Permit, deny MAC ACL | Accton Technology 24/48-Port, ES4548D

MAC ACLs 44

• An ACL can contain up to 32 rules.

Example

Console(config)#access-list mac jerry

Console(config-mac-acl)#

Related Commands

permit, deny (44-13)

mac access-group(44-15) show mac access-list(44-14)

permit, deny (MAC ACL)

This command adds a rule to a MAC ACL. The rule filters packets matching a specified MAC source or destination address (i.e., physical layer address), or Ethernet protocol type. Use the no form to remove a rule.

Syntax

[no] {permit deny}

{any host source source address-bitmask}

{any host destination destination address-bitmask}

[vid vid vid-bitmask] [ethertype protocol [protocol-bitmask]]

Note:- The default is for Ethernet II packets.

[no] {permit deny} tagged-eth2

{any host source source address-bitmask}

{any host destination destination address-bitmask}

[vid vid vid-bitmask] [ethertype protocol [protocol-bitmask]]

[no] {permit deny} untagged-eth2

{any host source source address-bitmask}

{any host destination destination address-bitmask} [ethertype protocol [protocol-bitmask]]

[no] {permit deny} tagged-802.3

{any host source source address-bitmask}

{any host destination destination address-bitmask} [vid vid vid-bitmask]

[no] {permit deny} untagged-802.3

{any host source source address-bitmask}

{any host destination destination address-bitmask}

•tagged-eth2– Tagged Ethernet II packets.

•untagged-eth2– Untagged Ethernet II packets.

•tagged-802.3– Tagged Ethernet 802.3 packets.

•untagged-802.3– Untagged Ethernet 802.3 packets.

•any – Any MAC source or destination address.

•host – A specific MAC address.

44-13

Image 401

Accton Technology 24/48-Port, ES4548D manual Permit, deny MAC ACL, No permit deny tagged-eth2, No permit deny untagged-eth2

Contents

Powered by Accton Page ES4524D Gigabit Ethernet Switch ES4524D ES4548D F0.0.0.4 E112006-CS-R01 149100030400A Contents Setting the System Clock 10-1 Vii Access Control Lists 15-1 Viii Vlan Configuration 23-1 Multicast Filtering 28-1 File Management Commands 35-1 Smtp Alert Commands 38-1 Xii 802.1X Port Authentication 43-1 Xiii Access Control List Commands 44-1 Xiv Address Table Commands 50-1 Private Vlan Commands 53-1 Xvi Quality of Service Commands 56-1 Xvii IPv4 Interface Commands 59-1 Xviii Xix TablesPage Xxi Xxii Xxiii Figures Xxiv Figures IP Filter 12-14 Port Security 13-2 Xxv Figures Xxvi Section I Getting Started Getting Started Key Features Key FeaturesFeature Description Introduction Introduction Description of Software Features Description of Software Features Introduction Description of Software Features System Defaults System DefaultsFunction Parameter Default Password super Snmp View defaultview Traffic Prioritization Ingress Port Priority Queue Mode System Defaults Function ParameterDisabled Igmp Snooping Snooping Enabled System Log Status Enabled Messages Logged Configuration Options Initial ConfigurationConnecting to the Switch Remote Connections Required Connections Console Connection Basic ConfigurationSetting Passwords Assigning an IPv4 Address Setting an IP Address 45-1 Assigning an IPv6 Address59-1 59-2 60-10 60-4 60-12 60-3 59-3 Obtaining an IPv4 Address59-4 35-2 60-2 Obtaining an IPv6 Address 60-6 Enabling Snmp Management Access 40-5 40-3 40-10 Managing System Files40-11 40-14 Saving Configuration Settings Initial Configuration Section II Switch Management Page Using the Web Interface Configuring the Switch Home Navigating the Web Browser Interface Panel Display Web Page Configuration ButtonsApply Revert Help Action Main Menu Switch Main Menu DescriptionSystem System Information IPv6 Neighbor 12-8 11-115-1 12-13 17-1 Lacp 23-1 Class-of-service valueCurrent Table 23-5 28-2 26-9Query Multicast Router 28-4 Field Attributes Basic System SettingsDisplaying System Information System Information CLI Specify the hostname, location and contact information Displaying Switch Hardware/Software VersionsMain Board Management Software 34-8 Switch Information Displaying Bridge Extension Capabilities Displaying Bridge Extension Configuration CLI Enter the following command Configuring Support for Jumbo FramesCommand Usage Command Attributes CLI Use the reload command to restart the switch Resetting the SystemRenumbering the Stack CLI This example renumbers all units in the stack Basic System Settings Setting the Switch’s IP Address IP Version Setting an IP Address IPv4 Interface Configuration Manual Manual Configuration IPv4 Interface Configuration Dhcp Using DHCP/BOOTP Configuring an IPv6 Address Setting the Switch’s IP Address IP Version 6 IP Address Setting the Switch’s IP Address IP Version 6 Current Address Table IPv6 Interface Configuration 60-14 Configuring an IPv6 General Network Prefix60-13 Protocol Settings IPv6 General Prefix Configuration Current Neighbor Cache Table Adding Static Neighbors IPv6 Neighbor -- Add 60-26 60-22 Managing Firmware Managing System Files Copy Firmware Downloading System Software from a Server 35-7 Deleting Files Saving or Restoring Configuration Settings Downloading Configuration Settings for Start-Up Downloading Configuration Settings from a Server Console#copy tftp startup-config Console Port Settings 36-2 36-136-3 36-4 Telnet Settings Configuring the Telnet Interface System Log Configuration Configuring Event LoggingError resource exhausted Logging Levels 37-1 Remote Log Configuration37-2 37-5 37-4 37-3 Sending Simple Mail Transfer Protocol Alerts Displaying Log MessagesCLI This example shows the event message stored in RAM 37-7 Enabling and Configuring Smtp Alerts 38-2 38-138-3 38-4 Configuring Sntp Setting the System Clock 39-1 Setting the Time Zone39-3 39-2 Snmp Overview Simple Network Management Protocol SNMPv3 Security Models and Levels Enabling the Snmp AgentLevel Group Read View Write View Notify View Security User defined 40-2 Setting Community Access StringsCLI The following example enables Snmp on the switch Specifying Trap Managers and Trap Types 11-5 40-7 Configuring SNMPv3 Management Access Specifying a Remote Engine ID Setting a Local Engine IDCLI This example sets an SNMPv3 engine ID 40-8 CLI This example specifies a remote SNMPv3 engine ID Configuring SNMPv3 Users Configuring SNMPv3 Users 40-15 Configuring Remote SNMPv3 Users Configuring Remote SNMPv3 Users Configuring SNMPv3 Groups Any of its configured ports transitions from Topology Change Timer immediatelyThat its configuration may have been altered Authenticated. While all implementations Supported Notification Messages 40-13 Configuring SNMPv3 Groups Configuring SNMPv3 Views Setting SNMPv3 Views 11-17 Simple Network Management Protocol 11-18 Configuring User Accounts User Authentication 41-1 Configuring Local/Remote Logon Authentication Global Provides globally applicable Radius settings Radius SettingsWeb Telnet TACACS+ server Authentication Server Settings Tacacs Settings Configuring Https Replacing the Default Secure-site Certificate Address server ip-address Copy Https Certificate Configuring the Secure Shell Authenticating SSH v1.5 Clients Generating the Host Key Pair Authenticating SSH v2 Clients 41-23 41-2041-21 SSH server includes basic settings for authentication Configuring the SSH Server 41-17 Filtering IP Addresses for Management Access41-18 41-19 41-25 41-24 Configuring Port Security 42-1 Port Security Configuring 802.1X Port Authentication 802.1X protocol provides port authentication Displaying 802.1X Global SettingsCLI This example shows the default global setting for Web Click Security, 802.1X, Information Configuring Port Settings for Configuring 802.1X Global SettingsCLI This example enables 802.1X globally for the switch 43-1 Authorized 802.1X Port Configuration 43-5 43-243-4 Parameter Description Displaying 802.1X Statistics802.1X Statistics CLI This example displays the dot1x statistics for port 802.1X Port Statistics Configuring 802.1X Port Authentication 14-8 Overview Access Control ListsSetting an ACL Name and Type 44-2 Configuring a Standard IPv4 ACLCLI This example creates a standard IP ACL named bill ACL Configuration Standard IPv4 Configuring an Extended IPv4 ACL 15-4 44-3 ACL Configuration Extended IPv4 Configuring a MAC ACL 44-13 Configuring a Standard IPv6 ACL 44-8 Configuring an Extended IPv6 ACL 15-9 44-9 ACL Configuration Extended IPv6 This switch supports ACLs for ingress filtering only Binding a Port to an Access Control List44-6 44-15 Access Control Lists 15-12 Field Attributes Web Port ConfigurationDisplaying Connection Status Field Attributes CLI ConfigurationBasic information Current status 45-8 CLI This example shows the connection status for Port Configuring Interface Connections 45-6 45-245-3 45-4 Showing Port Statistics Rmon Statistics Port StatisticsEtherlike Statistics Fragments FormedOversize Frames 16-9 45-9 CLI This example shows statistics for port Creating Trunk Groups Static Trunk Configuration Statically Configuring a Trunk 46-2 Setting a Load-Balance Mode for Trunks Trunk Load Balance Mode 46-11 Enabling Lacp on Selected Ports46-3 46-4 Lacp Trunk Configuration Dynamically Creating a Port Channel Configuring Lacp Parameters Lacp Aggregation Port Lacp Port Counters Displaying Lacp Port CountersYou can display statistics for Lacp protocol messages Type Parameter Description Marker Unknown PktsMarker Illegal Pkts Badly formed PDU or an illegal value of Protocol Subtype Field Description Displaying Lacp Settings and Status for the Local SideLacp Internal Configuration Information Lacp Port Internal Information Lacp Neighbor Configuration Information Field Description Displaying Lacp Settings and Status for the Remote Side 17-14 Broadcast Storm Control Setting Broadcast Storm Thresholds 45-10 47-1 Configuring Port Mirroring 48-1 Mirror Port Configuration Command Attribute Configuring Rate Limits 49-1 Setting Static Addresses Address Table Settings 50-1 Displaying the Address Table 50-3 Dynamic Addresses 50-4 Changing the Aging TimeCLI This example sets the aging time to 400 seconds Spanning Tree Algorithm Configuration For this Region Region R Displaying Global Settings 22-4 STA Information Web Click Spanning Tree, STA, Information Global settings apply to the entire switch Configuring Global Settings Root Device Configuration Basic Configuration of Global Settings Configuration Settings for Mstp Configuration Settings for Rstp STA Global Configuration Displaying Interface Settings 22-11 STA Port Information 51-18 Configuring Interface SettingsCLI This example shows the STA attributes for port 22-14 CLI This example sets STA attributes for port Configuring Multiple Spanning Trees Mstp Vlan Configuration 51-8 Mstp Port Information Displaying Interface Settings for Mstp Configuring Interface Settings for Mstp 51-16 CLI This example sets the Mstp attributes for port Assigning Ports to VLANs Vlan Configuration 23-2 Forwarding Tagged/Untagged Frames Displaying Basic Vlan Information Enabling or Disabling Gvrp Global SettingCLI This example enables Gvrp for the switch Max support Vlan numbers 256 Max support Vlan ID 4093 Command Attributes WebDisplaying Current VLANs 52-17 Command Attributes CLICreating VLANs CLI This example creates a new Vlan Adding Static Members to VLANs Vlan Index52-5 52-6 Vlan Static Table Adding Static Members 52-11 Adding Static Members to VLANs Port Index Configuring Vlan Behavior for Interfaces Vlan Port Configuration Configuring Ieee 802.1Q Tunneling QinQ Tunneling Layer 2 Flow for Packets Coming into a Tunnel Access Port Layer 2 Flow for Packets Coming into a Tunnel Uplink Port General Configuration Guidelines for QinQ Configuration Limitations for QinQ CLI This example sets the switch to operate in QinQ mode Enabling QinQ Tunneling on the Switch52-14 52-16 Adding an Interface to a QinQ Tunnel 52-15 Tunnel Port Configuration CLI This example enables private VLANs Configuring Private VLANsEnabling Private VLANs 53-1 53-2 Configuring Uplink and Downlink Ports Create a protocol group for one or more protocols Configuring Protocol-Based VLANsConfiguring Protocol Groups 54-1 Mapping Protocols to VLANs 54-2 Protocol Vlan Port Configuration Configuring Protocol-Based VLANs 25-4 Setting the Default Priority for Interfaces Class of Service ConfigurationLayer 2 Queue Settings 55-3 CLI This example assigns a default priority of 5 to port Mapping CoS Values to Egress Queues Mapping CoS Values to Egress QueuesCoS Priority Levels Priority Level Traffic Type 55-6 Selecting the Queue Mode55-4 55-5 Setting the Service Weight for Traffic Classes55-2 Queue Scheduling Mapping Layer 3/4 Priorities to CoS Values Layer 3/4 Priority SettingsSelecting IP Precedence/DSCP Priority 55-8 Mapping IP Precedence Priority Level Traffic Type Mapping IP Precedence 10, 12, 14 18, 20, 22 26, 28, 30, 32, 34 38, 40 Mapping Dscp PriorityMapping Dscp Priority IP Dscp Value CoS Value 55-13 55-10 IP Port Priority Status Mapping IP Port Priority 55-11 Configuring Quality of Service Parameters Quality of Service Class Configuration Configuring a Class MapMatch Class Settings Class map is used for matching packets to a specified class Configuring Class Maps Policy Map Creating QoS Policies56-2 56-3 Policy Options Policy ConfigurationPolicy Rule Settings Class Settings Configuring Policy Maps 56-4 Attaching a Policy Map to Ingress Queues56-5 56-6 Quality of Service 27-8 Layer 2 Igmp Snooping and Query Multicast Filtering Configuring Igmp Snooping and Query Parameters 57-4 57-157-5 57-6 57-9 Displaying Interfaces Attached to a Multicast Router 57-8 Specifying Static Interfaces for a Multicast Router IP Multicast Registration Table Displaying Port Members of Multicast Services Igmp Member Port Table Assigning Ports to Multicast Services 28-8 Configuring General DNS Service Parameters Configuring Domain Name Service 58-4 58-358-5 58-7 Configuring Static DNS Host to Address Entries 58-6 58-1 DNS Cache Displaying the DNS Cache 29-6 Cluster Configuration Switch Clustering Web Click Cluster, Configuration Cluster Member ConfigurationAdds Candidate switches to the cluster as Members 61-1 Displays current cluster Member switch information Web Click Cluster, Member ConfigurationCluster Member Information 61-3 61-5 Cluster Candidate Information Section IIICommand Line Interface Page Telnet Connection Using the Command Line InterfaceAccessing the CLI 31-2 Command Completion Entering CommandsGetting Help on Commands Keywords and Arguments Showing Commands Partial Keyword Lookup Negating the Effect of CommandsUsing Command History General Command Modes Understanding Command ModesExec Commands Configuration Commands Consoleconfig-if# 45-1 Configuration Command Modes Prompt Keystroke Function Command Line ProcessingKeystroke Commands Using the Command Line Interface 31-10 Command Group Index Description CLI Command Groups 57-1 Class of Service55-1 Enable General Commands Configure DisableRelated Commands Example Normal Exec, Privileged Exec Show history End PromptExit Syntax Prompt string no prompt Quit This command exits the configuration programThis example shows how to quit a CLI session General Commands 33-6 System Management Commands Function Mode System Management CommandsHostname Syntax Hostname name no hostname Reload Switch renumberSyntax Switch all renumber Default Setting Syntax No jumbo frame Default Setting Show startup-configJumbo frame Show ipv6 mtu 34-4 Show running-config34-5 Show running-config Show startup-config34-3 Show users This command displays system informationShow system Show version 34-9 System Management Commands 34-10 Saving or Restoring Configuration Settings File Management CommandsFlash/File Commands Function Mode Managing Firmware Copy 35-3 Delete This command deletes a file or imageSyntax Delete unit filename Syntax Dir unit boot-rom config opcode filename This command displays a list of files in flash memoryDir Dir Delete public-key41-20 Syntax whichboot unit WhichbootFile Directory Information Column Heading Description Dir 35-5 whichboot Boot systemSyntax Boot system unit boot-romconfig opcode filename File Management Commands 35-8 Line Commands Function Mode Line CommandsLine Syntax Line console vty Syntax Login local no login Login Username 41-1 password PasswordSyntax Password 0 7 password no password No password is specified Syntax Exec-timeout seconds no exec-timeout Timeout login responseExec-timeout CLI No timeout Telnet 10 minutes Password-threshSyntax Password-thresh threshold no password-thresh Default value is three attempts Databits Silent-timeSyntax Silent-time seconds no silent-time Syntax Databits 7 8 no databits Syntax Parity none even odd no parity Parity Stopbits SpeedSyntax Speed bps no speed Syntax Stopbits 1 Show line DisconnectSyntax Disconnect session-id Syntax Show line console vty To show all lines, enter this command Event Logging Commands Function Mode Event Logging CommandsSyntax No logging on Default Setting Logging on Logging history 37-2 logging trap 37-4 clear log Flash errors level 3 RAM warnings level 7Logging history Logging host Default Setting Command ModeLogging facility Syntax No logging host hostipaddress Syntax Logging trap level no logging trap Disabled Level 7Logging trap Show logging Clear logSyntax Clear log flash ram Syntax Show logging flash ram sendmail trap Show logging trap display description Logging facility commandShow logging flash/ram display description Following example shows the event message stored in RAM Show logSyntax Show log flash ram Event Logging Commands 37-8 Smtp Alert Commands Function Mode Smtp Alert CommandsLogging sendmail host 38-4 Logging sendmail source-email Logging sendmail levelSyntax Logging sendmail level level Syntax Logging sendmail source-email email-address Logging sendmail destination-email Syntax No logging sendmail Default SettingLogging sendmail Syntax No logging sendmail destination-email email-address Show logging sendmail Time Commands Function Mode Time CommandsSyntax No sntp client Default Setting Sntp client Syntax Sntp server ip1 ip2 ip3 Sntp serverSntp server 39-2 sntp poll 39-3 show sntp Show sntp Sntp pollSntp client 39-1 sntp poll 39-3 show sntp Syntax Sntp poll seconds no sntp poll Clock timezone Calendar set This command displays the system clockShow calendar Calendar set hour min sec day month year month day year Time Commands 39-6 Snmp Commands Function Mode Snmp Commands Show snmp Syntax No snmp-server Default SettingSnmp-server Snmp-server community Snmp-server location Snmp-server contactSyntax Snmp-server contact string no snmp-server contact Syntax Snmp-server location text no snmp-server location Host Address None Notification Type Traps Snmp-server host Snmp Version UDP Port Issue authentication and link-up-down traps Snmp-server enable trapsSnmp-server enable traps Snmp-server engine-id Show snmp engine-id This command shows the Snmp engine IDThis example shows the default engine ID Snmp-server view Defaultview includes access to the entire MIB treeExamples This view includes MIB-2 Show snmp view This command shows information on the Snmp viewsSnmp-server group Show snmp view display description 40-12 Field Description Groupname Name of an Snmp group Show snmp groupShow snmp group display description Snmp-server user Show snmp user This command shows information on Snmp users Show snmp user display description User Account Commands User Authentication CommandsAuthentication Commands Command Group Function User Access Commands Function Mode Guest Admin Enable passwordDefault Login Settings Username Access-level Password Authentication Sequence Commands Function Mode Authentication SequenceAuthentication login Tacacs Use Tacacs server password Authentication enableUsername for setting the local user names and passwords Local Show radius-server Shows the current Radius settings 41-8 Radius Client Commands Function ModeRadius Client 41-8 Retransmit Command Mode Default Setting Auth-portRadius-server host Radius-server port Syntax Radius-server key keystring no radius-server key Radius-server keyRadius-server retransmit Show radius-server Radius-server timeout TACACS+ Client TACACS+ Client Commands Function ModeTacacs-server host Tacacs-server port Syntax Tacacs-server key keystring no tacacs-server key Tacacs-server keyShow tacacs-server Ip http server Web Server CommandsIp http port Ip http port Syntax No ip http secure-server Default SettingIp http secure-server Portnumber The UDP port used for HTTPS. Range Ip http secure-portIp http secure-port41-13copy tftp https-certificate Ip telnet server Telnet Server CommandsTelnet Server Commands Function Mode 10 Secure Shell Commands Function Mode Secure Shell CommandsConfiguration Guidelines Sets the SSH server key size 41-19 Copy tftp public-key 41-16 Ip ssh server Syntax No ip ssh server Default Setting Syntax Ip ssh timeout seconds no ip ssh timeout Ip ssh timeoutExec-timeout36-4 show ip ssh Ip ssh crypto host-key generate 41-20 show ssh Ip ssh server-key size Ip ssh authentication-retriesKey-size- The size of server key. Range 512-896 bits Bits Ip ssh crypto host-key generate Delete public-keySyntax Delete public-key username dsa rsa Syntax Ip ssh crypto host-key generate dsa rsa Ip ssh save host-key Ip ssh crypto zeroizeSyntax Ip ssh crypto zeroize dsa rsa Syntax Ip ssh save host-key dsa rsa Show ip ssh This command displays the current SSH server connectionsShow ssh Ip ssh crypto host-key generate Syntax Show public-key user username host Show public-keyTerminology 12 IP Filter Commands Function Mode IP Filter CommandsManagement 41-25 Show management 41-26 Port Security Commands Function Mode Port Security CommandsPort security Max-mac-count Shutdown 45-6mac-address-table static 802.1X Port Authentication Commands Function Mode 802.1X Port AuthenticationSyntax No dot1x system-auth-control Default Setting Dot1x system-auth-control Default Command Mode Dot1x defaultDot1x max-req Dot1x port-control Single-host Dot1x operation-modeForce-authorized Dot1x re-authentication Dot1x re-authenticateSyntax Dot1x re-authenticate interface Syntax No dot1x re-authentication Command Mode Dot1x timeout re-authperiod Dot1x timeout quiet-periodDot1x timeout re-authperiod43-5 Seconds The number of seconds. Range Show dot1x Dot1x timeout tx-periodSyntax Show dot1x statistics interface interface Statistics Displays dot1x status for each port Interface Backend State Machine Authenticator State Machine State- Current state including initialize, reauthenticate Reauthentication State Machine Access Control List Commands Command Groups Function Access Control List CommandsIPv4 ACL Commands Function Mode IPv4 ACLs Syntax No access-list ip standard extended aclname Access-list ipPermit, deny Ip access-group44-6 show ip access-list44-5 Syntax No permit deny any source bitmask host source No permit deny tcp Access-list ipStandard IPv4 ACL Extended IPv4 ACL This command displays the rules for configured IPv4 ACLs Show ip access-listSyntax Show ip access-list standard extended aclname Permit, deny Ip access-group44-6 Show ip access-group Ip access-groupSyntax No ip access-group aclname Show ip access-list44-5 IPv6 ACL Commands Function Mode Access-list ipv6Syntax No access-list ipv6 standard extended aclname IPv6 ACLs New rules are appended to the end of the list Access-list ipv6Standard IPv6 ACL Any destination-ipv6-address/prefix-length Syntax No permit denyNext-header next-header dscp dscp flow-label flow-label Extended IPv6 ACL This command displays the rules for configured IPv6 ACLs Show ipv6 access-list Syntax No ipv6 access-group aclname Ipv6 access-groupShow ipv6 access-group MAC ACL Commands Function Mode Access-list macSyntax No access-list mac aclname MAC ACLs No permit deny tagged-eth2 Permit, deny MAC ACLNo permit deny untagged-eth2 No permit deny tagged-802.3 Syntax Show mac access-list aclname Show mac access-listThis command displays the rules for configured MAC ACLs Syntax Mac access-group aclname Mac access-groupShow mac access-group Show access-group Show access-listACL Information Commands Function Mode ACL Information 44-17 Access Control List Commands 44-18 Interface Commands Function Mode Interface CommandsInterface Port-channel channel-idRange Syntax Description string no description DescriptionSpeed-duplex Negotiation 45-3 capabilities Syntax No negotiation Default SettingNegotiation Capabilities 45-4speed-duplex45-2 Following example configures port 11 to use autonegotiationCapabilities Following example enables flow control on port Syntax No flowcontrol Default SettingFlowcontrol Negotiation 45-3speed-duplex45-2 flowcontrol Syntax No shutdown Default Setting Syntax Media-type mode no media-typeMedia-type Shutdown Syntax Clear counters interface Port-channel channel-idRange Default SettingClear counters Show interfaces status This command displays the status for an interfaceSyntax Show interfaces status interface Shows the status for all interfaces Show interfaces counters This command displays interface statisticsSyntax Show interfaces counters interface Shows the counters for all interfaces Show interfaces switchport display description Show interfaces switchportSyntax Show interfaces switchport interface Indicates the default priority for untagged frames Indicates membership mode as Trunk or HybridAllowed Vlan Indicates tagged Interface Commands 45-12 Guidelines for Creating Trunks Link Aggregation CommandsLink Aggregation Commands Syntax Channel-group channel-idno channel-group Channel-groupDynamically Creating a Port Channel Src-dst-ip Port channel load-balance Lacp Syntax No lacp Default Setting 32768 Lacp system-priority Lacp admin-keyEthernet Interface Interface Configuration Port Channel Lacp admin-key Port ChannelSyntax Lacp admin-key key no lacp admin-key Show lacp This command displays Lacp informationLacp port-priority Show lacp counters display description Port Channel allType LACPDUs Illegal Pkts Show lacp neighbors display description Show lacp internal display description Show lacp sysid display description Show port-channel load-balance 46-12 Switchport broadcast packet-rate Broadcast Storm Control CommandsBroadcast Storm Control Commands Function Mode Enabled for all ports Packet-rate limit 500 pps Broadcast Storm Control Commands 47-2 Mirror Port Commands Function Mode Mirror Port CommandsInterface Configuration Ethernet, destination port Port monitor Following shows mirroring configured from port 6 to port This command displays mirror informationShow port monitor Syntax Show port monitor interface Rate Limit Commands Function Mode Rate Limit CommandsRate-limit Gigabit Ethernet 1000 Mbps Rate Limit Commands 49-2 Address Table Commands Function Mode Address Table CommandsMac-address-table static Action Clear mac-address-table dynamic Show ipv6 neighbors Show mac-address-tableMac-address- MAC address Mask Bits to match in the address Show mac-address-table aging-time Mac-address-table aging-time Spanning Tree Commands Function Mode Spanning Tree Commands Syntax No spanning-tree Default Setting Spanning-tree modeSpanning tree is enabled Spanning-tree Spanning-tree forward-time Spanning-tree forward-time Spanning-tree forward-time 51-3spanning-tree max-age Spanning-tree hello-time Spanning-tree forward-time 51-3spanning-tree hello-time Spanning-tree max-ageSpanning-tree priority Long method Spanning-tree pathcost method This command limits the maximum transmission rate for BPDUs Spanning-tree mst-configurationSpanning-tree transmission-limit Count The transmission limit in seconds. Range No mst instanceid vlan vlan-range MST ConfigurationMst vlan Name Mst priorityMst instanceid priority priority no mst instanceid priority Syntax Name name Syntax Revision number RevisionNumber Revision number of the spanning tree. Range Name Syntax No spanning-tree spanning-disabled Default Setting Spanning-tree spanning-disabledThis example disables the spanning tree algorithm for port Max-hops Syntax Spanning-tree cost cost no spanning-tree cost Spanning-tree cost Spanning-tree port-priority Syntax No spanning-tree edge-port Default SettingSpanning-tree edge-port Priority The priority for a port. Range 0-240, in steps Spanning-tree portfast Syntax No spanning-tree portfast Default Setting Spanning-treeedge-port51-13 Spanning-tree link-type Spanning-tree mst port-priority51-17 Spanning-tree mst cost Syntax Spanning-tree protocol-migration interface Spanning-tree mst port-prioritySpanning-tree protocol-migration Syntax Show spanning-tree interface mst instanceid Show spanning-tree 51-19 Show spanning-tree mst configuration Gvrp and Bridge Extension Commands Vlan CommandsVlan Commands Command Groups Function Gvrp and Bridge Extension Commands Function Mode Show bridge-ext Syntax No bridge-ext gvrp Default SettingBridge-ext gvrp Show gvrp configuration Switchport gvrpSyntax No switchport gvrp Default Setting Syntax Show gvrp configuration interface Garp timer Syntax Show garp timer interface Show garp timerCommands for Editing Vlan Groups Function Mode Editing Vlan Groups Vlan Database Configuration By default only Vlan 1 exists and is activeVlan Show vlan Commands for Configuring Vlan Interfaces Function Mode Configuring Vlan InterfacesInterface vlan Interface vlan Syntax Switchport mode hybrid trunk no switchport mode Switchport modeAll ports are in hybrid mode with the Pvid set to Vlan Switchport acceptable-frame-types52-9 Switchport ingress-filtering Switchport acceptable-frame-typesSwitchport mode Syntax No switchport ingress-filtering Default Setting Switchport native vlan Switchport allowed vlan No VLANs are included in the forbidden list Switchport forbidden vlan General Configuration Guidelines for QinQ Ieee 802.1Q Tunneling Commands Function ModeDot1q-tunnel 52-14 Show dot1q-tunnel52-16 Show interfaces switchport Syntax No dot1q-tunnel system-tunnel-control Default Setting 0x8100 Switchport dot1q-tunnel tpid Displaying Vlan Information Commands for Displaying Vlan Information Function Mode Following example shows how to display information for Vlan This command shows Vlan informationShow vlan Syntax Show vlan id vlan-idname vlan-name Vlan Commands 52-18 Private Vlan Commands Function Mode Private Vlan CommandsPvlan No private VLANs are defined Show pvlan This command displays the configured private Vlan Protocol-vlan protocol-group Configuring Groups Protocol-based Vlan CommandsProtocol-based Vlan Commands Function Mode 54-4 No protocol groups are mapped for any interface Protocol-vlan protocol-group ConfiguringNo protocol groups are configured Show protocol-vlan protocol-group This shows protocol group 1 configured for IP over EthernetSyntax Show protocol-vlan protocol-group group-id Group-id- Group identifier for a protocol group. Range Mapping for all interfaces is displayed Show interfaces protocol-vlan protocol-group Priority Commands Layer Class of Service CommandsPriority Commands Command Groups Function Priority Commands Layer Function Mode Syntax Queue mode strict wrr no queue mode Queue modeWeighted Round Robin Queue bandwidth 55-4 show queue mode Switchport priority default Queue bandwidth Queue bandwidth weight1...weight4 no queue bandwidthQueue cos-map Queue cos-mapqueueid cos1 ... cosn no queue cos-map Default CoS Priority Levels Show queue modeThis command shows the current queue mode Show queue cos-map55-6 Show queue bandwidth This command shows the class of service priority mapShow queue cos-map Syntax Show queue cos-map interface Syntax No map ip port Default Setting Priority Commands Layer 3Priority Commands Layer 3 Function Mode Syntax No map ip precedence Default Setting Following example shows how to map Http traffic to CoS value List below shows the default priority mapping Map ip precedence Interface Configuration Map ip dscp dscp-value cos cos-value no map ip dscp Syntax No map ip dscp Default Setting Show map ip port This command shows the IP port priority mapMapping IP Dscp to CoS Values IP Dscp Value Syntax Show map ip port interface Syntax Show map ip precedence interface This command shows the IP precedence priority mapShow map ip precedence Syntax Show map ip dscp interface This command shows the IP Dscp priority mapShow map ip dscp 55-14 Quality of Service Commands Function Mode Quality of Service Commands Show class map Class-mapSyntax No class-map class-map-namematch-any Match Class Map Configuration Class Policy-mapNo policy-mappolicy-map-name No class class-map-name Set Policy Map Configuration Police Policy Map Class ConfigurationSyntax No police rate-kbpsburst-byteexceed-action drop set Drop out-of-profile packets No policy map is attached to an interface Service-policySyntax No service-policy input policy-map-name Show policy-map Show class-mapSyntax Show class-map class-map-name Show policy-mappolicy-map-name class class-map-name Syntax Show policy-map interface interface input Port-channel channel-idRange Command ModeShow policy-map interface Quality of Service Commands 56-10 Ip igmp snooping Multicast Filtering CommandsIgmp Snooping Commands Igmp Version Ip igmp snooping vlan staticIp igmp snooping version Show mac-address-table multicast Show ip igmp snooping Igmp Query Commands Function Mode Igmp Query CommandsSyntax No ip igmp snooping querier Default Setting Ip igmp snooping querier Ip igmp snooping query-count Following shows how to configure the query count toIp igmp snooping query-interval Times Ip igmp snooping query-max-response-time Seconds The report delay advertised in Igmp queries. Range Ip igmp snooping router-port-expire-time Switch must use IGMPv2 for this command to take effect Static Multicast Routing Commands Function Mode Static Multicast Routing CommandsNo static multicast router ports are configured Ip igmp snooping vlan mrouter Show ip igmp snooping mrouter Displays multicast router ports for all configured VLANs Multicast Filtering Commands 57-10 DNS Commands Function Mode Domain Name Service CommandsIp host No ip host name address1 address2 … address8 Clear host This command deletes entries from the DNS tableThis example maps two address to a host name Syntax Clear host name Ip domain-list Ip domain-nameSyntax Ip domain-name name no ip domain-name Ip domain-list58-3 ip name-server58-4 ip domain-lookup58-5 Server-address1- IP address of domain-name server Ip name-serverIp domain-name58-3 Ip domain-name58-3 ip domain-lookup58-5 Syntax No ip domain-lookup Default SettingIp domain-lookup Ip domain-name58-3 ip name-server58-4 Show hosts Show dns cache display description Show dnsShow dns cache Clear dns cache This command clears all entries in the DNS cache Ip address IPv4 Interface CommandsIPv4 Configuration Commands Function Mode Syntax Ip default-gateway gateway no ip default-gateway Ip default-gatewayGateway IP address of the default gateway Ip dhcp restart 59-3 ipv6 address Show ip redirects 59-4 ipv6 default-gateway60-12 Following example defines a default gateway for this deviceThis command submits an IPv4 Bootp or Dhcp client request Ip dhcp restart Ip default-gateway59-2 Show ipv6 default-gateway60-12 This command displays the settings of an IPv4 interfaceShow ip interface Show ip redirects Ping This command has no default for the hostSyntax Ping host count countsize size Interface 45-1 ping ipv6 59 IPv4 Interface Commands 59-6 IPv6 Configuration Commands IPv6 Interface Commands Syntax No ipv6 enable Default Setting Ipv6 enableIPv6 is disabled Ipv6 address link-local60-9 show ipv6 interface Show ipv6 general-prefix60-4 Ipv6 general-prefixNo general prefix is defined Show ipv6 general-prefix This command displays all configured IPv6 general prefixesIpv6 address No IPv6 addresses are defined 60-5 Syntax No ipv6 address autoconfig Default Setting Ipv6 address autoconfig Ipv6 address Show ipv6 interface Ipv6 address eui-64 Ipv6 address autoconfig 60-6 show ipv6 interface Ipv6 address link-local Show ipv6 interface display description Field Ipv6 enable Show ipv6 interfaceShow ipv6 interface FF022, and solicited nodes FF021FFXXXXXX as described below Show ipv6 interface display descriptionAppending those bits to the prefix Maximum transmission unit for this interface Syntax Ipv6 default-gateway ipv6-addressno ipv6 address Ipv6 default-gatewayShow ipv6 default-gateway Syntax Ipv6 mtu size no ipv6 mtu Ipv6 mtu Show ipv6 traffic Show ipv6 mtuFollowing example shows the MTU cache for this device Show ipv6 mtu display description 60-15 Format errors Received in errorErrors discovered in processing their IPv6 options, etc Ipv6 rcvd Rcvd total Ipv6 sent Show ipv6 traffic display description Ipv6 icmp input Input Checksum errorsInput interface for the messages Prohibited messages received by the interface Ipv6 icmp output Clear ipv6 traffic Ping ipv6 Repeat 5 timeout 2 seconds Ipv6 neighbor Syntax Ipv6 nd dad attempts count no ipv6 nd dad attempts Ipv6 nd dad attemptsShow ipv6 neighbors 60-26mac-address-table static Ipv6 nd ns interval 60-25 show ipv6 neighbors Milliseconds is used for neighbor discovery operations Ipv6 nd ns interval Show ipv6 neighbors display description Field Description Show ipv6 neighborsSyntax Show ipv6 neighbors vlan vlan-id ipv6-address Show ipv6 neighbors display description Clear ipv6 neighbors 60 IPv6 Interface Commands 60-28 Switch Cluster Commands Function Mode Switch Cluster CommandsSyntax No cluster Default Setting Cluster Syntax No cluster commander Default Setting Cluster commanderCluster ip-pool Syntax Cluster ip-pool ip-addressno cluster ip-pool No Members Cluster member Syntax Rcommand id member-id RcommandMember-id- The ID number of the Member switch. Range This command shows the switch clustering configuration Show cluster candidates This command shows the current switch cluster membersShow cluster members Switch Cluster Commands 61-6 Section IVAppendices Appendices Software Features Appendix a Software Specifications Groups 1, 2, 3, 9 Statistics, History, Alarm, Event Management FeaturesStandards Icmp RFC Igmp RFC Management Information Bases a Management Information Bases Software Specifications Problems Accessing the Management Interface Appendix B TroubleshootingTable B-1 Troubleshooting Chart Symptom Action Using System Logs Glossary Access Control List ACL See Generic Attribute Registration Protocol Extended Universal Identifier EUI Defines frame extensions for Vlan tagging Ieee 802.1Q See Port Trunk IP Precedence See Ieee Port Mirroring TCP/IP protocol commonly used for software downloads Secure Shell SSH User Datagram Protocol UDP Glossary Glossary-8 Numerics Index Index-2 Index-3 Index-4 Page ES4524D ES4548D E112006-CS-R01 149100030400A