Allied Telesis management software layer 2+ fast ethernet switches

		AT-S62 Command Line User’s Guide
	You can use this selection to control how an
	Authenticator port will handle egress broadcast and
	multicast traffic when in the unauthorized state. You
	can instruct the port to forward this traffic to the
	client, even though the client has not logged on, or
	you can have the port discard the traffic.
	The two selections are:
	ingress	An authenticator port, when in the
		unauthorized state, will discard all
		ingress broadcast and multicast packets
		from the client. while forwarding all
		egress broadcast and multicast traffic to
		the same client.
	both	An authenticator port, when in the
		unauthorized state, will not forward
		ingress or egress broadcast and multicast
		packets from or to the client until the
		client has logged on. This is the default.
piggyback	Controls who can use the switch port in cases where
	there are multiple clients using the port (e.g., the port
	is connected to an Ethernet hub). Options are:
	enabled	Allows all clients on the port
		to piggy-back onto the initial
		client’s authentication,
		causing the port to forward
		all packets after one client is
		authenticated. This is the
		default setting.
	disabled	Specifies that the switch port
		forward only those packets
		from the client who is

authenticated and discard packets from all other users.

Description

This command sets ports to the Authenticator role and configures the Authenticator role parameters. This command also disables port-based access control on a port.

487

Page 487

Image 487

Allied Telesis management software layer 2+ fast ethernet switches manual You can use this selection to control how an

Contents

Command Line User’s Guide Page Table of Contents 101 103 181 232 326 389 462 532 Preface AT-S62 Command Line User’s Guide This document uses the following conventions Contacting Allied Telesyn Starting a Command Line Management Session Starting a Management Session Command Line Interface Features Command Formatting Basic Command Line Commands Clear screen This command clears the screenFollowing command clears the screen Clear Screen Exit Following command displays the Main MenuExit Help Following command displays the CLI keywordsHelp Logoff Logout Quit Following command ends a management sessionLogoff Menu Following command displays the AT-S62 Main MenuMenu Save configuration Save Configuration Prompt Set prompt=Sales SwitchSET Prompt Set prompt=prompt Set switch consolemode=menucli SET Switch ConsolemodeSet switch consolemode=menu Show user Show User Guide for background information on enhanced stacking Enhanced Stacking Commands Either of the following formats Access SwitchAccess switch number=numbermacaddress=macaddress Macaddress Access switch macaddress=003084520211 Access switch number=12 Stackmode SET Switch StackmodeSet switch stackmode=masterslaveunavailable Possible settings are Set switch stackmode=master Show remotelist Following command displays the switches sorted by nameShow Remotelist Show remotelist sorted by=macaddressname Basic Switch Commands AT-S62 Command Line User’s Guide Disable dhcpbootp Disable Dhcpbootp Disable ip remoteassign Disable IP Remoteassign Disable telnet Disable TelnetFollowing command deactivates the Telnet server Enable bootp Enable Bootp Enable dhcp Enable Dhcp Enable ip remoteassign Enable IP Remoteassign Enable telnet Enable TelnetFollowing command activates the Telnet server Drive AT-8500 Series switch supports only oneFormat Device Format drive=flash Basic Switch Commands Ping Ping Purge ip ipaddress route Purge IPPurge ip ipaddress netmask route Purge ip ipaddress netmask Reset switch Reset SwitchThis command performs the functions described above Reset system name Reset SystemReset system name contact location Reset system Restart reboot Restart RebootFollowing command resets the switch Exist on the switch. The value None returns Restart SwitchRestart switch config=nonefilename.cfg Config Following command resets the switch to its default values Restart switch config=switch12.cfgRestart switch config=none Set asyn speed=115200 SET Asyn SET IP Interface Set ip interface=eth0 ipaddress=dhcp Following command sets just the subnet maskFollowing command activates the Dhcp client software Set ip interface=eth0 netmask=255.255.255.252 Set ip route ipaddress=140.35.22.12 Following command sets the default gateway toSET IP Route Set ip route ipaddress=ipaddress Follow the prompts to enter the new password SET Password ManagerSet password manager Following command changes the manager’s password Set password operator SET Password OperatorFollowing command changes the operator’s password Set switch consoletimer=25 SET Switch ConsoletimerSet switch consoletimer=value Following command sets the console timer to 25 minutes Set system name=name contact=contact location=location SET SystemSet system name=PR Office Following command changes the operator’s password to newby SET User PasswordShow user manageroperator password=password Password Show asyn Show Asyn Show config info Show ConfigShow config dynamic info Show config Show dhcpbootp Show Dhcpbootp Show ip interface=eth0 Show IP Interface Show ip route Show IP Route Show switch Show Switch Show System Following command displays the above informationShow system Guide for background information on Sntp Simple Network Time Protocol Sntp Commands Ipaddress Parameters are equivalent ADD Sntpserver PeeripaddressAdd sntpserver peeripaddress=ipaddress Peer Delete sntpserver peeripaddress=ipaddress Delete Sntpserver PeeripaddressDelete sntpserver ipaddress=148.35.16.248 Disable sntp Disable SntpFollowing command disables Sntp on the switch Enable sntp Enable SntpFollowing command enables the Sntp client software Purge Sntp Following command resets SntpPurge sntp Set date=11-03-2004 time=163452 Following command sets just the date to April 2SET Date Time Time in 24-hour format SET Sntp Set sntp dst=enabled pollinterval=300 utcoffset=-8 Show Sntp Following command displays Sntp client software informationShow sntp Show time This command shows the switch’s current date and timeFollowing command shows the system’s date and time Show Time Guide for background information on Snmp SNMPv1 and SNMPv2 Community Strings and Trap Commands Point. Otherwise, the quotes are optional ADD Snmp CommunityCommunity Must be enclosed in double quotes if it contains a Add snmp community=public traphost=149.212.10.11 Create Snmp Community Have up to eight IP addresses of management Can use the community string to access the switchThis option applies if you specify the status Community string as closed. a community string can Create snmp community=serv12 access=read open=yes Delete Snmp Community Delete snmp community=public traphost=149.212.44.45 Destroy snmp community=community Destroy Snmp CommunityDestroy snmp community=wind44 Disable snmp Disable SnmpFollowing command disables Snmp on the switch Disable snmp authenticatetrapauthenticatetrap Disable Snmp AuthenticatetrapDisable snmp authenticatetrap String must be enclosed in double quotes if it Disable Snmp CommunityDisable snmp community=community Disable snmp community=sw1200 Enable snmp Enable SnmpFollowing command activates Snmp on the switch Enable snmp authenticatetrapauthenticatetrap Enable Snmp AuthenticatetrapEnable snmp authenticatetrap Enable snmp community=community Enable Snmp CommunityEnable snmp community=private Set snmp community=sw44 open=no SET Snmp Community Set snmp community=serv12 access=write open=yes Show snmp community=community Otherwise, the quotes are optional. DefaultThis command displays the following Snmp information Show Snmp Show snmp community=private Show snmp SNMPv3 Commands Guide for background information on the SNMPv3 protocol ADD SNMPV3 User This command creates an SNMPv3 User Table entry Entry to the configuration file onSwitch. This is the default Configuration file on the switch An optional parameter Clear SNMPV3 AccessWriteview Specifies a Write View Name that allows the users Assigned to this security group to send traps NotifyviewParameter Clear snmpv3 community index=421 transporttag Clear SNMPV3 CommunityClear snmpv3 community index=index transporttag Clear snmpv3 community index=1005 transporttag Clear snmpv3 notify=hwenginform tag Clear SNMPV3 NotifyClear snmpv3 notify=notify tag Clear snmpv3 notify=hwengtraptag tag Clear snmpv3 targetaddr=snmphost79 taglist Clear SNMPV3 TargetaddrClear snmpv3 targetaddr=targetaddr taglist Clear snmpv3 targetaddr=snmphost44 taglist Clear snmpv3 view=private subtree=1.3.6.1.4 mask Clear SNMPV3 ViewClear snmpv3 view=view subtree=OIDtext mask Clear snmpv3 view=1.3.6.1.2.1.1 mask Create SNMPV3 Access Information in the specified View Table. This is an Parameter, then the writeview parameter defaults toNotifyview parameter defaults to none This command creates an SNMPv3 Access Table entry 111 Create SNMPV3 Community 113 Create SNMPV3 Group Groupname Specifies a group name configured in the SNMPv3SNMPV3 Access on This command creates an SNMPv3 SecurityToGroup Table entry 115 Inform Inform messages are sent, with a NMS or manager. This is the defaultThis command creates an SNMPv3 Notify Table entry Create SNMPV3 Notify 117 Create SNMPV3 Targetaddr 119 Targetparams Specifies the name of the SNMPv3 Target Create SNMPV3 TargetparamsUser Table This command creates an SNMPv3 Target Parameters Table entry Create SNMPV3 View This command creates an SNMPv3 View Table entryOptions are 123 Delete snmpv3 user=75murthy75 Delete SNMPV3 UserDelete snmpv3 user=user Delete snmpv3 user=wilson890 Destroy SNMPv3 Access 126 Destroy snmpv3 community index=1001 Destroy snmpv3 community index=indexDestroy snmpv3 community index=5 Destroy snmpv3 group username=May securitymodel=v3 Destroy snmpv3 group username=Dave securitymodel=v3 Destroy snmpv3 notify=systemtestnotifytrap Destroy snmpv3 notify=notifyDestroy snmpv3 notify=engineeringinform1 Destroy snmpv3 targetaddr=snmpv3host77 Destroy snmpv3 targetaddr=targetDestroy snmpv3 targetaddr=snmpmanager Destroy snmpv3 targetparams=snmpmanager Destroy snmpv3 targetparams=targetparamsTargetparams Destroy snmpv3 targetparams=targetparameter1 Text Text name of the view Destroy SNMPV3 ViewDestroy snmpv3 view=view subtree=OIDtext Subtree Specifies the view subtree view. The options are Specified View SET SNMPV3 AccessSpecified by the View Table entry Information in the specified View Table This command modifies an SNMPv3 Access Table entry SET SNMPV3 Community This command modifies an SNMPv3 Community Table entry 136 SET SNMPV3 Group This command modifies an SNMPv3 SecurityToGroup Table entry 138 SET SNMPV3 Notify This command modifies an SNMPv3 Notify Table entry 140 SET SNMPV3 Targetaddr Retries Specifies the number of times the switch retries toParameter Udpport This command modifies an SNMPv3 Target Address Table entry Username Specifies the user name Securitymodel SET SNMPV3 Targetparams This command modifies a Target Parameters Table entry SET SNMPV3 User 146 SET SNMPV3 View This command modifies an SNMPv3 View Table entryName to see the specified subtree Set snmpv3 view=system subtree=1.3.6.1.2.1 type=excluded Set snmpv3 view=internet1 subtree=internet type=included Show snmpv3 access Show SNMPV3 AccessShow snmpv3 access=access Show snmpv3 access=production Show snmpv3 community Show SNMPV3 CommunityShow snmpv3 community index=index Show snmpv3 community index=246 Show snmpv3 group Show snmpv3 group username=Dave securitymodel=v3 Show snmpv3 notify Show SNMPV3 NotifyShow snmpv3 notify=notify Show snmpv3 notify=testengtrap1 Show snmpv3 targetaddr Show SNMPV3 TargetaddrShow snmpv3 targetaddr=targetaddr Show snmpv3 targetaddr=snmpv3host55 Show snmpv3 targetparams Show SNMPV3 TargetparamsShow snmpv3 targetparams=targetparams Show snmpv3 targetparams=snmpv3manager95 Show snmpv3 user Show SNMPV3 UserShow snmpv3 user=user Show snmpv3 user=Robert Show snmpv3 view=view subtree=OIDtext Show SNMPV3 View Guide for background information on the port parameters Port Parameter Commands Activate switch port=port autonegotiate Activate Switch PortActivate switch port=1,4 autonegotiate Disable interface=21 Disable Interface LinktrapDisable interface=port linktrap Following command disables link traps on port Disable switch port=12,24 Disable Switch PortDisable switch port=port Following command disables ports 12 Disable switch port=port flow=pause Disable Switch Port FlowDisable switch port=6 flow=pause Enable interface=21 Enable Interface LinktrapEnable interface=port linktrap Following command enables Snmp link traps on port Disable switch port=1-4 Enable Switch PortEnable switch port=port Following command enables ports 1 to This command activates flow control on port Enable Switch Port FlowEnable switch port=port flow=pause Port Specifies the port where you want to activate flow Reset switch port=5-8 Reset Switch PortReset switch port=port Following command resets ports 5 to Mdimode=mdimdixauto SET Switch Port Auto-Negotiation Default settingMdi Sets the port’s configuration to MDI Mdix To the port. This is the default setting Default is 57,344 cells Is using flow control, the switch portIs not using flow control, neither will Switch port A port’s operating parameters Duplex modeSoftreset Only value is Following command resets port Following command disables ports 1 toSet switch port=1-6 status=disabled Set switch port=8 speed=10mhalf Yes, on, true, enabled Activates multicast SET Switch Port RatelimitNo, off, false, disabled Deactivates multicast Set switch port=all unkucastratelimiting=enabled Set switch port=all rate=15000 This command changes the rate limit to 15,000 packetsSet switch port=all unkucastratelimiting=disabled Show interface=port Show InterfacePort Specifies the port whose interface information you Show interface=21 Following command displays the above information on port Show switch port=14 Show Switch PortShow switch port=port Show switch port Guide for background information on the MAC address table MAC Address Table Commands ADD Switch Fdbfilter 179 Delete switch fdb macaddress=00a0c1112244 vlan=sales Delete Switch FDBDelete switch fdb macaddress=macaddress vlan=namevid Delete switch fdb macaddress=00A0D2181A11 vlan=1 Specify more than one port at a time Reset Switch FDBReset switch fdb port=port Reset switch fdb port=5 Set switch agingtimerageingtimer=value SET Switch AgingtimerageingtimerSet switch agingtimer=120 Show switch agingtimerageingtimer Show Switch AgingtimerageingtimerShow switch agingtimer Show switch fdb Show Switch FDBShow switch fdb status=static Show switch fdb vlan=sales Show switch fdb status=multicastShow switch fdb address=00A0D2181A11 Show switch fdb port=2 Port Trunking Commands Add switch trunk=load22 port=5 ADD Switch TrunkAdd switch trunk=name port=port Following command adds port 5 to a port trunk called load22 Create Switch Trunk Create switch trunk=trunk4 port=15,17,23 Create switch trunk=load22 port=3-6 select=macdest Trunk Specifies the name of the trunk to be modified Port Delete Switch TrunkDelete switch trunk=name port=port Delete switch trunk=Devtrunk port=9 Destroy switch trunk=name Destroy Switch TrunkDestroy switch trunk=load22 Set switch trunk=Load11 select=ipdest SET Switch TrunkTrunk Specifies the name of the port trunk Select Show switch trunk Show Switch TrunkFollowing command displays port trunking information This chapter contains the following commands Networking Stack Commands Delete ip arp Following command deletes the ARP entry with the IP addressDelete IP ARP Delete ip arp ipaddressall Delete tcp indexnumber Delete TCPDelete tcp Reset ip arp Reset IP ARP SET IP ARP Set ip arp timeout=integerFollowing command sets the timer to 600 seconds Set ip arp timeout=600 IP addresses and their corresponding MAC addresses Following command displays the ARP tableShow IP ARP Show ip arp IP address of a destination network, subnetwork, or end node Following command displays the IP route table Show tcp Show TCP Internal socket ID number assigned to the connection Number of segments transmitted with the RST bit set 203 Guide for background information and guidelines on Lacp Lacp Commands ADD Lacp Port Add lacp port=8,22 aggregator=agg1 Add lacp port=6 adminkey=0x1a priority=0x10 Create Lacp Aggregator Following command creates an Lacp aggregator named Delete lacp port=port aggregator=name Delete Lacp PortDelete lacp port=9 Destroy Lacp Aggregator Destroy lacp aggregator=nameadminkey=keyFollowing command deletes an aggregator named agg15 Destroy lacp adminkey=0x1a Disable lacp Disable LacpFollowing command disables Lacp on the switch Enable lacp Enable LacpFollowing command enables Lacp SET Lacp Aggregator Set lacp aggregator=server11trunk adminkey=0x22Set lacp aggregator=agg5 distribution=macsrc SET Lacp Port Set lacp port=6 priority=0x2b Set lacp port=2,5 aggregator=switchtrunkSet lacp port=8-9 adminkey=0x11 Following command changes the priority of port 6 to 0x2B This is a hexadecimal value from 0x1 to 0xffff. Following command sets the Lacp priority on the switch toSET Lacp Priority Set lacp priority=priority Set lacp state=enable Set lacp state=enabledisableSET Lacp State Show Lacp Port Mirroring Commands Set switch mirror=0 SET Switch MirrorSet switch mirror=port Set switch mirror=11 Set switch port=5,7,10 mirror=none SET Switch Port MirrorSet switch port=port mirror=nonerxtxboth Set switch port=16-17 mirror=rx Show switch mirror Show Switch MirrorFollowing command displays the ports of a port mirror Guide for background information on statistics Statistics Commands Reset switch port=14-15 counter Reset Switch Port CounterReset switch port=port counter This command returns a port’s statistics counters to zero Show switch counter Show Switch Counter Show switch port counter Show Switch Port CounterShow switch port=port counter Show switch port=14 counter Guide for background information on the switch’s file system File System Commands Copy switch 12.cfg backup.cfg Copy admin.cfg admin2.cfgCopy Filename contains spaces, it must be enclosed Create ConfigCreate config=filename.cfg Create config=Switch12.cfg Delete file=SW55a.csr Delete file=Switch 12.cfgDelete File Delete file=filename Rename Rename Switch12.cfg Sw 44a.cfgIf the name contains spaces, enclose it Set config=filename.cfg SET ConfigSpaces, it must be enclosed in double quotes Set config=switch22.cfg Show file=*.cfg Show FileShow file=filename Show file= File Download and Upload Commands Name in double quotes. These parameters are Load METHOD=LOCALSystem that you want to download into the application Block. If the filename contains a space, enclose Load method=local destfile=appblock srcfile=ats62v1 3 0.img Load METHOD=TFTP Request AT-S62 configuration filePublic key certificate Public key certificate enrollment 240 241 Method Specifies an Xmodem download Destfile As the new active image file on the switchLoad METHOD=XMODEM Load method=xmodem destfile=appblockfilename 243 Load method=xmodem destfile=sw12ssl.cer Load method=xmodem destfile=switch12.cfgLoad method=xmodem destfile=appblock Load method=xmodem destfile=ats62v130.img Active AT-S62 image file is stored Upload METHOD=LOCAL Upload method=local destfile=sw12 s62 image.img src=appblock Upload METHOD=REMOTESWITCH 249 250 Upload method=remoteswitch srcfile=appblock switchlist=2 252 Upload METHOD=TFTP 254 255 Appblock Switch’s file systemUpload METHOD=XMODEM Specifies the name of a file Upload method=xmodem srcfile=switchcfg Upload method=xmodem srcfile=sw22 boot.cfgUpload method=xmodem srcfile=sw12sslenroll.csr Event Log and Syslog Server Commands ADD LOG Output Add log output=3 module=estack severity=e Add log output=5 module=all severity=all Add log output=4 module=stp,vlan severity=e,w Create LOG Output 263 Clock daemon Time- based modules Time system time and Sntp Security Security modules AuthorizationAuthentication modules Messages LOCAL1 LOCAL2 LOCAL3 LOCAL4 LOCAL5 LOCAL6 LOCAL7 Syslogformat parameter defines the content of the events Destroy log output=3 Following command deletes syslog server definition numberDestroy LOG Output Destroy log output=idnumber Disable log Disable LOGFollowing command disables the event log on the switch Disable log output Disable LOG OutputDisable log output=idnumber Disable log output=7 Enable log Enable LOG Enable log output Enable LOG OutputEnable log output=idnumber Enable log output=4 Purge log=temporary Purge LOG Save LOG Save log=temporary filename=switch 2.log Set log fullaction temporary=haltwrap SET LOG FullactionSet log fullaction temporary=halt SET LOG Output Normal Sends only the severity, module, Description Module Example, MAC,PACCESS. For a listAccording to its impact on the switch’s operation Address for each event. This is Set log output=11 module=stp,igmpsnooping severity=e,w Set log output=3 server=198.45.12.1 Displayed oldest to newest Show LOGModules Reverse Specifies the order in which the events are Newest to oldest. Without it, the events are Denial of service defense Port access control listSwitch configuration Command line interface commands Power over Ethernet AT-8524POE switch only Management access control list802.1x port-based access control Port configuration Event Log Example Selects all severity levels Show log=temporary module=file,qos Following command displays all the entries in the event logShow log=temporary Show log=temporary full Server definition. If an output ID number is not On the switch are displayedShow LOG Output Show log output=idnumber full Show log output=5 full Following command displays information about the event logShow log output Show log output=1 full Show LOG Status Following command displays event log status informationShow log status Guide for background information on classifiers Classifier Commands Create Classifier You can specify other Layer 2 protocols by entering A specific node or a subnet. To filter using the IPVID number Protocol Specifies a Layer 2 protocol. Options are ARP Ipsaddr Create classifier=4 description=IP flow protocol=ip This command creates a classifier for all IP traffic Destroy classifier=idnumber Destroy ClassifierDestroy classifier=2,4 Purge Classifier This command deletes all classifiers on the switchPurge classifier Classifier Specifies the ID number of the classifier to be SET ClassifierNumber can be from 1 to Number with You can specify additional Layer 2 protocols byEntering the protocol number in either decimal or Hexadecimal format. For the latter, precede Set classifier=6 ipprotocol=igmp This command adds the Layer 3 protocol Igmp to classifier ID Set classifier=5 udpdport=any Show classifier=12 Show ClassifierShow classifier=idnumber Show classifier Guide for background information on access control lists ACL ACL Commands Create ACL ACL Commands Destroy acl=integer This command deletes an ACL from the switchFollowing command deletes ACL IDs 14 Destroy ACL Purge ACL This command deletes all ACLs on the switchPurge acl SET ACL Set acl=6 action=permit portlist=4-7 This command changes the description of ACL IDThis command changes the classifiers of ACL ID Set acl=4 description=ARP flow Show acl=22 Show ACLShow acl=integer Show acl Quality of Service QoS Commands 307 Add qos flowgroup=integer classifierlist=integers ADD QOS FlowgroupAdd qos flowgroup=12 classifierlist=4,7 11,12 This command adds the traffic class 16 to policyADD QOS Policy Add qos policy=integer trafficclasslist=integers Add qos trafficclass=17 flowgrouplist=21 ADD QOS Trafficclass Create qos flowgroup=integer Create QOS Flowgroup New value specified with the Priority RemarkpriorityWith the Priority parameter 313 Create QOS Policy 14-22 Ingress ports. On switches with 24 ports plusUplinks, ports 1-26 form a port block. On switches This command creates a new QoS policy Parts of the policies are Policy 11 Commands Example 2 Video Application Example 3 Critical Database Policy 32 Commands Policy 15 Commands Create qos trafficclass=integer Create QOS Trafficclass Policy level Specified at the traffic class or policy level. aUsed only if no value has been specified at Flow group level. It will override any value set at Increases, the excess traffic will be discarded Continue to the point where all the unusedTraffic. However, no unused tokens will Accumulate in the bucket. If the traffic Priority parameter. This is Packets with the new valueSpecified with the Priority Value specified in with Delete qos flowgroup=22 classifierlist=6 Delete QOS Flowgroup Delete qos policy=1 trafficclasslist=17 Delete QOS Policy Delete qos trafficclass=22 flowgrouplist=5 Delete QOS Trafficclass Destroy qos flowgroup=16-20,23 Destroy QOS FlowgroupDestroy qos flowgroup=integer Destroy qos flowgroup=22 Destroy qos policy=5,23 Destroy QOS PolicyDestroy qos policy=integer Destroy qos policy=41 Destroy qos trafficclass=16-20,23 Destroy QOS TrafficclassDestroy qos trafficclass=integer Destroy qos trafficclass=22 If you specify a new priority in a flow group and a SET QOS FlowgroupTo modify. The range is 0 to If the None option is used, the frame’s current Set qos flowgroup=15 priority=6 Packets with the new value specifiedSet qos flowgroup=25 classifierlist=23,41 Set qos flowgroup=41 markvalue=none TOS field of the packets. The range is 0 to SET QOS Policy ALL option adds it to all ports To another policy with one commandIngressport 14-22. The None option removes the policy Set qos policy=41 trafficclasslist=12,23 This command changes the ingress port for policy 8 to portThis command changes the traffic classes assigned to policy Set qos policy=8 ingressport=8 Set qos port=5-8 type=ingress policy=12 SET QOS PortSet qos port=1,5 type=egress policy=none Set qos trafficclass=integer SET QOS Trafficclass Flow group, traffic class, and policy. a Dscp value Bucket size without also specifying a maximum When they leave the switchTokens are added. The range is 4 to 512 Kbps This parameter should be used with Set qos trafficclass=42 priority=17 With commas e.g., 4,11,13Set qos trafficclass=41 maxbandwidth=80 burstsize=400 Show qos flowgroup=12 Show QOS FlowgroupShow qos flowgroup=idnumber Show qos flowgroup Show qos policy=54 Show QOS PolicyShow qos policy=idnumber Show qos policy Show qos trafficclass=14 Show QOS TrafficclassShow qos trafficclass=idnumber Show qos trafficclass Guide for background information on Quality of Service Class of Service CoS Commands MAP QOS Cosp Map qos cosp=4,5 qid=3 Following command maps priorities 4 and 5, to egress queue SET QOS Cosp Following command maps priorities 5 and 6, to egress queueSet qos cosp=5,6 qid=1 Set qos scheduling=strict Set qos scheduling=strictwrr weights=weightsSet qos scheduling=wrr weights=1,5,10,15 SET QOS Scheduling Show qos config Show QOS ConfigDisplays the QoS priority queues and scheduling Guide for background information on Power over Ethernet PoE Power Over Ethernet Commands Disable poe port=5,7 Disable POE PortDisable poe port=port This command disables PoE on port 5 Enable poe port=2 Enable POE PortEnable poe port=port This commands activates PoE on port SET POE Port Set poe port=14 powerlimit=12500 Following command disables PoE on ports 4Set poe port=4-5 poefunction=disable This command sets the priority on port 6 and 11 to high Set poe threshold=value SET POE ThresholdSet poe threshold=80 Show poe config port=4 Show POE ConfigShow poe config port=port Show poe config Show poe status port=port Show POE Status Show poe status port=4 Show poe status Guide for background information on Igmp Snooping Igmp Snooping Commands Disable igmpsnooping Disable IgmpsnoopingThis command deactivates Igmp snooping Enable igmpsnooping Enable IgmpsnoopingThis command activates Igmp snooping SET IP Igmp Set ip igmp hoststatus=singlehost Set ip igmp snoopingstatus=disabled Show igmpsnooping Show Igmpsnooping Show ip igmp hostlist Show IP IgmpShow ip igmp hostlist routerlist Show ip igmp Show ip igmp routerlist Denial of Service DoS Defense Commands Set dos ipaddress=ipaddress subnet=mask uplinkport=port SET DOSSet dos ipaddress=149.11.11.1 subnet=0.0.0.63 Mirrorport Set dos ipoption port=5,7,10 state=enableSET DOS Ipoption Than one port at a time Set dos land port=5,7 state=enable Set dos land port=port state=enabledisable mirrorport=portSET DOS Land SET DOS Pingofdeath Set dos pingofdeath port=1,5 state=enable Following command activates the defense on ports 1 Set dos smurf port=17 state=enable Set dos smurf port=port state=enabledisablePort Specifies the switch ports on which you want to Following command activates this defense on port SET DOS Synflood Set dos synflood port=port state=enabledisableFollowing command activates the defense on ports 18 to Set dos synflood port=18-20 state=enable SET DOS Teardrop Set dos teardrop port=22 state=enable Following command activates the defense on port Show dos ipaddress subnet Show DOSShow dos ipaddress subnet uplinkport Show dos defense port=port Show dos smurf port=4 STP Commands Activate stp Activate STP Disable stp Disable STPFollowing command disables STP Enable stp Enable STPFollowing command enables STP on the switch Purge stp Purge STP 32768 SET STPFollowing table. You specify the increment that Represents the desired bridge priority value. Seconds Set stp default Set stp hellotime=7 forwarddelay=25Set stp priority=11 SET STP Port Set stp port=7-10 portcost=auto Set stp port=6 portcost=15 portpriority=12 Multicastmode Specifies one of the following SET Switch MulticastmodeSet switch multicastmode=abcd Where the ingress port is a member Set switch multicastmode=a Show stp port=1-4 Show STPShow stp port=port Show stp Rstp Commands Activate rstp Activate Rstp Disable rstp Disable RstpFollowing command disables Rstp Enable rstp Enable RstpFollowing command enables Rstp Purge Rstp Following command resets RstpPurge rstp Increment that represents the desired bridge priority SET RstpRange is divided into sixteen increments, as Shown in the following table. You specify Seconds ForwarddelaySTP compatible mode Parameter settings, but Set rstp forceversion=stpcompatible Set rstp priority=5 hellotime=5 forwarddelay=20 Set rstp default SET Rstp Port Values are equivalent. This is Mbps 20,000 PortpriorityYou specify the increment that corresponds to Port is an edge port. Set rstp port=6-8 edgeport=no Set rstp port=4 portcost=1000000 portpriority=14 Show rstp Show rstp portconfig=portportstate=portShow rstp portconfig=1-4 Show Rstp Show rstp portstate=15 Following command displays Rstp port status for port Mstp Commands 407 Activate mstp Activate Mstp Add mstp mstiid=11 mstivlanassoc=24,44 ADD MstpAdd mstp mstiid=mstiid mstivlanassoc=vids Add mstp mstiid=8 mstivlanassoc=4 Create mstp mstiid=8 mstivlanassoc=4 Create MstpCreate mstp mstiid=mstiid mstivlanassoc=vids At a time. The range is 1 to Delete mstp mstiid=11 mstivlanassoc=24,44 Delete MstpDelete mstp mstiid=mstiid mstivlanassoc=vids Delete mstp mstiid=8 mstivlanassoc=4 Destroy mstp mstiid=4 Destroy Mstp MstiidDestroy mstp mstiid=mstiid This example deletes the spanning tree instance Disable mstp Disable MstpFollowing command disables Mstp Enable mstp Enable MstpFollowing command enables Mstp Purge mstp Purge Mstp SET Mstp Performs the same function as the Reset MstpCommand. The spanning tree protocol must be Disabled to use this parameter Maxhops Specifies the maximum hops counter. Mstp Seconds ForwarddelayThose ports operating in the STP compatible mode Configname Set mstp forceversion=forcestpcompatible Set mstp default Is divided into sixteen increments, as shown Default value is 32,768, which is incrementSET Mstp Cist Set mstp cist priority=priority Set mstp cist priority=11 Set mstp msti mstiid=mstiid priority=priority SET Mstp MstiMsti Priority Value Increments Set mstp msti mstiid=6 priority=2 Set mstp msti mstiid=4 priority=11 Set mstp mstivlanassoc mstiid=11 vlanlist=24,44 SET Mstp MstivlanassocSet mstp mstivlanassoc mstiid=mstiid vlanlist=vids Set mstp mstivlanassoc mstiid=8 vlanlist=4 SET Mstp Port BPDUs indefinitely. Set the migrationcheck Mbps 20,000 EdgeportConnected to any device running STP or Mstp Selections are Yes, on, true Port is an edge port. These Mbps ports, and 20,000 for one gigabit ports Default setting is Auto-detect 0, which sets portCost depending on the speed of the port. Default An internal port cost. The range is 0 to 200,000,000 Set mstp port=6-8 ptp=yes Set mstp port=14,23 extportcost=500Set mstp port=6-8 edgeport=yes Set mstp port=2-5 extportcost=auto Set mstp port=7,10 portpriority=4 stpid=2 Set mstp port=7,10 intportcost=500Set mstp port=2-5 intportcost=auto Show Mstp Msti priority Regional root ID Show mstp cist Show mstp portconfig=5 stpid=2Show mstp Show mstp portstate=4 VLANs and Multiple Vlan Mode Commands Add vlan=name vid=vid port=portsall frame=untaggedtagged ADD Vlan Add vlan=production port=3 frame=tagged Add vlan=Service untaggedports=7-8 taggedports=5Add vlan=sales port=4,7 frame=untagged Add vlan=sales untaggedports=4,7 Create vlan=name vid=vid port=portsall frame=untaggedtagged Create Vlan Frame parameter Port Specifies the ports on the switch that are eitherThis command creates a new port-based or tagged Vlan Example, 1, 5, 14-22. To specify all ports on Create vlan=Production vid=22 port=3,6 frame=tagged Create vlan=Service vid=16 port=1,4,5-7 frame=untaggedCreate vlan=Sales vid=3 port=4-8,12-16 frame=untagged Create vlan=Sales vid=3 untaggedports=4-8,12-16 438 This parameter must be used with the Frame Delete VlanDelete vlan=name vid=vid port=ports frame=untaggedtagged Vlan Specifies the name of the Vlan to be modified Vid Delete vlan=production untaggedports=13 Delete vlan=sales port=4,7 frame=untaggedDelete vlan=sales untaggedports=4,7 Delete vlan=production port=13 frame=tagged Delete vlan=Service untaggedports=6-8 taggedports=2 To 8, the commands would be Destroy vlan vlan=Sales vid=102 Destroy VlanDestroy vlan vlan=nameall vid=vid Destroy vlan vlan=Sales Set switch infiltering=yesnoonofftruefalse SET Switch InfilteringSet switch infiltering=off Set switch managementvlan=nameVID SET Switch ManagementvlanSet switch managementvlan=TechSupport Set switch vlanmode=dotqmultiple uplinkport=4 SET Switch Vlanmode Set switch vlanmode=userconfig Set vlan=name vid=vid type=portbased SET VlanSet vlan=gvrpvlan22 type=portbased Show vlan=sales Show VlanShow vlan=namevid Show vlan Guide for background information on the Gvrp Garp Vlan Registration Protocol Commands Disable garp=gvrp gip Disable GarpDisable garp=gvrp Enable garp=gvrp Enable GarpEnable garp=gvrp gip This commands enables Gvrp on the switch Purge garp=gvrp Purge Garp Set garp=gvrp port=3 mode=normal SET Garp PortSet garp=gvrp port=port mode=normalnone Set garp=gvrp port=1-4 mode=none SET Garp Timer Set garp=gvrp timer default Following command sets the timers to their default values Show Garp Following command displays the above Gvrp informationShow garp=gvrp Show garp=gvrp counter Show Garp Counter Following command displays the above Garp counters Show Garp Database Following command displays the Garp databaseShow garp=gvrp database Show Garp GIP Following command displays the GIP-connected ringShow garp=gvrp gip Port App Reg Following command displays GID state machinesShow Garp Machine Show garp=gvrp machine Protected Ports Vlan Commands ADD Vlan Group Add vlan=InternetGroups untaggedports=11 group=uplink Following command accomplishes the same thing using syntaxAdd vlan=InternetGroups port=5,6 frame=untagged group=4 Add vlan=InternetGroups untaggedports=5,6 group=4 Create vlan=name vid=vid portprotected Create Vlan PortprotectedCreate vlan=InternetGroups vid=12 portprotected VID Vlan Specifies the name or VID of the Vlan to be Delete vlan=InternetGroups untagged=12 Delete vlan=InternetGroups port=12 frame=untagged Destroy vlan=InternetGroups Following command deletes the Vlan called InternetGroupsFollowing command deletes all VLANs Destroy vlan=namevidall Set vlan=Sales port=4 frame=untagged Set vlan=namevid port=ports frame=taggeduntagged Following command displays the Sales Vlan Guide for background information on port security MAC Address Security Commands Snmp trap SET Switch Port IntrusionactionPort Specifies the port where you want to change Set switch port=12,21 intrusionaction=trap SET Switch Port Securitymode Action is set to discard. Options are Trap, and disables the portDisable. This option does not apply when intrusion To the Limited security mode. Intrusion actions are Set switch port=12-24 securitymode=secured Set switch port=8 securitymode=limited learn=5Set switch port=15-16 learn=150 Set switch port=2,6,18 securitymode=locked Show switch port=12,21 intrusion Show Switch Port IntrusionShow switch port=port intrusion Port Specifies the port where you want to view Show switch port=port securitymode Show Switch Port SecuritymodeShow switch port=1-5 securitymode 802.1x Port-based Access Control Commands Disable portaccess Disable PortaccessportauthDisable portaccessportauth Portaccess and Portauth keywords are equivalent Disable radiusaccounting Disable RadiusaccountingFollowing command disables Radius accounting Enable portaccessportauth Enable PortaccessportauthEnable portaccess Enable radiusaccounting Enable Radiusaccounting Control SET Portaccessportauth Port ROLE=AUTHENTICATORPort-based authentication Control on the port Switch by using the clients Authentication messagesAuthentication server. Each Access the network is Is disabled by default. The default value is Switch or the switch isReset or power cycled Client before retransmitting the request. The default Client’s authentication Authenticator port will handle egress broadcastMulticast traffic when in the unauthorized state. You Client has logged on. This is the default Set portaccess port=4-6 role=authenticator This command sets ports 4 to 6 to the Authenticator roleSet portaccess port=12,15 role=none Port Specifies the port that you want to set to SET Portaccessportauth Port ROLE=SUPPLICANTTo adjust. You can specify more than one port at a To 60 seconds. The default is 30 seconds Set portaccess port=4-6 role=supplicant SET Radiusaccounting Set radiusaccounting updateenable=enabled interval=200 Interim accounting updates to the Radius serverRange is 30 to 300 seconds. The default is Set radiusaccounting status=enabled trigger=stoponly Show portaccess status Show PortaccessportauthShow portaccessportauth configstatus Show portaccess config Show portaccess port=12 supplicant config Show Portaccessporauth PortSettings you want to view. You can specify more Show portaccess port=10 authenticator status Show radiusaccounting Show Radiusaccounting Guide for background information on the web server Web Server Commands Disable http server Disable Http ServerFollowing command disables the web server Enable http server Enable Http ServerFollowing command activates the web server Purge http server Purge Http Server Will listen on. The default for non-secure Http Secure Https modeSET Http Server Set http server security=enabled sslkeyid=5 Set http server security=disabled This command enables the web server enable http server Set http server security=enabled sslkeyid=4 503 Set system distinguishedname=cn=149.44.44.44 This command disables the web server disable http serverCreate pki enrollmentrequest=sw24cer keypair=8 Set http server security=enabled sslkeyid=8 Show Http Server Following command displays the status of the web serverShow http server Encryption Key Commands Create Enco KEY Version 2 users SshVersion 1 users Ssh2 Syntax 2 Description Create enco key=12 type=rsa length=512 Create enco key=12 type=rsa file=public12.key format=ssh Destroy enco key=key-id Destroy Enco KEYDestroy enco key=4 SET Enco KEY Set enco key=1 descriptionSwitch 22 keySet enco key=key-iddescription=description Show enco key=1 This command displays information about encryption keyShow Enco Show enco key=key-id Public Key Infrastructure PKI Certificate Commands ADD PKI Certificate 517 Create PKI Certificate 519 520 Type Formats the request according to Pkcs #10 Create PKI EnrollmentrequestEnclosed in double quotes. The management Software automatically adds the .csr extension PKCS10 Create pki enrollmentrequest=Switch12 keypair=4 Be enclosed in double quotes. Wildcards are not Delete pki certificate=Switch 12 certificateDelete PKI Certificate Delete pki certificate=name Purge pki Purge PKI Yes, on, true Specifies that the certificate is from a Entity EE. This is the defaultSET PKI Certificate Spaces, it must be enclosed in quotes Set pki certificate=Switch 12 certificate trusted=true Set pki certstorelimit=value SET PKI CertstorelimitSet pki certstorelimit=100 Set system distinguishedname=name SET System DistinguishednameSet system distinguishedname=cn=169.22.22.22 Show pki Show PKI Show pki certificate Show pki certificate=Switch 12 certificateShow PKI Certificate Show pki certificate=name Secure Sockets Layer SSL Commands Set ssl cachetimeout=180 Set ssl cachetimeout=value maxsessions=valueSET SSL Show ssl Show SSL Secure Shell SSH Commands Disable ssh server Disable SSH ServerFollowing command disables the Secure Shell server Enable SSH Server General Configuration Steps for SSH Operation Enable ssh server hostkey=0 serverkey=1 Enable ssh server hostkey=1 serverkey=2 SET SSH Server Set ssh server expirytime=1 Show ssh Show SSH TACACS+ and Radius Commands Add radiusserver ipaddress=149.245.22.22 order=1 ADD RadiusserverAdd radiusserver ipaddress=149.245.22.22 order=3 TACACS+ and Radius Commands Add tacacsserver ipaddress=149.245.22.26 order=3 ADD TacacsserverBeing the first server queried Add tacacsserver ipaddress=149.245.22.20 order=1 Delete radiusserver serveripaddress=ipaddress Delete RadiusserverDelete radiusserver ipaddress=149.245.22.22 Delete tacacsserver serveripaddress=ipaddress Delete TacacsserverDelete tacacsserver ipaddress=149.245.22.20 Disable authentication Disable Authentication Enable authentication Enable Authentication Purge authentication Purge AuthenticationFollowing command disables authentication on your switch Set authentication method=tacacs SET AuthenticationSet authentication method=tacacs secret=tiger54 Set authentication method=radius secret=leopard09 timeout=15 Show authentication=radius Show AuthenticationShow authentication=tacacsradius Show authentication Guide for background information on the Management ACL Management ACL Commands ADD Mgmtacl Management ACL Commands Delete Mgmtacl Following command deletes an ACE from the Management ACLTcp Transmission control protocol Interface Disable mgmtacl Disable MgmtaclFollowing command disables the Management ACL Enable mgmtacl Enable MgmtaclFollowing command enables the Management ACL SET Mgmtacl 561 SET Mgmtacl State Set mgmtacl state=disableenableEnable Enables the Management ACL Disable Set mgmtacl state=enable Show mgmtacl entries Show MgmtaclShow mgmtacl stateentries Show mgmtacl state Index Configuring timeout value 198 aging timer Create PKI Certificate command Clear Screen command Disable Snmp command Disable Radiusaccounting command 481 Disable Rstp command Modifying 308, 324 Flow group Aging time 182 multicast groups Disabling 480 displaying 493, 494 SET QOS Port command SET Mgmtacl commandSET Mstp command SET Mstp Msti command SET POE Threshold command Show Switch Port Counter command SET Switch Port commandShow PKI Certificate command 530 Show PKI command Show Switch command Modifying 259 Sntp Adding Converting dynamic VLANs Creating System files Deleting Downloading 238

Allied Telesis management software layer 2+ fast ethernet switches manual Two selections are

Models: management software layer 2+ fast ethernet switches

You can use this selection to control how an

Authenticator port will handle egress broadcast and

multicast traffic when in the unauthorized state. You

can instruct the port to forward this traffic to the

client, even though the client has not logged on, or

you can have the port discard the traffic.

The two selections are:

from the client. while forwarding all

the same client.

packets from or to the client until the

client has logged on. This is the default.

client’s authentication,

causing the port to forward

authenticated. This is the

default setting.

forward only those packets

from the client who is