries to contact a TACACS+ server. If no server is found, TACACS+
-3-
returns an error and AAA tries to use the enable password. If this attempt also returns
an error (because no enable password is configured on the server), the user is allowed
access with no authentication.
aaa authentication login TEST tacacs+ enable none

The following example creates the same list, but it sets it as the default list that is used
for all login authentications if no other list is specified:
aaa authentication login default tacacs+ enable none
related commands
none
1.1.3 aaa authentication password-prompt

To change the text displayed when users are prompted for a password, use the aaa
authentication password-prompt global configuration command. Use the no form of this
command to return to the default password prompt text.
aaa authentication password-prompt text-string

no aaa authentication password-prompt text-string
parameter
test-string String of text that will be displayed when the user is prompted to
enter a password.
default
There is no user-defined text-string, and the password prompt appears as "Password."
command mode
instruction
Use the aaa authentication password-prompt command to change the default text that
the software displays when prompting a user to enter a password. This command
changes the password prompt for the enable password as well as for login passwords
that are not supplied by remote security servers. The no form of this command returns
the password prompt to the default value:
Password:
The aaa authentication password-prompt command does not change any dialog that is
supplied by a remote TACACS+ server.
-4-
example
The following example changes the text for the username prompt:
aaa authentication password-prompt YourPassword:
related commands
aaa authentication username-prompt

enable password
1.1.4 aaa authentication username-prompt

To change the text displayed when users are prompted to enter a username, use the
aaa authentication username-prompt global configuration command. Use the no form
of this command to return to the default username prompt text.
aaa authentication username-prompt text-string

no aaa authentication username-prompt text-string
parameter
text-string String of text that will be displayed when the user is prompted to
enter a username.
default
There is no user-defined text-string, and the username prompt appears as "Username."
command mode
instruction
Use the aaa authentication username-prompt command to change the default text that
the software displays when prompting a user to enter a username. The no form of this
command returns the username prompt to the default value:
Username:
Some protocols (for example, TACACS+) have the ability to override the use of local
username prompt information. Using the aaa authentication username-prompt
command will not change the username prompt text in these instances.
Note：
-5-
The aaa authentication username-prompt command does not change any dialog that is
supplied by a remote TACACS+ server.
example
The following example changes the text for the username prompt:
aaa authentication username-prompt YourUsernam:
related commands
aaa authentication password-prompt
1.1.5 aaa group server

To group different RADIUS server hosts into distinct lists and distinct methods, enter the
aaa group server radius command in global configuration mode. To remove a group
server from the configuration list, enter the no form of this command.
aaa group server radius group-name

no aaa group server radius group-name
parameter
group-name Character string used to name the group of servers.
default
No default behavior or values.
command mode
instruction
The authentication, authorization, and accounting (AAA) server-group feature

introduces a way to group existing server hosts. The feature enables you to select a
subset of the configured server hosts and use them for a particular service.
Example
The following example adds a radius server group named radius-group:

aaa group server radius radius-group
related commands
server
-6-
1.1.6 debug aaa authentication

To display information on authentication, authorization, and accounting (AAA)
TACACS+ authentication, use the debug aaa authentication command in privileged
EXEC mode. To disable debugging output, use the no form of this command.
debug aaa authentication
no debug aaa authentication
parameter
none
default
disabled
command mode
EXEC
instruction
Use this command to learn the methods of authentication being used and the results of
these methods.
example
The following is sample output from the debug aaa authentication command.
switch#debug aaa authentication
AAA: Authen start (0x1f74208), user=, authen_type=ASCII, priv=0, method-list=default
AAA: Use authen method LOCAL (0x1f74208).
AAA: Authen CONT, need username.
AAA: Authen CONT, need password.
AAA: Authen ERROR (0x1f74208)! Use next method.
AAA: Authen FAIL(0x1f74208)! Method-list polling finish.
Output information description
Authen start (0x1f74208), user=, The authentication starts and the username
authen_type=ASCII, priv=0, is unknown. Uses ASCII-type authentication.
method-list=default The privileged level required for the user to
enter is 0. Uses the default authentication
method list.
UserID ＝ 0x1f74208
Use authen method LOCAL (0x1f74208) Uses local authentication method. UserID ＝
0x1f74208
Authen CONT, need username Prompts for username
Authen CONT, need password Prompts for password
Authen ERROR (0x1f74208)! Use next Indicates that the local authentication fails,
-7-
method Uses the next method in the list.
Authen FAIL(0x1f74208)! Method-list polling Method-list polling is finished. The

finish authentication fails.
related commands
none
1.1.7 enable password

To set a local password to control access to various privilege levels, use the enable
password command in global configuration mode. To remove the password
requirement, use the no form of this command.
enable password { password | [encryption-type] encrypted-password } [level number]

no enable password [level number]
parameter
password Password users type to enter enable mode.
encryption-type Algorithm used to encrypt the password.
encrypted-password Encrypted password you enter, copied from another router

configuration.
level Level for which the password applies.
number Number between 1 and 15 that specifies the privilege level for
the user.
default
No password is defined.
command mode
instruction
Can not have spaces in the password that the switch configures. When using the
enable password command, you cannot input space if you enter a clear text password.
The length of the clear text password cannot exceed 126 characters.
The default level parameter is 15 without inputting the level parameter. If a privilege
level is not configured password, then no authentication is performed when a user
entering this priviledge level.
Our switch system only supports two types of encryption. The encryption type is 0 and 7
respectively. Parameter O indicates no password is defined and you enter a clear text
password in the following encrypted-password blank. Parameter 7 indicates a
-8-
self-defined algorithm is used for encryption and you enter encrypted text password in
the following encrypted-password blank. This encryted text password can be copied
from the configuration file of other switch.
example
The following example adds password clever for the privige level 10, uses
encryption-type 0, that is, the clear text password:
enable password 0 clever level 10
The following example adds password Oscar for the default privilege (15), uses
encryption-type 7, that is, the encrypted text password:
enable password 7 074A05190326
Assuming the encrypted text password of Oscar is 074A05190326, which is obtained
related commands
aaa authentication enable default

service password-encryption
1.1.8 server
To add a server in the AAA server group, use the server command in server-group
configuration mode. To remove the associated server from the authentication,
authorization, and accounting (AAA) group server, use the no form of this command.
server A.B.C.D
no server A.B.C.D
parameter
A.B.C.D IP address of the server.
default
No server
command mode
Server-group configuration
instruction
You can add 20 different servers in a server group at most.
-9-
example
The following example adds a server at 12.1.1.1 to the server group:

server 12.1.1.1
related commands
aaa group server
1.1.9 service password-encryption

To encrypt passwords, use the service password-encryption command in global
configuration mode. To restore the default, use the no form of this command.
service password-encryption
no service password-encryption
parameter
none
default
No encryption
command mode
instruction
Currently in the realization of our switch system, this command is related to username
password, enable password and password. If this command is not configured on the
switch (namely default state), and the system uses the clear text storage method in the
above three commands, then the configured clear text of the password can be
displayed in the show running-config command. If this command is configured on the
switch, then the configured password of the above three commands will be encrypted,
then the configured clear text of the password cannot be displayed in the show
running-config command, even using the no service password-encryption cannot
restore the clear text of the password. Please make sure of the configured password
before using this command for encryption. The no service password-encryption
command only has effect on the password configured by the service
password-encryption command.
example
Use the following command to encrypt for the configured clear text password and also
to encrypt for the clear text password that configured after using this command.
switch_config#service password-encryption
related commands
username username password

enable password
- 10 -
password
1.1.10 username
To establish a username-based authentication system, use the username command in
global configuration mode. Use the no form of this command to remove an established
username-based authentication.
username username [password { password | [encryption-type] encrypted-password }]

[user-maxlinks number] [autocommand command]
no username username
parameter
Username Username character string
password Password a user enters.
password Clear text of the password character string
encryption-type Encryption type
encrypted-password Encrypted password a user enters.
user-maxlinks Limits the user's number of inbound links.
number Link number that established simultaneously.
Causes the specified command to be issued automatically after

autocommand the user logs in. The autocommand must be used in the end of
the command line.
command Executes automatically command character string
default
No username-based authentication system is established.
command mode
instruction
The password is considered as empty character string when there is no password

parameter. The trust-host will bind the user to the specified host. This user and other
hosts cannot pass authentication when logging in switch. The user-maxlinks command
limit the user's number of inbound links. User can use the show users command to
check which kind of authentication that each online user passes.
White spaces are not allowed in the configured password of our switch. This also
applies to the enable password command.
Our switch system only supports two types of encryption. The encryption type is 0 and 7
respectively. Parameter O indicates no password is defined and you enter a clear text
password in the following encrypted-password blank. Parameter 7 indicates a
- 11 -
self-defined algorithm is used for encryption and you enter encrypted text password in
the following encrypted-password blank. This encryted text password can be copied
example
The following example adds a local user, its username is someone, its password is
someother:
username someone password someother
The following example adds a local user, its user name is Oscar, its password is Joan,
uses encryption-type 7, that is, the encrypted text password:
enable password 7 1105718265
Assuming the encrypted text password is 1105718265, which is obtained from the
configuration file of other switch.
related commands
aaa authentication login
- 12 -
Chapter 2 RADIUS Configuration Commands

This chapter describes the commands used to configure RADIUS. RADIUS is a
distributed client/server system that secures networks against unauthorized access. In
the implementation, RADIUS clients run on switches and send authentication requests
to a central RADIUS server that contains all user authentication and network service
access information.
For information on how to configure RADIUS, refer to the chapter "Configuring
RADIUS".
1.2 RADIUS Configuration Commands

RADIUS Configuration Commands include：
z debug radius
z ip radius source-interface
z radius-server challenge-noecho
z radius-server deadtime
z radius-server host
z radius-server optional-passwords
z radius-server key
z radius-server retransmit
z radius-server timeout
z radius-server vsa send
1.2.1 debug radius

To display information associated with RADIUS, use the debug radius command in
EXEC mode. To disable debugging output, use the no form of this command.
debug radius｛event | packet｝

no debug radius｛event | packet｝
parameter
event Displays radius event
packet Displays radius packet.
default
none
- 13 -
command mode
EXEC
instruction
Use this command to debug network system to locate the authentication failure reason.
Switch#debug radius event
RADIUS:return message to aaa, Give me your username
RADIUS:return message to aaa, Give me your password
RADIUS:inital transmit access-request [4] to 192.168.20.126 1812 <length=70>
RADIUS:retransmit access-request [4] to 192.168.20.126 1812 <length=70>
RADIUS:retransmit access-request [4] to 192.168.20.126 1812 <length=70>
RADIUS:192.168.20.126 is dead to response [4]
RADIUS:Have tried all servers，return error to aaa
output information description
return message to aaa, Give me your It needs username

username
return message to aaa, Give me your It needs the password that corresponds to the
password username
inital transmit access-request [4] to Sends authentication request to RADIUS

192.168.20.126 1812 <length=70> server for the first time. The server address is
192.168.20.126, port number 1812, packet
length 70
retransmit access-request [4] to The server doesn’t respond to the request in

192.168.20.126 1812 <length=70> time. The authentication request will be
retransmitted.
192.168.20.126 is dead to response [4] The server doesn’t respond after many times
of retransmittion. This serve is marked as
dead.
Have tried all servers，return error to aaa RADIUS cannot complete this authentication
and returns to error.
example
The following example debugs RADIUS event:

debug radius event
1.2.2 ip radius source-interface

To force RADIUS to use the IP address of a specified interface for all outgoing RADIUS
packets, use the ip radius source-interface command in global configuration mode. To
prevent RADIUS from using the IP address of a specified interface for all outgoing
RADIUS packets, use the no form of this command.
ip radius source-interface interface-name
- 14 -
no ip radius source-interface
parameter
interface-name Name of the interface that RADIUS uses for all of its outgoing
packets.
default
No default behavior or values
command mode
instruction
Use this command to set the IP address of a subinterface to be used as the source
address for all outgoing RADIUS packets. The IP address is used as long as the
subinterface is in the up state. In this way, the RADIUS server can use one IP address
entry for every network access client instead of maintaining a list of IP addresses.
This command is especially useful in cases where the router has many subinterfaces
and you want to ensure that all RADIUS packets from a particular router have the same
IP address.
The specified subinterface must have an IP address associated with it. If the specified
subinterface does not have an IP address or is in the down state, then RADIUS reverts
to the default. To avoid this, add an IP address to the subinterface or bring the
subinterface to the up state.
example
The following example shows how to configure RADIUS to use the IP address of vlan 1
for all outgoing RADIUS packets:
ip radius source-interface vlan 1
related commands
ip tacacs source-interface
1.2.3 radius-server challenge-noecho

To prevent user responses to Access-Challenge packets from being displayed on the
screen, use the radius-server challenge-noecho command in global configuration mode.
To return to the default condition, use the no form of this command.
radius-server challenge-noecho
no radius-server challenge-noecho
parameter
none
- 15 -
default
All user responses to Access-Challenge packets are echoed to the screen.
command mode
instruction
none
example
radius-server challenge-noecho
1.2.4 radius-server deadtime

To improve RADIUS response times when some servers might be unavailable and
cause the unavailable servers to be skipped immediately, use the radius-server
deadtime command in global configuration mode. To set dead-time to 0, use the no
radius-server deadtime minutes
no radius-server deadtime
parameter
minutes Length of time, in minutes, for which a RADIUS server is skipped

over by transaction requests, up to a maximum of 1440 minutes
(24 hours).
default
Dead time is set to 0.
command mode
instruction
Use this command to cause the software to mark as "dead" any RADIUS servers that
fail to respond to authentication requests, thus avoiding the wait for the request to time
out before trying the next configured server. A RADIUS server marked as "dead" is
skipped by additional requests for the duration of minutes or unless there are no
servers not marked "dead."
example
The following example specifies five minutes deadtime for RADIUS servers that fail to
respond to authentication requests:
radius-server deadtime 5
- 16 -
related commands
radius-server host
radius-server retransmit
radius-server timeout
1.2.5 radius-server host

To specify a RADIUS server host, use the radius-server host command in global
configuration mode. To delete the specified RADIUS host, use the no form of this
command.
radius-server host ip-address [auth-port port-number1] [acct-port port-number2]
no radius-server host ip-address
parameter
ip-address IP address of the RADIUS server host.
auth-port (Optional) Specifies the UDP destination port for authentication

requests.
port-number1 (Optional) Port number for authentication requests; the host is

not used for authentication if set to 0.
acct-port (Optional) Specifies the UDP destination port for accounting

requests.
port-number2 (Optional) Specifies the UDP destination port for accounting

requests; the host is not used for accounting if set to 0.
default
No RADIUS host is specified;
command mode
instruction
You can use multiple radius-server host commands to specify multiple hosts. The
software searches for hosts in the order in which you specify them.
example
The following example specifies host 1.1.1.1 as the RADIUS server and uses default
ports for both accounting and authentication
radius-server host 1.1.1.1
The following example specifies port 12 as the destination port for authentication
requests and port 16 as the destination port for accounting requests on the RADIUS
host named host1:
- 17 -
radius-server host 1.2.1.2 auth-port 12 acct-port 16
related commands
aaa authentication
radius-server key
tacacs server
username
1.2.6 radius-server optional-passwords

To specify that the first RADIUS request to a RADIUS server be made without password
verification, use the radius-server optional-passwords command in global configuration
mode. To restore the default, use the no form of this command.
radius-server optional-passwords
no radius-server optional-passwords
parameter
This command has no parameters or keywords.
default
disabled
command mode
instruction
When the user enters the login name, the login request is transmitted with the name
and a zero-length password. If accepted, the login procedure completes. If the RADIUS
server refuses this request, the server software prompts for a password and tries again
when the user supplies a password. The RADIUS server must support authentication
for users without passwords to make use of this feature.
example
The following example configures the first login to not require RADIUS verification:
radius-server optional-passwords
related commands
radius-server host
1.2.7 radius-server key

To set the authentication and encryption key for all RADIUS communications between
the router and the RADIUS daemon, use the radius-server key command in global
configuration mode. To disable the key, use the no form of this command.
radius-server key string
- 18 -
no radius-server key
parameter
string Spedifies the encrypted key.

This encrypted key must match the encrypted key that RADIUS
server uses.
default
The encrypted key is the empty character string.
command mode
instruction
The key entered must match the key used on the RADIUS daemon. All leading spaces
are ignored, and all white spaces cannot be included in the encrypted key.
example
The following example sets the encryption key to " firstime ":
radius-server key firstime
related commands
radius-server host
tacacs server
username
1.2.8 radius-server retransmit

To specify the number of times the software searches the list of RADIUS server hosts
before giving up, use the radius-server retransmit command in global configuration
mode. To disable retransmission, use the no form of this command.
radius-server retransmit retries
no radius-server retransmit
parameter
retries Maximum number of retransmission attempts. The default is 3

attempts.
- 19 -
default
3 attemps
command mode
instruction
This command is generally used with the radius-server timeout command, indicating
the interval for which a router waits for a server host to reply before timing out and the
times of retry after timing out.
example
The following example specifies a retransmit counter value of five times:

radius-server retransmit 5
related commands
radius-server timeout
1.2.9 radius-server timeout

To set the interval for which a router waits for a server host to reply, use the
radius-server timeout command in global configuration mode. To restore the default,
radius-server timeout seconds
no radius-server timeout
parameter
seconds Number that specifies the timeout interval, in seconds. The

default is 5 seconds.
default
5 seconds
command mode
instruction
This command is generally used with the radius-server retransmit command.
- 20 -
example
Use this command to set the number of seconds a router waits for a server host to reply
before timing out.
radius-server timeout 10
related commands
none
1.2.10 radius-server vsa send

To configure the network access server to recognize and use vendor-specific attributes,
use the radius-server vsa send command. To restore the default, use the no form of this
command.
radius-server vsa send [authentication]
no radius-server vsa send [authentication]
parameter
authentication (Optional) Limits the set of recognized vendor-specific

attributes to only authentication attributes.
default
disabled
command mode
instruction
The Internet Engineering Task Force (IETF) draft standard specifies a method for
communicating vendor-specific information between the network access server and the
RADIUS server by using the vendor-specific attribute (attribute 26). Vendor-specific
attributes (VSAs) allow vendors to support their own extended attributes not suitable for
general use. The radius-server vsa send command enables the network access server
to recognize and use both accounting and authentication vendor-specific attributes.
Use the accounting keyword with the radius-server vsa send command to limit the set
of recognized vendor-specific attributes to just accounting attributes. Use the
authentication keyword with the radius-server vsa send command to limit the set of
recognized vendor-specific attributes to just authentication attributes.
example
The following example configures the network access server to recognize and use
vendor-specific accounting attributes:
radius-server vsa send accounting
- 21 -
related commands
radius-server host
- 22 -
EPON OAM Configuration Commands
Table of Contents
Table of Contents
Chapter 1 OAM Configuration Commands......................................................................................... 1
1.1 OAM Configuration Commands............................................................................................ 1
1.1.1 ethernet oam timeout ................................................................................................. 1
1.1.2 ethernet oam log ........................................................................................................ 2
1.1.3 ethernet oam log discovery ........................................................................................ 2
1.1.4 ethernet oam log link-monitor..................................................................................... 3
1.1.5 ethernet oam remote-loopback {start | stop | test} ..................................................... 4
1.1.6 show ethernet oam statistics...................................................................................... 5
1.1.7 show ethernet oam configuration ............................................................................... 6
1.1.8 show ethernet oam ctc version-negotiation-result ..................................................... 6
1.1.9 show ethernet oam loopback-test-result .................................................................... 7
1.1.10 show ethernet oam status ........................................................................................ 8
-I-
EPON OAM Configuration Command
Chapter 1 OAM Configuration Commands
1.1 OAM Configuration Commands
1.1.1 ethernet oam timeout
Syntax
[no] ethernet oam timeout value
ethernet oam timeout value
It is used to set the timeout time of the OAM connection.
Parameter
Parameter Parameter description

value Timeout time of the OAM connection, which ranges between 2
and 30 and whose unit is second
Default value
The value of timeout is 10.
Command mode
Instruction
This command can be used to configure some optional parameters for establishing the
OAM connection.
Example
The following example shows how to set the timeout time of connection to five
seconds.
switch_config#ethernet oam timeout 5
-1-
1.1.2 ethernet oam log
Syntax
ethernet oam log {disable | enable}
It is used to enable or disable the EPON OAM log.
Parameter
None
Default value
enable
Command mode
Instruction
This command can be used to display or limit the EPON OAM log (including the OAM
discovery state machine and the link monitor). It is recommended to enable this log.
Example
The following example shows how to set and limit the EPON OAM log.
switch_config# ethernet oam log disable
1.1.3 ethernet oam log discovery
Syntax
ethernet oam log discovery {disable | enable}
To display or restrain the discovery log of EPON OAM, run the previous command.
Parameter
None
-2-
Default value
enable
Command mode
Instruction
This command is used to restrain the discovery log of EPON OAM, however, it is
recommended to enable this log.
Example
The following example shows how to display or restrain the discovery log of EPON
OAM:
switch_config# ethernet oam log discovery disable
1.1.4 ethernet oam log link-monitor
Syntax
ethernet oam log link-monitor {disable | enable}
It is used to enable or disable the link monitor log of EPON OAM.
Parameter
None
Default value
enable
Command mode
Instruction
This command is used to restrain the link monitor log of EPON OAM, however, it is
recommended to enable this log.
-3-
Example
The following example shows how to display or restrain the link monitor log of EPON
OAM:
switch_config# ethernet oam log link-monitor disable
1.1.5 ethernet oam remote-loopback {start | stop | test}
Syntax
ethernet oam remote-loopback {start | stop | {test frame-size pkt-num}} interface

intf-type intf-id
To start or stop the remote OAM loopback, run the previous command.
Parameter
frame-size Stands for the size of a frame.
pkt-num Stands for the number of the frames.

intf-id Stands for an designated interface.
Default value
None
Command mode
Privileged mode
Remarks
The remote OAM loopback cannot be enabled on the physical interface that belongs to
the aggregation interface.
Example
The following example shows how to positively start the remote OAM loopback on
interface EPON 0/1:1.
switch#ethernet oam remote-loopback start interface EPON0/1:1
-4-
1.1.6 show ethernet oam statistics
Syntax
show ethernet oam statistics interface [intf-type intf-id]

To display the OAM statistics information on a designated interface or all interfaces,
run the previous command.
Parameter

intf-id Displays the statistics information on the designated interface or
on all protocol-up ports and enables the statistics information on
the OAM interface.
Default value
None
Remarks
None
Example
The following example shows how to display the number of the OAM packets which
are classified by packet types on interface EPON0/1:1.
switch#show ethernet oam statistics interface EPON0/1:1
Interface: E0/1:1
Counters:
---------
Information OAMPDU Tx : 494
Information OAMPDU Rx : 494
Unique Event Notification OAMPDU Tx :0
Unique Event Notification OAMPDU Rx :0
Duplicate Event Notification OAMPDU TX: 0
Duplicate Event Notification OAMPDU RX: 0
Loopback Control OAMPDU Tx :0
Loopback Control OAMPDU Rx :0
Variable Request OAMPDU Tx :0
Variable Request OAMPDU Rx :0
Variable Response OAMPDU Tx :0
Variable Response OAMPDU Rx :0
Organization Specific OAMPDU Tx :1
-5-
Organization Specific OAMPDU Rx :1

Unsupported OAMPDU Tx :0
Unsupported OAMPDU Rx :0
Frames Lost due to OAM :0
1.1.7 show ethernet oam configuration
Syntax
show ethernet oam configuration

The following example shows how to display global OAM configuration:
Parameter
None
Default value
None
Remarks
None
Example
The following example shows how to display global OAM configuration:

switch#show ethernet oam configuration
General
-------
Link timeout : 10 seconds
1.1.8 show ethernet oam ctc version-negotiation-result
Syntax
show ethernet oam ctc version-negotiation-result interface [intf-type intf-id]

To display the negotiation result of Telecom OAM on all interfaces or a specific
interface, run the previous command.
Parameter

intf-id Displays the negotiation result of Telecom OAM on a specific
interface, otherwise displays all protocols are up and the
-6-
negotiation result of Telecom OAM on the OAM interface.
Default value
None
Remarks
None
Example
The following example shows how to display the OAM Runtime information on
interface E0/1:1.
switch# show ethernet oam ctc version-negotiation-result interface E0/1:1
Interface : E0/1:1
ctc_OAM_Ext_Status : 0x3
OUI : 11:11:11
ctc_OAM_Ext_version: 0x20
1.1.9 show ethernet oam loopback-test-result
Syntax
show ethernet oam loopback-test-result interface [intf-type intf-id]

It is used to display the result of OAM loopback testing of a designated port.
Parameter

intf-id Displays the loopback result of OAM on a specific interface,
otherwise displays all protocols are up and the loopback result
of OAM on the OAM interface.
Default value
None
Remarks
None
-7-
Example
The following example shows how to display the OAM loopback result on interface
E0/1:1.
switch#ethernet oam remote-loopback start interface E0/1:1
switch #ethernet oam remote-loopback test 64 10 interface E0/1:1

switch # show ethernet oam loopback-test-result interface E0/1:1
Loopback test result:
Out of Seqance frames: 5
10 packets transmitted, 9 received, 10% packet loss
rtt min/avg/max = 0/0/0 ms
value = 0 = 0x0
1.1.10 show ethernet oam status
Syntax
show ethernet oam status [interface [intf-type intf-id]]

It is used to display the OAM status on all interfaces or a designated interface.
Parameter

intf-id Displays the OAM status on a designated interface, or displays
all protocol-up ports and enables the OAM status on the OAM
interface.
Default value
None
Remarks
None
Example
The following example shows how to display the OAM status on interface E0/1:1.
switch#show ethernet oam status
Interface: E0/1:1
oam_table:
----------
Admin state: Enabled
Operational status: 108270576
-8-
Mode: 4662140
Maximum oam pdu: 1518
Configuration revision: 0
Function supported: 7
peer_table:
-----------
Status: 4662140
MAC address: 00:13:25:ff:ff:81
Vendor OUI: 00:13:25
Vendor info: 0
mode: Passive
Maximum oam pdu: 1518
Configuration revision: 1
Function supported: 7
loopback_table:
--------------
Status:
-9-
Flow Encryption Configuration Commands
Table of Contents
Table of Contents
Chapter 1 Encryption Configuration Commands................................................................................ 1
1.1 Encryption Configuration Commands ................................................................................... 1
1.1.1 epon encryption triple-churning rekeying-timer-value ........................................... 1
1.1.2 epon encryption {enable | disable} ........................................................................ 2
-I-
Chapter 1 Encryption Configuration Commands
1.1 Encryption Configuration Commands
The following are encryption configuration commands:
z epon encryption triple-churning rekeying-timer-value
z epon encryption {enable | disable}
1.1.1 epon encryption triple-churning rekeying-timer-value
Syntax
epon encryption triple-churning rekeying-timer-value
no epon encryption
To enable or disable the global encryption of OLT, run the previous two commands
respectively.
Parameter

rekeying-timer-value Stands for the time for key update, which falls between 600 and
10000ms.
Default value
The default value of the encryption mode is triple-chuming and the time for key
update is 10000ms.
Command mode
Remarks
Only when the encryption function of the LLID port is enabled at the same time, the
underline encryption function can take effect.
-1-
Example
The following example shows how to set the encryption mode of OLT to
triple-chuming.
switch_config# epon encryption triple-churning
1.1.2 epon encryption {enable | disable}
Syntax
epon encryption enable
epon encryption disable
To enable or disable the underline encryption function of the LLID port, run the
previous two commands respectively.
Parameter
None
Default value
The encryption function of the LLID port is enabled by default.
Command mode
LLID port configuration mode
Remarks
This command takes effect only when it is used together with the command epon
encryption triple-churning rekeying-timer-value.
Example
The following example shows how to disable the encryption function of interface
EPON0/1:1.
switch_config# interface EPON0/1:1
switch_config_epon0/1:1# epon encryption disable
-2-
EPON Multicast Configuration Commands
Table of Contents
Table of Contents
Chapter 1 OLT IGMP Multicast Configuration Commands ................................................................ 1
1.1.1 ip mcst {enable | disable} ........................................................................................... 2
1.1.2 ip mcst mc-vlan vlan_id range A.B.C.D&<1-n> ....................................................... 2
1.1.3 ip mcst vlan vlan_id static A.B.C.D interface intf ..................................................... 3
1.1.4 ip mcst timer router-age timer_value.................................................................. 4
1.1.5 ip mcst timer response-time timer_value ................................................................... 4
1.1.6 ip mcst mrouter interface inft_name........................................................................... 5
1.1.7 ip igmp-proxy enable.................................................................................................. 6
1.1.8 ip mcst querier{enable | disable} ................................................................................ 6
1.1.9 ip mcst querier address [ip_addr]............................................................................... 7
1.1.10 ip igmp-proxy last-member-query {count value1| interval value2} ........................... 8
1.1.11 ip mcst compatible {enable | disable} ....................................................................... 9
1.1.12 ip mcst mode ............................................................................................................ 9
1.1.13 ip mcst preview time............................................................................................... 10
1.1.14 show ip mcst............................................................................................................11
1.1.15 show ip mcst timer ................................................................................................. 12
1.1.16 show ip mcst groups............................................................................................... 12
1.1.17 show ip mcst statistics............................................................................................ 13
1.1.18 show ip igmp-proxy ................................................................................................ 14
1.1.19 debug ip mcst packet ............................................................................................. 14
1.1.20 debug ip mcst timer................................................................................................ 15
1.1.21 debug ip mcst timer................................................................................................ 16
1.1.22 debug ip mcst event ............................................................................................... 16
1.1.23 debug ip mcst error ................................................................................................ 17
1.1.24 debug ip igmp-proxy............................................................................................... 17
Chapter 2 Commands for OLT MLD Multicast Settings ................................................................... 19
2.1.1 ip mld-snooping {enable | disable} ........................................................................... 19
2.1.2 ip mld-snooping solicitation ...................................................................................... 20
2.1.3 ip mld-snooping mc-vlan vlan_id range A.B.C.D&<1-n>....................................... 21
2.1.4 ip mld-snooping vlan vlan_id static X:X:X:X::X interface intf ................................. 21
2.1.5 ip mld-snooping timer router-age timer_value .................................................... 22
2.1.6 ip mld-snooping timer response-time timer_value ................................................... 23
2.1.7 ip mld-snooping mrouter interface inft_name........................................................... 23
2.1.8 ip mld-proxying enable ............................................................................................. 24
2.1.9 ip mld-proxying querier address [ip_addr]................................................................ 25
2.1.10 ip mld-proxying last-member-query {count value1| interval value2} ...................... 25
2.1.11 show ip mld-snooping............................................................................................. 26
2.1.12 show ip mld-snooping timer ................................................................................... 27
2.1.13 show ip mld-snooping groups ................................................................................ 28
2.1.14 show ip mld-snooping statistics.............................................................................. 28
2.1.15 show ip mld-proxying ............................................................................................. 29
-I-
Table of Contents
Chapter 3 Remote Configuration Commands for ONU Multicast .................................................... 31

3.1.1 epon onu mcst enable.............................................................................................. 31
3.1.2 epon onu ctc mcst switch ......................................................................................... 32
3.1.3 epon onu ctc mcst fast-leave enable ....................................................................... 32
3.1.4 epon onu ctc mcst premission.................................................................................. 33
3.1.5 epon onu port port_id ctc mcst tag-stripe enable..................................................... 34
3.1.6 epon onu port port_id ctc mcst max-group-number value ....................................... 35
3.1.7 epon onu port port_id ctc mcst mc-vlan {add vlanmap| delete vlanmap|clear}........ 35
- II -
Chapter 1 OLT IGMP Multicast Configuration

Commands
The OLT IGMP multicast configuration commands include:
z ip mcst {enable | disable}
z ip mcst mc-vlan vlan_id range A.B.C.D&<1-n>
z ip mcst vlan vlan_id static A.B.C.D interface intf
z ip mcst timer router-age timer_value
z ip mcst timer response-time timer_value
z ip mcst mrouter interface inft_name
z ip igmp-proxy enable
z ip mcst querier address ip_addr
z ip igmp-proxy last-member-query {count value1| interval value2}
z ip mcst mode
z ip mcst permission
z show ip mcst
z show ip mcst timer
z show ip mcst groups
z show ip mcst statistics
z show ip igmp-proxy
z debug ip mcst packet
z debug ip mcst timer
z debug ip mcst event
z debug ip mcst error
z debug ip igmp-proxy
-1-
1.1.1 ip mcst {enable | disable}
Syntax
ip mcst enable
{no ip mcst | ip mcst disable}
To enable and disable the IGMP snooping function, run epon onu mcst enable; to
resume the default value, run {no epon onu mcst | epon onu mcst disable}.
Parameter
None
Default value
The IGMP snooping is disabled.
Remarks
After IGMP snooping is enabled, when DLF occurs on multicast packets (that is, the
destination address is not registered in the swap chip through the igmp-snooping), all
multicast packets whose destination addresses are not registered on any port will be
dropped.
Example
The following example shows how to enable the IGMP snooping function:
switch_config# ip mcst enable
1.1.2 ip mcst mc-vlan vlan_id range A.B.C.D&<1-n>
Syntax
ip mcst mc-vlan vlan_id range A.B.C.D&<1-n>
no ip mcst mc-vlan vlan_id [range A.B.C.D&<1-n>]
Parameter
vlan_id VLAN ID
A.B.C.D IP address of the multicast
-2-
Default value
None
Remarks
This command has two functions: one is that only the Report and Leave packets
whose destination IP addresses have been added to a multicast VLAN can be
received by IGMP snooping; the other one is that the VLAN tag which transforms
the next multicast flow is the multicast VLAN tag. One multicast VLAN can
include multiple continuous or discontinuous multicast IP addresses, while one
multicast IP address can only belong to one multicast VLAN.
Example
The following command is used to add multicast group 225.1.1.1 to multicast VLAN2:
switch_config#ip mcst mc-vlan 2 range 225.1.1.1
Note:
224.0.0.0-224.0.0.255, as unroutable multicast addresses, cannot be registered on each port.
1.1.3 ip mcst vlan vlan_id static A.B.C.D interface intf
Syntax
ip mcst vlan vlan_id static A.B.C.D interface intf
no ip mcst vlan vlan_id static A.B.C.D interface intf
Parameter

vlan id Stands for the ID of a VLAN. Value range: 1-4094
inft An interface
Default value
None
Remarks
This command is used to configure the static multicast address of VLAN. Its negative
form is used to cancel the static multicast address.
-3-
Example
The following example shows how to add the static multicast address 234.5.6.7 to port
EPON0/1:1.
switch_config# ip mcst vlan 1 static 234.5.6.7 interface EPON0/1:1
switch_config#
Note:
224.0.0.0-224.0.0.255 stands for irroutable multicast addresses which cannot be

registered on each port.
1.1.4 ip mcst timer router-age timer_value
Syntax
ip mcst timer router-age timer_value
no ip mcst timer router-age
Parameter

time value Queries the time of the timer. Value range: 10-2147483647
Default value
260 seconds
Remarks
This command is used to query the time of the timer of IGMP-Snooping. The negative
form of this command is used to resume the default value.
Example
The following example shows how to set the query time of the router to 300 seconds.
switch_config# ip mcst timer router-age 300
switch_config#
1.1.5 ip mcst timer response-time timer_value
Syntax
ip mcst timer response-time timer_value
-4-
no ip mcst timer response-time
To configure the maximum response time of IGMP snooping, run ip igmp-snooping

timer response-time timer_value. To resume the default value of IGMP snooping,
run no ip igmp-snooping timer response-time timer_value.
Parameter

Default value
15 seconds
Remarks
None
Example
The following example shows how to set the query response time of IGMP snooping to
20 seconds.
switch_config# ip mcst timer response-time 20
1.1.6 ip mcst mrouter interface inft_name
Syntax
ip mcst mrouter interface inft_name
no ip mcst mrouter interface inft_name
To configure the port of the static multicast router of IGMP snooping, run ip mcst
mrouter interface inft_name.
Parameter
inft_name Shows the port type, the slot and the port ID.
Default value
15 seconds
-5-
Remarks
None
Example
The following example shows how to set port G0/4 to the port of the static multicast
router of IGMP snooping.
switch_config# ip mcst timer mrouter interface G0/4
1.1.7 ip igmp-proxy enable
Syntax
ip igmp-proxy enable
{no ip igmp-proxy enable}
To enable IGMP proxy, run ip mcst enable. To resume the default value, run {no ip
mcst | ip mcst disable}.
Parameter
None
Default value
The IGMP proxy is disabled by default.
Remarks
None
Example
The following example shows how to enable the IGMP proxy:

switch_config# ip igmp-proxy enable
1.1.8 ip mcst querier{enable | disable}
Syntax
ip mcst querier enable
{no ip mcst querier | ip mcst querier disable}
-6-
To enable or disable the querier port in OLT, run ip mcst querier enable; to resume
the default settings, run no ip mcst querier | ip mcst querier disable.
Parameter
None
Default value
The querier port of OLT is disabled.
Remarks
After the querier port of OLT is added, this port can transmit the query packets
automatically in a regular time.
Example
The following example shows how to enable the querier port of OLT.
switch_config# ip mcst querier enable
1.1.9 ip mcst querier address [ip_addr]
Syntax
ip mcst querier address ip_addr
no ip mcst querier address
To set the source IP address of the automatic query packet, run ip mcst querier
address ip_addr. The negative form of this command is used to resume the default
value.
Parameter

ip_addr IP address of a normal broadcast
Default value
The default source IP address is 10.0.0.200.
-7-
Remarks
None
Example
The following example shows how to set the source IP address of the query packet to
11.1.1.200:
switch_config# ip mcst querier address 11.1.1.200
1.1.10 ip igmp-proxy last-member-query {count value1| interval value2}
Syntax
ip igmp-proxy last-member-query {count value1| interval value2}
no ip igmp-proxy last-member-query {count | interval}
To set the source IP address of the automatic query packet, run ip igmp-proxy
last-member-query {count value1| interval value2}. The negative form of this
command is used to resume the default value.
Parameter

value1 1-5
value2 1-60 seconds
Default value
Both Value1 and Value2 are 2 by default.
Remarks
None
Example
The following example shows how to set last-member-query count to 3.

switch_config# ip igmp-proxy last-member-query count 3
-8-
1.1.11 ip mcst compatible {enable | disable}
Syntax
ip mcst compatible enable
{no ip mcst compatible | ip mcst compatible disable}
It is used to enable or disable the multicast-compatible function. The negative form of

Parameter
None
Default value
The multicast compatible function is disabled by default.
Remarks
After the multicast compatible mode is enabled, OLT can support the IGMP snooping
multicast mode and the dynamic multicast mode by taking the LLID port as a unit. Only
in the default mode can the multicast mode of OLT be set and OLT only supports one
kind of multicast process at this case.
Example
The following example shows how to disable the multicast compatible function of OLT:
switch_config# ip mcst compatible disable
1.1.12 ip mcst mode
Syntax
ip mcst mode {igmp-snooping | dynamic-controllable}
{no ip mcst mode | ip mcst igmp-snooping}
It is used to switch over the multicast mode.
Parameter
None
-9-
Default value
Igmp-snooping mode
Remarks
After the OLT multicast mode is switched over, the multicast modes of all ONUs will be
automatically switched over to the same mode. The users therefore are free of the
trouble of setting ONUs one by one.
Example
The following example shows how to set the multicast mode to the controllable
multicast:
switch_config# ip mcst mode dynamic-controllable
1.1.13 ip mcst preview time
Syntax
ip mcst preview time (1 – 60 )
no ip mcst preview time
Parameter
time Stands for the preview time

(minute).
Default value
None
Remarks
None
Example
The following example shows how to set the preview time to 1.

switch_config#ip mcst previre time 1
- 10 -
1.1.14 show ip mcst
Syntax
show ip mcst
Parameter
None
Default value
None
Remarks
This command is used to display the information about IGMP-snooping configuration.
Example
The following example shows how to display the information about the IGMP-snooping
settings.
switch# show ip mcst
Global multicast configuration:

-----------------------------------
Globally enable : Enabled
Multicast mode : IGMP Snooping
Dlf-frames filtering : Enabled
Querier : Disabled
Querier address : 10.0.0.200
Router age : 260 s
Response time : 15 s
Router Port List:

-----------------
G0/4 (querier);
switch#
- 11 -
1.1.15 show ip mcst timer
Syntax
show ip mcst timer
Parameter
None
Default value
None
Remarks
This command is used to display the information about the IGMP-snooping clock.
Example
The following example shows how to display the information about the IGMP-snooping
clock.
switch#show ip mcst timers
Querier on port G0/4: 258
vlan 2 multicast address 0100.5e01.0101 response time : 13
switch#
Querier on port G0/4: 251 means the timeout time of the ageing timer of the router.
vlan 2 multicast address 0100.5e01.0101 response time : This shows the time period from
receiving a multicast query packet to the present; if there is no host to respond when the timer
times out, the port will be canceled.
1.1.16 show ip mcst groups
Syntax
show ip mcst groups
Parameter
None
- 12 -
Default value
None
Remarks
This command is used to display the information about the multicast group of
IGMP-snooping.
Example
The following example shows how to display the information about the multicast group
of IGMP-snooping.
switch# show ip mcst timer
Vlan Group Type Port(s)

---- --------------- -------- -------------------------------------
2 225.1.1.1 LEARNING E0/1:1
switch#
1.1.17 show ip mcst statistics
Syntax
show ip mcst statistics
Parameter
None
Default value
None
Remarks
This command is used to display the information about IGMP-snooping statistics.
Example
The following example shows how to display the information about IGMP-snooping
statistics.
switch#show ip mcst statistics
v1_packets:0 Number of the IGMPv1 packets
- 13 -

general_query_packets:5 Number of the general query packets
special_query_packets:0 Number of the special query packets
join_packets:6 Number of the report packets
leave_packets:0 Number of the Leave packets
err_packets:0 Number of the error packets
1.1.18 show ip igmp-proxy
Syntax
show ip igmp-proxy
Parameter
None
Default value
None
Remarks
This command is used to display the information about IGMP proxy.
Example
The following example shows how to display the information about IGMP proxy.
switch#show ip igmp-proxy
Global IGMP proxy configuration
-------------------------------
Status : Disable
Last member query interval: 2
Last member query count :2
switch#
1.1.19 debug ip mcst packet
Syntax
debug ip mcst packet
no debug ip mcst packet
- 14 -
Parameter
None
Default value
None
Remarks
This command is used to enable or disable the MCST packet.
Example
The following example shows how to enable the debugging switch of MCST packets.
switch# debug ip mcst packet
switch#
1.1.20 debug ip mcst timer
Syntax
debug ip mcst timer
no debug ip mcst timer
Parameter
None
Default value
None
Remarks
This command is used to enable or disable the MCST timer.
Example
The following example shows how to enable the MCST timer.

switch# debug ip mcst timer
switch#
- 15 -
1.1.21 debug ip mcst timer
Syntax
debug ip mcst timer
no debug ip mcst timer
Parameter
None
Default value
None
Remarks
This command is used to enable or disable the MCST timer.
Example
The following example shows how to enable the MCST timer.

switch# debug ip mcst timer
switch#
1.1.22 debug ip mcst event
Syntax
debug ip mcst event
no debug ip mcst event
Parameter
None
Default value
None
- 16 -
Remarks
This command is used to enable or disable the MCST event.
Example
The following example shows how to enable the MCST event.

switch# debug ip mcst event
1.1.23 debug ip mcst error
Syntax
debug ip mcst error
no debug ip mcst error
Parameter
None
Default value
None
Remarks
This command is used to enable or disable the MCST error.
Example
The following example shows how to enable the error debugging switch of IGMP
snooping.
switch# debug ip mcst error
1.1.24 debug ip igmp-proxy
Syntax
debug debug ip igmp-proxy
no debug ip igmp-proxy
- 17 -
Parameter
None
Default value
None
Remarks
It is used to enable or disable the debugging switch of IGMP proxy.
Example
The following example shows how to enable the debugging switch of IGMP proxy.
switch# debug ip igmp-proxy
switch#
- 18 -
Chapter 2 Commands for OLT MLD Multicast

Settings
The OLT MLD multicast configuration commands include:
z ip mld-snooping {enable | disable}
z ip mld-snooping mc-vlan vlan_id range X:X:X:X::X&<1-n>
z ip mld-snooping vlan vlan_id static X:X:X:X::X interface intf
z ip mld-snooping timer router-age timer_value
z ip mld-snooping timer response-time timer_value
z ip mld-snooping mrouter interface inft_name
z ip mld-proxying enable
z ip mld-proxying querier address ip_addr
z ip mld-proxying last-member-query {count value1| interval value2}
z show ip mld-snooping
z show ip mld-snooping timer
z show ip mld-snooping groups
z show ip mld-snooping statistics
z show ip mld-proxying
2.1.1 ip mld-snooping {enable | disable}
Syntax
ip mld-snooping enable
{no ip mld-snooping | ip mld-snooping disable}
To set the MLD snooping function, run ip mld-snooping enable; to resume the default
value, run {no ip mld-snooping | ip mld-snooping disable}.
Parameter
None
- 19 -
Default value
The MLD snooping is disabled.
Remarks
After MLD snooping is enabled, when DLF occurs on multicast packets (that is, the
destination address is not registered in the swap chip through the MLD-snooping), all
dropped.
Example
The following example shows how to enable the MLD snooping function:
switch_config# ip mld-snooping enable
2.1.2 ip mld-snooping solicitation
Syntax
ip mld-snooping solicitation
no ip mld-snooping solicitation
To enable or disable the hardware forwarding of the multicast group, run ip

mld-snooping solicitation.To resume the default value, run no ip mld-snooping
solicitation.
Parameter
None
Default value
This function is shut down.
Remarks
None
Example
The following example shows how to enable the hardware forward of the multicast
group.
switch_config#ip mld-snooping solicitation
- 20 -
2.1.3 ip mld-snooping mc-vlan vlan_id range A.B.C.D&<1-n>
Syntax
ip mld-snooping mc-vlan vlan_id range X:X:X:X::X&<1-n>
no ip mld-snooping mc-vlan vlan_id [range X:X:X:X::X&<1-n>]
Parameter
vlan_id VLAN ID
X:X:X:X::X IP address of the multicast
Default value
None
Remarks
This command has two functions: one is that only the Report and Leave packets
whose destination IP addresses have been added to a multicast VLAN can be
received by MLD snooping; the other one is that the VLAN tag which transforms
the next multicast flow is the multicast VLAN tag. One multicast VLAN can
include multiple continuous or discontinuous multicast IP addresses, while one
multicast IP address can only belong to one multicast VLAN.
Example
The following command shows how to add multicast group ff12::5 to multicast VLAN2:
switch_config#ip mld-snooping mc-vlan 2 range ff12::5
2.1.4 ip mld-snooping vlan vlan_id static X:X:X:X::X interface intf
Syntax
ip mld-snooping vlan vlan_id static X:X:X:X::X interface intf
no ip mld-snooping vlan vlan_id static X:X:X:X::X interface intf
Parameter

vlan id Stands for the ID of a VLAN. Value range: 1-4094
- 21 -
X:X:X:X::X IP address of the multicast
inft An interface
Default value
None
Remarks
This command is used to configure the static multicast address of VLAN. Its negative
form is used to cancel the static multicast address.
Example
The following example shows how to add the static multicast address ff12::5 to port
EPON0/1:1.
switch_config# ip mld-snooping vlan 1 static ff12::5 interface EPON0/1:1
switch_config#
2.1.5 ip mld-snooping timer router-age timer_value
Syntax
ip mld-snooping timer router-age timer_value
no ip mld-snooping timer router-age
Parameter

Default value
260 seconds
Remarks
This command is used to query the time of the timer of MLD-Snooping. The negative
form of this command is used to resume the default value.
Example
The following example shows how to set the query time of the router to 300 seconds.
switch_config# ip mld-snooping timer router-age 300
- 22 -
switch_config#
2.1.6 ip mld-snooping timer response-time timer_value
Syntax
ip mld-snooping timer response-time timer_value
no ip mld-snooping timer response-time
To configure the maximum response time of IGMP snooping, run ip mld-snooping

timer response-time timer_value. To resume the default value of IGMP snooping,
run no ip mld-snooping timer response-time timer_value.
Parameter

Default value
15 seconds
Remarks
None
Example
The following example shows how to set the query response time of IGMP snooping to
20 seconds.
switch_config# ip mld-snooping timer response-time 20
2.1.7 ip mld-snooping mrouter interface inft_name
Syntax
ip mld-snooping mrouter interface inft_name
no ip mld-snooping mrouter interface inft_name
To configure the port of the static multicast router of IGMP snooping, run ip mcst
mrouter interface inft_name.
Parameter
- 23 -
inft_name Shows the port type, the slot and the port ID.
Default value
15 seconds
Remarks
None
Example
The following example shows how to set port G0/4 to the port of the static multicast
router of MLD snooping.
switch_config# ip mld-snooping timer mrouter interface G0/4
2.1.8 ip mld-proxying enable
Syntax
ip igmp-proxy enable
{no ip igmp-proxy enable}
To enable IGMP proxy, run ip igmp-proxy enable. To resume the default value, run
{no ip igmp-proxy enable}.
Parameter
None
Default value
The MLD proxy is disabled by default.
Remarks
None
Example
The following example shows how to enable the MLD proxy:

switch_config# ip igmp-proxy enable
- 24 -
2.1.9 ip mld-proxying querier address [ip_addr]
Syntax
ip mld-proxying querier address ip_addr
no ip mld-proxying querier address
To set the source IP address of the automatic query packet, run ip mcst querier
address ip_addr. The negative form of this command is used to resume the default
value.
Parameter

ip_addr IP address of a normal broadcast
Default value
源 IP 地址默认为 FE80::3FF:FEFE:FD00:1。
Remarks
None
Example
The following example shows how to set the source IP address of the query packet to
FE80::3FF:FEFE:FD00:2:
switch_config# ip mld-proxying querier address FE80::3FF:FEFE:FD00:2
2.1.10 ip mld-proxying last-member-query {count value1| interval value2}
Syntax
ip mld-proxying last-member-query {count value1| interval value2}
no ip mld-proxying last-member-query {count | interval}
To set the source IP address of the automatic query packet, run ip mld-proxying
last-member-query {count value1| interval value2}. The negative form of this
Parameter
- 25 -
value1 1-5
value2 1-60 seconds
Default value
Both Value1 and Value2 are 2 by default.
Remarks
None
Example
The following example shows how to set last-member-query count to 3.

switch_config# ip mld-proxying last-member-query count 3
2.1.11 show ip mld-snooping
Syntax
show ip mld-snooping
Parameter
None
Default value
None
Remarks
This command is used to display the information about MLD-snooping configuration.
Example
The following example shows how to display the information about MLD snooping.
switch#show ip mld-snooping
Global multicast configuration:

-----------------------------------
Globally enable : Disabled
Multicast mode : MLD Snooping
Dlf-frames filtering : Disabled
- 26 -
Router age : 260 s

Response time : 10 s
Handle Solicitation : Disabled
Router Port PVID VLANMAP=
Router Port List:

-----------------
None
switch#
2.1.12 show ip mld-snooping timer
Syntax
show ip mld-snooping timer
Parameter
None
Default value
None
Remarks
This command is used to display the information about the MLD-snooping clock.
Example
The following example shows how to display the information about the MLD-snooping
clock.
switch#show ip mld-snooping timers
Querier on port G0/4: 258
vlan 2 multicast address 3333.0000.0005 response time : 13
switch#
Querier on port G0/4: 251 means the timeout time of the ageing timer of the router.
vlan 2 multicast address 3333.0000.0005 response time : This shows the time period from
receiving a multicast query packet to the present; if there is no host to respond when the timer
times out, the port will be canceled.
- 27 -
2.1.13 show ip mld-snooping groups
Syntax
show ip mld-snooping groups
Parameter
None
Default value
None
Remarks
This command is used to display the information about the multicast group of
MLD-snooping.
Example
The following example shows how to display the information about the multicast group
of MLD-snooping.
switch# show ip mld-snooping timer
Vlan Group Type Port(s)

---- --------------- -------- -------------------------------------
2 ff12::5 LEARNING E0/1:1
switch#
2.1.14 show ip mld-snooping statistics
Syntax
show ip mld-snooping statistics
Parameter
None
Default value
None
- 28 -
Remarks
This command is used to display the information about MLD-snooping statistics.
Example
The following example shows how to display the information about MLD-snooping
statistics.
switch#show ip mld-snooping statistics
general_query_packets:5 Number of the general query packets
special_query_packets:0 Number of the special query packets
listener_packets:6 Number of the Report packets
leave_packets:0 Number of the Leave packets
err_packets:0 Number of the error packets
2.1.15 show ip mld-proxying
Syntax
show ip mld-proxying
Parameter
None
Default value
None
Remarks
This command is used to display the information about MLD proxy.
Example
The following example shows how to display the information about MLD proxy.
switch#show ip mld-proxying
Global MLD Proxying configuration
-------------------------------
Status : Disable
Last member query interval: 1
Last member query count :2
- 29 -
Querier address : FE80::3FF:FEFE:FD00:1
switch#
- 30 -
Chapter 3 Remote Configuration Commands for

ONU Multicast
The IGMP-Snooping configuration commands include:
z epon onu mcst enable
z epon onu mcst switch
z epon onu ctc mcst fast-leave enable
z epon onu port port_id ctc mcst tag-stripe enable
z epon onu port port_id ctc mcst max-group-number value
z epon onu port port_id ctc mcst mc-vlan {add vlanmap| delete
vlanmap|clear}
3.1.1 epon onu mcst enable
Syntax
epon onu mcst enable
{no epon onu mcst | epon onu mcst disable}
To enable and disable the IGMP snooping function, run epon onu mcst enable; to
resume the default value, run {no epon onu mcst | epon onu mcst disable}.
Parameter
None
Default value
The IGMP snooping is disabled.
Remarks
After IGMP snooping is enabled, when DLF occurs on multicast packets (that is, the
destination address is not registered in the swap chip through the igmp-snooping), all
dropped. ONU only supports IGMP snooping V1 and IGMP snooping V2.
- 31 -
Example
The following example shows how to enable the IGMP snooping function:
switch_config#interface e0/1:1
switch_config_e0/1:1#epon onu mcst enable
3.1.2 epon onu ctc mcst switch
Syntax
epon onu ctc mcst switch { dynamic-controllable | igmp-snooping }
no epon onu ctc mcst switch
To enable the ONU multicast mode, run epon onu ctc mcst switch
{ dynamic-controllable | igmp-snooping }; to resume the default value, run no epon
onu ctc mcst switch.
Parameter
None
Default value
The ONU multicast mode is IGMP snooping by default.
Remarks
None
Example
The following example shows how to switch the ONU multicast mode over to the
controllable multicast:
switch_config_epon0/1:1#epon onu ctc mcst switch dynamic-controllable
3.1.3 epon onu ctc mcst fast-leave enable
Syntax
epon onu ctc mcst fast-leave enable
{no epon onu ctc mcst fast-leave | epon onu ctc mcst fast-leave disable}
- 32 -
To configure the fast-leave attribute, run epon onu ctc mcst fast-leave enable; to
resume the default value, run {no epon onu ctc mcst fast-leave | epon onu ctc
mcst fast-leave disable}.
Parameter
None
Default value
The fast-leave attribute is enabled by default.
Remarks
The configuration of the fast-leave attribute makes the ONU delete the corresponding
port in the port list of the corresponding multicast group shortly after ONU receives the
leave packet, while the timer is not enabled any more for waiting to see whether other
hosts will be added to the multicast group; if other hosts of a same port also belong to
this multicast group and are reluctant to leave, the multicast communication of these
hosts may be affected and in this case the fast-leave function should not be enabled.
Example
The following example shows how to disable the fast-leave attribute.

switch_config_epon0/1:1#epon onu ctc mcst fast-leave disable
3.1.4 epon onu ctc mcst premission
Syntax
ip mcst permission uni uni-index range A.B.C.D&<1-n> {permit | preview|

forbidden}
no ip mcst permission uni uni-index range A.B.C.D&<1-n>
Parameter
uni-index UNI 端口索引
Default value
None
- 33 -
Remarks
None
Example
The following example shows how to configure UNI 1 of ONU to forward the multicast
flow of the multicast 225.1.1.1.
switch_config#ip mcst permission interface E3/1:2 uni 1 range 225.1.1.1 permit
3.1.5 epon onu port port_id ctc mcst tag-stripe enable
Syntax
epon onu port port_id ctc mcst tag-stripe enable
{no epon onu port port_id ctc mcsttag-stripe | epon onu port port_id ctc mcst
tag-stripe disable}
To configure the tag-stripe attribute, which is used to remove the VLAN tag of the next
multicast packet that ONU receives, run epon onu port port_id ctc mcst tag-stripe
enable.
Parameter

port_id UNI ID of ONU
Default value
Disable
Remarks
None
Example
The following example shows how to enable the Tag-Stripe function on UNI1 of ONU.
switch_config_epon0/1:1#epon onu port 1 ctc mcst tag-stripe enable
- 34 -
3.1.6 epon onu port port_id ctc mcst max-group-number value
Syntax
epon onu port port_id ctc mcst max-group-number value
no epon onu port port_id ctc mcst max-group-number
To configure the max-group-number attribute, which enables the UNI port of ONU to
limit the number of the concurrently forwarded multicast groups, run epon onu port
port_id ctc mcst max-group-number value.
Parameter

port_id UNI ID of ONU
value Maximum number of multicast groups
Default value
The default value is 128.
Remarks
None
Example
The following example shows how to configure UNI1 of ONU to allow 64 concurrent
multicast flows simultaneously: 1 最多同时允许 64 条组播流。
switch_config_epon0/1:1#epon onu port 1 ctc mcst max-group-number 64
3.1.7 epon onu port port_id ctc mcst mc-vlan {add vlanmap| delete
vlanmap|clear}
Syntax
epon onu port port_id ctc mcst mc-vlan {add vlanmap| delete vlanmap|clear}
To configure the correlation of the UNI port and the multicast VLAN so that ONU can
remove the VLAN tag of the downlink multicast packets, run the command above.
Parameter
- 35 -
vlanmap VLAN bitmap
Default value
None
Remarks
None
Example
The following example shows how to configure UNI 1 of ONU to forward the multicast
flow of the multicast VLAN2.
switch_config_e0/1:1#epon onu port 1 ctc mcst mc-vlan add 2
- 36 -
Optical Fiber Protection Shift Commands
Table of Contents
Table of Contents
Chapter 1 Optical Fiber Protection Shift Commands ......................................................................... 1
1.1 epon b-psg ............................................................................................................................ 1
1.2 epon c-psg ............................................................................................................................ 2
1.3 epon psg member ................................................................................................................. 2
1.4 epon psg switch .................................................................................................................... 3
-I-
Chapter 1 Optical Fiber Protection Shift

Commands
1.1 epon b-psg
Syntax
epon b-psg [ sequence sequence-number ]
no epon b-psg sequence sequence-number
The commands above are used to create and delete a B-type PSG port respectively.
Parameter

sequence-number Stands for the sequence number of the logic port, which ranges
from 1 to 8.
Default value
If the sequence number of the logic port is not designated, you should take the unused
minimum value between 1 and 8.
Command mode
Remarks
This command is used to create a virtual port ; after the virtual port is successfully
created, you have to run epon psg member active epon-port standby epon-port
immediately to bind the to-be-protected PON port.
Example
The following example shows how to create a B-type PSG port.

switch_config#epon b-psg sequence 1
switch_config#
-1-
1.2 epon c-psg
Syntax
epon c-psg [ sequence sequence-number ]
no epon c-psg sequence sequence-number
The commands above are used to create and delete a C-type PSG port respectively.
Parameter

sequence-number Stands for the sequence number of the logic port, which ranges
from 1 to 8.
Default value
If the sequence number of the logic port is not designated, you should take the unused
minimum value between 1 and 8.
Command mode
Remarks
This command is used to create a virtual port ; after the virtual port is successfully
created, you have to run epon psg member active epon-port standby epon-port
immediately to bind the to-be-protected PON port.
Example
The following example shows how to create a C-type PSG port.

switch_config#epon c-psg sequence 1
switch_config#
1.3 epon psg member
Syntax
epon psg member active epon-port standby epon-port
no epon psg member active epon-port standby epon-port
The first command is used to add a protected PON port to the PSG port.
-2-
Parameter

epon-port Stands for the EPON port.
Default value
None
Command mode
PSG port configuration mode
Remarks
This command is to add the actually to-be-protected PON port to the PSG port.
Currently only when two PON ports are on the same OLT chip can they be supported.
Example
The following example shows how to bind EPON0/1 and EPON0/4 to PSG0/1:
switch_config#epon b-psg sequence 1
switch_config#interface psg 0/1
switch_config_psg0/1#epon psg member active e0/1 standby e0/4
1.4 epon psg switch
Syntax
epon psg member switch interface psg-port
It is used to force the switchover of the key PON port of B-type PSG.
Parameter

psg-port PSG port
Default value
None
Command mode
Privileged mode
-3-
Remarks
This command is used to force the switchover of the PSG port only on the CTC B-type
protection mechanism.
Example
The following example shows how to switch over the PSG port mandatorily.
switch_config# epon psg switch interface psg 0/1
-4-
ONU Management Configuration
Commands
Table of Contents
Table of Contents
Chapter 1 Local ONU Management Commands ............................................................................... 1
1.1 Local ONU Management Commands................................................................................... 1
1.2 epon onu-registration-method mac....................................................................................... 2
1.3 epon bind-onu ....................................................................................................................... 2
1.4 epon onu-authen-method manual......................................................................................... 3
1.5 epon mpcp-registration-mode............................................................................................... 4
1.6 epon onu description ............................................................................................................ 5
1.7 epon conform-onu................................................................................................................. 6
1.8 epon deregister-onu.............................................................................................................. 6
1.9 clear epon dynamic-binding.................................................................................................. 7
1.10 epon dynamic-binding-timeout {disable | enable}............................................................... 8
1.11 epon dynamic-binding-timeout value .................................................................................. 9
1.12 epon ctc-oam-discovery-timeout {disable | enable}............................................................ 9
1.13 epon ctc-oam-discovery-timeout value............................................................................. 10
1.14 epon ace-reset-delay value count......................................................................................11
1.15 epon dying-gasp-log {disable | enable}............................................................................. 12
1.16 epon snmp-ipaddress ....................................................................................................... 12
1.17 serial-bridge remote.......................................................................................................... 13
1.18 show epon basic-info ........................................................................................................ 14
1.19 show epon encryption....................................................................................................... 15
1.20 show epon mpcp-registration-mode ................................................................................. 15
1.21 show epon onu-authen-method ........................................................................................ 16
1.22 show epon onu-registration-method ................................................................................. 17
1.23 show epon onu-information .............................................................................................. 18
Chapter 2 Global Remote Control Commands of ONU ................................................................... 19
2.1 Global Remote Control Commands of ONU....................................................................... 19
2.2 epon reboot onu.................................................................................................................. 20
2.3 epon update onu image ...................................................................................................... 21
2.4 epon commit-onu-image-update......................................................................................... 22
2.5 epon update onu eeprom-image......................................................................................... 22
2.6 epon ace-recover ................................................................................................................ 23
2.7 epon switch-onu-pon .......................................................................................................... 24
2.8 epon switch-onu-pon-and-back .......................................................................................... 25
2.9 epon onu encryption ........................................................................................................... 25
2.10 epon onu mac address-table static................................................................................... 26
2.11 epon onu clear mac address-table dynamic ..................................................................... 27
2.12 epon onu mac address-table learning .............................................................................. 28
2.13 epon onu mac address-table aging-time .......................................................................... 28
2.14 epon onu scheduler policy ................................................................................................ 29
2.15 epon onu scheduler wrr bandwidth................................................................................... 30
2.16 epon onu cos map ............................................................................................................ 31
-I-
Table of Contents
2.17 epon onu scheduler-pon policy......................................................................................... 32

2.18 epon onu scheduler-pon wrr bandwidth............................................................................ 32
2.19 epon onu cos-pon map ..................................................................................................... 33
2.20 epon onu port-protect ....................................................................................................... 34
2.21 epon onu ip address ......................................................................................................... 35
2.22 epon onu spanning-tree.................................................................................................... 36
2.23 epon onu mirror................................................................................................................. 37
2.24 epon onu filter ................................................................................................................... 37
2.25 epon onu serial-mode ....................................................................................................... 38
2.26 epon onu serial-remote..................................................................................................... 39
2.27 epon onu vlan ................................................................................................................... 40
2.28 show epon interface onu basic-info .................................................................................. 41
2.29 show epon interface onu ctc basic-info ............................................................................ 43
2.30 show epon onu mac address-table................................................................................... 44
Chapter 3 Remote UNI Control Commands of ONU........................................................................ 45
3.1 Remote UNI Control Commands of ONU........................................................................... 45
3.2 epon onu port ctc vlan mode .............................................................................................. 46
3.3 epon onu port ctc vlan translation-entry ............................................................................. 46
3.4 epon onu port ctc vlan aggregation-entry ........................................................................... 47
3.5 epon onu port ctc flow-control............................................................................................. 48
3.6 epon onu port mac address-table dynamic maximum........................................................ 49
3.7 epon onu port storm-control................................................................................................ 50
3.8 epon onu port ctc rate-limit ................................................................................................. 51
3.9 epon onu port loopback detect ........................................................................................... 51
3.10 epon onu port duplex ........................................................................................................ 52
3.11 epon onu port speed ......................................................................................................... 53
3.12 epon onu port ctc auto-negotiation ................................................................................... 54
3.13 epon onu port block mac .................................................................................................. 55
3.14 epon onu port default-cos ................................................................................................. 55
3.15 epon onu port ctc shutdown.............................................................................................. 56
3.16 epon onu port qos policy................................................................................................... 57
3.17 epon onu port ctc qos policy ............................................................................................. 58
3.18 epon onu port mac access-group ..................................................................................... 58
3.19 epon onu port ip access-group ......................................................................................... 59
3.20 epon onu serial serial-attribute ......................................................................................... 60
3.21 epon onu serial serial-buffer ............................................................................................. 62
3.22 epon onu serial serial-keepalive ....................................................................................... 63
3.23 epon onu serial loopback detect ....................................................................................... 63
3.24 show epon onu {port | serial} statistics ............................................................................. 64
3.25 show epon onu {port | serial} state ................................................................................... 65
3.26 show epon onu port ctc vlan ............................................................................................. 66
- II -
ONU Management Configuration Commands
Chapter 1 Local ONU Management Commands
1.1 Local ONU Management Commands
The following are local ONU management commands:
z epon onu-registration-method mac
z epon bind-onu
z epon onu-authen-method manual
z epon mpcp-registration-mode
z epon onu description
z epon conform-onu
z epon deregister-onu
z clear epon dynamic-binding
z epon dynamic-binding-timeout {disable | enable}
z epon dynamic-binding-timeout value
z epon ctc-oam-discovery-timeout {disable | enable}
z epon ctc-oam-discovery-timeout value
z epon ace-reset-delay
z epon dying-gasp-log
z epon snmp-ipaddress
z serial-bridge remote
z show epon basic-info
z show epon encryption
z show epon mpcp-registration-mode
z show epon onu-authen-method
z show epon onu-registration-method
z show epon onu-information
-1-
1.2 epon onu-registration-method mac
Syntax
epon onu-registration-method mac
no epon onu-registration-method
To open the checkup mechanism of the ONU MAC address during MPCP registration,
run epon onu-registration-method mac.
Parameter
None
Default value
The MAC address of ONU is not checked by default.
Command mode
EPON port configuration mode
Remarks
After the checkup of the ONU MAC address is enabled during MPCP registration,
successful registration can only be conducted to those ONUs that has been bound to
static entries through the running of the epon bind-onu mac-address llid-sequence
command.
Example
The following example shows how to open the checkup of MAC address' registration
on ONU of interface EPON0/1.
switch_config# interface EPON0/1
switch_config_epon0/1# epon onu-registration-method mac
1.3 epon bind-onu
Syntax
epon bind-onu mac-address llid-sequence
no epon bind-onu mac-address
-2-
To bind the MAC address of ONU to the EPON port and the LLID sequence number,
run this command.
Parameter

mac-address The format of the MAC address is <xxxx.xxxx.xxxx>.
llid-sequence Value range: 1-64
Default value
The MAC address has no default value, while the default value of llid-sequence is the
unoccupied minimum LLID sequence.
Command mode
Remarks
Only when this command is used together with the epon onu-registration-method
mac command can it take effect.
Example
The following example shows how to bind LLID sequence 1 of port EPON0/1 to ONU
00e0.0f00.00001:
switch_config_epon0/1# epon bind-onu 00e0.0f00.00001 1
1.4 epon onu-authen-method manual
Syntax
epon onu-authen-method manual
no epon onu-authen-method manual
To set the ONU authentication mode, run epon onu-authen-method manual. At

present, you have options to abandon the authentication or to conduct manual
authentication.
Parameter
None
-3-
Default value
If the ONU authentication is not conducted, the registration then automatically passes
the authentication.
Command mode
Remarks
If the epon onu-authen-method manual command is configured for manual

authentication, the administrator needs to confirm it manually after ONU registration is
complete and then can a corresponding bandwidth be obtained and the remote
configuration can be done.
Example
The following example shows how to set the ONU authentication mode on port
EPON0/1 to the manual authentication:
switch_config_epon0/1#epon onu-authen-method manual
1.5 epon mpcp-registration-mode
Syntax
epon mpcp-registration-mode {normal | ctc value}
To configure the delay of MPCP, run the previous command.
Parameter

value 1-50ms
Default value
The delay is 20ms by default.
Command mode
-4-
Remarks
None
Example
The following example shows how to set the delay of MPCP of port EPON0/1 to 30ms.
OLT_config_epon0/1# epon mpcp-registration-mode ctc 20
1.6 epon onu description
Syntax
epon onu description string
To add the description string for ONU, run the previous command.
Parameter

string A character sting to describe ONU, which consists only of ASCII
characters
Default value
None
Command mode
Remarks
None
Example
The following example shows how to set the description string of ONU on port
EPON0/1:1 to p1004.
OLT_config_epon0/1:1# epon onu description p1004
-5-
1.7 epon conform-onu
Syntax
epon conform-onu {mac-address value | interface epon slot/port:sequence}
To enable the registered ONU to pass authentication, run the previous command.
Parameter

value The format of the MAC address is <xxxx.xxxx.xxxx>.
slot/port[:sequence] The slot parameter stands for the slot number, the port
parameter stands for the EPON port number and the sequence
parameter stands for the LLID sequence.
Default value
None
Command mode
Privileged mode
Remarks
None
Example
The following example shows how to get ONU authenticated on port EPON0/1:1.
Switch# epon conform-onu interface epon 0/1:1
1.8 epon deregister-onu
Syntax
epon deregister-onu { interface epon slot/port:sequence}
To deregister ONU, run the previous command.
Parameter
-6-
Default value
None
Command mode
Privileged mode
Remarks
None
Example
The following example shows how to deregister the registered ONU on port
EPON0/1:1.
Switch# epon deregister-onu interface epon0/1:1
1.9 clear epon dynamic-binding
Syntax
clear epon dynamic-binding [interface epon slot/port]
To remove the information about dynamic ONU binding, run the previous command.
Parameter

slot/port The slot parameter stands for the slot ID and the port
parameter stands for the EPON port ID.
Default value
None
Command mode
Privileged mode
-7-
Remarks
Only when ONU does not pass authentication and after ONU is deregistered can the
information about dynamic ONU binding be removed.
Example
The following example shows how to remove the information about dynamic ONU
binding on port EPON0/1:1 manually.
switch# clear epon dynamic-binding interface epon0/1:1
1.10 epon dynamic-binding-timeout {disable | enable}
Syntax
epon dynamic-binding-timeout {disable | enable}
To remove the information about dynamic ONU binding automatically, run the previous
command.
Parameter
None
Default value
disable
Command mode
Remarks
None
Example
The following example shows how to remove the information about dynamic ONU
binding automatically.
OLT_config#epon dynamic-binding-timeout enable
-8-
1.11 epon dynamic-binding-timeout value
Syntax
epon dynamic-binding-timeout value
To set the timeout time of the automatic removal of the information about dynamic
ONU binding , run the previous command.
Parameter

value 30-300s
Default value
300s
Command mode
Remarks
None
Example
The following example shows how to set the timeout time of the automatic removal of
the information about dynamic ONU binding to 200s.
OLT_config# epon dynamic-binding-timeout 200
1.12 epon ctc-oam-discovery-timeout {disable | enable}
Syntax
epon ctc-oam-discovery-timeout {disable | enable}
To enable or disable ONU registration when the successful discovery of CTC OAM of
ONU times out, run this command.
Parameter
None
-9-
Default value
disable
Command mode
Remarks
None
Example
The following example shows that ONU registration is disabled when the successful
discovery of CTC OAM of ONU times out.
OLT_config#epon ctc-oam-discovery-timeout enable
1.13 epon ctc-oam-discovery-timeout value
Syntax
epon ctc-oam-discovery-timeout value
To set the timeout time for waiting for successful CTC OAM discovery of ONU, run this
command.
Parameter

value 30-300s
Default value
60s
Command mode
Remarks
None
- 10 -
Example
The following example shows how to set the timeout time for waiting for successful
CTC OAM discovery of ONU.
OLT_config# epon ctc-oam-discovery-timeout 200
1.14 epon ace-reset-delay value count
Syntax
epon ace-reset-delay value count
To set the waiting time and transmission times of OAM transmission after the initial
registration of ACE ONU is resumed, run the above-mentioned command.
Parameter

value 500-10000ms
count 1-10
Default value
3000ms, 3 times
Command mode
Remarks
None
Example
The following example shows that the waiting time and transmission times of OAM
transmission after the initial registration of ACE ONU are set to 4000ms and 5 times
respectively.
OLT_config# epon ace-reset-delay 4000 5
- 11 -
1.15 epon dying-gasp-log {disable | enable}
Syntax
epon dying-gasp-log {disable | enable}
To enable and disable the print of ONU power-off alarm log, run the above-mentioned
command.
Parameter
None
Default value
enable
Command mode
Remarks
None
Example
The following example shows how to shut down the print of the ONU power-off alarm
log.
OLT_config#epon dying-gasp-log disable
1.16 epon snmp-ipaddress
Syntax
epon snmp-ipaddress ip-address
To set the IP address of OLT manager, run the above-mentioned command.
Parameter

ip-address Stands for the IP address of the network manager.
- 12 -
Default value
None
Command mode
Remarks
This IP address is used for network topology discovery in the hand-in-hand

environment.
Example
The following example shows how to set the IP address of OLT manager to
192.168.1.10.
OLT_config# epon snmp-ipaddress 192.168.1.10
1.17 serial-bridge remote
Syntax
serial-bridge remote index address A.B.C.D
no serial-bridge remote index address
To set the IP address of the bridge of the serial interface of ONU, run serial-bridge
remote index address A.B.C.D.
Parameter

index Index of the bridge
A.B.C.D IP address of the bridge
Default value
None
Command mode
- 13 -
Remarks
This command is used to set the index and IP address of the front bridge.
Example
The following example shows how to set the bridge 10.0.0.1 to 1.。
OLT_config# serial-bridge remote 1 address 10.0.0.1
1.18 show epon basic-info
Syntax
show epon basic-info
To display the basic OLT information, run the previous command.
Parameter
None
Default value
None
Command mode
Any mode will do.
Remarks
Relevant information will not be displayed unless the OLT chip is hot plugged.
Example
The following are basic information about OLT.

Switch# show epon basic-info
ONU registration flapping suppression: disabled
Hello interval : 3 seconds
Dead interval : 5 counts
IROS : enabled
SC software version : 1025.0.0.1798569984
Number of registered OLTs :1
-------------------------------------
- 14 -
OLT chip index :0

OLT chip module id :0
OLT chip device id : 0x0
OLT chip MAC address: 00:e0:0f:de:d0:10
OLT status : operational
1.19 show epon encryption
Syntax
show epon encryption
To display the information about EPON encryption configuration, run the

above-mentioned command.
Parameter
None
Default value
None
Command mode
Any mode will do.
Remarks
None
Example
The following example shows how to display the information about EPON encryption
configuration:
Switch#show epon encryption
Encryption mode rekey time(ms)
--------------- --------------
ctc churning 10000
1.20 show epon mpcp-registration-mode
Syntax
show epon mpcp-registration-mode [interface epon slot/port]
- 15 -
To display the MPCP registration mode of the EPON port, run the previous command.
Parameter

Default value
None
Command mode
Any mode will do.
Remarks
None
Example
The following example shows how to display the ONU MPCP registration mode of the
EPON port.
Switch# show epon mpcp-registration-mode interface epon 0/1
MPCP registeration is delay time enabled on E0/1, and delay time is 20 ms
1.21 show epon onu-authen-method
Syntax
show epon onu-authen-method [interface epon slot/port]
To display the ONU authentication mode, run the previous command.
Parameter

Default value
None
- 16 -
Command mode
Any mode will do.
Remarks
None
Example
The following example shows how to display the ONU registration mode of the
EPON0/1 port.
Switch# show epon onu-authen-method interface epon 0/1
ONU authentication mode is manual on E0/1.
1.22 show epon onu-registration-method
Syntax
show epon onu-registration-method [interface epon slot/port]
To display the ONU MAC address checkup mode, run the previous command.
Parameter

Default value
None
Command mode
Any mode will do.
Remarks
None
Example
The following example shows how to display the ONU MAC address checkup mode of
the EPON0/1 port.
- 17 -
Switch# show epon onu-registration-method interface epon 0/1

ONU MAC address check when registeration is enabled on E0/1.
1.23 show epon onu-information
Syntax
show epon onu-information [interface epon slot/port]
To display the ONU information, run the previous command.
Parameter

Default value
None
Command mode
Any mode will do.
Remarks
None
Example
The following example shows how to display all ONU binding information on port
epon0/1.
Switch# show epon onu-information interface epon0/1
OLT#show epon onu-information interface e0/1
Interface EPON0/1 has registered 2 ONUs:
Intf Name MAC Address Description Bind Type Status Distance(m)
RTT(TQ)
---------- -------------- --------------- --------- --------------- ----------- -------
EPON0/1:1 00e0.0fa7.0150 N/A static deregistered N/A
N/A
EPON0/1:2 0025.5e1a.dbe6 N/A static auto_configured 52
2407
- 18 -
Chapter 2 Global Remote Control Commands of

ONU
2.1 Global Remote Control Commands of ONU
Global remote control commands of ONU are shown below:
z epon reboot onu
z epon update onu image
z epon update onu eeprom-image
z epon ace-recover
z epon commit-onu-image-update
z epon switch-onu-pon
z epon switch-onu-pon-and-back
z epon onu encryption
z epon onu mac address-table static
z epon onu clear mac address-table dynamic
z epon onu mac address-table learning
z epon onu mac address-table aging-time
z epon onu scheduler policy
z epon onu scheduler wrr bandwidth
z epon onu cos map
z epon onu scheduler-pon policy
z epon onu scheduler-pon wrr bandwidth
z epon onu cos-pon map
z epon onu port-protect
z epon onu ip address
z epon onu spanning-tree
z epon onu mirror
- 19 -
z epon onu filter
z epon onu serial-mode
z epon onu serial-remote
z epon onu vlan
z show epon interface onu basic-info
z show epon interface onu ctc basic-info
z show epon onu mac address-table
2.2 epon reboot onu
Syntax
epon reboot onu {mac-address value | interface epon slot/port:sequence}
To restart ONU, run the previous command.
Parameter

Default value
None
Command mode
Privileged mode
Remarks
None
Example
The following example shows how to restart the registered ONU on port EPON0/1:1.
switch# epon reboot onu interface epon0/1:1
- 20 -
2.3 epon update onu image
Syntax
epon update onu image image_name interface epon slot/port[:sequence]
To update the ONU version remotely through OLT, run the previous command.
Parameter

image_name Contains up to 32 characters.
Default value
None
Command mode
Privileged mode
Remarks
1. Unless the to-be-updated software matches the corresponding ONU type can this
software not be updated.
2. During the update process of ONU software, do not cut off the power of ONU.
After the completion of ONU update, OLT will notify users of the successful ONU
update by the way of log, and ONU will use the updated version for rebooting.
3. After the ONU version is updated and restarted, you need to run epon
commit-onu-image-update on OLT to confirm the ONU version.
Example
The following example shows how to update the ONU version on port EPON0/1:1.
OLT# epon update onu image onu_bin interface epon epon0/1:1
- 21 -
2.4 epon commit-onu-image-update
Syntax
epon commit-onu-image-update {mac-address value | interface epon

slot/port:sequence}
To confirm the update of the ONU version, run the above-mentioned command.
Parameter

Default value
None
Command mode
Privileged mode
Remarks
This command is used after the ONU version is upgraded, restarted and re-registered.
Example
The following example shows how to confirm the upgrade of the ONU version on port
EPON0/1:1.
switch# epon commit-onu-image-update interface epon0/1:1
2.5 epon update onu eeprom-image
Syntax
epon update onu eeprom-image image_name interface epon slot/port:sequence
The ONU EEPROM file has saved the MAC address and the sequence ID of ONU. If
the information need be altered, the ONU EEPROM file need be updated. This
command is used to update the ONU EEPROM file remotely from OLT.
- 22 -
Parameter

image_name Contains up to 32 characters.
slot/port:sequence The slot parameter stands for the slot number, the port
Default value
None
Command mode
Privileged mode
Remarks
1. After the ONU EEPROM file is updated, ONU need be restarted and then the
newly configured information takes effect.
2. During the update process of ONU software, do not cut off the power of ONU.
Example
The following example shows how to use the onu_eeprom.dat file to update the ONU
EEPROM on port EPON0/1:1.
OLT# epon update onu eeprom-image onu_eeprom.dat interface epon epon0/1:1
2.6 epon ace-recover
Syntax
epon ace-recover {mac-address value | interface epon slot/port:sequence}
To resume the default settings of ACE ONU, run the above-mentioned command.
Parameter

- 23 -
Default value
None
Command mode
Privileged mode
Remarks
This command is valid only for the ONU of ACE.
Example
The following example shows how to resume the default settings of ACE ONU on port
EPON0/1:1.
Switch# epon ace-recover interface epon0/1:1
2.7 epon switch-onu-pon
Syntax
epon switch-onu-pon interface epon slot/port:sequence
To switch the current PON port on ONU, run the above-mentioned command.
Parameter

Default value
None
Command mode
Privileged mode
Remarks
This command is only valid for ONU with dual PON ports.
- 24 -
Example
The following example shows how to switch the current PON port of ONU on port
epon0/1:1.
switch# epon switch-onu-pon interface epon0/1:1
2.8 epon switch-onu-pon-and-back
Syntax
epon switch-onu-pon-and-back interface epon slot/port:sequence
To switch the current PON port of ONU and then switch back to the original PON port,
run the above-mentioned command.
Parameter

Default value
None
Command mode
Privileged mode
Remarks
This command is only valid for ONU with dual PON ports.
Example
The following example shows how to switch the current PON port of ONU and then
switch back to the original PON port on port epon0/1:1.
switch# epon switch-onu-pon-and-back interface epon0/1:1
2.9 epon onu encryption
Syntax
epon onu encryption triple-churning
- 25 -
no epon onu encryption
To set the ONU encryption mode, run epon onu encryption triple-churning.
Parameter
None
Default value
The default encryption mode of ONU is triple-churning.
Command mode
Remarks
The encryption function must be set for OLT and ONU simultaneously and the
encryption modes are same, and then the encryption function can take effect.
Example
The following example shows how to set the ONU encryption mode on port EPON0/1:1
to triple churning.
switch_config# interface EPON0/1:1
switch_config_epon0/1:1# epon onu encryption triple-churning
2.10 epon onu mac address-table static
Syntax
[no]epon onu mac address-table static mac-addr port port-num
To add a static MAC address, run mac address-table static mac-addr vlan vlan-id
interface interface-id. To cancel the static MAC address, run no mac address-table static
mac-addr vlan vlan-id interface interface-id.
Parameter

mac-addr Means an MAC address. Value range: H.H.H
port-num Physical port that the MAC address belongs to
- 26 -
Default value
None
Remarks
This command is configured in LLID port mode.
Example
The following example shows how to bind the MAC address, 0004.5600.67ab, to the
UNI2 port.
switch_config_epon0/1:1#epon onu mac address-table static 0004.5600.67ab port 2
2.11 epon onu clear mac address-table dynamic
Syntax
epon onu clear mac address-table dynamic [ address H.H.H | port num]
To clear the dynamic MAC address of ONU, run the previous command.
Parameter

H.H.H Stands for the MAC address that is designated to be deleted.
Num Stands for the UNI port number.
Default value
None
Remarks
Example
The following example shows how to remove the MAC address of the UNI1 port, which
is corresponded by the LLID port, epon0/1:1.
switch_config#interface epon 0/1:1
- 27 -
switch_config_epon0/1:1#epon onu clear mac address-table dynamic port 1
2.12 epon onu mac address-table learning
Syntax
epon onu mac address-table learning { disable | svl }
no epon onu mac address-table learning
To configure the learning of ONU MAC address table, run epon onu mac
address-table learning { disable | svl }.
Parameter

disable Shuts down MAC address learning.
svl VLAN learning is shared by default.
Default value
VLAN learning is shared by default.
Remarks
Example
The following example shows how to shut down ONU MAC address learning which
corresponds to the LLID port, epon0/1:1.
switch_config_epon0/1:1#epon onu mac address-table learning disable
2.13 epon onu mac address-table aging-time
Syntax
epon onu mac address-table aging-time { 0 | time }
no epon onu mac address-table aging-time
- 28 -
To set the aging time of the MAC address table of ONU, run epon onu mac
address-table aging-time { 0 | time }.
Parameter

0 Means that the MAC address does not age.
Stands for the aging time of the MAC address, which ranges
time
Default value
300S
Remarks
Example
The following example shows how to set the aging time of the MAC address of ONU
which corresponds to the LLID port, epon0/1:1.
switch_config_epon0/1:1#epon onu mac address-table aging-time 200
2.14 epon onu scheduler policy
Syntax
epon onu scheduler policy { sp | wrr }
no epon onu scheduler policy
To set the schedule policy of the ONU CoS priority queue, run epon onu scheduler
policy { sp | wrr }.
Parameter

sp Uses the SP schedule policy.
wrr Uses the WRR schedule policy.
- 29 -
Default value
The SP schedule policy is used by default.
Remarks
Example
The following example shows how to set the ONU CoS priority queue of the LLID port,
epon0/1:1, to wrr.
switch_config_epon0/1:1#epon onu scheduler policy wrr
2.15 epon onu scheduler wrr bandwidth
Syntax
epon onu scheduler wrr bandwidth weight1 ... weightn
no epon onu scheduler wrr bandwidth
To set the bandwidth of the ONU CoS priority queue, run epon onu scheduler wrr
bandwidth weight1...weightn.
Note:
At present, the ONU chip does not support the bandwidth settings of the priority queue.
The bandwidth settings is a fixed value, 1:2:4:8. 2 : 4 : 8。
Parameter

weight1 ... weightn Values of four CoS priority queues, ranging between 0 and 255
Default value
The weights of four CoS priority queues are 1, 2, 4 and 8 respectively.
Remarks
- 30 -
Example
The following example shows how to set the bandwidth of the ONU CoS priority queue
of the LLID port, epon0/1:1, to 10, 50, 100, or 200.
switch_config_epon0/1:1#epon onu scheduler wrr bandwidth 10 50 100 200
2.16 epon onu cos map
Syntax
epon onu cos map quid cos1 ... cosn
no epon onu cos map
To set the ONU CoS priority queue, run epon onu cos map quid cos1..cosn.
Parameter

quid ID of the COS priority queue, ranging between 1 and 4
cos1 ... cosn CoS value defined by IEEE802.1p, ranging between 0 and 7
Default value
CiS Priority Queue
0, 1 1
2, 3 2
4, 5 3
6，7 4
Remarks
Example
The following example shows how to map ONU priority values (3, 4, 5) of the LLID
epon0/1:1 port to queue 3.
- 31 -
switch_config_epon0/1:1#epon onu cos map 3 3-5
2.17 epon onu scheduler-pon policy
Syntax
epon onu scheduler-pon policy { sp | wrr }
no epon onu scheduler-pon policy
To set the schedule policy of the uplink ONU CoS priority queue, run epon onu
scheduler-pon policy { sp | wrr }.
Parameter

sp Uses the SP schedule policy.
wrr Uses the WRR schedule policy.
Default value
The SP schedule policy is used by default.
Remarks
Example
The following example shows how to set the uplink priority queue of ONU, which
corresponds to the LLID port (epon0/1:1), to wrr.
switch_config_epon0/1:1#epon onu scheduler-pon policy wrr
2.18 epon onu scheduler-pon wrr bandwidth
Syntax
epon onu scheduler-pon wrr bandwidth weight1 ... weightn
no epon onu scheduler-pon wrr bandwidth
- 32 -
To set the bandwidth of the ONU CoS priority queue, run epon onu scheduler wrr
bandwidth weight1...weightn.
Parameter

weight1 ... weightn Values of eight CoS priority queues, ranging between 0 and 255
Default value
The following example shows how to set the weight values of eight CoS priority
queues to 1, 1, 1, 1, 1, 1, 1 and 1 respectively.
Remarks
Example
The following example shows how to set the bandwidth of the ONU CoS priority queue
of the LLID port, epon0/1:1, to 1, 2, 4, or 8.
switch_config_epon0/1:1#epon onu scheduler-pon wrr bandwidth 1 2 4 8 16 32 64 128
2.19 epon onu cos-pon map
Syntax
epon onu cos-pon map quid cos1 ... cosn
no epon onu cos-pon map
To set the ONU CoS priority queue, run epon onu cos map quid cos1..cosn.
Parameter

quid ID of the COS priority queue, ranging between 1 and 8
cos1 ... cosn CoS value defined by IEEE802.1p, ranging between 0 and 7
Default value
CiS Priority Queue
- 33 -
0 1
1 2
2 3
3 4
4 5
5 6
6 7
7 8
Remarks
Example
The following example shows how to map ONU priority values (3, 4, 5) of the LLID
epon0/1:1 port to queue 3.
switch_config_epon0/1:1#epon onu cos-pon map 3 3-5
2.20 epon onu port-protect
Syntax
epon onu port-protect
no epon onu port-protect
To configure ONU port isolation, run epon onu port-protect.
Parameter
Default value
ONU port isolation is enabled by default.
- 34 -
Remarks
This command is configured in port configuration mode.
Example
The following example shows how to enable the isolation of the ONU port which
switch_config_epon0/1:1# epon onu port-protect
2.21 epon onu ip address
Syntax
ONU，命令如下：
epon onu ip address { dhcp | static ip-address netmask}
bstar ONU，命令如下：
epon onu ip address A.B.C.D netmask A.B.C.D gateway A.B.C.D vlan value
no epon onu ip address
To set the ONU IP address, run epon onu ip address { dhcp | static ip-address
netmask}.
Parameter

Dhcp Sets dynamic IP address obtainment for ONU.
Static Sets static IP address obtainment for ONU.
ip-address Stands for the static IP address.
Netmask Subnet mask
A.B.C.D Address
Value Vlan id
Default value
ONU 默认 DHCP 模式，如果 onu 获取不到，使用默认的 192.168.0.1
- 35 -
Remarks
Example
The following example shows how to set the ONU IP address mode to static and set
the IP address to 172.0.0.10.
switch_config_epon0/1:1# epon onu ip address static 172.0.0.10 255.255.0.0
2.22 epon onu spanning-tree
Syntax
epon onu spanning-tree
no epon onu spanning-tree
开启或关闭 ONU Spanning Tree。
Parameter
Default value
关闭 Spanning Tree 功能。
Remarks
Example
在 LLID 端口 epon0/1:1 开启 spanning tree。
switch_config_epon0/1:1# epon onu spanning-tree
- 36 -
2.23 epon onu mirror
Syntax
epon onu mirror session num destination dest-port source src-port [both | rx | tx]
no epon onu mirror session num
配置 ONU 镜像功能。
Parameter
num 镜像会话编号
dest-port 镜像目的端口号
src-port 镜像源端口号
both 镜像入口和出口
rx 镜像入口
tx 镜像出口
Default value
无镜像配置
Remarks
Example
配置 LLID 端口 epon0/1:1 镜像功能，将端口 1 的入口报文镜像到端口 2。
switch_config_epon0/1:1# epon onu mirror session 1 destination 2 source 1 rx
2.24 epon onu filter
Syntax
epon onu filter {icmp | arp | bpdu | igmp} threshold value
- 37 -
no epon onu filter {icmp | arp | bpdu | igmp}
配置 ONU 防攻击功能。
Parameter
value 每秒允许收到的报文字节数。 Value range: 52000
Default value
无防攻击功能
Remarks
Example
配置 LLID 端口 epon0/1:1 防 BPDU 攻击，阈值每秒 20 个。
switch_config_epon0/1:1# epon onu filter bpdu threshold 20
2.25 epon onu serial-mode
Syntax
epon onu serial-mode {tcp-server | tcp-client | udp} port port-value [timeout

timeout-value]
no epon onu serial-mode
Sets the CTC mode of ONU.
Parameter
tcp-server tcp server模式
tcp-client tcp client模式
udp udp模式
port-value tcp或udp端口号，1-65535
- 38 -
timeout-value 超时时间，只有在tcp-server模式下才可以配置，1-65535，单位S
Default value
关闭串口
Remarks
Example
配置 LLID 端口 epon0/1:1 串口工作模式为 tcp-server，tcp 端口号为 12000，超时时间为

100S。
switch_config_epon0/1:1# epon onu serial-mode tcp-server port 12000 timeout 100
2.26 epon onu serial-remote
Syntax
epon onu serial-remote index
no epon onu serial-remote index
配置 ONU 的串口前置机 IP 地址。
Parameter
index 前置机索引
Default value
无前置机 IP 地址。
Remarks
- 39 -
Example
配置 LLID 端口 epon0/1:1 串口前置机 IP 地址为索引 1 对应的 IP 地址。
switch_config# serial-bridge remote 1 address 10.0.0.1
switch_config_epon0/1:1# epon onu serial-remote 1
2.27 epon onu vlan
Syntax
epon onu vlan word
no epon onu vlan word
在 ONU 上创建或删除 vlan。
Parameter
word Vlan id范围。 Value range: 1-4094
Default value
None
Remarks
Example
配置 LLID 端口 epon0/1:1 下的 ONU 上创建 vlan 1-20。
switch_config_epon0/1:1# epon onu vlan 1-20
- 40 -
2.28 show epon interface onu basic-info
Syntax
show epon interface slot/port:sequence onu basic-info
To display the basic ONU information, run the previous command.
Parameter

slot/por[:sequence The slot parameter stands for the slot number, the port
Default value
None
Command mode
Any mode will do.
Remarks
The basic ONU information cannot be displayed until ONU is registered.
Example
The following is the basic ONU information of port e0/1:1.

OLT_config#show epon interface epon 0/1:1 onu basic-info
ONU Building version: 10.0.1A
ONU Compiled time: 15:49:06, Aug 28 2009
ONU SDK software version: 3.4.2.2

ONU chip type: CS8016.B0
ONU chip version: 0
ONU loader version: 02.00.01-1241677674
EEPROM Control Flag : 0xaa

MAC address : 00e0.0f46.5f41
EEPROM version :1
HEC mode :0
IGMP snooping mode :1
OAM version :0
- 41 -
I2C interface mode :1

MPCP timeout : 1000
Vendor code :0
Model number :0
Hardware version :0
Year :0
Week : 256
Serial number : 12200110
CRC Mode :0
Query Key :0
Disable auto reset :0
Enable tk default mode :0
Normal bringup mode :1
PON Laser always on :0
PON Laser ctrl polarity :0
PON admin status :1
UNI port MAC type :0
UNI Auto negotiation :1
UNI MII type :3
UNI PinStrapOverWrite :0
UNI admin status :1
Security flag 802.1x mode :1
Security flag UNI port control : 0
Security flag mcst/bcst control: 1
Security flag dot1x tunnel :0
IOPVendorCode : 255
ONUConfigCode : 254
ONUCtrlVlan :0
ctc_onu : 0x11-0x11-0x11
Laser on time : 64
Laser off time : 64
CTC OAM Bypass Mode :0
CRC Mode Config :0
FEC Enabled :0
Unknown Multicast Drop :0
Tx error detection :0
IGMP vlan learning mode :0
Laser Delay :0
User vendor info : UTST/A002
Deregister backofftime : 60
Mdio address :1
Dying Gasp Trigger Mode :0
MII enable :0
Switch Port Num :4
KT ONU : 0x00-0x00-0x00
Classification Rule Num :0
- 42 -
2.29 show epon interface onu ctc basic-info
Syntax
show epon interface slot/port:sequence onu ctc basic-info
To display the CTC-defined basic ONU information, run the previous command.
Parameter

slot/por[:sequence The slot parameter stands for the slot number, the port
Default value
None
Command mode
Any mode will do.
Remarks
The basic CTC-defined ONU information cannot be displayed until ONU is registered.
Example
The following is the basic CTC-defined ONU information of port e0/1:1.

OLT_config#show epon interface epon 0/1:1 onu ctc basic-info
ONU Vender ID : BDCM
ONU MODEL ID : 0x20000000
ONU ID : 00e0.0fa7.0150
Hardware Version : 0x20 30 30 30 00 00 00 00
Software Version : 0x33 34 32 00 00 00 00 00 00 00 00 00 00 00 00 00
Firmware Version : 0x00 00 00 02 00 03 00 04 00 02
Chipset Vendor ID : BD
Chipset MODEL ID : 0x2000
Chipset Revision :1
Chipset Date : 08/01/29
Service Supported :
Support GE : NO
Support FE : YES
Support VOIP : NO
- 43 -
Support TDM CES : NO

Number of GE Ports :0
Bitmap of GE Ports :
Number of FE Ports :4
Bitmap of FE Ports : 1-4
Number of POTS ports: 0
Number of E1 port :0
Number of US Queues : 8
QueueMax per US Port: 8
Number of DS Queues : 8
QueueMax per DS Port: 8
Battery Backup :0
OLT_config#
2.30 show epon onu mac address-table
Syntax
show epon interface interface-id onu mac address-table
To display the ONU MAC address table, run the previous command.
Parameter
interface-id Stands for the LLID port ID.
Default value
None
Remarks
This command is used to display the ONU MAC address table.
Example
The following information shows the ONU MAC address table of the LLID port,
epon0/1:1.
switch#show epon interface epon 0/1:1 onu mac address-table
- 44 -
Chapter 3 Remote UNI Control Commands of ONU
3.1 Remote UNI Control Commands of ONU
Global remote control commands of ONU are shown below:
z epon onu port ctc vlan mode
z epon onu port ctc vlan translation-entry
z epon onu port ctc vlan aggregation-entry
z epon onu port ctc flow-control
z epon onu port mac address-table dynamic maximum
z epon onu port storm-control
z epon onu port ctc rate-limit
z epon onu port loopback detect
z epon onu port duplex
z epon onu port speed
z epon onu port ctc auto-negotiation
z epon onu port block mac
z epon onu port default-cos
z epon onu port ctc shutdown
z epon onu port qos policy
z epon onu port ctc qos policy
z epon onu port mac access-group
z epon onu port ip access-group
z epon onu serial serial-attribute
z epon onu serial serial-buffer
z epon onu serial serial-keepalive
z epon onu serial loopback detect
z show epon onu {port | serial} statistics
- 45 -
z show epon onu {port | serial} state
z show epon onu port ctc vlan
3.2 epon onu port ctc vlan mode
Syntax
epon onu port port-num ctc vlan mode {transparent | tag value | translation value |
vlan-stacking value | aggregation value }
no epon onu port port-num ctc vlan mode
To set the processing mode of UNI VLAN Tag of ONU, run the previous command.
Parameter
num Stands for the UNI port.
value Stands for the PVID value of the UNI interface

and this value ranges from 1 to 4094.
Default value
The default processing mode of VLAN tag is transparent.
Command mode
Remarks
None
Example
The following example shows how to set the processing mode of UNI VLAN tag of
ONU to tag.
switch_config_e0/1:1# epon onu port 1 ctc vlan mode tag pvid 3
3.3 epon onu port ctc vlan translation-entry
Syntax
epon onu port num ctc vlan translation-entry old-vid new-vid
- 46 -
no epon onu port num ctc vlan translation-entry old-vid new-vid
This command is used to set the translation entries of the ONU UNI port.
Parameter
num Stands for the UNI port number.

old-vid Stands for the value of the SPVLAN translation entries of the
UUI port, which ranges between 1 and 4094.
new-vid Stands for the value of the CVLAN translation entries of the
Default value
None
Command mode
Remarks
The translation entry takes effect only when the VLAN of the ONU UNI port is in
translation or vlan-stacking mode.
Example
The following example shows how to set the number of the translation entries of UNI1
of ONU on the EPON0/1:1 to 1000 to 2000.
OLT_config_e0/1:1# epon onu port 1 ctc vlan translation-entry 1000 2000
3.4 epon onu port ctc vlan aggregation-entry
Syntax
epon onu port num ctc vlan aggregation-entry old-vid-range new-vid
no epon onu port num ctc vlan aggregation-entry old-vid-range new-vid
This command is used to set the translation entries of the ONU UNI port.
Parameter
- 47 -
num Stands for the UNI port number.

old-vid-range Stands for the value of the SPVLAN translation entries of the
new-vid Stands for the value of the CVLAN translation entries of the
Default value
None
Command mode
Remarks
The translation entry takes effect only when the VLAN of the ONU UNI port is in
aggregation mode.
Example
The following example shows how to set the number of the VLAN aggregation entries
of UNI1 of ONU on the EPON0/1:1 to 101-108 to 2000.
OLT_config_e0/1:1# epon onu port 1 ctc vlan aggregation-entry 101-108 2000
3.5 epon onu port ctc flow-control
Syntax
epon onu port num ctc flow-control
no epon onu port num ctc flow-control
To configure flow control for an ONU interface, run epon onu port num flow-control.
Parameter

num Stands for the ONU UNI port ID.
Default value
The flow control function of the port is disabled by default.
- 48 -
Remarks
Example
The following example shows how to enable the flow control of ONU UNI port 1 which
switch_config_epon0/1:1# epon onu port 1 ctc flow-control
3.6 epon onu port mac address-table dynamic maximum
Syntax
epon onu port port-num mac address-table dynamic maximum addr-num
no epon onu port port-num mac address-table dynamic maximum
To configure the maximum number of MAC addresses for a port, run the first one of the
previous two commands.
Parameter

port-num Stands for the ONU UNI port ID.
Stands for the maximum number of MAC addresses, which

addr-num
ranges between 1 and 255.
Default value
The number of addresses is not limited.
Remarks
Example
The following example shows how to set the maximum number of MAC addresses of
ONU UNI port 2 which corresponds to the LLID port, epon0/1:1.
switch_config_epon0/1:1# epon onu port 2 mac address-table dynamic maximum 3
- 49 -
3.7 epon onu port storm-control
Syntax
epon onu port port-num storm-control mode mode-num threshold count
no epon onu port port-num storm-control
To configure storm control for an ONU UNI port, run epon onu port port-num
storm-control mode mode-num threshold count.
Parameter

Storm control mode:
1、 Only the broadcast packets are limited.
mode-num 2、 Both broadcast and multicast packets are limited.
3、 Broadcast/multicast/unknown unicast packets are limited.
4、 All packets are limited.
Defines the threshold flux of the storm.

count
Value range: 256~100000
Default value
The storm control function is disabled by default.
Remarks
Example
The following example shows how to set the storm control rate of the ONU UNI1 port,
which corresponds to the Epon0/1:1 port, to 1000.
switch_config_epon0/1:1# epon onu storm-control mode 1 threshold 1000
- 50 -
3.8 epon onu port ctc rate-limit
Syntax
epon onu port port-num ctc rate-limit band { ingress | egress}
no epon onu port port-num ctc rate-limit { ingress | egress}
To configure the rate limitation for an ONU port, run epon onu port port-num
rate-limit band { ingress | egress}.
Parameter

Means the rate of the flow. The flow rate for the 100M port is
band
from 64Kbps to 100Mbps and the step is 1Kbps.
ingress Functions on the ingress port.
egress Functions on the egress port.
Default value
The rate limitation is shut down on the port by default.
Remarks
Example
The following example shows how to set rate limitation of ONU UNI port 1, which
corresponds to the LLID port, epon0/1:1, to 128Kbps.
switch_config_epon0/1:1# epon onu port 1 ctc rate-limit 128 egress
3.9 epon onu port loopback detect
Syntax
epon onu port port-num loopback detect
no epon onu port port-num loopback detect
- 51 -
To configure loopback detection for an ONU UNI port, run epon onu port port-num
loopback detect.
Parameter

Default value
The loopback detection of the port is shut down.
Remarks
Example
The following example shows how to enable loopback detection on ONU UNI port 1.
switch_config_epon0/1:1# epon onu port 1 loopback detect
3.10 epon onu port duplex
Syntax
epon onu port port-num duplex { half | full | auto }
no epon onu port port-num duplex
To configure the duplex mode on the ONU UNI port, run epon onu port port-num
duplex { half | full | auto }.
Parameter

half Sets the duplex mode of the port to half duplex.
full Sets the duplex mode of the port to full duplex.
auto Sets the duplex mode of the port to auto-negotiable.
- 52 -
Default value
The default duplex mode of the port is auto-negotiable.
Remarks
Example
The following example shows how to set ONU UNI port 1, which corresponds to the
LLID port, epon0/1:1, to full deplex.
switch_config_epon0/1:1# epon onu port 1 duplex full
3.11 epon onu port speed
Syntax
epon onu port port-num speed { 10 | 100 | auto }
no epon onu port port-num speed
To configure the speed of ONU UNI port, run epon onu port port-num speed { 10 |
100 | auto }.
Parameter

10 Sets the speed of a port to 10M.
100 Sets the speed of a port to 100M.
auto Sets the speed of the interface to auto.
Default value
Automatic negotiation
Remarks
- 53 -
Example
The following example shows how to set the speed of ONU UNI port 1, which
corresponds to the LLID port, epon0/1:1, to 100M.
switch_config_epon0/1:1# epon onu port 1 speed 100
3.12 epon onu port ctc auto-negotiation
Syntax
epon onu port port-num ctc auto-negotiation
no epon onu port port-num ctc auto-negotiation
The above-mentioned commands are used to enable or disable the auto negotiation of
the ONU UNI port.
Parameter

Default value
The auto negotiation is enabled by default.
Remarks
Example
The following example shows how to enable the auto-negotiation of ONU which
switch_config_epon0/1:1# epon onu port 1 ctc auto-negotiation
- 54 -
3.13 epon onu port block mac
Syntax
epon onu port port-num epon onu port port-num block mac {src H.H.H | dest
H.H.H}
no epon onu port port-num epon onu port port-num block mac {src H.H.H | dest
H.H.H}
To set the frame filtration of ONU UNI port, run epon onu port port-num epon onu
port port-num block mac {src H.H.H | dest H.H.H}.
Parameter

H.H.H Stands for the MAC address.
Default value
None
Remarks
Example
The following example shows how to set the speed of ONU UNI port 1, which
corresponds to the LLID port, epon0/1:1, to 100M.
switch_config_epon0/1:1# epon onu port 1 block mac src 0.0.1 dest 0.0.2
3.14 epon onu port default-cos
Syntax
epon onu port port-num default-cos value
no epon onu port port-num default-cos
- 55 -
To set the default CoS Value of the ONU UNI port, run epon onu port port-num
default-cos value.
Parameter

value Stands for the default CoS value.
Default value
Remarks
Example
The following example shows how to set the default CoS value of ONU UNI port 1,
which corresponds to the LLID port, epon0/1:1, to 2.
switch_config_epon0/1:1# epon onu port 1 default-cos 2
3.15 epon onu port ctc shutdown
Syntax
epon onu port num ctc shutdown
no epon onu port num ctc shutdown
To enable the ONU UNI port, run epon onu port num ctc shutdown. To disable the
ONU UNI port, run no epon onu port num ctc shutdown.
Parameter

num Stands for the ONU UNI port ID.
Default value
The UNI port is enabled by default.
- 56 -
Remarks
Example
The following example shows how to set ONU UNI port 1, which corresponds to the
LLID port, epon0/1:1.
switch_config_epon0/1:1# epon onu port 1 ctc shutdown
3.16 epon onu port qos policy
Syntax
epon onu port num qos policy name
no epon onu qos policy name
To configure the QoS policy of the ONU UNI port, run epon onu port num qos policy
name.
Parameter
num Stands for the ONU UNI port number.

name Stands for the name of QoS policy mapping.
Default value
None
Remarks
At present, the policy map only supports the following actions: drop, forward,
bandwidth and edit the vlan tag of the outer layer.
Example
The following example shows how to apply the QoS policy map, pmap, on ONU port 1,
- 57 -
switch_config_epon0/1:1# epon onu port 1 ctc qos policy pmap
3.17 epon onu port ctc qos policy
Syntax
epon onu port num ctc qos policy name
no epon onu qos policy name
To set the QoS policy of the ONU UNI port, run epon onu port num ctc qos policy
name.
Parameter

name Stands for the name of QoS policy mapping.
Default value
None
Remarks
At present, the action of the policy map only supports cos and queue, which of course
depends on different ONUs.
Example
The following example shows how to apply the QoS policy map, pmap, on ONU, which
switch_config_epon0/1:1# epon onu port 1 ctc qos policy pmap
3.18 epon onu port mac access-group
Syntax
epon onu port num mac access-group name
- 58 -
no epon onu port num mac access-group name
To set the MAC access list of the ONU UNI port, run epon onu port num mac
access-group name.
Parameter

name Stands for the name of the MAC access list.
Default value
None
Remarks
Example
The following example shows how to apply the MAC access list, mac1, on port 1 of
ONU, which corresponds to the LLID port, epon0/1:1.
switch_config_epon0/1:1# epon onu port 1 mac access-group mac1
3.19 epon onu port ip access-group
Syntax
epon onu port num ip access-group name
no epon onu port num ip access-group name
To set the IP access list of the ONU UNI port, run epon onu port num ip
access-group name.
Parameter

name Stands for the name of the MAC access list.
- 59 -
Default value
None
Remarks
Example
The following example shows how to apply the IP access list, p1, on port 1 of ONU,
switch_config_epon0/1:1# epon onu port 1 ip access-group p1
3.20 epon onu serial serial-attribute
Syntax
epon onu serial num serial-attribute {speed speed-value | databits databits-value

| stopbits stopbits-value | parity {none | odd | even | space | mark} | flow-control
{none | software | hardware} | bus-type { RS232 | RS485} | duplex {half | full}}
no epon onu serial num serial-attribute [speed | databits | stopbits | parity |

flow-control | bus-type | duplex]
To set the attributes of a serial interface of ONU, run the first one of the previous two
commands.
Parameter
num Stands for the number of the serial interface of ONU.

speed-value Stands for the rate of the serial interface.
databits-value Stands for the data bit.
stopbits-value Stands for the stop bit.
none | odd | even | Stands for the check mode.

space | mark
none: means there is no check.
odd: means it is the odd check.
even: means it is the even check.
space: means it is the space check (0 check).
- 60 -
mark: means it is the mark check (1 check).
software | hardware Stands for the flow control mode.
software: means it is the software-based flow control mode.
hardware: means it is the hardware-based flow control mode.
RS232 | RS485 Stands for the mode of the serial interface.
RS232: Stands for the 232 mode of the serial interface.
RS485: Stands for the 485 mode of the serial interface.
half | full Duplex mode
half: half duplex
full: full duplex
Default value
Speed: 9600
databits: 8
stopbits: 1
parity: none (no check)
flow-control: none (no flow control)
bus-type: RS485
duplex: half
Remarks
Example
The following example shows how to set the speed to 115200, databits to 7, stopbits to
1, parity to odd, flow control to hardware, bus type to RS232 and duplex to half for
serial interface 1 of ONU, which corresponds to the LLID port, epon0/1:1.
switch_config_epon0/1:1# epon onu serial 1 serial-attribute speed 115200 databits

7 stopbits 1 parity odd flow-control hardware bus-type RS232 duplex half
- 61 -
3.21 epon onu serial serial-buffer
Syntax
epon onu serial num serial-buffer {read-interval time | read-bytes bytes}
no epon onu serial num serial-buffer [read-interval | read-bytes]
To set the buffer of the serial interface of ONU, run the first one of the previous two
commands.
Parameter

time Stands for the maximum read time of the buffer.
bytes Stands for the maximum bytes of the buffer.
Default value
read-interval：
read-bytes：
Remarks
Example
The following example shows how to set the maximum read time of the buffer of serial
interface 1, which corresponds to the LLID port, epon0/1:1, to 50ms.
switch_config_epon0/1:1# epon onu serial 1 serial-buffer read-interval 50

read-bytes 1000
- 62 -
3.22 epon onu serial serial-keepalive
Syntax
epon onu serial num serial-keepalive idle idle-value timeout timeout-value count
count-value
no epon onu serial num serial-keepalive
To set the keepalive function of the serial interface of ONU, run the first one of the
previous two commands.
Parameter
idle-value Stands for the idle time.
timeout-value Stands for the timeout time of the keepalive packets.
count-value Stands for the transmission times of the keepalive packets.
Default value
There is no the keepalive function.
Remarks
Example
The following example shows how to enable keepalive function of serial interface 1,
that is, the idle time is set to 5000ms, the timeout time to 2000ms and the transmission
times to 3.
switch_config_epon0/1:1# epon onu serial 1 serial-keepalive idle 5000 timeout 2000

count 3
3.23 epon onu serial loopback detect
Syntax
epon onu serial serial-num loopback detect
- 63 -
no epon onu serial serial-num loopback detect
To configure loopback detection for an ONU serial interface, run epon onu serial
serial-num loopback detect.
Parameter
serial-num ID of ONU serial interface
Default value
There is no loopback detection.
Remarks
This command is configured in LLID port configuration mode.
Example
The following example shows how to enable loopback detection of serial interface 1.
switch_config_epon0/1:1# epon onu serial 1 loopback detect
3.24 show epon onu {port | serial} statistics
Syntax
show epon interface interface-id onu {port | serial} num statistics
To display packet statistics on the ONU port, run the previous command.
Parameter

num ID of the ONU interface or the serial interface
Default value
None
- 64 -
Remarks
This command is used to show the transmission and reception of packets on the ONU
port.
Example
The following example shows how to show the transmission and reception of packets
on ONU UNI port 1 which corresponds to the LLID port, epon0/1:1.
switch#show epon interface epon 0/1:1 onu port 1 statistics

In Good Octets :0
In Bad Octets :0
In Broadcasts Frames :0
In Multicasts Frames :0
In Unicasts Frames :0
In Pause Frame :0
In MAC Received Error Frames :0
In FCS Error Frames :0
Undersize Frames :0
Fragments Frames :0
Oversize Frames :0
Jabber Frames :0
Out Octets :0
Out Broadcasts Frames :0
Out Multicasts Frames :0
Out Unicasts Frames :0
Out Pause Frames :0
Out FCS Error Frames :0
Deferred Frames :0
Excessive Frames :0
Single Collision Frames :0
Multiple Collision Frames :0
Late Frames :0
Collisions Frames :0
Rx/Tx 64 Octets :0
Rx/Tx 65-127 Octets :0
Rx/Tx 1024-Max Octets :0
3.25 show epon onu {port | serial} state
Syntax
show epon interface interface-id onu {port | serial} port-num state
To display port configuration and state, run the previous command.
- 65 -
Parameter
port-num ID of the ONU interface or the serial interface
Default value
None
Remarks
This command is used to display the link state of the ONU UNI port.
Example
The following example shows how to display the state of ONU UNI port 1, which
switch#show epon interface epon 0/1:1 onu port 1 state

Hardware state is Link-Down
Admin state is Up
Flow-Control is Disable
Duplex is Auto-Duplex
Speed is Auto-Speed
Storm-Control is Disable
3.26 show epon onu port ctc vlan
Syntax
show epon interface interface-id onu port port-num ctc vlan
To display VLAN configuration and state of the UNI port, run the previous command.
Parameter
port-num ID of the ONU interface or the serial interface
Default value
None
- 66 -
Remarks
This command is used to display VLAN settings and its state on the ONU UNI port.
Example
The following example shows how to display the VLAN state of ONU UNI port 1, which
Switch#show epon interface e0/1:1 onu port 1 ctc vlan
Interface : E0/1:1
UNI :1
VLAN mode : translate
Default VLAN ID : 3
TPID : 0x0
Translation table
Old VLAN ID Old TPID New VLAN ID New TPID
----------- -------- ----------- --------
- 67 -

PDF

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

PDF

Caricato da

Copyright:

Formati disponibili

Basic Configuration Commands

3.1.13 show snmp ............................................................................................................................................ 56

6.1 The link scan command....................................................................................................................................... 90

Chapter 1 System Management Commands

rom Updates bootrom for the switch.

ip_addr Specifies the IP address of tftp srever. If not specified, the

monitor#copy tftp:switch.bin flash:switch.bin 192.2.2.1

file-name Specifies the filename (maximum 20 characters)

file-name Specifies the filename (maximum 20 characters)

mask IP network mask

monitor#ip address 192.168.1.1 255.255.255.0

gw_ip_addr Default gateway address

monitor#ip route default 192.168.1.3

1.1.6 show configuration

file-name Specifies the name of a file (maximum 20 characters)

1.2.1 boot flash

filename The specified file name.

monitor#boot flash switch.bin

directory Name of the directory. (maximum 20 characters)

mem_addr Memory address in Hex format. Range is from 0 to 0x01FFFF00

value Memory data in Hex format

This is a debugging command which is not recommended for user to use.

directory Name of directory (maximum 20 characters)

To set a directory, use the md command

to display the current directory, use the pwd command

directory Name of the directory( maximum 20 characters)

old_file_name The original filename.

new_file_name The new filename.

[no] history [ + <count> | - <count> | clear]

+ <count> To display the count<1-20> historial command from the

- <count> To display the count<1-20> historial command from the end to

Random command mode

1.2.13 boot system flash

It is the specified filename, which contains no more than 20

Global configuration mode

config#boot system flash switch.bin

The command is used to display the help system of the switch.

+ <count> Displays the count<1-20> historial command from the beginning

Abandom command mode

1.2.16 show alias

alias name The alias of the command

Display all aliases according the format “alias name=command line”.

Management mode or configuration mode

1.2.17 show job

paramter Displays the parameters of the job.

Management mode or configuration mode

First: first time to fire

1.2.18 show break

The command is only used for debugging.

1.2.19 show memory

Memory address in hex, which ranges from 0 to 0x01FFFF00

1.3 HTTP Configuration Command

1.3.1 ip http access-class

ip http access-class string

string The designated standard access list whose range is N/A.

Global configuration mode

switch_config# ip access-list standard http-acl

1.3.2 ip http port

ip http port number

number The service port number, ranging from 1 to 65535

The default HTTP service port number of the browser is 80.

Global configuration mode

1.3.3 ip http server