Manuals / Accton Technology / Computer Equipment / Switch

Accton Technology 24/48-Port manual IPv6 ACLs, Access-list ipv6, IPv6 ACL Commands Function Mode

Models: ES4524D 24/48-Port ES4548D

1 588

Download 588 pages 58.05 Kb

Page 395

Image 395

IPv6 ACLs 44

IPv6 ACLs

The commands in this section configure ACLs based on IPv6 addresses, next header type, and flow label. To configure IPv6 ACLs, first create an access list containing the required permit or deny rules, and then bind the access list to one or more ports

Table 44-3 IPv6 ACL Commands

Command	Function	Mode	Page

access-list ipv6	Creates an IPv6 ACL and enters configuration mode for	GC	44-7
	standard or extended IPv6 ACLs
permit, deny	Filters packets matching a specified source IPv6 address	IPv6-	44-8
		STD-ACL
permit, deny	Filters packets meeting the specified criteria, including	IPv6-	44-9
	destination IPv6 address, next header type, and flow label	EXT-ACL
show ipv6 access-list	Displays the rules for configured IPv6 ACLs	PE	44-10

ipv6 access-group	Adds a port to an IPv6 ACL	IC	44-11

show ipv6 access-group	Shows port assignments for IPv6 ACLs	PE	44-11

access-list ipv6

This command adds an IP access list and enters configuration mode for standard or extended IPv6 ACLs. Use the no form to remove the specified ACL.

Syntax

[no] access-list ipv6 {standard extended} acl_name

•standard – Specifies an ACL that filters packets based on the source IP address.

•extended – Specifies an ACL that filters packets based on the destination IP address, and other more specific criteria.

•acl_name – Name of the ACL. (Maximum length: 16 characters)

Default Setting

None

Command Mode

Global Configuration

Command Usage

•When you create a new ACL or enter configuration mode for an existing ACL, use the permit or deny command to add new rules to the bottom of the list. To create an ACL, you must add at least one rule to the list.

•To remove a rule, use the no permit or no deny command followed by the exact text of a previously configured rule.

•An ACL can contain up to 96 rules.

44-7

Page 395

Image 395

Accton Technology 24/48-Port, ES4548D, ES4524D manual IPv6 ACLs, Access-list ipv6, IPv6 ACL Commands Function Mode

Contents

Powered by Accton Page ES4524D Gigabit Ethernet Switch ES4524D ES4548D F0.0.0.4 E112006-CS-R01 149100030400A Contents Setting the System Clock 10-1 Vii Access Control Lists 15-1Viii Vlan Configuration 23-1Multicast Filtering 28-1 File Management Commands 35-1 Smtp Alert Commands 38-1 Xii 802.1X Port Authentication 43-1Xiii Access Control List Commands 44-1Xiv Address Table Commands 50-1Private Vlan Commands 53-1 Xvi Quality of Service Commands 56-1Xvii IPv4 Interface Commands 59-1Xviii Xix TablesPage Xxi Xxii Xxiii FiguresXxiv Figures IP Filter 12-14 Port Security 13-2Xxv FiguresXxvi Section I Getting Started Getting Started Introduction Key FeaturesKey Features Feature DescriptionIntroduction Description of Software FeaturesDescription of Software Features Introduction Description of Software Features Password super System DefaultsSystem Defaults Function Parameter DefaultSnmp View defaultviewSystem Log Status Enabled Messages Logged System Defaults Function ParameterTraffic Prioritization Ingress Port Priority Queue Mode Disabled Igmp Snooping Snooping EnabledConfiguration Options Initial ConfigurationConnecting to the Switch Remote Connections Required ConnectionsConsole Connection Basic ConfigurationSetting Passwords Assigning an IPv4 Address Setting an IP Address59-2 Assigning an IPv6 Address45-1 59-160-10 60-460-12 60-335-2 Obtaining an IPv4 Address59-3 59-460-2 Obtaining an IPv6 Address60-6 Enabling Snmp Management Access40-5 40-340-14 Managing System Files40-10 40-11Saving Configuration Settings Initial Configuration Section II Switch Management Page Using the Web Interface Configuring the SwitchHome Navigating the Web Browser InterfaceAction Web Page Configuration ButtonsPanel Display Apply Revert HelpIPv6 Neighbor Switch Main Menu DescriptionMain Menu System System Information12-13 11-112-8 15-117-1 Lacp23-5 Class-of-service value23-1 Current Table28-4 26-928-2 Query Multicast RouterField Attributes Basic System SettingsDisplaying System Information System Information Management Software Displaying Switch Hardware/Software VersionsCLI Specify the hostname, location and contact information Main Board34-8 Switch InformationDisplaying Bridge Extension Capabilities Displaying Bridge Extension ConfigurationCommand Attributes Configuring Support for Jumbo FramesCLI Enter the following command Command UsageCLI This example renumbers all units in the stack Resetting the SystemCLI Use the reload command to restart the switch Renumbering the StackBasic System Settings Setting the Switch’s IP Address IP Version Setting an IP AddressIPv4 Interface Configuration Manual Manual ConfigurationIPv4 Interface Configuration Dhcp Using DHCP/BOOTPConfiguring an IPv6 Address Setting the Switch’s IP Address IP Version 6 IP Address Setting the Switch’s IP Address IP Version 6 Current Address Table IPv6 Interface Configuration 60-14 Configuring an IPv6 General Network Prefix60-13 Protocol Settings IPv6 General Prefix ConfigurationCurrent Neighbor Cache Table Adding Static Neighbors IPv6 Neighbor -- Add 60-26 60-22Managing Firmware Managing System FilesCopy Firmware Downloading System Software from a Server35-7 Deleting FilesSaving or Restoring Configuration Settings Downloading Configuration Settings for Start-Up Downloading Configuration Settings from a ServerConsole#copy tftp startup-config Console Port Settings 36-4 36-136-2 36-3Telnet Settings Configuring the Telnet Interface Logging Levels Configuring Event LoggingSystem Log Configuration Error resource exhausted37-5 Remote Log Configuration37-1 37-237-4 37-337-7 Displaying Log MessagesSending Simple Mail Transfer Protocol Alerts CLI This example shows the event message stored in RAMEnabling and Configuring Smtp Alerts 38-4 38-138-2 38-3Configuring Sntp Setting the System Clock39-2 Setting the Time Zone39-1 39-3Snmp Overview Simple Network Management ProtocolUser defined Enabling the Snmp AgentSNMPv3 Security Models and Levels Level Group Read View Write View Notify View Security40-2 Setting Community Access StringsCLI The following example enables Snmp on the switch Specifying Trap Managers and Trap Types 11-5 40-7 Configuring SNMPv3 Management Access40-8 Setting a Local Engine IDSpecifying a Remote Engine ID CLI This example sets an SNMPv3 engine IDCLI This example specifies a remote SNMPv3 engine ID Configuring SNMPv3 UsersConfiguring SNMPv3 Users 40-15 Configuring Remote SNMPv3 UsersConfiguring Remote SNMPv3 Users Configuring SNMPv3 Groups Authenticated. While all implementations Topology Change Timer immediatelyAny of its configured ports transitions from That its configuration may have been alteredSupported Notification Messages 40-13 Configuring SNMPv3 GroupsConfiguring SNMPv3 Views Setting SNMPv3 Views11-17 Simple Network Management Protocol 11-18 Configuring User Accounts User Authentication41-1 Configuring Local/Remote Logon AuthenticationTACACS+ server Radius SettingsGlobal Provides globally applicable Radius settings Web TelnetAuthentication Server Settings Tacacs SettingsConfiguring Https Replacing the Default Secure-site Certificate Address server ip-address Copy Https CertificateConfiguring the Secure Shell Authenticating SSH v1.5 Clients Generating the Host Key Pair Authenticating SSH v2 Clients41-23 41-2041-21 SSH server includes basic settings for authentication Configuring the SSH Server41-19 Filtering IP Addresses for Management Access41-17 41-1841-25 41-24Configuring Port Security 42-1 Port SecurityConfiguring 802.1X Port Authentication Web Click Security, 802.1X, Information Displaying 802.1X Global Settings802.1X protocol provides port authentication CLI This example shows the default global setting for43-1 Configuring 802.1X Global SettingsConfiguring Port Settings for CLI This example enables 802.1X globally for the switchAuthorized 802.1X Port Configuration43-5 43-243-4 Parameter Description Displaying 802.1X Statistics802.1X Statistics CLI This example displays the dot1x statistics for port 802.1X Port StatisticsConfiguring 802.1X Port Authentication 14-8 Overview Access Control ListsSetting an ACL Name and Type 44-2 Configuring a Standard IPv4 ACLCLI This example creates a standard IP ACL named bill ACL Configuration Standard IPv4 Configuring an Extended IPv4 ACL15-4 44-3 ACL Configuration Extended IPv4Configuring a MAC ACL 44-13 Configuring a Standard IPv6 ACL44-8 Configuring an Extended IPv6 ACL15-9 44-9 ACL Configuration Extended IPv644-15 Binding a Port to an Access Control ListThis switch supports ACLs for ingress filtering only 44-6Access Control Lists 15-12 Field Attributes Web Port ConfigurationDisplaying Connection Status Current status ConfigurationField Attributes CLI Basic information45-8 CLI This example shows the connection status for PortConfiguring Interface Connections 45-4 45-245-6 45-3Showing Port Statistics Rmon Statistics Port StatisticsEtherlike Statistics Fragments FormedOversize Frames 16-9 45-9 CLI This example shows statistics for portCreating Trunk Groups Static Trunk Configuration Statically Configuring a Trunk46-2 Setting a Load-Balance Mode for TrunksTrunk Load Balance Mode 46-11 Enabling Lacp on Selected Ports46-3 46-4 Lacp Trunk ConfigurationDynamically Creating a Port Channel Configuring Lacp ParametersLacp Aggregation Port Lacp Port Counters Displaying Lacp Port CountersYou can display statistics for Lacp protocol messages Badly formed PDU or an illegal value of Protocol Subtype Parameter Description Marker Unknown PktsType Marker Illegal PktsField Description Displaying Lacp Settings and Status for the Local SideLacp Internal Configuration Information Lacp Port Internal Information Lacp Neighbor Configuration Information Field Description Displaying Lacp Settings and Status for the Remote Side17-14 Broadcast Storm Control Setting Broadcast Storm Thresholds45-10 47-1Configuring Port Mirroring 48-1 Mirror Port ConfigurationCommand Attribute Configuring Rate Limits49-1 Setting Static Addresses Address Table Settings50-1 Displaying the Address Table50-3 Dynamic Addresses50-4 Changing the Aging TimeCLI This example sets the aging time to 400 seconds Spanning Tree Algorithm Configuration For this Region Region RDisplaying Global Settings 22-4 STA Information Web Click Spanning Tree, STA, InformationGlobal settings apply to the entire switch Configuring Global SettingsRoot Device Configuration Basic Configuration of Global SettingsConfiguration Settings for Mstp Configuration Settings for RstpSTA Global Configuration Displaying Interface Settings 22-11 STA Port Information 51-18 Configuring Interface SettingsCLI This example shows the STA attributes for port 22-14 CLI This example sets STA attributes for port Configuring Multiple Spanning TreesMstp Vlan Configuration 51-8 Mstp Port Information Displaying Interface Settings for MstpConfiguring Interface Settings for Mstp 51-16 CLI This example sets the Mstp attributes for portAssigning Ports to VLANs Vlan Configuration23-2 Forwarding Tagged/Untagged Frames Displaying Basic Vlan Information Enabling or Disabling Gvrp Global SettingCLI This example enables Gvrp for the switch Max support Vlan numbers 256 Max support Vlan ID 4093 Command Attributes WebDisplaying Current VLANs 52-17 Command Attributes CLICreating VLANs 52-6 Adding Static Members to VLANs Vlan IndexCLI This example creates a new Vlan 52-5Vlan Static Table Adding Static Members 52-11 Adding Static Members to VLANs Port IndexConfiguring Vlan Behavior for Interfaces Vlan Port Configuration Configuring Ieee 802.1Q Tunneling QinQ Tunneling Layer 2 Flow for Packets Coming into a Tunnel Access PortLayer 2 Flow for Packets Coming into a Tunnel Uplink Port General Configuration Guidelines for QinQ Configuration Limitations for QinQ52-16 Enabling QinQ Tunneling on the SwitchCLI This example sets the switch to operate in QinQ mode 52-14Adding an Interface to a QinQ Tunnel 52-15 Tunnel Port Configuration53-1 Configuring Private VLANsCLI This example enables private VLANs Enabling Private VLANs53-2 Configuring Uplink and Downlink PortsCreate a protocol group for one or more protocols Configuring Protocol-Based VLANsConfiguring Protocol Groups 54-1 Mapping Protocols to VLANs54-2 Protocol Vlan Port ConfigurationConfiguring Protocol-Based VLANs 25-4 Setting the Default Priority for Interfaces Class of Service ConfigurationLayer 2 Queue Settings 55-3 CLI This example assigns a default priority of 5 to portPriority Level Traffic Type Mapping CoS Values to Egress QueuesMapping CoS Values to Egress Queues CoS Priority Levels55-6 Selecting the Queue Mode55-4 55-5 Setting the Service Weight for Traffic Classes55-2 Queue Scheduling 55-8 Layer 3/4 Priority SettingsMapping Layer 3/4 Priorities to CoS Values Selecting IP Precedence/DSCP PriorityMapping IP Precedence Priority Level Traffic Type Mapping IP Precedence10, 12, 14 18, 20, 22 26, 28, 30, 32, 34 38, 40 Mapping Dscp PriorityMapping Dscp Priority IP Dscp Value CoS Value 55-13 55-10IP Port Priority Status Mapping IP Port Priority55-11 Configuring Quality of Service Parameters Quality of ServiceClass map is used for matching packets to a specified class Configuring a Class MapClass Configuration Match Class SettingsConfiguring Class Maps 56-3 Creating QoS PoliciesPolicy Map 56-2Policy Options Policy ConfigurationPolicy Rule Settings Class Settings Configuring Policy Maps 56-6 Attaching a Policy Map to Ingress Queues56-4 56-5Quality of Service 27-8 Layer 2 Igmp Snooping and Query Multicast FilteringConfiguring Igmp Snooping and Query Parameters 57-6 57-157-4 57-557-9 Displaying Interfaces Attached to a Multicast Router57-8 Specifying Static Interfaces for a Multicast RouterIP Multicast Registration Table Displaying Port Members of Multicast ServicesIgmp Member Port Table Assigning Ports to Multicast Services28-8 Configuring General DNS Service Parameters Configuring Domain Name Service58-7 58-358-4 58-5Configuring Static DNS Host to Address Entries 58-6 58-1DNS Cache Displaying the DNS Cache29-6 Cluster Configuration Switch Clustering61-1 Cluster Member ConfigurationWeb Click Cluster, Configuration Adds Candidate switches to the cluster as Members61-3 Web Click Cluster, Member ConfigurationDisplays current cluster Member switch information Cluster Member Information61-5 Cluster Candidate InformationSection IIICommand Line Interface Page Telnet Connection Using the Command Line InterfaceAccessing the CLI 31-2 Keywords and Arguments Entering CommandsCommand Completion Getting Help on CommandsShowing Commands Partial Keyword Lookup Negating the Effect of CommandsUsing Command History General Command Modes Understanding Command ModesExec Commands Configuration Commands Consoleconfig-if# 45-1 Configuration Command Modes PromptKeystroke Function Command Line ProcessingKeystroke Commands Using the Command Line Interface 31-10 Command Group Index Description CLI Command Groups57-1 Class of Service55-1 Enable General CommandsExample DisableConfigure Related CommandsNormal Exec, Privileged Exec Show historySyntax Prompt string no prompt PromptEnd ExitQuit This command exits the configuration programThis example shows how to quit a CLI session General Commands 33-6 Syntax Hostname name no hostname System Management CommandsSystem Management Commands Function Mode HostnameReload Switch renumberSyntax Switch all renumber Default Setting Show ipv6 mtu Show startup-configSyntax No jumbo frame Default Setting Jumbo frame34-4 Show running-config34-5 Show running-configShow startup-config34-3 Show users This command displays system informationShow system Show version 34-9 System Management Commands 34-10 Managing Firmware File Management CommandsSaving or Restoring Configuration Settings Flash/File Commands Function ModeCopy 35-3 Delete unit filename This command deletes a file or imageDelete SyntaxDir Delete public-key41-20 This command displays a list of files in flash memorySyntax Dir unit boot-rom config opcode filename DirColumn Heading Description WhichbootSyntax whichboot unit File Directory InformationDir 35-5 whichboot Boot systemSyntax Boot system unit boot-romconfig opcode filename File Management Commands 35-8 Syntax Line console vty Line CommandsLine Commands Function Mode LineSyntax Login local no login LoginNo password is specified PasswordUsername 41-1 password Syntax Password 0 7 password no passwordSyntax Exec-timeout seconds no exec-timeout Timeout login responseExec-timeout Default value is three attempts Password-threshCLI No timeout Telnet 10 minutes Syntax Password-thresh threshold no password-threshSyntax Databits 7 8 no databits Silent-timeDatabits Syntax Silent-time seconds no silent-timeSyntax Parity none even odd no parity ParitySyntax Stopbits 1 SpeedStopbits Syntax Speed bps no speedSyntax Show line console vty DisconnectShow line Syntax Disconnect session-idTo show all lines, enter this command Logging on Event Logging CommandsEvent Logging Commands Function Mode Syntax No logging on Default SettingLogging history 37-2 logging trap 37-4 clear log Flash errors level 3 RAM warnings level 7Logging history Syntax No logging host hostipaddress Default Setting Command ModeLogging host Logging facilitySyntax Logging trap level no logging trap Disabled Level 7Logging trap Syntax Show logging flash ram sendmail trap Clear logShow logging Syntax Clear log flash ramShow logging trap display description Logging facility commandShow logging flash/ram display description Following example shows the event message stored in RAM Show logSyntax Show log flash ram Event Logging Commands 37-8 38-4 Smtp Alert CommandsSmtp Alert Commands Function Mode Logging sendmail hostSyntax Logging sendmail source-email email-address Logging sendmail levelLogging sendmail source-email Syntax Logging sendmail level levelSyntax No logging sendmail destination-email email-address Syntax No logging sendmail Default SettingLogging sendmail destination-email Logging sendmailShow logging sendmail Sntp client Time CommandsTime Commands Function Mode Syntax No sntp client Default SettingSyntax Sntp server ip1 ip2 ip3 Sntp serverSntp server 39-2 sntp poll 39-3 show sntp Syntax Sntp poll seconds no sntp poll Sntp pollShow sntp Sntp client 39-1 sntp poll 39-3 show sntpClock timezone Calendar set hour min sec day month year month day year This command displays the system clockCalendar set Show calendarTime Commands 39-6 Snmp Commands Function Mode Snmp CommandsShow snmp Syntax No snmp-server Default SettingSnmp-server Snmp-server community Syntax Snmp-server location text no snmp-server location Snmp-server contactSnmp-server location Syntax Snmp-server contact string no snmp-server contactHost Address None Notification Type Traps Snmp-server hostSnmp Version UDP Port Issue authentication and link-up-down traps Snmp-server enable trapsSnmp-server enable traps Snmp-server engine-id Show snmp engine-id This command shows the Snmp engine IDThis example shows the default engine ID This view includes MIB-2 Defaultview includes access to the entire MIB treeSnmp-server view ExamplesShow snmp view display description This command shows information on the Snmp viewsShow snmp view Snmp-server group40-12 Field Description Groupname Name of an Snmp group Show snmp groupShow snmp group display description Snmp-server user Show snmp user This command shows information on Snmp usersShow snmp user display description User Access Commands Function Mode User Authentication CommandsUser Account Commands Authentication Commands Command Group FunctionGuest Admin Enable passwordDefault Login Settings Username Access-level Password Authentication Sequence Commands Function Mode Authentication SequenceAuthentication login Local Authentication enableTacacs Use Tacacs server password Username for setting the local user names and passwords41-8 Radius Client Commands Function ModeShow radius-server Shows the current Radius settings 41-8 Radius ClientRadius-server port Default Setting Auth-portRetransmit Command Mode Radius-server hostSyntax Radius-server key keystring no radius-server key Radius-server keyRadius-server retransmit Show radius-server Radius-server timeoutTacacs-server port TACACS+ Client Commands Function ModeTACACS+ Client Tacacs-server hostSyntax Tacacs-server key keystring no tacacs-server key Tacacs-server keyShow tacacs-server Ip http server Web Server CommandsIp http port Ip http port Syntax No ip http secure-server Default SettingIp http secure-server Portnumber The UDP port used for HTTPS. Range Ip http secure-portIp http secure-port41-13copy tftp https-certificate Ip telnet server Telnet Server CommandsTelnet Server Commands Function Mode Sets the SSH server key size 41-19 Copy tftp public-key Secure Shell Commands10 Secure Shell Commands Function Mode Configuration Guidelines41-16 Ip ssh server Syntax No ip ssh server Default SettingIp ssh crypto host-key generate 41-20 show ssh Ip ssh timeoutSyntax Ip ssh timeout seconds no ip ssh timeout Exec-timeout36-4 show ip sshBits Ip ssh authentication-retriesIp ssh server-key size Key-size- The size of server key. Range 512-896 bitsSyntax Ip ssh crypto host-key generate dsa rsa Delete public-keyIp ssh crypto host-key generate Syntax Delete public-key username dsa rsaSyntax Ip ssh save host-key dsa rsa Ip ssh crypto zeroizeIp ssh save host-key Syntax Ip ssh crypto zeroize dsa rsaIp ssh crypto host-key generate This command displays the current SSH server connectionsShow ip ssh Show sshSyntax Show public-key user username host Show public-keyTerminology 41-25 IP Filter Commands12 IP Filter Commands Function Mode ManagementShow management 41-26 Max-mac-count Port Security CommandsPort Security Commands Function Mode Port securityShutdown 45-6mac-address-table static Dot1x system-auth-control 802.1X Port Authentication802.1X Port Authentication Commands Function Mode Syntax No dot1x system-auth-control Default SettingDot1x port-control Dot1x defaultDefault Command Mode Dot1x max-reqSingle-host Dot1x operation-modeForce-authorized Syntax No dot1x re-authentication Command Mode Dot1x re-authenticateDot1x re-authentication Syntax Dot1x re-authenticate interfaceSeconds The number of seconds. Range Dot1x timeout quiet-periodDot1x timeout re-authperiod Dot1x timeout re-authperiod43-5Statistics Displays dot1x status for each port Interface Dot1x timeout tx-periodShow dot1x Syntax Show dot1x statistics interface interfaceBackend State Machine Authenticator State MachineState- Current state including initialize, reauthenticate Reauthentication State MachineIPv4 ACLs Access Control List CommandsAccess Control List Commands Command Groups Function IPv4 ACL Commands Function ModeSyntax No permit deny any source bitmask host source Access-list ipSyntax No access-list ip standard extended aclname Permit, deny Ip access-group44-6 show ip access-list44-5No permit deny tcp Access-list ipStandard IPv4 ACL Extended IPv4 ACL Permit, deny Ip access-group44-6 Show ip access-listThis command displays the rules for configured IPv4 ACLs Syntax Show ip access-list standard extended aclnameShow ip access-list44-5 Ip access-groupShow ip access-group Syntax No ip access-group aclnameIPv6 ACLs Access-list ipv6IPv6 ACL Commands Function Mode Syntax No access-list ipv6 standard extended aclnameNew rules are appended to the end of the list Access-list ipv6Standard IPv6 ACL Extended IPv6 ACL Syntax No permit denyAny destination-ipv6-address/prefix-length Next-header next-header dscp dscp flow-label flow-labelThis command displays the rules for configured IPv6 ACLs Show ipv6 access-listSyntax No ipv6 access-group aclname Ipv6 access-groupShow ipv6 access-group MAC ACLs Access-list macMAC ACL Commands Function Mode Syntax No access-list mac aclnameNo permit deny tagged-802.3 Permit, deny MAC ACLNo permit deny tagged-eth2 No permit deny untagged-eth2Syntax Show mac access-list aclname Show mac access-listThis command displays the rules for configured MAC ACLs Syntax Mac access-group aclname Mac access-groupShow mac access-group ACL Information Show access-listShow access-group ACL Information Commands Function Mode44-17 Access Control List Commands 44-18 Port-channel channel-idRange Interface CommandsInterface Commands Function Mode InterfaceSyntax Description string no description DescriptionSpeed-duplex Negotiation 45-3 capabilities Syntax No negotiation Default SettingNegotiation Capabilities 45-4speed-duplex45-2 Following example configures port 11 to use autonegotiationCapabilities Negotiation 45-3speed-duplex45-2 flowcontrol Syntax No flowcontrol Default SettingFollowing example enables flow control on port FlowcontrolShutdown Syntax Media-type mode no media-typeSyntax No shutdown Default Setting Media-typeSyntax Clear counters interface Port-channel channel-idRange Default SettingClear counters Shows the status for all interfaces This command displays the status for an interfaceShow interfaces status Syntax Show interfaces status interfaceShows the counters for all interfaces This command displays interface statisticsShow interfaces counters Syntax Show interfaces counters interfaceShow interfaces switchport display description Show interfaces switchportSyntax Show interfaces switchport interface Indicates tagged Indicates membership mode as Trunk or HybridIndicates the default priority for untagged frames Allowed VlanInterface Commands 45-12 Guidelines for Creating Trunks Link Aggregation CommandsLink Aggregation Commands Syntax Channel-group channel-idno channel-group Channel-groupDynamically Creating a Port Channel Src-dst-ip Port channel load-balanceLacp Syntax No lacp Default Setting32768 Lacp system-priorityLacp admin-keyEthernet Interface Interface Configuration Port Channel Lacp admin-key Port ChannelSyntax Lacp admin-key key no lacp admin-key Show lacp This command displays Lacp informationLacp port-priority LACPDUs Illegal Pkts Port Channel allShow lacp counters display description TypeShow lacp neighbors display description Show lacp internal display descriptionShow lacp sysid display description Show port-channel load-balance46-12 Enabled for all ports Packet-rate limit 500 pps Broadcast Storm Control CommandsSwitchport broadcast packet-rate Broadcast Storm Control Commands Function ModeBroadcast Storm Control Commands 47-2 Port monitor Mirror Port CommandsMirror Port Commands Function Mode Interface Configuration Ethernet, destination portSyntax Show port monitor interface This command displays mirror informationFollowing shows mirroring configured from port 6 to port Show port monitorGigabit Ethernet 1000 Mbps Rate Limit CommandsRate Limit Commands Function Mode Rate-limitRate Limit Commands 49-2 Action Address Table CommandsAddress Table Commands Function Mode Mac-address-table staticClear mac-address-table dynamic Show ipv6 neighbors Show mac-address-tableMac-address- MAC address Mask Bits to match in the address Show mac-address-table aging-time Mac-address-table aging-timeSpanning Tree Commands Function Mode Spanning Tree CommandsSpanning-tree Spanning-tree modeSyntax No spanning-tree Default Setting Spanning tree is enabledSpanning-tree forward-time Spanning-tree forward-timeSpanning-tree forward-time 51-3spanning-tree max-age Spanning-tree hello-timeSpanning-tree forward-time 51-3spanning-tree hello-time Spanning-tree max-ageSpanning-tree priority Long method Spanning-tree pathcost methodCount The transmission limit in seconds. Range Spanning-tree mst-configurationThis command limits the maximum transmission rate for BPDUs Spanning-tree transmission-limitNo mst instanceid vlan vlan-range MST ConfigurationMst vlan Syntax Name name Mst priorityName Mst instanceid priority priority no mst instanceid priorityName RevisionSyntax Revision number Number Revision number of the spanning tree. RangeMax-hops Spanning-tree spanning-disabledSyntax No spanning-tree spanning-disabled Default Setting This example disables the spanning tree algorithm for portSyntax Spanning-tree cost cost no spanning-tree cost Spanning-tree costPriority The priority for a port. Range 0-240, in steps Syntax No spanning-tree edge-port Default SettingSpanning-tree port-priority Spanning-tree edge-portSpanning-tree portfast Syntax No spanning-tree portfast Default SettingSpanning-treeedge-port51-13 Spanning-tree link-typeSpanning-tree mst port-priority51-17 Spanning-tree mst costSyntax Spanning-tree protocol-migration interface Spanning-tree mst port-prioritySpanning-tree protocol-migration Syntax Show spanning-tree interface mst instanceid Show spanning-tree51-19 Show spanning-tree mst configuration Gvrp and Bridge Extension Commands Function Mode Vlan CommandsGvrp and Bridge Extension Commands Vlan Commands Command Groups FunctionShow bridge-ext Syntax No bridge-ext gvrp Default SettingBridge-ext gvrp Syntax Show gvrp configuration interface Switchport gvrpShow gvrp configuration Syntax No switchport gvrp Default SettingGarp timer Editing Vlan Groups Show garp timerSyntax Show garp timer interface Commands for Editing Vlan Groups Function ModeShow vlan By default only Vlan 1 exists and is activeVlan Database Configuration VlanInterface vlan Configuring Vlan InterfacesCommands for Configuring Vlan Interfaces Function Mode Interface vlanSwitchport acceptable-frame-types52-9 Switchport modeSyntax Switchport mode hybrid trunk no switchport mode All ports are in hybrid mode with the Pvid set to VlanSyntax No switchport ingress-filtering Default Setting Switchport acceptable-frame-typesSwitchport ingress-filtering Switchport modeSwitchport native vlan Switchport allowed vlan No VLANs are included in the forbidden list Switchport forbidden vlan52-14 Ieee 802.1Q Tunneling Commands Function ModeGeneral Configuration Guidelines for QinQ Dot1q-tunnelShow dot1q-tunnel52-16 Show interfaces switchport Syntax No dot1q-tunnel system-tunnel-control Default Setting0x8100 Switchport dot1q-tunnel tpidDisplaying Vlan Information Commands for Displaying Vlan Information Function ModeSyntax Show vlan id vlan-idname vlan-name This command shows Vlan informationFollowing example shows how to display information for Vlan Show vlanVlan Commands 52-18 No private VLANs are defined Private Vlan CommandsPrivate Vlan Commands Function Mode PvlanShow pvlan This command displays the configured private Vlan54-4 Protocol-based Vlan CommandsProtocol-vlan protocol-group Configuring Groups Protocol-based Vlan Commands Function ModeNo protocol groups are mapped for any interface Protocol-vlan protocol-group ConfiguringNo protocol groups are configured Group-id- Group identifier for a protocol group. Range This shows protocol group 1 configured for IP over EthernetShow protocol-vlan protocol-group Syntax Show protocol-vlan protocol-group group-idMapping for all interfaces is displayed Show interfaces protocol-vlan protocol-groupPriority Commands Layer Function Mode Class of Service CommandsPriority Commands Layer Priority Commands Command Groups FunctionQueue bandwidth 55-4 show queue mode Queue modeSyntax Queue mode strict wrr no queue mode Weighted Round RobinSwitchport priority default Queue cos-mapqueueid cos1 ... cosn no queue cos-map Queue bandwidth weight1...weight4 no queue bandwidthQueue bandwidth Queue cos-mapShow queue cos-map55-6 Show queue modeDefault CoS Priority Levels This command shows the current queue modeSyntax Show queue cos-map interface This command shows the class of service priority mapShow queue bandwidth Show queue cos-mapSyntax No map ip port Default Setting Priority Commands Layer 3Priority Commands Layer 3 Function Mode Syntax No map ip precedence Default Setting Following example shows how to map Http traffic to CoS valueList below shows the default priority mapping Map ip precedence Interface ConfigurationMap ip dscp dscp-value cos cos-value no map ip dscp Syntax No map ip dscp Default SettingSyntax Show map ip port interface This command shows the IP port priority mapShow map ip port Mapping IP Dscp to CoS Values IP Dscp ValueSyntax Show map ip precedence interface This command shows the IP precedence priority mapShow map ip precedence Syntax Show map ip dscp interface This command shows the IP Dscp priority mapShow map ip dscp 55-14 Quality of Service Commands Function Mode Quality of Service CommandsShow class map Class-mapSyntax No class-map class-map-namematch-any Match Class Map ConfigurationNo class class-map-name Policy-mapClass No policy-mappolicy-map-nameSet Policy Map ConfigurationDrop out-of-profile packets Policy Map Class ConfigurationPolice Syntax No police rate-kbpsburst-byteexceed-action drop setNo policy map is attached to an interface Service-policySyntax No service-policy input policy-map-name Show policy-mappolicy-map-name class class-map-name Show class-mapShow policy-map Syntax Show class-map class-map-nameSyntax Show policy-map interface interface input Port-channel channel-idRange Command ModeShow policy-map interface Quality of Service Commands 56-10 Ip igmp snooping Multicast Filtering CommandsIgmp Snooping Commands Igmp Version Ip igmp snooping vlan staticIp igmp snooping version Show mac-address-table multicast Show ip igmp snoopingIp igmp snooping querier Igmp Query CommandsIgmp Query Commands Function Mode Syntax No ip igmp snooping querier Default SettingTimes Following shows how to configure the query count toIp igmp snooping query-count Ip igmp snooping query-intervalIp igmp snooping query-max-response-time Seconds The report delay advertised in Igmp queries. RangeIp igmp snooping router-port-expire-time Switch must use IGMPv2 for this command to take effectIp igmp snooping vlan mrouter Static Multicast Routing CommandsStatic Multicast Routing Commands Function Mode No static multicast router ports are configuredShow ip igmp snooping mrouter Displays multicast router ports for all configured VLANsMulticast Filtering Commands 57-10 No ip host name address1 address2 … address8 Domain Name Service CommandsDNS Commands Function Mode Ip hostSyntax Clear host name This command deletes entries from the DNS tableClear host This example maps two address to a host nameIp domain-list58-3 ip name-server58-4 ip domain-lookup58-5 Ip domain-nameIp domain-list Syntax Ip domain-name name no ip domain-nameServer-address1- IP address of domain-name server Ip name-serverIp domain-name58-3 Ip domain-name58-3 ip domain-lookup58-5 Syntax No ip domain-lookup Default SettingIp domain-lookup Ip domain-name58-3 ip name-server58-4 Show hostsShow dns cache display description Show dnsShow dns cache Clear dns cache This command clears all entries in the DNS cacheIp address IPv4 Interface CommandsIPv4 Configuration Commands Function Mode Ip dhcp restart 59-3 ipv6 address Ip default-gatewaySyntax Ip default-gateway gateway no ip default-gateway Gateway IP address of the default gatewayIp dhcp restart Following example defines a default gateway for this deviceShow ip redirects 59-4 ipv6 default-gateway60-12 This command submits an IPv4 Bootp or Dhcp client requestShow ip redirects This command displays the settings of an IPv4 interfaceIp default-gateway59-2 Show ipv6 default-gateway60-12 Show ip interfaceInterface 45-1 ping ipv6 This command has no default for the hostPing Syntax Ping host count countsize size59 IPv4 Interface Commands 59-6 IPv6 Configuration Commands IPv6 Interface CommandsIpv6 address link-local60-9 show ipv6 interface Ipv6 enableSyntax No ipv6 enable Default Setting IPv6 is disabledShow ipv6 general-prefix60-4 Ipv6 general-prefixNo general prefix is defined No IPv6 addresses are defined This command displays all configured IPv6 general prefixesShow ipv6 general-prefix Ipv6 address60-5 Syntax No ipv6 address autoconfig Default Setting Ipv6 address autoconfigIpv6 address Show ipv6 interface Ipv6 address eui-64Ipv6 address autoconfig 60-6 show ipv6 interface Ipv6 address link-local Show ipv6 interface display description Field Ipv6 enable Show ipv6 interfaceShow ipv6 interface Maximum transmission unit for this interface Show ipv6 interface display descriptionFF022, and solicited nodes FF021FFXXXXXX as described below Appending those bits to the prefixSyntax Ipv6 default-gateway ipv6-addressno ipv6 address Ipv6 default-gatewayShow ipv6 default-gateway Syntax Ipv6 mtu size no ipv6 mtu Ipv6 mtuShow ipv6 mtu display description Show ipv6 mtuShow ipv6 traffic Following example shows the MTU cache for this device60-15 Ipv6 rcvd Rcvd total Received in errorFormat errors Errors discovered in processing their IPv6 options, etcIpv6 sent Show ipv6 traffic display descriptionProhibited messages received by the interface Checksum errorsIpv6 icmp input Input Input interface for the messagesIpv6 icmp output Clear ipv6 traffic Ping ipv6 Repeat 5 timeout 2 secondsIpv6 neighbor Syntax Ipv6 nd dad attempts count no ipv6 nd dad attempts Ipv6 nd dad attemptsShow ipv6 neighbors 60-26mac-address-table static Ipv6 nd ns interval 60-25 show ipv6 neighbors Milliseconds is used for neighbor discovery operations Ipv6 nd ns intervalShow ipv6 neighbors display description Field Description Show ipv6 neighborsSyntax Show ipv6 neighbors vlan vlan-id ipv6-address Show ipv6 neighbors display description Clear ipv6 neighbors60 IPv6 Interface Commands 60-28 Cluster Switch Cluster CommandsSwitch Cluster Commands Function Mode Syntax No cluster Default SettingSyntax Cluster ip-pool ip-addressno cluster ip-pool Cluster commanderSyntax No cluster commander Default Setting Cluster ip-poolNo Members Cluster memberThis command shows the switch clustering configuration RcommandSyntax Rcommand id member-id Member-id- The ID number of the Member switch. RangeShow cluster candidates This command shows the current switch cluster membersShow cluster members Switch Cluster Commands 61-6 Section IVAppendices Appendices Software Features Appendix a Software SpecificationsIcmp RFC Igmp RFC Management FeaturesGroups 1, 2, 3, 9 Statistics, History, Alarm, Event StandardsManagement Information Bases a Management Information BasesSoftware Specifications Symptom Action Appendix B TroubleshootingProblems Accessing the Management Interface Table B-1 Troubleshooting ChartUsing System Logs Glossary Access Control List ACLSee Generic Attribute Registration Protocol Extended Universal Identifier EUIDefines frame extensions for Vlan tagging Ieee 802.1QSee Port Trunk IP PrecedenceSee Ieee Port MirroringTCP/IP protocol commonly used for software downloads Secure Shell SSHUser Datagram Protocol UDP Glossary Glossary-8 Numerics IndexIndex-2 Index-3 Index-4 Page ES4524D ES4548D E112006-CS-R01 149100030400A

IPv6 ACLs

Table 44-3 IPv6 ACL Commands

Function

Mode

STD-ACL

EXT-ACL