Allied Telesis management software layer 2+ fast ethernet switches

Chapter 31: Port Security Commands

SET SWITCH PORT SECURITYMODE

Syntax

set switch port=port [securitymode=automaticlimitedsecuredlocked] [intrusionaction=discardtrapdisable] [learn=integer] [participate=yesnoonofftruefalse]

Parameters
port	Specifies the port where you want to set security.
	You can specify more than one port at a time.You
	can specify the ports individually (for example,
	5,7,22), as a range (for example, 18-23), or both (for
	example, 1,5,14-22).
securitymode	Specifies the port’s security mode. Options are:
	automatic	Disables security on the port. This is the
		default setting.
	limited	Sets the port to the Limited security
		mode. The port learns a limited number
		of dynamic MAC addresses, set with the
		LEARN parameter.
	secured	Sets the port to the Secured security
		mode. The port accepts frames based
		only on static MAC addresses. You must
		enter the static MAC addresses of the
		nodes with frames the port is to accept
		after you have activated this security
		mode on a port. To add static MAC
		addresses, refer to ADD SWITCH
		FDBFILTER on page 178.
	locked	Sets the switch to the Locked security
		mode. The port stops learning new
		dynamic MAC addresses. The port

forwards frames based on static MAC addresses and on those dynamic addresses it has already learned.

Note

The online help for this command includes a “pacontrol” option for this parameter. The option is nonfunctional.

474

Page 474

Image 474

Allied Telesis management software layer 2+ fast ethernet switches manual SET Switch Port Securitymode

Contents

Command Line User’s Guide Page Table of Contents 101 103 181 232 326 389 462 532 Preface AT-S62 Command Line User’s Guide This document uses the following conventions Contacting Allied Telesyn Starting a Command Line Management Session Starting a Management Session Command Line Interface Features Command Formatting Basic Command Line Commands Clear Screen This command clears the screenFollowing command clears the screen Clear screen Following command displays the Main Menu ExitExit Following command displays the CLI keywords HelpHelp Following command ends a management session Logoff Logout QuitLogoff Following command displays the AT-S62 Main Menu MenuMenu Save Configuration Save configuration Set prompt=prompt Set prompt=Sales SwitchSET Prompt Prompt SET Switch Consolemode Set switch consolemode=menucliSet switch consolemode=menu Show User Show user Enhanced Stacking Commands Guide for background information on enhanced stacking Macaddress Access SwitchAccess switch number=numbermacaddress=macaddress Either of the following formats Access switch number=12 Access switch macaddress=003084520211 Possible settings are SET Switch StackmodeSet switch stackmode=masterslaveunavailable Stackmode Set switch stackmode=master Show remotelist sorted by=macaddressname Following command displays the switches sorted by nameShow Remotelist Show remotelist Basic Switch Commands AT-S62 Command Line User’s Guide Disable Dhcpbootp Disable dhcpbootp Disable IP Remoteassign Disable ip remoteassign Disable Telnet Disable telnetFollowing command deactivates the Telnet server Enable Bootp Enable bootp Enable Dhcp Enable dhcp Enable IP Remoteassign Enable ip remoteassign Enable Telnet Enable telnetFollowing command activates the Telnet server Format drive=flash AT-8500 Series switch supports only oneFormat Device Drive Basic Switch Commands Ping Ping Purge ip ipaddress netmask Purge IPPurge ip ipaddress netmask route Purge ip ipaddress route Reset Switch Reset switchThis command performs the functions described above Reset system Reset SystemReset system name contact location Reset system name Restart Reboot Restart rebootFollowing command resets the switch Config Restart SwitchRestart switch config=nonefilename.cfg Exist on the switch. The value None returns Restart switch config=switch12.cfg Following command resets the switch to its default valuesRestart switch config=none SET Asyn Set asyn speed=115200 SET IP Interface Set ip interface=eth0 netmask=255.255.255.252 Following command sets just the subnet maskFollowing command activates the Dhcp client software Set ip interface=eth0 ipaddress=dhcp Set ip route ipaddress=ipaddress Following command sets the default gateway toSET IP Route Set ip route ipaddress=140.35.22.12 Following command changes the manager’s password SET Password ManagerSet password manager Follow the prompts to enter the new password SET Password Operator Set password operatorFollowing command changes the operator’s password Following command sets the console timer to 25 minutes SET Switch ConsoletimerSet switch consoletimer=value Set switch consoletimer=25 SET System Set system name=name contact=contact location=locationSet system name=PR Office Password SET User PasswordShow user manageroperator password=password Following command changes the operator’s password to newby Show Asyn Show asyn Show config Show ConfigShow config dynamic info Show config info Show Dhcpbootp Show dhcpbootp Show IP Interface Show ip interface=eth0 Show IP Route Show ip route Show Switch Show switch Following command displays the above information Show SystemShow system Simple Network Time Protocol Sntp Commands Guide for background information on Sntp Peer ADD Sntpserver PeeripaddressAdd sntpserver peeripaddress=ipaddress Ipaddress Parameters are equivalent Delete Sntpserver Peeripaddress Delete sntpserver peeripaddress=ipaddressDelete sntpserver ipaddress=148.35.16.248 Disable Sntp Disable sntpFollowing command disables Sntp on the switch Enable Sntp Enable sntpFollowing command enables the Sntp client software Following command resets Sntp Purge SntpPurge sntp Time in 24-hour format Following command sets just the date to April 2SET Date Time Set date=11-03-2004 time=163452 Set sntp dst=enabled pollinterval=300 utcoffset=-8 SET Sntp Following command displays Sntp client software information Show SntpShow sntp Show Time This command shows the switch’s current date and timeFollowing command shows the system’s date and time Show time SNMPv1 and SNMPv2 Community Strings and Trap Commands Guide for background information on Snmp Must be enclosed in double quotes if it contains a ADD Snmp CommunityCommunity Point. Otherwise, the quotes are optional Add snmp community=public traphost=149.212.10.11 Create Snmp Community Community string as closed. a community string can Can use the community string to access the switchThis option applies if you specify the status Have up to eight IP addresses of management Create snmp community=serv12 access=read open=yes Delete Snmp Community Delete snmp community=public traphost=149.212.44.45 Destroy Snmp Community Destroy snmp community=communityDestroy snmp community=wind44 Disable Snmp Disable snmpFollowing command disables Snmp on the switch Disable Snmp Authenticatetrap Disable snmp authenticatetrapauthenticatetrapDisable snmp authenticatetrap Disable snmp community=sw1200 Disable Snmp CommunityDisable snmp community=community String must be enclosed in double quotes if it Enable Snmp Enable snmpFollowing command activates Snmp on the switch Enable Snmp Authenticatetrap Enable snmp authenticatetrapauthenticatetrapEnable snmp authenticatetrap Enable Snmp Community Enable snmp community=communityEnable snmp community=private SET Snmp Community Set snmp community=sw44 open=no Set snmp community=serv12 access=write open=yes Show Snmp Otherwise, the quotes are optional. DefaultThis command displays the following Snmp information Show snmp community=community Show snmp Show snmp community=private SNMPv3 Commands Guide for background information on the SNMPv3 protocol ADD SNMPV3 User Configuration file on the switch Entry to the configuration file onSwitch. This is the default This command creates an SNMPv3 User Table entry Clear SNMPV3 Access An optional parameterWriteview Specifies a Write View Name that allows the users Notifyview Assigned to this security group to send trapsParameter Clear snmpv3 community index=1005 transporttag Clear SNMPV3 CommunityClear snmpv3 community index=index transporttag Clear snmpv3 community index=421 transporttag Clear snmpv3 notify=hwengtraptag tag Clear SNMPV3 NotifyClear snmpv3 notify=notify tag Clear snmpv3 notify=hwenginform tag Clear snmpv3 targetaddr=snmphost44 taglist Clear SNMPV3 TargetaddrClear snmpv3 targetaddr=targetaddr taglist Clear snmpv3 targetaddr=snmphost79 taglist Clear snmpv3 view=1.3.6.1.2.1.1 mask Clear SNMPV3 ViewClear snmpv3 view=view subtree=OIDtext mask Clear snmpv3 view=private subtree=1.3.6.1.4 mask Create SNMPV3 Access This command creates an SNMPv3 Access Table entry Parameter, then the writeview parameter defaults toNotifyview parameter defaults to none Information in the specified View Table. This is an 111 Create SNMPV3 Community 113 This command creates an SNMPv3 SecurityToGroup Table entry Groupname Specifies a group name configured in the SNMPv3SNMPV3 Access on Create SNMPV3 Group 115 Create SNMPV3 Notify NMS or manager. This is the defaultThis command creates an SNMPv3 Notify Table entry Inform Inform messages are sent, with a 117 Create SNMPV3 Targetaddr 119 Create SNMPV3 Targetparams Targetparams Specifies the name of the SNMPv3 TargetUser Table This command creates an SNMPv3 Target Parameters Table entry This command creates an SNMPv3 View Table entry Create SNMPV3 ViewOptions are 123 Delete snmpv3 user=wilson890 Delete SNMPV3 UserDelete snmpv3 user=user Delete snmpv3 user=75murthy75 Destroy SNMPv3 Access 126 Destroy snmpv3 community index=index Destroy snmpv3 community index=1001Destroy snmpv3 community index=5 Destroy snmpv3 group username=Dave securitymodel=v3 Destroy snmpv3 group username=May securitymodel=v3 Destroy snmpv3 notify=notify Destroy snmpv3 notify=systemtestnotifytrapDestroy snmpv3 notify=engineeringinform1 Destroy snmpv3 targetaddr=target Destroy snmpv3 targetaddr=snmpv3host77Destroy snmpv3 targetaddr=snmpmanager Destroy snmpv3 targetparams=targetparameter1 Destroy snmpv3 targetparams=targetparamsTargetparams Destroy snmpv3 targetparams=snmpmanager Subtree Specifies the view subtree view. The options are Destroy SNMPV3 ViewDestroy snmpv3 view=view subtree=OIDtext Text Text name of the view Information in the specified View Table SET SNMPV3 AccessSpecified by the View Table entry Specified View This command modifies an SNMPv3 Access Table entry This command modifies an SNMPv3 Community Table entry SET SNMPV3 Community 136 This command modifies an SNMPv3 SecurityToGroup Table entry SET SNMPV3 Group 138 This command modifies an SNMPv3 Notify Table entry SET SNMPV3 Notify 140 Retries Specifies the number of times the switch retries to SET SNMPV3 TargetaddrParameter Udpport This command modifies an SNMPv3 Target Address Table entry SET SNMPV3 Targetparams Username Specifies the user name Securitymodel This command modifies a Target Parameters Table entry SET SNMPV3 User 146 This command modifies an SNMPv3 View Table entry SET SNMPV3 ViewName to see the specified subtree Set snmpv3 view=internet1 subtree=internet type=included Set snmpv3 view=system subtree=1.3.6.1.2.1 type=excluded Show snmpv3 access=production Show SNMPV3 AccessShow snmpv3 access=access Show snmpv3 access Show snmpv3 community index=246 Show SNMPV3 CommunityShow snmpv3 community index=index Show snmpv3 community Show snmpv3 group username=Dave securitymodel=v3 Show snmpv3 group Show snmpv3 notify=testengtrap1 Show SNMPV3 NotifyShow snmpv3 notify=notify Show snmpv3 notify Show snmpv3 targetaddr=snmpv3host55 Show SNMPV3 TargetaddrShow snmpv3 targetaddr=targetaddr Show snmpv3 targetaddr Show snmpv3 targetparams=snmpv3manager95 Show SNMPV3 TargetparamsShow snmpv3 targetparams=targetparams Show snmpv3 targetparams Show snmpv3 user=Robert Show SNMPV3 UserShow snmpv3 user=user Show snmpv3 user Show SNMPV3 View Show snmpv3 view=view subtree=OIDtext Port Parameter Commands Guide for background information on the port parameters Activate Switch Port Activate switch port=port autonegotiateActivate switch port=1,4 autonegotiate Following command disables link traps on port Disable Interface LinktrapDisable interface=port linktrap Disable interface=21 Following command disables ports 12 Disable Switch PortDisable switch port=port Disable switch port=12,24 Disable Switch Port Flow Disable switch port=port flow=pauseDisable switch port=6 flow=pause Following command enables Snmp link traps on port Enable Interface LinktrapEnable interface=port linktrap Enable interface=21 Following command enables ports 1 to Enable Switch PortEnable switch port=port Disable switch port=1-4 Port Specifies the port where you want to activate flow Enable Switch Port FlowEnable switch port=port flow=pause This command activates flow control on port Following command resets ports 5 to Reset Switch PortReset switch port=port Reset switch port=5-8 SET Switch Port Mdimode=mdimdixauto To the port. This is the default setting Default settingMdi Sets the port’s configuration to MDI Mdix Auto-Negotiation Switch port Is using flow control, the switch portIs not using flow control, neither will Default is 57,344 cells Only value is Duplex modeSoftreset A port’s operating parameters Set switch port=8 speed=10mhalf Following command disables ports 1 toSet switch port=1-6 status=disabled Following command resets port SET Switch Port Ratelimit Yes, on, true, enabled Activates multicastNo, off, false, disabled Deactivates multicast Set switch port=all unkucastratelimiting=enabled This command changes the rate limit to 15,000 packets Set switch port=all rate=15000Set switch port=all unkucastratelimiting=disabled Show Interface Show interface=portPort Specifies the port whose interface information you Following command displays the above information on port Show interface=21 Show switch port Show Switch PortShow switch port=port Show switch port=14 MAC Address Table Commands Guide for background information on the MAC address table ADD Switch Fdbfilter 179 Delete switch fdb macaddress=00A0D2181A11 vlan=1 Delete Switch FDBDelete switch fdb macaddress=macaddress vlan=namevid Delete switch fdb macaddress=00a0c1112244 vlan=sales Reset switch fdb port=5 Reset Switch FDBReset switch fdb port=port Specify more than one port at a time SET Switch Agingtimerageingtimer Set switch agingtimerageingtimer=valueSet switch agingtimer=120 Show Switch Agingtimerageingtimer Show switch agingtimerageingtimerShow switch agingtimer Show Switch FDB Show switch fdbShow switch fdb status=static Show switch fdb port=2 Show switch fdb status=multicastShow switch fdb address=00A0D2181A11 Show switch fdb vlan=sales Port Trunking Commands Following command adds port 5 to a port trunk called load22 ADD Switch TrunkAdd switch trunk=name port=port Add switch trunk=load22 port=5 Create Switch Trunk Create switch trunk=load22 port=3-6 select=macdest Create switch trunk=trunk4 port=15,17,23 Delete switch trunk=Devtrunk port=9 Delete Switch TrunkDelete switch trunk=name port=port Trunk Specifies the name of the trunk to be modified Port Destroy Switch Trunk Destroy switch trunk=nameDestroy switch trunk=load22 SET Switch Trunk Set switch trunk=Load11 select=ipdestTrunk Specifies the name of the port trunk Select Show Switch Trunk Show switch trunkFollowing command displays port trunking information Networking Stack Commands This chapter contains the following commands Delete ip arp ipaddressall Following command deletes the ARP entry with the IP addressDelete IP ARP Delete ip arp Delete TCP Delete tcp indexnumberDelete tcp Reset IP ARP Reset ip arp Set ip arp timeout=600 Set ip arp timeout=integerFollowing command sets the timer to 600 seconds SET IP ARP Show ip arp Following command displays the ARP tableShow IP ARP IP addresses and their corresponding MAC addresses Following command displays the IP route table IP address of a destination network, subnetwork, or end node Show TCP Show tcp Number of segments transmitted with the RST bit set Internal socket ID number assigned to the connection 203 Lacp Commands Guide for background information and guidelines on Lacp ADD Lacp Port Add lacp port=6 adminkey=0x1a priority=0x10 Add lacp port=8,22 aggregator=agg1 Create Lacp Aggregator Following command creates an Lacp aggregator named Delete Lacp Port Delete lacp port=port aggregator=nameDelete lacp port=9 Destroy lacp adminkey=0x1a Destroy lacp aggregator=nameadminkey=keyFollowing command deletes an aggregator named agg15 Destroy Lacp Aggregator Disable Lacp Disable lacpFollowing command disables Lacp on the switch Enable Lacp Enable lacpFollowing command enables Lacp Set lacp aggregator=server11trunk adminkey=0x22 SET Lacp AggregatorSet lacp aggregator=agg5 distribution=macsrc SET Lacp Port Following command changes the priority of port 6 to 0x2B Set lacp port=2,5 aggregator=switchtrunkSet lacp port=8-9 adminkey=0x11 Set lacp port=6 priority=0x2b Set lacp priority=priority Following command sets the Lacp priority on the switch toSET Lacp Priority This is a hexadecimal value from 0x1 to 0xffff. Set lacp state=enabledisable Set lacp state=enableSET Lacp State Show Lacp Port Mirroring Commands Set switch mirror=11 SET Switch MirrorSet switch mirror=port Set switch mirror=0 Set switch port=16-17 mirror=rx SET Switch Port MirrorSet switch port=port mirror=nonerxtxboth Set switch port=5,7,10 mirror=none Show Switch Mirror Show switch mirrorFollowing command displays the ports of a port mirror Statistics Commands Guide for background information on statistics This command returns a port’s statistics counters to zero Reset Switch Port CounterReset switch port=port counter Reset switch port=14-15 counter Show Switch Counter Show switch counter Show switch port=14 counter Show Switch Port CounterShow switch port=port counter Show switch port counter File System Commands Guide for background information on the switch’s file system Copy admin.cfg admin2.cfg Copy switch 12.cfg backup.cfgCopy Create config=Switch12.cfg Create ConfigCreate config=filename.cfg Filename contains spaces, it must be enclosed Delete file=filename Delete file=Switch 12.cfgDelete File Delete file=SW55a.csr Rename Switch12.cfg Sw 44a.cfg RenameIf the name contains spaces, enclose it SET Config Set config=filename.cfgSpaces, it must be enclosed in double quotes Set config=switch22.cfg Show file= Show FileShow file=filename Show file=*.cfg File Download and Upload Commands Block. If the filename contains a space, enclose Load METHOD=LOCALSystem that you want to download into the application Name in double quotes. These parameters are Load method=local destfile=appblock srcfile=ats62v1 3 0.img Load METHOD=TFTP Public key certificate enrollment AT-S62 configuration filePublic key certificate Request 240 241 Load method=xmodem destfile=appblockfilename As the new active image file on the switchLoad METHOD=XMODEM Method Specifies an Xmodem download Destfile 243 Load method=xmodem destfile=switch12.cfg Load method=xmodem destfile=sw12ssl.cerLoad method=xmodem destfile=appblock Load method=xmodem destfile=ats62v130.img Upload METHOD=LOCAL Active AT-S62 image file is stored Upload method=local destfile=sw12 s62 image.img src=appblock Upload METHOD=REMOTESWITCH 249 250 Upload method=remoteswitch srcfile=appblock switchlist=2 252 Upload METHOD=TFTP 254 255 Specifies the name of a file Switch’s file systemUpload METHOD=XMODEM Appblock Upload method=xmodem srcfile=sw22 boot.cfg Upload method=xmodem srcfile=switchcfgUpload method=xmodem srcfile=sw12sslenroll.csr Event Log and Syslog Server Commands ADD LOG Output Add log output=5 module=all severity=all Add log output=3 module=estack severity=e Add log output=4 module=stp,vlan severity=e,w Create LOG Output 263 Messages Security Security modules AuthorizationAuthentication modules Clock daemon Time- based modules Time system time and Sntp Syslogformat parameter defines the content of the events LOCAL1 LOCAL2 LOCAL3 LOCAL4 LOCAL5 LOCAL6 LOCAL7 Destroy log output=idnumber Following command deletes syslog server definition numberDestroy LOG Output Destroy log output=3 Disable LOG Disable logFollowing command disables the event log on the switch Disable log output=7 Disable LOG OutputDisable log output=idnumber Disable log output Enable LOG Enable log Enable log output=4 Enable LOG OutputEnable log output=idnumber Enable log output Purge LOG Purge log=temporary Save LOG Save log=temporary filename=switch 2.log SET LOG Fullaction Set log fullaction temporary=haltwrapSet log fullaction temporary=halt SET LOG Output Address for each event. This is Example, MAC,PACCESS. For a listAccording to its impact on the switch’s operation Normal Sends only the severity, module, Description Module Set log output=3 server=198.45.12.1 Set log output=11 module=stp,igmpsnooping severity=e,w Newest to oldest. Without it, the events are Show LOGModules Reverse Specifies the order in which the events are Displayed oldest to newest Command line interface commands Port access control listSwitch configuration Denial of service defense Port configuration Management access control list802.1x port-based access control Power over Ethernet AT-8524POE switch only Selects all severity levels Event Log Example Show log=temporary full Following command displays all the entries in the event logShow log=temporary Show log=temporary module=file,qos Show log output=idnumber full On the switch are displayedShow LOG Output Server definition. If an output ID number is not Show log output=1 full Following command displays information about the event logShow log output Show log output=5 full Following command displays event log status information Show LOG StatusShow log status Classifier Commands Guide for background information on classifiers Create Classifier Protocol Specifies a Layer 2 protocol. Options are ARP A specific node or a subnet. To filter using the IPVID number You can specify other Layer 2 protocols by entering Ipsaddr This command creates a classifier for all IP traffic Create classifier=4 description=IP flow protocol=ip Destroy Classifier Destroy classifier=idnumberDestroy classifier=2,4 This command deletes all classifiers on the switch Purge ClassifierPurge classifier SET Classifier Classifier Specifies the ID number of the classifier to beNumber can be from 1 to Hexadecimal format. For the latter, precede You can specify additional Layer 2 protocols byEntering the protocol number in either decimal or Number with This command adds the Layer 3 protocol Igmp to classifier ID Set classifier=6 ipprotocol=igmp Set classifier=5 udpdport=any Show classifier Show ClassifierShow classifier=idnumber Show classifier=12 ACL Commands Guide for background information on access control lists ACL Create ACL ACL Commands Destroy ACL This command deletes an ACL from the switchFollowing command deletes ACL IDs 14 Destroy acl=integer This command deletes all ACLs on the switch Purge ACLPurge acl SET ACL Set acl=4 description=ARP flow This command changes the description of ACL IDThis command changes the classifiers of ACL ID Set acl=6 action=permit portlist=4-7 Show acl Show ACLShow acl=integer Show acl=22 Quality of Service QoS Commands 307 ADD QOS Flowgroup Add qos flowgroup=integer classifierlist=integersAdd qos flowgroup=12 classifierlist=4,7 Add qos policy=integer trafficclasslist=integers This command adds the traffic class 16 to policyADD QOS Policy 11,12 ADD QOS Trafficclass Add qos trafficclass=17 flowgrouplist=21 Create QOS Flowgroup Create qos flowgroup=integer Remarkpriority New value specified with the PriorityWith the Priority parameter 313 Create QOS Policy This command creates a new QoS policy Ingress ports. On switches with 24 ports plusUplinks, ports 1-26 form a port block. On switches 14-22 Policy 11 Commands Parts of the policies are Example 2 Video Application Policy 32 Commands Example 3 Critical Database Policy 15 Commands Create QOS Trafficclass Create qos trafficclass=integer Flow group level. It will override any value set at Specified at the traffic class or policy level. aUsed only if no value has been specified at Policy level Accumulate in the bucket. If the traffic Continue to the point where all the unusedTraffic. However, no unused tokens will Increases, the excess traffic will be discarded Value specified in with Packets with the new valueSpecified with the Priority Priority parameter. This is Delete QOS Flowgroup Delete qos flowgroup=22 classifierlist=6 Delete QOS Policy Delete qos policy=1 trafficclasslist=17 Delete QOS Trafficclass Delete qos trafficclass=22 flowgrouplist=5 Destroy qos flowgroup=22 Destroy QOS FlowgroupDestroy qos flowgroup=integer Destroy qos flowgroup=16-20,23 Destroy qos policy=41 Destroy QOS PolicyDestroy qos policy=integer Destroy qos policy=5,23 Destroy qos trafficclass=22 Destroy QOS TrafficclassDestroy qos trafficclass=integer Destroy qos trafficclass=16-20,23 If the None option is used, the frame’s current SET QOS FlowgroupTo modify. The range is 0 to If you specify a new priority in a flow group and a Packets with the new value specified Set qos flowgroup=15 priority=6Set qos flowgroup=25 classifierlist=23,41 Set qos flowgroup=41 markvalue=none SET QOS Policy TOS field of the packets. The range is 0 to 14-22. The None option removes the policy To another policy with one commandIngressport ALL option adds it to all ports Set qos policy=8 ingressport=8 This command changes the ingress port for policy 8 to portThis command changes the traffic classes assigned to policy Set qos policy=41 trafficclasslist=12,23 SET QOS Port Set qos port=5-8 type=ingress policy=12Set qos port=1,5 type=egress policy=none SET QOS Trafficclass Set qos trafficclass=integer Flow group, traffic class, and policy. a Dscp value This parameter should be used with When they leave the switchTokens are added. The range is 4 to 512 Kbps Bucket size without also specifying a maximum With commas e.g., 4,11,13 Set qos trafficclass=42 priority=17Set qos trafficclass=41 maxbandwidth=80 burstsize=400 Show qos flowgroup Show QOS FlowgroupShow qos flowgroup=idnumber Show qos flowgroup=12 Show qos policy Show QOS PolicyShow qos policy=idnumber Show qos policy=54 Show qos trafficclass Show QOS TrafficclassShow qos trafficclass=idnumber Show qos trafficclass=14 Class of Service CoS Commands Guide for background information on Quality of Service MAP QOS Cosp Following command maps priorities 4 and 5, to egress queue Map qos cosp=4,5 qid=3 Following command maps priorities 5 and 6, to egress queue SET QOS CospSet qos cosp=5,6 qid=1 SET QOS Scheduling Set qos scheduling=strictwrr weights=weightsSet qos scheduling=wrr weights=1,5,10,15 Set qos scheduling=strict Show QOS Config Show qos configDisplays the QoS priority queues and scheduling Power Over Ethernet Commands Guide for background information on Power over Ethernet PoE This command disables PoE on port 5 Disable POE PortDisable poe port=port Disable poe port=5,7 This commands activates PoE on port Enable POE PortEnable poe port=port Enable poe port=2 SET POE Port This command sets the priority on port 6 and 11 to high Following command disables PoE on ports 4Set poe port=4-5 poefunction=disable Set poe port=14 powerlimit=12500 SET POE Threshold Set poe threshold=valueSet poe threshold=80 Show poe config Show POE ConfigShow poe config port=port Show poe config port=4 Show POE Status Show poe status port=port Show poe status Show poe status port=4 Igmp Snooping Commands Guide for background information on Igmp Snooping Disable Igmpsnooping Disable igmpsnoopingThis command deactivates Igmp snooping Enable Igmpsnooping Enable igmpsnoopingThis command activates Igmp snooping SET IP Igmp Set ip igmp snoopingstatus=disabled Set ip igmp hoststatus=singlehost Show Igmpsnooping Show igmpsnooping Show ip igmp Show IP IgmpShow ip igmp hostlist routerlist Show ip igmp hostlist Show ip igmp routerlist Denial of Service DoS Defense Commands SET DOS Set dos ipaddress=ipaddress subnet=mask uplinkport=portSet dos ipaddress=149.11.11.1 subnet=0.0.0.63 Than one port at a time Set dos ipoption port=5,7,10 state=enableSET DOS Ipoption Mirrorport Set dos land port=port state=enabledisable mirrorport=port Set dos land port=5,7 state=enableSET DOS Land SET DOS Pingofdeath Following command activates the defense on ports 1 Set dos pingofdeath port=1,5 state=enable Following command activates this defense on port Set dos smurf port=port state=enabledisablePort Specifies the switch ports on which you want to Set dos smurf port=17 state=enable Set dos synflood port=18-20 state=enable Set dos synflood port=port state=enabledisableFollowing command activates the defense on ports 18 to SET DOS Synflood SET DOS Teardrop Following command activates the defense on port Set dos teardrop port=22 state=enable Show dos defense port=port Show DOSShow dos ipaddress subnet uplinkport Show dos ipaddress subnet Show dos smurf port=4 STP Commands Activate STP Activate stp Disable STP Disable stpFollowing command disables STP Enable STP Enable stpFollowing command enables STP on the switch Purge STP Purge stp Represents the desired bridge priority value. SET STPFollowing table. You specify the increment that 32768 Seconds Set stp hellotime=7 forwarddelay=25 Set stp defaultSet stp priority=11 SET STP Port Set stp port=6 portcost=15 portpriority=12 Set stp port=7-10 portcost=auto Where the ingress port is a member SET Switch MulticastmodeSet switch multicastmode=abcd Multicastmode Specifies one of the following Set switch multicastmode=a Show stp Show STPShow stp port=port Show stp port=1-4 Rstp Commands Activate Rstp Activate rstp Disable Rstp Disable rstpFollowing command disables Rstp Enable Rstp Enable rstpFollowing command enables Rstp Following command resets Rstp Purge RstpPurge rstp Shown in the following table. You specify SET RstpRange is divided into sixteen increments, as Increment that represents the desired bridge priority Parameter settings, but ForwarddelaySTP compatible mode Seconds Set rstp priority=5 hellotime=5 forwarddelay=20 Set rstp forceversion=stpcompatible Set rstp default SET Rstp Port Port is an edge port. Mbps 20,000 PortpriorityYou specify the increment that corresponds to Values are equivalent. This is Set rstp port=4 portcost=1000000 portpriority=14 Set rstp port=6-8 edgeport=no Show Rstp Show rstp portconfig=portportstate=portShow rstp portconfig=1-4 Show rstp Following command displays Rstp port status for port Show rstp portstate=15 Mstp Commands 407 Activate Mstp Activate mstp Add mstp mstiid=8 mstivlanassoc=4 ADD MstpAdd mstp mstiid=mstiid mstivlanassoc=vids Add mstp mstiid=11 mstivlanassoc=24,44 At a time. The range is 1 to Create MstpCreate mstp mstiid=mstiid mstivlanassoc=vids Create mstp mstiid=8 mstivlanassoc=4 Delete mstp mstiid=8 mstivlanassoc=4 Delete MstpDelete mstp mstiid=mstiid mstivlanassoc=vids Delete mstp mstiid=11 mstivlanassoc=24,44 This example deletes the spanning tree instance Destroy Mstp MstiidDestroy mstp mstiid=mstiid Destroy mstp mstiid=4 Disable Mstp Disable mstpFollowing command disables Mstp Enable Mstp Enable mstpFollowing command enables Mstp Purge Mstp Purge mstp Disabled to use this parameter Performs the same function as the Reset MstpCommand. The spanning tree protocol must be SET Mstp Configname Seconds ForwarddelayThose ports operating in the STP compatible mode Maxhops Specifies the maximum hops counter. Mstp Set mstp default Set mstp forceversion=forcestpcompatible Set mstp cist priority=priority Default value is 32,768, which is incrementSET Mstp Cist Is divided into sixteen increments, as shown Set mstp cist priority=11 SET Mstp Msti Set mstp msti mstiid=mstiid priority=priorityMsti Priority Value Increments Set mstp msti mstiid=4 priority=11 Set mstp msti mstiid=6 priority=2 Set mstp mstivlanassoc mstiid=8 vlanlist=4 SET Mstp MstivlanassocSet mstp mstivlanassoc mstiid=mstiid vlanlist=vids Set mstp mstivlanassoc mstiid=11 vlanlist=24,44 SET Mstp Port Selections are Yes, on, true Port is an edge port. These Mbps 20,000 EdgeportConnected to any device running STP or Mstp BPDUs indefinitely. Set the migrationcheck An internal port cost. The range is 0 to 200,000,000 Default setting is Auto-detect 0, which sets portCost depending on the speed of the port. Default Mbps ports, and 20,000 for one gigabit ports Set mstp port=2-5 extportcost=auto Set mstp port=14,23 extportcost=500Set mstp port=6-8 edgeport=yes Set mstp port=6-8 ptp=yes Set mstp port=7,10 intportcost=500 Set mstp port=7,10 portpriority=4 stpid=2Set mstp port=2-5 intportcost=auto Show Mstp Msti priority Regional root ID Show mstp portstate=4 Show mstp portconfig=5 stpid=2Show mstp Show mstp cist VLANs and Multiple Vlan Mode Commands ADD Vlan Add vlan=name vid=vid port=portsall frame=untaggedtagged Add vlan=sales untaggedports=4,7 Add vlan=Service untaggedports=7-8 taggedports=5Add vlan=sales port=4,7 frame=untagged Add vlan=production port=3 frame=tagged Create Vlan Create vlan=name vid=vid port=portsall frame=untaggedtagged Example, 1, 5, 14-22. To specify all ports on Port Specifies the ports on the switch that are eitherThis command creates a new port-based or tagged Vlan Frame parameter Create vlan=Sales vid=3 untaggedports=4-8,12-16 Create vlan=Service vid=16 port=1,4,5-7 frame=untaggedCreate vlan=Sales vid=3 port=4-8,12-16 frame=untagged Create vlan=Production vid=22 port=3,6 frame=tagged 438 Vlan Specifies the name of the Vlan to be modified Vid Delete VlanDelete vlan=name vid=vid port=ports frame=untaggedtagged This parameter must be used with the Frame Delete vlan=production port=13 frame=tagged Delete vlan=sales port=4,7 frame=untaggedDelete vlan=sales untaggedports=4,7 Delete vlan=production untaggedports=13 To 8, the commands would be Delete vlan=Service untaggedports=6-8 taggedports=2 Destroy vlan vlan=Sales Destroy VlanDestroy vlan vlan=nameall vid=vid Destroy vlan vlan=Sales vid=102 SET Switch Infiltering Set switch infiltering=yesnoonofftruefalseSet switch infiltering=off SET Switch Managementvlan Set switch managementvlan=nameVIDSet switch managementvlan=TechSupport SET Switch Vlanmode Set switch vlanmode=dotqmultiple uplinkport=4 Set switch vlanmode=userconfig SET Vlan Set vlan=name vid=vid type=portbasedSet vlan=gvrpvlan22 type=portbased Show vlan Show VlanShow vlan=namevid Show vlan=sales Garp Vlan Registration Protocol Commands Guide for background information on the Gvrp Disable Garp Disable garp=gvrp gipDisable garp=gvrp This commands enables Gvrp on the switch Enable GarpEnable garp=gvrp gip Enable garp=gvrp Purge Garp Purge garp=gvrp Set garp=gvrp port=1-4 mode=none SET Garp PortSet garp=gvrp port=port mode=normalnone Set garp=gvrp port=3 mode=normal SET Garp Timer Following command sets the timers to their default values Set garp=gvrp timer default Following command displays the above Gvrp information Show GarpShow garp=gvrp Show Garp Counter Show garp=gvrp counter Following command displays the above Garp counters Following command displays the Garp database Show Garp DatabaseShow garp=gvrp database Following command displays the GIP-connected ring Show Garp GIPShow garp=gvrp gip Show garp=gvrp machine Following command displays GID state machinesShow Garp Machine Port App Reg Protected Ports Vlan Commands ADD Vlan Group Following command accomplishes the same thing using syntax Add vlan=InternetGroups untaggedports=11 group=uplinkAdd vlan=InternetGroups port=5,6 frame=untagged group=4 Add vlan=InternetGroups untaggedports=5,6 group=4 Create Vlan Portprotected Create vlan=name vid=vid portprotectedCreate vlan=InternetGroups vid=12 portprotected Vlan Specifies the name or VID of the Vlan to be VID Delete vlan=InternetGroups port=12 frame=untagged Delete vlan=InternetGroups untagged=12 Destroy vlan=namevidall Following command deletes the Vlan called InternetGroupsFollowing command deletes all VLANs Destroy vlan=InternetGroups Set vlan=namevid port=ports frame=taggeduntagged Set vlan=Sales port=4 frame=untagged Following command displays the Sales Vlan MAC Address Security Commands Guide for background information on port security Set switch port=12,21 intrusionaction=trap SET Switch Port IntrusionactionPort Specifies the port where you want to change Snmp trap SET Switch Port Securitymode To the Limited security mode. Intrusion actions are Trap, and disables the portDisable. This option does not apply when intrusion Action is set to discard. Options are Set switch port=2,6,18 securitymode=locked Set switch port=8 securitymode=limited learn=5Set switch port=15-16 learn=150 Set switch port=12-24 securitymode=secured Port Specifies the port where you want to view Show Switch Port IntrusionShow switch port=port intrusion Show switch port=12,21 intrusion Show Switch Port Securitymode Show switch port=port securitymodeShow switch port=1-5 securitymode 802.1x Port-based Access Control Commands Portaccess and Portauth keywords are equivalent Disable PortaccessportauthDisable portaccessportauth Disable portaccess Disable Radiusaccounting Disable radiusaccountingFollowing command disables Radius accounting Enable Portaccessportauth Enable portaccessportauthEnable portaccess Enable Radiusaccounting Enable radiusaccounting Control on the port SET Portaccessportauth Port ROLE=AUTHENTICATORPort-based authentication Control Access the network is Authentication messagesAuthentication server. Each Switch by using the clients Client before retransmitting the request. The default Switch or the switch isReset or power cycled Is disabled by default. The default value is Client has logged on. This is the default Authenticator port will handle egress broadcastMulticast traffic when in the unauthorized state. You Client’s authentication This command sets ports 4 to 6 to the Authenticator role Set portaccess port=4-6 role=authenticatorSet portaccess port=12,15 role=none To 60 seconds. The default is 30 seconds SET Portaccessportauth Port ROLE=SUPPLICANTTo adjust. You can specify more than one port at a Port Specifies the port that you want to set to Set portaccess port=4-6 role=supplicant SET Radiusaccounting Set radiusaccounting status=enabled trigger=stoponly Interim accounting updates to the Radius serverRange is 30 to 300 seconds. The default is Set radiusaccounting updateenable=enabled interval=200 Show portaccess config Show PortaccessportauthShow portaccessportauth configstatus Show portaccess status Show portaccess port=10 authenticator status Show Portaccessporauth PortSettings you want to view. You can specify more Show portaccess port=12 supplicant config Show Radiusaccounting Show radiusaccounting Web Server Commands Guide for background information on the web server Disable Http Server Disable http serverFollowing command disables the web server Enable Http Server Enable http serverFollowing command activates the web server Purge Http Server Purge http server Secure Https mode Will listen on. The default for non-secure HttpSET Http Server Set http server security=disabled Set http server security=enabled sslkeyid=5 Set http server security=enabled sslkeyid=4 This command enables the web server enable http server 503 This command disables the web server disable http server Set system distinguishedname=cn=149.44.44.44Create pki enrollmentrequest=sw24cer keypair=8 Set http server security=enabled sslkeyid=8 Following command displays the status of the web server Show Http ServerShow http server Encryption Key Commands Create Enco KEY Ssh2 SshVersion 1 users Version 2 users Create enco key=12 type=rsa length=512 Syntax 2 Description Create enco key=12 type=rsa file=public12.key format=ssh Destroy Enco KEY Destroy enco key=key-idDestroy enco key=4 Set enco key=1 descriptionSwitch 22 key SET Enco KEYSet enco key=key-iddescription=description Show enco key=key-id This command displays information about encryption keyShow Enco Show enco key=1 Public Key Infrastructure PKI Certificate Commands ADD PKI Certificate 517 Create PKI Certificate 519 520 Software automatically adds the .csr extension Create PKI EnrollmentrequestEnclosed in double quotes. The management Type Formats the request according to Pkcs #10 Create pki enrollmentrequest=Switch12 keypair=4 PKCS10 Delete pki certificate=name Delete pki certificate=Switch 12 certificateDelete PKI Certificate Be enclosed in double quotes. Wildcards are not Purge PKI Purge pki Spaces, it must be enclosed in quotes Entity EE. This is the defaultSET PKI Certificate Yes, on, true Specifies that the certificate is from a Set pki certificate=Switch 12 certificate trusted=true SET PKI Certstorelimit Set pki certstorelimit=valueSet pki certstorelimit=100 SET System Distinguishedname Set system distinguishedname=nameSet system distinguishedname=cn=169.22.22.22 Show PKI Show pki Show pki certificate=name Show pki certificate=Switch 12 certificateShow PKI Certificate Show pki certificate Secure Sockets Layer SSL Commands Set ssl cachetimeout=value maxsessions=value Set ssl cachetimeout=180SET SSL Show SSL Show ssl Secure Shell SSH Commands Disable SSH Server Disable ssh serverFollowing command disables the Secure Shell server Enable SSH Server Enable ssh server hostkey=0 serverkey=1 General Configuration Steps for SSH Operation Enable ssh server hostkey=1 serverkey=2 SET SSH Server Set ssh server expirytime=1 Show SSH Show ssh TACACS+ and Radius Commands ADD Radiusserver Add radiusserver ipaddress=149.245.22.22 order=1Add radiusserver ipaddress=149.245.22.22 order=3 TACACS+ and Radius Commands Add tacacsserver ipaddress=149.245.22.20 order=1 ADD TacacsserverBeing the first server queried Add tacacsserver ipaddress=149.245.22.26 order=3 Delete Radiusserver Delete radiusserver serveripaddress=ipaddressDelete radiusserver ipaddress=149.245.22.22 Delete Tacacsserver Delete tacacsserver serveripaddress=ipaddressDelete tacacsserver ipaddress=149.245.22.20 Disable Authentication Disable authentication Enable Authentication Enable authentication Purge Authentication Purge authenticationFollowing command disables authentication on your switch SET Authentication Set authentication method=tacacsSet authentication method=tacacs secret=tiger54 Set authentication method=radius secret=leopard09 timeout=15 Show authentication Show AuthenticationShow authentication=tacacsradius Show authentication=radius Management ACL Commands Guide for background information on the Management ACL ADD Mgmtacl Management ACL Commands Following command deletes an ACE from the Management ACL Delete MgmtaclTcp Transmission control protocol Interface Disable Mgmtacl Disable mgmtaclFollowing command disables the Management ACL Enable Mgmtacl Enable mgmtaclFollowing command enables the Management ACL SET Mgmtacl 561 Set mgmtacl state=enable Set mgmtacl state=disableenableEnable Enables the Management ACL Disable SET Mgmtacl State Show mgmtacl state Show MgmtaclShow mgmtacl stateentries Show mgmtacl entries Configuring timeout value 198 aging timer Index Clear Screen command Create PKI Certificate command Disable Radiusaccounting command 481 Disable Rstp command Disable Snmp command Flow group Modifying 308, 324 Aging time 182 multicast groups Disabling 480 displaying 493, 494 SET POE Threshold command SET Mgmtacl commandSET Mstp command SET Mstp Msti command SET QOS Port command Show Switch command SET Switch Port commandShow PKI Certificate command 530 Show PKI command Show Switch Port Counter command Sntp Modifying 259 System files Deleting Downloading 238 Adding Converting dynamic VLANs Creating

Allied Telesis management software layer 2+ fast ethernet switches SET Switch Port Securitymode

Models: management software layer 2+ fast ethernet switches

SET SWITCH PORT SECURITYMODE

default setting.

secured

Sets the port to the Secured security