Allied Telesis management software layer 2+ fast ethernet switches

	AT-S62 Command Line User’s Guide
hex	Specifies a hexadecimal format
	used to transfer a key between
	devices other than switches. This is
	the default.
ssh	Specifies a format for Secure Shell
	version 1 users.
ssh2	Specifies a format for Secure Shell
	version 2 users.

Description

This command serves two functions. One is to create encryption keys. The other is to import and export public encryption keys from the AT-S62 file system to the key database.

Caution

Key generation is a CPU-intensive process. Because this process may affect switch behavior, Allied Telesyn recommends creating keys when the switch is not connected to a network or during periods of low network activity.

Syntax 1 Description

Syntax 1 creates encryption key pairs. It creates both the public and private keys of a key pair. A new key pair is automatically stored in the key database and the file system. To view the current keys on a switch, use the SHOW ENCO on page 514.

The KEY parameter specifies the identification number for the key. The number must be unique from all other key pairs already on the switch. The range is 0 to 65,535. This number is used only for identification purposes and not in generating the actual encryption key pair.

The TYPE parameter specifies the type of key to be created. The only option is RSA.

The LENGTH parameter specifies the length of the key in bits. The range is 512 to 1,536 bits, in increments of 256 bits (for example, 512, 768, 1024, etc). Before selecting a key length, note the following:

❑For SSL and web browser encryption, key length can be any valid value within the range.

❑For SSH host and server key pairs, the two key pairs must be created separately and be of different lengths of at least one increment (256 bits) apart. The recommended length for the

509

Image 509

Allied Telesis management software layer 2+ fast ethernet switches manual Version 1 users, Ssh2, Version 2 users

Contents

Command Line User’s Guide Page Table of Contents 101 103 181 232 326 389 462 532 Preface AT-S62 Command Line User’s Guide This document uses the following conventions Contacting Allied Telesyn Starting a Command Line Management Session Starting a Management Session Command Line Interface Features Command Formatting Basic Command Line Commands Following command clears the screen This command clears the screenClear Screen Clear screen Exit Following command displays the Main MenuExit Help Following command displays the CLI keywordsHelp Logoff Following command ends a management sessionLogoff Logout Quit Menu Following command displays the AT-S62 Main MenuMenu Save configuration Save Configuration SET Prompt Set prompt=Sales SwitchSet prompt=prompt Prompt Set switch consolemode=menu SET Switch ConsolemodeSet switch consolemode=menucli Show user Show User Guide for background information on enhanced stacking Enhanced Stacking Commands Access switch number=numbermacaddress=macaddress Access SwitchMacaddress Either of the following formats Access switch macaddress=003084520211 Access switch number=12 Set switch stackmode=masterslaveunavailable SET Switch StackmodePossible settings are Stackmode Set switch stackmode=master Show Remotelist Following command displays the switches sorted by nameShow remotelist sorted by=macaddressname Show remotelist Basic Switch Commands AT-S62 Command Line User’s Guide Disable dhcpbootp Disable Dhcpbootp Disable ip remoteassign Disable IP Remoteassign Following command deactivates the Telnet server Disable TelnetDisable telnet Enable bootp Enable Bootp Enable dhcp Enable Dhcp Enable ip remoteassign Enable IP Remoteassign Following command activates the Telnet server Enable TelnetEnable telnet Format Device AT-8500 Series switch supports only oneFormat drive=flash Drive Basic Switch Commands Ping Ping Purge ip ipaddress netmask route Purge IPPurge ip ipaddress netmask Purge ip ipaddress route This command performs the functions described above Reset SwitchReset switch Reset system name contact location Reset SystemReset system Reset system name Following command resets the switch Restart RebootRestart reboot Restart switch config=nonefilename.cfg Restart SwitchConfig Exist on the switch. The value None returns Restart switch config=none Restart switch config=switch12.cfgFollowing command resets the switch to its default values Set asyn speed=115200 SET Asyn SET IP Interface Following command activates the Dhcp client software Following command sets just the subnet maskSet ip interface=eth0 netmask=255.255.255.252 Set ip interface=eth0 ipaddress=dhcp SET IP Route Following command sets the default gateway toSet ip route ipaddress=ipaddress Set ip route ipaddress=140.35.22.12 Set password manager SET Password ManagerFollowing command changes the manager’s password Follow the prompts to enter the new password Following command changes the operator’s password SET Password OperatorSet password operator Set switch consoletimer=value SET Switch ConsoletimerFollowing command sets the console timer to 25 minutes Set switch consoletimer=25 Set system name=PR Office SET SystemSet system name=name contact=contact location=location Show user manageroperator password=password SET User PasswordPassword Following command changes the operator’s password to newby Show asyn Show Asyn Show config dynamic info Show ConfigShow config Show config info Show dhcpbootp Show Dhcpbootp Show ip interface=eth0 Show IP Interface Show ip route Show IP Route Show switch Show Switch Show system Following command displays the above informationShow System Guide for background information on Sntp Simple Network Time Protocol Sntp Commands Add sntpserver peeripaddress=ipaddress ADD Sntpserver PeeripaddressPeer Ipaddress Parameters are equivalent Delete sntpserver ipaddress=148.35.16.248 Delete Sntpserver PeeripaddressDelete sntpserver peeripaddress=ipaddress Following command disables Sntp on the switch Disable SntpDisable sntp Following command enables the Sntp client software Enable SntpEnable sntp Purge sntp Following command resets SntpPurge Sntp SET Date Time Following command sets just the date to April 2Time in 24-hour format Set date=11-03-2004 time=163452 SET Sntp Set sntp dst=enabled pollinterval=300 utcoffset=-8 Show sntp Following command displays Sntp client software informationShow Sntp Following command shows the system’s date and time This command shows the switch’s current date and timeShow Time Show time Guide for background information on Snmp SNMPv1 and SNMPv2 Community Strings and Trap Commands Community ADD Snmp CommunityMust be enclosed in double quotes if it contains a Point. Otherwise, the quotes are optional Add snmp community=public traphost=149.212.10.11 Create Snmp Community This option applies if you specify the status Can use the community string to access the switchCommunity string as closed. a community string can Have up to eight IP addresses of management Create snmp community=serv12 access=read open=yes Delete Snmp Community Delete snmp community=public traphost=149.212.44.45 Destroy snmp community=wind44 Destroy Snmp CommunityDestroy snmp community=community Following command disables Snmp on the switch Disable SnmpDisable snmp Disable snmp authenticatetrap Disable Snmp AuthenticatetrapDisable snmp authenticatetrapauthenticatetrap Disable snmp community=community Disable Snmp CommunityDisable snmp community=sw1200 String must be enclosed in double quotes if it Following command activates Snmp on the switch Enable SnmpEnable snmp Enable snmp authenticatetrap Enable Snmp AuthenticatetrapEnable snmp authenticatetrapauthenticatetrap Enable snmp community=private Enable Snmp CommunityEnable snmp community=community Set snmp community=sw44 open=no SET Snmp Community Set snmp community=serv12 access=write open=yes This command displays the following Snmp information Otherwise, the quotes are optional. DefaultShow Snmp Show snmp community=community Show snmp community=private Show snmp SNMPv3 Commands Guide for background information on the SNMPv3 protocol ADD SNMPV3 User Switch. This is the default Entry to the configuration file onConfiguration file on the switch This command creates an SNMPv3 User Table entry Writeview Specifies a Write View Name that allows the users Clear SNMPV3 AccessAn optional parameter Parameter NotifyviewAssigned to this security group to send traps Clear snmpv3 community index=index transporttag Clear SNMPV3 CommunityClear snmpv3 community index=1005 transporttag Clear snmpv3 community index=421 transporttag Clear snmpv3 notify=notify tag Clear SNMPV3 NotifyClear snmpv3 notify=hwengtraptag tag Clear snmpv3 notify=hwenginform tag Clear snmpv3 targetaddr=targetaddr taglist Clear SNMPV3 TargetaddrClear snmpv3 targetaddr=snmphost44 taglist Clear snmpv3 targetaddr=snmphost79 taglist Clear snmpv3 view=view subtree=OIDtext mask Clear SNMPV3 ViewClear snmpv3 view=1.3.6.1.2.1.1 mask Clear snmpv3 view=private subtree=1.3.6.1.4 mask Create SNMPV3 Access Notifyview parameter defaults to none Parameter, then the writeview parameter defaults toThis command creates an SNMPv3 Access Table entry Information in the specified View Table. This is an 111 Create SNMPV3 Community 113 SNMPV3 Access on Groupname Specifies a group name configured in the SNMPv3This command creates an SNMPv3 SecurityToGroup Table entry Create SNMPV3 Group 115 This command creates an SNMPv3 Notify Table entry NMS or manager. This is the defaultCreate SNMPV3 Notify Inform Inform messages are sent, with a 117 Create SNMPV3 Targetaddr 119 User Table Create SNMPV3 TargetparamsTargetparams Specifies the name of the SNMPv3 Target This command creates an SNMPv3 Target Parameters Table entry Options are This command creates an SNMPv3 View Table entryCreate SNMPV3 View 123 Delete snmpv3 user=user Delete SNMPV3 UserDelete snmpv3 user=wilson890 Delete snmpv3 user=75murthy75 Destroy SNMPv3 Access 126 Destroy snmpv3 community index=5 Destroy snmpv3 community index=indexDestroy snmpv3 community index=1001 Destroy snmpv3 group username=May securitymodel=v3 Destroy snmpv3 group username=Dave securitymodel=v3 Destroy snmpv3 notify=engineeringinform1 Destroy snmpv3 notify=notifyDestroy snmpv3 notify=systemtestnotifytrap Destroy snmpv3 targetaddr=snmpmanager Destroy snmpv3 targetaddr=targetDestroy snmpv3 targetaddr=snmpv3host77 Targetparams Destroy snmpv3 targetparams=targetparamsDestroy snmpv3 targetparams=targetparameter1 Destroy snmpv3 targetparams=snmpmanager Destroy snmpv3 view=view subtree=OIDtext Destroy SNMPV3 ViewSubtree Specifies the view subtree view. The options are Text Text name of the view Specified by the View Table entry SET SNMPV3 AccessInformation in the specified View Table Specified View This command modifies an SNMPv3 Access Table entry SET SNMPV3 Community This command modifies an SNMPv3 Community Table entry 136 SET SNMPV3 Group This command modifies an SNMPv3 SecurityToGroup Table entry 138 SET SNMPV3 Notify This command modifies an SNMPv3 Notify Table entry 140 Parameter Udpport Retries Specifies the number of times the switch retries toSET SNMPV3 Targetaddr This command modifies an SNMPv3 Target Address Table entry Username Specifies the user name Securitymodel SET SNMPV3 Targetparams This command modifies a Target Parameters Table entry SET SNMPV3 User 146 Name to see the specified subtree This command modifies an SNMPv3 View Table entrySET SNMPV3 View Set snmpv3 view=system subtree=1.3.6.1.2.1 type=excluded Set snmpv3 view=internet1 subtree=internet type=included Show snmpv3 access=access Show SNMPV3 AccessShow snmpv3 access=production Show snmpv3 access Show snmpv3 community index=index Show SNMPV3 CommunityShow snmpv3 community index=246 Show snmpv3 community Show snmpv3 group Show snmpv3 group username=Dave securitymodel=v3 Show snmpv3 notify=notify Show SNMPV3 NotifyShow snmpv3 notify=testengtrap1 Show snmpv3 notify Show snmpv3 targetaddr=targetaddr Show SNMPV3 TargetaddrShow snmpv3 targetaddr=snmpv3host55 Show snmpv3 targetaddr Show snmpv3 targetparams=targetparams Show SNMPV3 TargetparamsShow snmpv3 targetparams=snmpv3manager95 Show snmpv3 targetparams Show snmpv3 user=user Show SNMPV3 UserShow snmpv3 user=Robert Show snmpv3 user Show snmpv3 view=view subtree=OIDtext Show SNMPV3 View Guide for background information on the port parameters Port Parameter Commands Activate switch port=1,4 autonegotiate Activate Switch PortActivate switch port=port autonegotiate Disable interface=port linktrap Disable Interface LinktrapFollowing command disables link traps on port Disable interface=21 Disable switch port=port Disable Switch PortFollowing command disables ports 12 Disable switch port=12,24 Disable switch port=6 flow=pause Disable Switch Port FlowDisable switch port=port flow=pause Enable interface=port linktrap Enable Interface LinktrapFollowing command enables Snmp link traps on port Enable interface=21 Enable switch port=port Enable Switch PortFollowing command enables ports 1 to Disable switch port=1-4 Enable switch port=port flow=pause Enable Switch Port FlowPort Specifies the port where you want to activate flow This command activates flow control on port Reset switch port=port Reset Switch PortFollowing command resets ports 5 to Reset switch port=5-8 Mdimode=mdimdixauto SET Switch Port Mdi Sets the port’s configuration to MDI Mdix Default settingTo the port. This is the default setting Auto-Negotiation Is not using flow control, neither will Is using flow control, the switch portSwitch port Default is 57,344 cells Softreset Duplex modeOnly value is A port’s operating parameters Set switch port=1-6 status=disabled Following command disables ports 1 toSet switch port=8 speed=10mhalf Following command resets port No, off, false, disabled Deactivates multicast SET Switch Port RatelimitYes, on, true, enabled Activates multicast Set switch port=all unkucastratelimiting=enabled Set switch port=all unkucastratelimiting=disabled This command changes the rate limit to 15,000 packetsSet switch port=all rate=15000 Port Specifies the port whose interface information you Show InterfaceShow interface=port Show interface=21 Following command displays the above information on port Show switch port=port Show Switch PortShow switch port Show switch port=14 Guide for background information on the MAC address table MAC Address Table Commands ADD Switch Fdbfilter 179 Delete switch fdb macaddress=macaddress vlan=namevid Delete Switch FDBDelete switch fdb macaddress=00A0D2181A11 vlan=1 Delete switch fdb macaddress=00a0c1112244 vlan=sales Reset switch fdb port=port Reset Switch FDBReset switch fdb port=5 Specify more than one port at a time Set switch agingtimer=120 SET Switch AgingtimerageingtimerSet switch agingtimerageingtimer=value Show switch agingtimer Show Switch AgingtimerageingtimerShow switch agingtimerageingtimer Show switch fdb status=static Show Switch FDBShow switch fdb Show switch fdb address=00A0D2181A11 Show switch fdb status=multicastShow switch fdb port=2 Show switch fdb vlan=sales Port Trunking Commands Add switch trunk=name port=port ADD Switch TrunkFollowing command adds port 5 to a port trunk called load22 Add switch trunk=load22 port=5 Create Switch Trunk Create switch trunk=trunk4 port=15,17,23 Create switch trunk=load22 port=3-6 select=macdest Delete switch trunk=name port=port Delete Switch TrunkDelete switch trunk=Devtrunk port=9 Trunk Specifies the name of the trunk to be modified Port Destroy switch trunk=load22 Destroy Switch TrunkDestroy switch trunk=name Trunk Specifies the name of the port trunk Select SET Switch TrunkSet switch trunk=Load11 select=ipdest Following command displays port trunking information Show Switch TrunkShow switch trunk This chapter contains the following commands Networking Stack Commands Delete IP ARP Following command deletes the ARP entry with the IP addressDelete ip arp ipaddressall Delete ip arp Delete tcp Delete TCPDelete tcp indexnumber Reset ip arp Reset IP ARP Following command sets the timer to 600 seconds Set ip arp timeout=integerSet ip arp timeout=600 SET IP ARP Show IP ARP Following command displays the ARP tableShow ip arp IP addresses and their corresponding MAC addresses IP address of a destination network, subnetwork, or end node Following command displays the IP route table Show tcp Show TCP Internal socket ID number assigned to the connection Number of segments transmitted with the RST bit set 203 Guide for background information and guidelines on Lacp Lacp Commands ADD Lacp Port Add lacp port=8,22 aggregator=agg1 Add lacp port=6 adminkey=0x1a priority=0x10 Create Lacp Aggregator Following command creates an Lacp aggregator named Delete lacp port=9 Delete Lacp PortDelete lacp port=port aggregator=name Following command deletes an aggregator named agg15 Destroy lacp aggregator=nameadminkey=keyDestroy lacp adminkey=0x1a Destroy Lacp Aggregator Following command disables Lacp on the switch Disable LacpDisable lacp Following command enables Lacp Enable LacpEnable lacp Set lacp aggregator=agg5 distribution=macsrc Set lacp aggregator=server11trunk adminkey=0x22SET Lacp Aggregator SET Lacp Port Set lacp port=8-9 adminkey=0x11 Set lacp port=2,5 aggregator=switchtrunkFollowing command changes the priority of port 6 to 0x2B Set lacp port=6 priority=0x2b SET Lacp Priority Following command sets the Lacp priority on the switch toSet lacp priority=priority This is a hexadecimal value from 0x1 to 0xffff. SET Lacp State Set lacp state=enabledisableSet lacp state=enable Show Lacp Port Mirroring Commands Set switch mirror=port SET Switch MirrorSet switch mirror=11 Set switch mirror=0 Set switch port=port mirror=nonerxtxboth SET Switch Port MirrorSet switch port=16-17 mirror=rx Set switch port=5,7,10 mirror=none Following command displays the ports of a port mirror Show Switch MirrorShow switch mirror Guide for background information on statistics Statistics Commands Reset switch port=port counter Reset Switch Port CounterThis command returns a port’s statistics counters to zero Reset switch port=14-15 counter Show switch counter Show Switch Counter Show switch port=port counter Show Switch Port CounterShow switch port=14 counter Show switch port counter Guide for background information on the switch’s file system File System Commands Copy Copy admin.cfg admin2.cfgCopy switch 12.cfg backup.cfg Create config=filename.cfg Create ConfigCreate config=Switch12.cfg Filename contains spaces, it must be enclosed Delete File Delete file=Switch 12.cfgDelete file=filename Delete file=SW55a.csr If the name contains spaces, enclose it Rename Switch12.cfg Sw 44a.cfgRename Spaces, it must be enclosed in double quotes SET ConfigSet config=filename.cfg Set config=switch22.cfg Show file=filename Show FileShow file= Show file=*.cfg File Download and Upload Commands System that you want to download into the application Load METHOD=LOCALBlock. If the filename contains a space, enclose Name in double quotes. These parameters are Load method=local destfile=appblock srcfile=ats62v1 3 0.img Load METHOD=TFTP Public key certificate AT-S62 configuration filePublic key certificate enrollment Request 240 241 Load METHOD=XMODEM As the new active image file on the switchLoad method=xmodem destfile=appblockfilename Method Specifies an Xmodem download Destfile 243 Load method=xmodem destfile=appblock Load method=xmodem destfile=switch12.cfgLoad method=xmodem destfile=sw12ssl.cer Load method=xmodem destfile=ats62v130.img Active AT-S62 image file is stored Upload METHOD=LOCAL Upload method=local destfile=sw12 s62 image.img src=appblock Upload METHOD=REMOTESWITCH 249 250 Upload method=remoteswitch srcfile=appblock switchlist=2 252 Upload METHOD=TFTP 254 255 Upload METHOD=XMODEM Switch’s file systemSpecifies the name of a file Appblock Upload method=xmodem srcfile=sw12sslenroll.csr Upload method=xmodem srcfile=sw22 boot.cfgUpload method=xmodem srcfile=switchcfg Event Log and Syslog Server Commands ADD LOG Output Add log output=3 module=estack severity=e Add log output=5 module=all severity=all Add log output=4 module=stp,vlan severity=e,w Create LOG Output 263 Authentication modules Security Security modules AuthorizationMessages Clock daemon Time- based modules Time system time and Sntp LOCAL1 LOCAL2 LOCAL3 LOCAL4 LOCAL5 LOCAL6 LOCAL7 Syslogformat parameter defines the content of the events Destroy LOG Output Following command deletes syslog server definition numberDestroy log output=idnumber Destroy log output=3 Following command disables the event log on the switch Disable LOGDisable log Disable log output=idnumber Disable LOG OutputDisable log output=7 Disable log output Enable log Enable LOG Enable log output=idnumber Enable LOG OutputEnable log output=4 Enable log output Purge log=temporary Purge LOG Save LOG Save log=temporary filename=switch 2.log Set log fullaction temporary=halt SET LOG FullactionSet log fullaction temporary=haltwrap SET LOG Output According to its impact on the switch’s operation Example, MAC,PACCESS. For a listAddress for each event. This is Normal Sends only the severity, module, Description Module Set log output=11 module=stp,igmpsnooping severity=e,w Set log output=3 server=198.45.12.1 Modules Reverse Specifies the order in which the events are Show LOGNewest to oldest. Without it, the events are Displayed oldest to newest Switch configuration Port access control listCommand line interface commands Denial of service defense 802.1x port-based access control Management access control listPort configuration Power over Ethernet AT-8524POE switch only Event Log Example Selects all severity levels Show log=temporary Following command displays all the entries in the event logShow log=temporary full Show log=temporary module=file,qos Show LOG Output On the switch are displayedShow log output=idnumber full Server definition. If an output ID number is not Show log output Following command displays information about the event logShow log output=1 full Show log output=5 full Show log status Following command displays event log status informationShow LOG Status Guide for background information on classifiers Classifier Commands Create Classifier VID number A specific node or a subnet. To filter using the IPProtocol Specifies a Layer 2 protocol. Options are ARP You can specify other Layer 2 protocols by entering Ipsaddr Create classifier=4 description=IP flow protocol=ip This command creates a classifier for all IP traffic Destroy classifier=2,4 Destroy ClassifierDestroy classifier=idnumber Purge classifier This command deletes all classifiers on the switchPurge Classifier Number can be from 1 to SET ClassifierClassifier Specifies the ID number of the classifier to be Entering the protocol number in either decimal or You can specify additional Layer 2 protocols byHexadecimal format. For the latter, precede Number with Set classifier=6 ipprotocol=igmp This command adds the Layer 3 protocol Igmp to classifier ID Set classifier=5 udpdport=any Show classifier=idnumber Show ClassifierShow classifier Show classifier=12 Guide for background information on access control lists ACL ACL Commands Create ACL ACL Commands Following command deletes ACL IDs 14 This command deletes an ACL from the switchDestroy ACL Destroy acl=integer Purge acl This command deletes all ACLs on the switchPurge ACL SET ACL This command changes the classifiers of ACL ID This command changes the description of ACL IDSet acl=4 description=ARP flow Set acl=6 action=permit portlist=4-7 Show acl=integer Show ACLShow acl Show acl=22 Quality of Service QoS Commands 307 Add qos flowgroup=12 classifierlist=4,7 ADD QOS FlowgroupAdd qos flowgroup=integer classifierlist=integers ADD QOS Policy This command adds the traffic class 16 to policyAdd qos policy=integer trafficclasslist=integers 11,12 Add qos trafficclass=17 flowgrouplist=21 ADD QOS Trafficclass Create qos flowgroup=integer Create QOS Flowgroup With the Priority parameter RemarkpriorityNew value specified with the Priority 313 Create QOS Policy Uplinks, ports 1-26 form a port block. On switches Ingress ports. On switches with 24 ports plusThis command creates a new QoS policy 14-22 Parts of the policies are Policy 11 Commands Example 2 Video Application Example 3 Critical Database Policy 32 Commands Policy 15 Commands Create qos trafficclass=integer Create QOS Trafficclass Used only if no value has been specified at Specified at the traffic class or policy level. aFlow group level. It will override any value set at Policy level Traffic. However, no unused tokens will Continue to the point where all the unusedAccumulate in the bucket. If the traffic Increases, the excess traffic will be discarded Specified with the Priority Packets with the new valueValue specified in with Priority parameter. This is Delete qos flowgroup=22 classifierlist=6 Delete QOS Flowgroup Delete qos policy=1 trafficclasslist=17 Delete QOS Policy Delete qos trafficclass=22 flowgrouplist=5 Delete QOS Trafficclass Destroy qos flowgroup=integer Destroy QOS FlowgroupDestroy qos flowgroup=22 Destroy qos flowgroup=16-20,23 Destroy qos policy=integer Destroy QOS PolicyDestroy qos policy=41 Destroy qos policy=5,23 Destroy qos trafficclass=integer Destroy QOS TrafficclassDestroy qos trafficclass=22 Destroy qos trafficclass=16-20,23 To modify. The range is 0 to SET QOS FlowgroupIf the None option is used, the frame’s current If you specify a new priority in a flow group and a Set qos flowgroup=25 classifierlist=23,41 Packets with the new value specifiedSet qos flowgroup=15 priority=6 Set qos flowgroup=41 markvalue=none TOS field of the packets. The range is 0 to SET QOS Policy Ingressport To another policy with one command14-22. The None option removes the policy ALL option adds it to all ports This command changes the traffic classes assigned to policy This command changes the ingress port for policy 8 to portSet qos policy=8 ingressport=8 Set qos policy=41 trafficclasslist=12,23 Set qos port=1,5 type=egress policy=none SET QOS PortSet qos port=5-8 type=ingress policy=12 Set qos trafficclass=integer SET QOS Trafficclass Flow group, traffic class, and policy. a Dscp value Tokens are added. The range is 4 to 512 Kbps When they leave the switchThis parameter should be used with Bucket size without also specifying a maximum Set qos trafficclass=41 maxbandwidth=80 burstsize=400 With commas e.g., 4,11,13Set qos trafficclass=42 priority=17 Show qos flowgroup=idnumber Show QOS FlowgroupShow qos flowgroup Show qos flowgroup=12 Show qos policy=idnumber Show QOS PolicyShow qos policy Show qos policy=54 Show qos trafficclass=idnumber Show QOS TrafficclassShow qos trafficclass Show qos trafficclass=14 Guide for background information on Quality of Service Class of Service CoS Commands MAP QOS Cosp Map qos cosp=4,5 qid=3 Following command maps priorities 4 and 5, to egress queue Set qos cosp=5,6 qid=1 Following command maps priorities 5 and 6, to egress queueSET QOS Cosp Set qos scheduling=wrr weights=1,5,10,15 Set qos scheduling=strictwrr weights=weightsSET QOS Scheduling Set qos scheduling=strict Displays the QoS priority queues and scheduling Show QOS ConfigShow qos config Guide for background information on Power over Ethernet PoE Power Over Ethernet Commands Disable poe port=port Disable POE PortThis command disables PoE on port 5 Disable poe port=5,7 Enable poe port=port Enable POE PortThis commands activates PoE on port Enable poe port=2 SET POE Port Set poe port=4-5 poefunction=disable Following command disables PoE on ports 4This command sets the priority on port 6 and 11 to high Set poe port=14 powerlimit=12500 Set poe threshold=80 SET POE ThresholdSet poe threshold=value Show poe config port=port Show POE ConfigShow poe config Show poe config port=4 Show poe status port=port Show POE Status Show poe status port=4 Show poe status Guide for background information on Igmp Snooping Igmp Snooping Commands This command deactivates Igmp snooping Disable IgmpsnoopingDisable igmpsnooping This command activates Igmp snooping Enable IgmpsnoopingEnable igmpsnooping SET IP Igmp Set ip igmp hoststatus=singlehost Set ip igmp snoopingstatus=disabled Show igmpsnooping Show Igmpsnooping Show ip igmp hostlist routerlist Show IP IgmpShow ip igmp Show ip igmp hostlist Show ip igmp routerlist Denial of Service DoS Defense Commands Set dos ipaddress=149.11.11.1 subnet=0.0.0.63 SET DOSSet dos ipaddress=ipaddress subnet=mask uplinkport=port SET DOS Ipoption Set dos ipoption port=5,7,10 state=enableThan one port at a time Mirrorport SET DOS Land Set dos land port=port state=enabledisable mirrorport=portSet dos land port=5,7 state=enable SET DOS Pingofdeath Set dos pingofdeath port=1,5 state=enable Following command activates the defense on ports 1 Port Specifies the switch ports on which you want to Set dos smurf port=port state=enabledisableFollowing command activates this defense on port Set dos smurf port=17 state=enable Following command activates the defense on ports 18 to Set dos synflood port=port state=enabledisableSet dos synflood port=18-20 state=enable SET DOS Synflood SET DOS Teardrop Set dos teardrop port=22 state=enable Following command activates the defense on port Show dos ipaddress subnet uplinkport Show DOSShow dos defense port=port Show dos ipaddress subnet Show dos smurf port=4 STP Commands Activate stp Activate STP Following command disables STP Disable STPDisable stp Following command enables STP on the switch Enable STPEnable stp Purge stp Purge STP Following table. You specify the increment that SET STPRepresents the desired bridge priority value. 32768 Seconds Set stp priority=11 Set stp hellotime=7 forwarddelay=25Set stp default SET STP Port Set stp port=7-10 portcost=auto Set stp port=6 portcost=15 portpriority=12 Set switch multicastmode=abcd SET Switch MulticastmodeWhere the ingress port is a member Multicastmode Specifies one of the following Set switch multicastmode=a Show stp port=port Show STPShow stp Show stp port=1-4 Rstp Commands Activate rstp Activate Rstp Following command disables Rstp Disable RstpDisable rstp Following command enables Rstp Enable RstpEnable rstp Purge rstp Following command resets RstpPurge Rstp Range is divided into sixteen increments, as SET RstpShown in the following table. You specify Increment that represents the desired bridge priority STP compatible mode ForwarddelayParameter settings, but Seconds Set rstp forceversion=stpcompatible Set rstp priority=5 hellotime=5 forwarddelay=20 Set rstp default SET Rstp Port You specify the increment that corresponds to Mbps 20,000 PortpriorityPort is an edge port. Values are equivalent. This is Set rstp port=6-8 edgeport=no Set rstp port=4 portcost=1000000 portpriority=14 Show rstp portconfig=1-4 Show rstp portconfig=portportstate=portShow Rstp Show rstp Show rstp portstate=15 Following command displays Rstp port status for port Mstp Commands 407 Activate mstp Activate Mstp Add mstp mstiid=mstiid mstivlanassoc=vids ADD MstpAdd mstp mstiid=8 mstivlanassoc=4 Add mstp mstiid=11 mstivlanassoc=24,44 Create mstp mstiid=mstiid mstivlanassoc=vids Create MstpAt a time. The range is 1 to Create mstp mstiid=8 mstivlanassoc=4 Delete mstp mstiid=mstiid mstivlanassoc=vids Delete MstpDelete mstp mstiid=8 mstivlanassoc=4 Delete mstp mstiid=11 mstivlanassoc=24,44 Destroy mstp mstiid=mstiid Destroy Mstp MstiidThis example deletes the spanning tree instance Destroy mstp mstiid=4 Following command disables Mstp Disable MstpDisable mstp Following command enables Mstp Enable MstpEnable mstp Purge mstp Purge Mstp Command. The spanning tree protocol must be Performs the same function as the Reset MstpDisabled to use this parameter SET Mstp Those ports operating in the STP compatible mode Seconds ForwarddelayConfigname Maxhops Specifies the maximum hops counter. Mstp Set mstp forceversion=forcestpcompatible Set mstp default SET Mstp Cist Default value is 32,768, which is incrementSet mstp cist priority=priority Is divided into sixteen increments, as shown Set mstp cist priority=11 Msti Priority Value Increments SET Mstp MstiSet mstp msti mstiid=mstiid priority=priority Set mstp msti mstiid=6 priority=2 Set mstp msti mstiid=4 priority=11 Set mstp mstivlanassoc mstiid=mstiid vlanlist=vids SET Mstp MstivlanassocSet mstp mstivlanassoc mstiid=8 vlanlist=4 Set mstp mstivlanassoc mstiid=11 vlanlist=24,44 SET Mstp Port Connected to any device running STP or Mstp Mbps 20,000 EdgeportSelections are Yes, on, true Port is an edge port. These BPDUs indefinitely. Set the migrationcheck Cost depending on the speed of the port. Default Default setting is Auto-detect 0, which sets portAn internal port cost. The range is 0 to 200,000,000 Mbps ports, and 20,000 for one gigabit ports Set mstp port=6-8 edgeport=yes Set mstp port=14,23 extportcost=500Set mstp port=2-5 extportcost=auto Set mstp port=6-8 ptp=yes Set mstp port=2-5 intportcost=auto Set mstp port=7,10 intportcost=500Set mstp port=7,10 portpriority=4 stpid=2 Show Mstp Msti priority Regional root ID Show mstp Show mstp portconfig=5 stpid=2Show mstp portstate=4 Show mstp cist VLANs and Multiple Vlan Mode Commands Add vlan=name vid=vid port=portsall frame=untaggedtagged ADD Vlan Add vlan=sales port=4,7 frame=untagged Add vlan=Service untaggedports=7-8 taggedports=5Add vlan=sales untaggedports=4,7 Add vlan=production port=3 frame=tagged Create vlan=name vid=vid port=portsall frame=untaggedtagged Create Vlan This command creates a new port-based or tagged Vlan Port Specifies the ports on the switch that are eitherExample, 1, 5, 14-22. To specify all ports on Frame parameter Create vlan=Sales vid=3 port=4-8,12-16 frame=untagged Create vlan=Service vid=16 port=1,4,5-7 frame=untaggedCreate vlan=Sales vid=3 untaggedports=4-8,12-16 Create vlan=Production vid=22 port=3,6 frame=tagged 438 Delete vlan=name vid=vid port=ports frame=untaggedtagged Delete VlanVlan Specifies the name of the Vlan to be modified Vid This parameter must be used with the Frame Delete vlan=sales untaggedports=4,7 Delete vlan=sales port=4,7 frame=untaggedDelete vlan=production port=13 frame=tagged Delete vlan=production untaggedports=13 Delete vlan=Service untaggedports=6-8 taggedports=2 To 8, the commands would be Destroy vlan vlan=nameall vid=vid Destroy VlanDestroy vlan vlan=Sales Destroy vlan vlan=Sales vid=102 Set switch infiltering=off SET Switch InfilteringSet switch infiltering=yesnoonofftruefalse Set switch managementvlan=TechSupport SET Switch ManagementvlanSet switch managementvlan=nameVID Set switch vlanmode=dotqmultiple uplinkport=4 SET Switch Vlanmode Set switch vlanmode=userconfig Set vlan=gvrpvlan22 type=portbased SET VlanSet vlan=name vid=vid type=portbased Show vlan=namevid Show VlanShow vlan Show vlan=sales Guide for background information on the Gvrp Garp Vlan Registration Protocol Commands Disable garp=gvrp Disable GarpDisable garp=gvrp gip Enable garp=gvrp gip Enable GarpThis commands enables Gvrp on the switch Enable garp=gvrp Purge garp=gvrp Purge Garp Set garp=gvrp port=port mode=normalnone SET Garp PortSet garp=gvrp port=1-4 mode=none Set garp=gvrp port=3 mode=normal SET Garp Timer Set garp=gvrp timer default Following command sets the timers to their default values Show garp=gvrp Following command displays the above Gvrp informationShow Garp Show garp=gvrp counter Show Garp Counter Following command displays the above Garp counters Show garp=gvrp database Following command displays the Garp databaseShow Garp Database Show garp=gvrp gip Following command displays the GIP-connected ringShow Garp GIP Show Garp Machine Following command displays GID state machinesShow garp=gvrp machine Port App Reg Protected Ports Vlan Commands ADD Vlan Group Add vlan=InternetGroups port=5,6 frame=untagged group=4 Following command accomplishes the same thing using syntaxAdd vlan=InternetGroups untaggedports=11 group=uplink Add vlan=InternetGroups untaggedports=5,6 group=4 Create vlan=InternetGroups vid=12 portprotected Create Vlan PortprotectedCreate vlan=name vid=vid portprotected VID Vlan Specifies the name or VID of the Vlan to be Delete vlan=InternetGroups untagged=12 Delete vlan=InternetGroups port=12 frame=untagged Following command deletes all VLANs Following command deletes the Vlan called InternetGroupsDestroy vlan=namevidall Destroy vlan=InternetGroups Set vlan=Sales port=4 frame=untagged Set vlan=namevid port=ports frame=taggeduntagged Following command displays the Sales Vlan Guide for background information on port security MAC Address Security Commands Port Specifies the port where you want to change SET Switch Port IntrusionactionSet switch port=12,21 intrusionaction=trap Snmp trap SET Switch Port Securitymode Disable. This option does not apply when intrusion Trap, and disables the portTo the Limited security mode. Intrusion actions are Action is set to discard. Options are Set switch port=15-16 learn=150 Set switch port=8 securitymode=limited learn=5Set switch port=2,6,18 securitymode=locked Set switch port=12-24 securitymode=secured Show switch port=port intrusion Show Switch Port IntrusionPort Specifies the port where you want to view Show switch port=12,21 intrusion Show switch port=1-5 securitymode Show Switch Port SecuritymodeShow switch port=port securitymode 802.1x Port-based Access Control Commands Disable portaccessportauth Disable PortaccessportauthPortaccess and Portauth keywords are equivalent Disable portaccess Following command disables Radius accounting Disable RadiusaccountingDisable radiusaccounting Enable portaccess Enable PortaccessportauthEnable portaccessportauth Enable radiusaccounting Enable Radiusaccounting Port-based authentication SET Portaccessportauth Port ROLE=AUTHENTICATORControl on the port Control Authentication server. Each Authentication messagesAccess the network is Switch by using the clients Reset or power cycled Switch or the switch isClient before retransmitting the request. The default Is disabled by default. The default value is Multicast traffic when in the unauthorized state. You Authenticator port will handle egress broadcastClient has logged on. This is the default Client’s authentication Set portaccess port=12,15 role=none This command sets ports 4 to 6 to the Authenticator roleSet portaccess port=4-6 role=authenticator To adjust. You can specify more than one port at a SET Portaccessportauth Port ROLE=SUPPLICANTTo 60 seconds. The default is 30 seconds Port Specifies the port that you want to set to Set portaccess port=4-6 role=supplicant SET Radiusaccounting Range is 30 to 300 seconds. The default is Interim accounting updates to the Radius serverSet radiusaccounting status=enabled trigger=stoponly Set radiusaccounting updateenable=enabled interval=200 Show portaccessportauth configstatus Show PortaccessportauthShow portaccess config Show portaccess status Settings you want to view. You can specify more Show Portaccessporauth PortShow portaccess port=10 authenticator status Show portaccess port=12 supplicant config Show radiusaccounting Show Radiusaccounting Guide for background information on the web server Web Server Commands Following command disables the web server Disable Http ServerDisable http server Following command activates the web server Enable Http ServerEnable http server Purge http server Purge Http Server SET Http Server Secure Https modeWill listen on. The default for non-secure Http Set http server security=enabled sslkeyid=5 Set http server security=disabled This command enables the web server enable http server Set http server security=enabled sslkeyid=4 503 Create pki enrollmentrequest=sw24cer keypair=8 This command disables the web server disable http serverSet system distinguishedname=cn=149.44.44.44 Set http server security=enabled sslkeyid=8 Show http server Following command displays the status of the web serverShow Http Server Encryption Key Commands Create Enco KEY Version 1 users SshSsh2 Version 2 users Syntax 2 Description Create enco key=12 type=rsa length=512 Create enco key=12 type=rsa file=public12.key format=ssh Destroy enco key=4 Destroy Enco KEYDestroy enco key=key-id Set enco key=key-iddescription=description Set enco key=1 descriptionSwitch 22 keySET Enco KEY Show Enco This command displays information about encryption keyShow enco key=key-id Show enco key=1 Public Key Infrastructure PKI Certificate Commands ADD PKI Certificate 517 Create PKI Certificate 519 520 Enclosed in double quotes. The management Create PKI EnrollmentrequestSoftware automatically adds the .csr extension Type Formats the request according to Pkcs #10 PKCS10 Create pki enrollmentrequest=Switch12 keypair=4 Delete PKI Certificate Delete pki certificate=Switch 12 certificateDelete pki certificate=name Be enclosed in double quotes. Wildcards are not Purge pki Purge PKI SET PKI Certificate Entity EE. This is the defaultSpaces, it must be enclosed in quotes Yes, on, true Specifies that the certificate is from a Set pki certificate=Switch 12 certificate trusted=true Set pki certstorelimit=100 SET PKI CertstorelimitSet pki certstorelimit=value Set system distinguishedname=cn=169.22.22.22 SET System DistinguishednameSet system distinguishedname=name Show pki Show PKI Show PKI Certificate Show pki certificate=Switch 12 certificateShow pki certificate=name Show pki certificate Secure Sockets Layer SSL Commands SET SSL Set ssl cachetimeout=value maxsessions=valueSet ssl cachetimeout=180 Show ssl Show SSL Secure Shell SSH Commands Following command disables the Secure Shell server Disable SSH ServerDisable ssh server Enable SSH Server General Configuration Steps for SSH Operation Enable ssh server hostkey=0 serverkey=1 Enable ssh server hostkey=1 serverkey=2 SET SSH Server Set ssh server expirytime=1 Show ssh Show SSH TACACS+ and Radius Commands Add radiusserver ipaddress=149.245.22.22 order=3 ADD RadiusserverAdd radiusserver ipaddress=149.245.22.22 order=1 TACACS+ and Radius Commands Being the first server queried ADD TacacsserverAdd tacacsserver ipaddress=149.245.22.20 order=1 Add tacacsserver ipaddress=149.245.22.26 order=3 Delete radiusserver ipaddress=149.245.22.22 Delete RadiusserverDelete radiusserver serveripaddress=ipaddress Delete tacacsserver ipaddress=149.245.22.20 Delete TacacsserverDelete tacacsserver serveripaddress=ipaddress Disable authentication Disable Authentication Enable authentication Enable Authentication Following command disables authentication on your switch Purge AuthenticationPurge authentication Set authentication method=tacacs secret=tiger54 SET AuthenticationSet authentication method=tacacs Set authentication method=radius secret=leopard09 timeout=15 Show authentication=tacacsradius Show AuthenticationShow authentication Show authentication=radius Guide for background information on the Management ACL Management ACL Commands ADD Mgmtacl Management ACL Commands Tcp Transmission control protocol Interface Following command deletes an ACE from the Management ACLDelete Mgmtacl Following command disables the Management ACL Disable MgmtaclDisable mgmtacl Following command enables the Management ACL Enable MgmtaclEnable mgmtacl SET Mgmtacl 561 Enable Enables the Management ACL Disable Set mgmtacl state=disableenableSet mgmtacl state=enable SET Mgmtacl State Show mgmtacl stateentries Show MgmtaclShow mgmtacl state Show mgmtacl entries Index Configuring timeout value 198 aging timer Create PKI Certificate command Clear Screen command Disable Snmp command Disable Radiusaccounting command 481 Disable Rstp command Modifying 308, 324 Flow group Aging time 182 multicast groups Disabling 480 displaying 493, 494 SET Mstp command SET Mstp Msti command SET Mgmtacl commandSET POE Threshold command SET QOS Port command Show PKI Certificate command 530 Show PKI command SET Switch Port commandShow Switch command Show Switch Port Counter command Modifying 259 Sntp Adding Converting dynamic VLANs Creating System files Deleting Downloading 238