Allied Telesis management software layer 2+ fast ethernet switches

Chapter 39: Management ACL Commands

If you are filtering on a specific IP address, use the mask 255.255.255.255. For a subnet, the mask will depend on the subnet. For example, to allow all management workstations in the subnet 149.11.11.0 to manage the switch, you would enter the mask 255.255.255.0.

The PROTOCOL parameter has only the one setting TCP. This is because Telnet and web browser management packets for an AT-8500 Series switch are exclusively TCP.

The INTERFACE parameter allows you control whether the remote management station can manage the switch using Telnet, a web browser, or both. For example, you might create an ACE that states that a particular remote management station can only use a web browser to manage the switch.

Note

You must specify all the parameters to add an entry.

Example

The following command allows the management workstation with the IP address 169.254.134.247 to manage the switch from either a Telnet or web browser management session:

add mgmtacl ipaddress=169.254.134.247 mask=255.255.255.255 protocol=tcp interface=all

The following command allows the management workstation with the IP address 169.254.134.12 to manage the switch using only a web browser:

add mgmtacl ipaddress=169.254.134.12 mask=255.255.255.255 protocol=tcp interface=web

The following command allows all management workstations in the subnet 169.24.144.32 to manage the switch using a Telnet protocol application:

add mgmtacl ipaddress=169.24.144.32 mask=255.255.255.224 protocol=tcp interface=telnet

556

Page 556

Image 556

Allied Telesis management software layer 2+ fast ethernet switches manual Management ACL Commands

Contents

Command Line User’s Guide Page Table of Contents 101 103 181 232 326 389 462 532 Preface AT-S62 Command Line User’s Guide This document uses the following conventions Contacting Allied Telesyn Starting a Command Line Management Session Starting a Management Session Command Line Interface Features Command Formatting Basic Command Line Commands This command clears the screen Following command clears the screenClear Screen Clear screen Exit Following command displays the Main MenuExit Help Following command displays the CLI keywordsHelp Logoff Logout Quit Following command ends a management sessionLogoff Menu Following command displays the AT-S62 Main MenuMenu Save Configuration Save configuration Set prompt=Sales Switch SET PromptSet prompt=prompt Prompt Set switch consolemode=menucli SET Switch ConsolemodeSet switch consolemode=menu Show User Show user Enhanced Stacking Commands Guide for background information on enhanced stacking Access Switch Access switch number=numbermacaddress=macaddressMacaddress Either of the following formats Access switch number=12 Access switch macaddress=003084520211 SET Switch Stackmode Set switch stackmode=masterslaveunavailablePossible settings are Stackmode Set switch stackmode=master Following command displays the switches sorted by name Show RemotelistShow remotelist sorted by=macaddressname Show remotelist Basic Switch Commands AT-S62 Command Line User’s Guide Disable Dhcpbootp Disable dhcpbootp Disable IP Remoteassign Disable ip remoteassign Disable telnet Disable TelnetFollowing command deactivates the Telnet server Enable Bootp Enable bootp Enable Dhcp Enable dhcp Enable IP Remoteassign Enable ip remoteassign Enable telnet Enable TelnetFollowing command activates the Telnet server AT-8500 Series switch supports only one Format DeviceFormat drive=flash Drive Basic Switch Commands Ping Ping Purge IP Purge ip ipaddress netmask routePurge ip ipaddress netmask Purge ip ipaddress route Reset switch Reset SwitchThis command performs the functions described above Reset System Reset system name contact locationReset system Reset system name Restart reboot Restart RebootFollowing command resets the switch Restart Switch Restart switch config=nonefilename.cfgConfig Exist on the switch. The value None returns Following command resets the switch to its default values Restart switch config=switch12.cfgRestart switch config=none SET Asyn Set asyn speed=115200 SET IP Interface Following command sets just the subnet mask Following command activates the Dhcp client softwareSet ip interface=eth0 netmask=255.255.255.252 Set ip interface=eth0 ipaddress=dhcp Following command sets the default gateway to SET IP RouteSet ip route ipaddress=ipaddress Set ip route ipaddress=140.35.22.12 SET Password Manager Set password managerFollowing command changes the manager’s password Follow the prompts to enter the new password Set password operator SET Password OperatorFollowing command changes the operator’s password SET Switch Consoletimer Set switch consoletimer=valueFollowing command sets the console timer to 25 minutes Set switch consoletimer=25 Set system name=name contact=contact location=location SET SystemSet system name=PR Office SET User Password Show user manageroperator password=passwordPassword Following command changes the operator’s password to newby Show Asyn Show asyn Show Config Show config dynamic infoShow config Show config info Show Dhcpbootp Show dhcpbootp Show IP Interface Show ip interface=eth0 Show IP Route Show ip route Show Switch Show switch Show System Following command displays the above informationShow system Simple Network Time Protocol Sntp Commands Guide for background information on Sntp ADD Sntpserver Peeripaddress Add sntpserver peeripaddress=ipaddressPeer Ipaddress Parameters are equivalent Delete sntpserver peeripaddress=ipaddress Delete Sntpserver PeeripaddressDelete sntpserver ipaddress=148.35.16.248 Disable sntp Disable SntpFollowing command disables Sntp on the switch Enable sntp Enable SntpFollowing command enables the Sntp client software Purge Sntp Following command resets SntpPurge sntp Following command sets just the date to April 2 SET Date TimeTime in 24-hour format Set date=11-03-2004 time=163452 Set sntp dst=enabled pollinterval=300 utcoffset=-8 SET Sntp Show Sntp Following command displays Sntp client software informationShow sntp This command shows the switch’s current date and time Following command shows the system’s date and timeShow Time Show time SNMPv1 and SNMPv2 Community Strings and Trap Commands Guide for background information on Snmp ADD Snmp Community CommunityMust be enclosed in double quotes if it contains a Point. Otherwise, the quotes are optional Add snmp community=public traphost=149.212.10.11 Create Snmp Community Can use the community string to access the switch This option applies if you specify the statusCommunity string as closed. a community string can Have up to eight IP addresses of management Create snmp community=serv12 access=read open=yes Delete Snmp Community Delete snmp community=public traphost=149.212.44.45 Destroy snmp community=community Destroy Snmp CommunityDestroy snmp community=wind44 Disable snmp Disable SnmpFollowing command disables Snmp on the switch Disable snmp authenticatetrapauthenticatetrap Disable Snmp AuthenticatetrapDisable snmp authenticatetrap Disable Snmp Community Disable snmp community=communityDisable snmp community=sw1200 String must be enclosed in double quotes if it Enable snmp Enable SnmpFollowing command activates Snmp on the switch Enable snmp authenticatetrapauthenticatetrap Enable Snmp AuthenticatetrapEnable snmp authenticatetrap Enable snmp community=community Enable Snmp CommunityEnable snmp community=private SET Snmp Community Set snmp community=sw44 open=no Set snmp community=serv12 access=write open=yes Otherwise, the quotes are optional. Default This command displays the following Snmp informationShow Snmp Show snmp community=community Show snmp Show snmp community=private SNMPv3 Commands Guide for background information on the SNMPv3 protocol ADD SNMPV3 User Entry to the configuration file on Switch. This is the defaultConfiguration file on the switch This command creates an SNMPv3 User Table entry An optional parameter Clear SNMPV3 AccessWriteview Specifies a Write View Name that allows the users Assigned to this security group to send traps NotifyviewParameter Clear SNMPV3 Community Clear snmpv3 community index=index transporttagClear snmpv3 community index=1005 transporttag Clear snmpv3 community index=421 transporttag Clear SNMPV3 Notify Clear snmpv3 notify=notify tagClear snmpv3 notify=hwengtraptag tag Clear snmpv3 notify=hwenginform tag Clear SNMPV3 Targetaddr Clear snmpv3 targetaddr=targetaddr taglistClear snmpv3 targetaddr=snmphost44 taglist Clear snmpv3 targetaddr=snmphost79 taglist Clear SNMPV3 View Clear snmpv3 view=view subtree=OIDtext maskClear snmpv3 view=1.3.6.1.2.1.1 mask Clear snmpv3 view=private subtree=1.3.6.1.4 mask Create SNMPV3 Access Parameter, then the writeview parameter defaults to Notifyview parameter defaults to noneThis command creates an SNMPv3 Access Table entry Information in the specified View Table. This is an 111 Create SNMPV3 Community 113 Groupname Specifies a group name configured in the SNMPv3 SNMPV3 Access onThis command creates an SNMPv3 SecurityToGroup Table entry Create SNMPV3 Group 115 NMS or manager. This is the default This command creates an SNMPv3 Notify Table entryCreate SNMPV3 Notify Inform Inform messages are sent, with a 117 Create SNMPV3 Targetaddr 119 Targetparams Specifies the name of the SNMPv3 Target Create SNMPV3 TargetparamsUser Table This command creates an SNMPv3 Target Parameters Table entry Create SNMPV3 View This command creates an SNMPv3 View Table entryOptions are 123 Delete SNMPV3 User Delete snmpv3 user=userDelete snmpv3 user=wilson890 Delete snmpv3 user=75murthy75 Destroy SNMPv3 Access 126 Destroy snmpv3 community index=1001 Destroy snmpv3 community index=indexDestroy snmpv3 community index=5 Destroy snmpv3 group username=Dave securitymodel=v3 Destroy snmpv3 group username=May securitymodel=v3 Destroy snmpv3 notify=systemtestnotifytrap Destroy snmpv3 notify=notifyDestroy snmpv3 notify=engineeringinform1 Destroy snmpv3 targetaddr=snmpv3host77 Destroy snmpv3 targetaddr=targetDestroy snmpv3 targetaddr=snmpmanager Destroy snmpv3 targetparams=targetparams TargetparamsDestroy snmpv3 targetparams=targetparameter1 Destroy snmpv3 targetparams=snmpmanager Destroy SNMPV3 View Destroy snmpv3 view=view subtree=OIDtextSubtree Specifies the view subtree view. The options are Text Text name of the view SET SNMPV3 Access Specified by the View Table entryInformation in the specified View Table Specified View This command modifies an SNMPv3 Access Table entry This command modifies an SNMPv3 Community Table entry SET SNMPV3 Community 136 This command modifies an SNMPv3 SecurityToGroup Table entry SET SNMPV3 Group 138 This command modifies an SNMPv3 Notify Table entry SET SNMPV3 Notify 140 SET SNMPV3 Targetaddr Retries Specifies the number of times the switch retries toParameter Udpport This command modifies an SNMPv3 Target Address Table entry SET SNMPV3 Targetparams Username Specifies the user name Securitymodel This command modifies a Target Parameters Table entry SET SNMPV3 User 146 SET SNMPV3 View This command modifies an SNMPv3 View Table entryName to see the specified subtree Set snmpv3 view=internet1 subtree=internet type=included Set snmpv3 view=system subtree=1.3.6.1.2.1 type=excluded Show SNMPV3 Access Show snmpv3 access=accessShow snmpv3 access=production Show snmpv3 access Show SNMPV3 Community Show snmpv3 community index=indexShow snmpv3 community index=246 Show snmpv3 community Show snmpv3 group username=Dave securitymodel=v3 Show snmpv3 group Show SNMPV3 Notify Show snmpv3 notify=notifyShow snmpv3 notify=testengtrap1 Show snmpv3 notify Show SNMPV3 Targetaddr Show snmpv3 targetaddr=targetaddrShow snmpv3 targetaddr=snmpv3host55 Show snmpv3 targetaddr Show SNMPV3 Targetparams Show snmpv3 targetparams=targetparamsShow snmpv3 targetparams=snmpv3manager95 Show snmpv3 targetparams Show SNMPV3 User Show snmpv3 user=userShow snmpv3 user=Robert Show snmpv3 user Show SNMPV3 View Show snmpv3 view=view subtree=OIDtext Port Parameter Commands Guide for background information on the port parameters Activate switch port=port autonegotiate Activate Switch PortActivate switch port=1,4 autonegotiate Disable Interface Linktrap Disable interface=port linktrapFollowing command disables link traps on port Disable interface=21 Disable Switch Port Disable switch port=portFollowing command disables ports 12 Disable switch port=12,24 Disable switch port=port flow=pause Disable Switch Port FlowDisable switch port=6 flow=pause Enable Interface Linktrap Enable interface=port linktrapFollowing command enables Snmp link traps on port Enable interface=21 Enable Switch Port Enable switch port=portFollowing command enables ports 1 to Disable switch port=1-4 Enable Switch Port Flow Enable switch port=port flow=pausePort Specifies the port where you want to activate flow This command activates flow control on port Reset Switch Port Reset switch port=portFollowing command resets ports 5 to Reset switch port=5-8 SET Switch Port Mdimode=mdimdixauto Default setting Mdi Sets the port’s configuration to MDI MdixTo the port. This is the default setting Auto-Negotiation Is using flow control, the switch port Is not using flow control, neither willSwitch port Default is 57,344 cells Duplex mode SoftresetOnly value is A port’s operating parameters Following command disables ports 1 to Set switch port=1-6 status=disabledSet switch port=8 speed=10mhalf Following command resets port Yes, on, true, enabled Activates multicast SET Switch Port RatelimitNo, off, false, disabled Deactivates multicast Set switch port=all unkucastratelimiting=enabled Set switch port=all rate=15000 This command changes the rate limit to 15,000 packetsSet switch port=all unkucastratelimiting=disabled Show interface=port Show InterfacePort Specifies the port whose interface information you Following command displays the above information on port Show interface=21 Show Switch Port Show switch port=portShow switch port Show switch port=14 MAC Address Table Commands Guide for background information on the MAC address table ADD Switch Fdbfilter 179 Delete Switch FDB Delete switch fdb macaddress=macaddress vlan=namevidDelete switch fdb macaddress=00A0D2181A11 vlan=1 Delete switch fdb macaddress=00a0c1112244 vlan=sales Reset Switch FDB Reset switch fdb port=portReset switch fdb port=5 Specify more than one port at a time Set switch agingtimerageingtimer=value SET Switch AgingtimerageingtimerSet switch agingtimer=120 Show switch agingtimerageingtimer Show Switch AgingtimerageingtimerShow switch agingtimer Show switch fdb Show Switch FDBShow switch fdb status=static Show switch fdb status=multicast Show switch fdb address=00A0D2181A11Show switch fdb port=2 Show switch fdb vlan=sales Port Trunking Commands ADD Switch Trunk Add switch trunk=name port=portFollowing command adds port 5 to a port trunk called load22 Add switch trunk=load22 port=5 Create Switch Trunk Create switch trunk=load22 port=3-6 select=macdest Create switch trunk=trunk4 port=15,17,23 Delete Switch Trunk Delete switch trunk=name port=portDelete switch trunk=Devtrunk port=9 Trunk Specifies the name of the trunk to be modified Port Destroy switch trunk=name Destroy Switch TrunkDestroy switch trunk=load22 Set switch trunk=Load11 select=ipdest SET Switch TrunkTrunk Specifies the name of the port trunk Select Show switch trunk Show Switch TrunkFollowing command displays port trunking information Networking Stack Commands This chapter contains the following commands Following command deletes the ARP entry with the IP address Delete IP ARPDelete ip arp ipaddressall Delete ip arp Delete tcp indexnumber Delete TCPDelete tcp Reset IP ARP Reset ip arp Set ip arp timeout=integer Following command sets the timer to 600 secondsSet ip arp timeout=600 SET IP ARP Following command displays the ARP table Show IP ARPShow ip arp IP addresses and their corresponding MAC addresses Following command displays the IP route table IP address of a destination network, subnetwork, or end node Show TCP Show tcp Number of segments transmitted with the RST bit set Internal socket ID number assigned to the connection 203 Lacp Commands Guide for background information and guidelines on Lacp ADD Lacp Port Add lacp port=6 adminkey=0x1a priority=0x10 Add lacp port=8,22 aggregator=agg1 Create Lacp Aggregator Following command creates an Lacp aggregator named Delete lacp port=port aggregator=name Delete Lacp PortDelete lacp port=9 Destroy lacp aggregator=nameadminkey=key Following command deletes an aggregator named agg15Destroy lacp adminkey=0x1a Destroy Lacp Aggregator Disable lacp Disable LacpFollowing command disables Lacp on the switch Enable lacp Enable LacpFollowing command enables Lacp SET Lacp Aggregator Set lacp aggregator=server11trunk adminkey=0x22Set lacp aggregator=agg5 distribution=macsrc SET Lacp Port Set lacp port=2,5 aggregator=switchtrunk Set lacp port=8-9 adminkey=0x11Following command changes the priority of port 6 to 0x2B Set lacp port=6 priority=0x2b Following command sets the Lacp priority on the switch to SET Lacp PrioritySet lacp priority=priority This is a hexadecimal value from 0x1 to 0xffff. Set lacp state=enable Set lacp state=enabledisableSET Lacp State Show Lacp Port Mirroring Commands SET Switch Mirror Set switch mirror=portSet switch mirror=11 Set switch mirror=0 SET Switch Port Mirror Set switch port=port mirror=nonerxtxbothSet switch port=16-17 mirror=rx Set switch port=5,7,10 mirror=none Show switch mirror Show Switch MirrorFollowing command displays the ports of a port mirror Statistics Commands Guide for background information on statistics Reset Switch Port Counter Reset switch port=port counterThis command returns a port’s statistics counters to zero Reset switch port=14-15 counter Show Switch Counter Show switch counter Show Switch Port Counter Show switch port=port counterShow switch port=14 counter Show switch port counter File System Commands Guide for background information on the switch’s file system Copy switch 12.cfg backup.cfg Copy admin.cfg admin2.cfgCopy Create Config Create config=filename.cfgCreate config=Switch12.cfg Filename contains spaces, it must be enclosed Delete file=Switch 12.cfg Delete FileDelete file=filename Delete file=SW55a.csr Rename Rename Switch12.cfg Sw 44a.cfgIf the name contains spaces, enclose it Set config=filename.cfg SET ConfigSpaces, it must be enclosed in double quotes Set config=switch22.cfg Show File Show file=filenameShow file= Show file=*.cfg File Download and Upload Commands Load METHOD=LOCAL System that you want to download into the applicationBlock. If the filename contains a space, enclose Name in double quotes. These parameters are Load method=local destfile=appblock srcfile=ats62v1 3 0.img Load METHOD=TFTP AT-S62 configuration file Public key certificatePublic key certificate enrollment Request 240 241 As the new active image file on the switch Load METHOD=XMODEMLoad method=xmodem destfile=appblockfilename Method Specifies an Xmodem download Destfile 243 Load method=xmodem destfile=sw12ssl.cer Load method=xmodem destfile=switch12.cfgLoad method=xmodem destfile=appblock Load method=xmodem destfile=ats62v130.img Upload METHOD=LOCAL Active AT-S62 image file is stored Upload method=local destfile=sw12 s62 image.img src=appblock Upload METHOD=REMOTESWITCH 249 250 Upload method=remoteswitch srcfile=appblock switchlist=2 252 Upload METHOD=TFTP 254 255 Switch’s file system Upload METHOD=XMODEMSpecifies the name of a file Appblock Upload method=xmodem srcfile=switchcfg Upload method=xmodem srcfile=sw22 boot.cfgUpload method=xmodem srcfile=sw12sslenroll.csr Event Log and Syslog Server Commands ADD LOG Output Add log output=5 module=all severity=all Add log output=3 module=estack severity=e Add log output=4 module=stp,vlan severity=e,w Create LOG Output 263 Security Security modules Authorization Authentication modulesMessages Clock daemon Time- based modules Time system time and Sntp Syslogformat parameter defines the content of the events LOCAL1 LOCAL2 LOCAL3 LOCAL4 LOCAL5 LOCAL6 LOCAL7 Following command deletes syslog server definition number Destroy LOG OutputDestroy log output=idnumber Destroy log output=3 Disable log Disable LOGFollowing command disables the event log on the switch Disable LOG Output Disable log output=idnumberDisable log output=7 Disable log output Enable LOG Enable log Enable LOG Output Enable log output=idnumberEnable log output=4 Enable log output Purge LOG Purge log=temporary Save LOG Save log=temporary filename=switch 2.log Set log fullaction temporary=haltwrap SET LOG FullactionSet log fullaction temporary=halt SET LOG Output Example, MAC,PACCESS. For a list According to its impact on the switch’s operationAddress for each event. This is Normal Sends only the severity, module, Description Module Set log output=3 server=198.45.12.1 Set log output=11 module=stp,igmpsnooping severity=e,w Show LOG Modules Reverse Specifies the order in which the events areNewest to oldest. Without it, the events are Displayed oldest to newest Port access control list Switch configurationCommand line interface commands Denial of service defense Management access control list 802.1x port-based access controlPort configuration Power over Ethernet AT-8524POE switch only Selects all severity levels Event Log Example Following command displays all the entries in the event log Show log=temporaryShow log=temporary full Show log=temporary module=file,qos On the switch are displayed Show LOG OutputShow log output=idnumber full Server definition. If an output ID number is not Following command displays information about the event log Show log outputShow log output=1 full Show log output=5 full Show LOG Status Following command displays event log status informationShow log status Classifier Commands Guide for background information on classifiers Create Classifier A specific node or a subnet. To filter using the IP VID numberProtocol Specifies a Layer 2 protocol. Options are ARP You can specify other Layer 2 protocols by entering Ipsaddr This command creates a classifier for all IP traffic Create classifier=4 description=IP flow protocol=ip Destroy classifier=idnumber Destroy ClassifierDestroy classifier=2,4 Purge Classifier This command deletes all classifiers on the switchPurge classifier Classifier Specifies the ID number of the classifier to be SET ClassifierNumber can be from 1 to You can specify additional Layer 2 protocols by Entering the protocol number in either decimal orHexadecimal format. For the latter, precede Number with This command adds the Layer 3 protocol Igmp to classifier ID Set classifier=6 ipprotocol=igmp Set classifier=5 udpdport=any Show Classifier Show classifier=idnumberShow classifier Show classifier=12 ACL Commands Guide for background information on access control lists ACL Create ACL ACL Commands This command deletes an ACL from the switch Following command deletes ACL IDs 14Destroy ACL Destroy acl=integer Purge ACL This command deletes all ACLs on the switchPurge acl SET ACL This command changes the description of ACL ID This command changes the classifiers of ACL IDSet acl=4 description=ARP flow Set acl=6 action=permit portlist=4-7 Show ACL Show acl=integerShow acl Show acl=22 Quality of Service QoS Commands 307 Add qos flowgroup=integer classifierlist=integers ADD QOS FlowgroupAdd qos flowgroup=12 classifierlist=4,7 This command adds the traffic class 16 to policy ADD QOS PolicyAdd qos policy=integer trafficclasslist=integers 11,12 ADD QOS Trafficclass Add qos trafficclass=17 flowgrouplist=21 Create QOS Flowgroup Create qos flowgroup=integer New value specified with the Priority RemarkpriorityWith the Priority parameter 313 Create QOS Policy Ingress ports. On switches with 24 ports plus Uplinks, ports 1-26 form a port block. On switchesThis command creates a new QoS policy 14-22 Policy 11 Commands Parts of the policies are Example 2 Video Application Policy 32 Commands Example 3 Critical Database Policy 15 Commands Create QOS Trafficclass Create qos trafficclass=integer Specified at the traffic class or policy level. a Used only if no value has been specified atFlow group level. It will override any value set at Policy level Continue to the point where all the unused Traffic. However, no unused tokens willAccumulate in the bucket. If the traffic Increases, the excess traffic will be discarded Packets with the new value Specified with the PriorityValue specified in with Priority parameter. This is Delete QOS Flowgroup Delete qos flowgroup=22 classifierlist=6 Delete QOS Policy Delete qos policy=1 trafficclasslist=17 Delete QOS Trafficclass Delete qos trafficclass=22 flowgrouplist=5 Destroy QOS Flowgroup Destroy qos flowgroup=integerDestroy qos flowgroup=22 Destroy qos flowgroup=16-20,23 Destroy QOS Policy Destroy qos policy=integerDestroy qos policy=41 Destroy qos policy=5,23 Destroy QOS Trafficclass Destroy qos trafficclass=integerDestroy qos trafficclass=22 Destroy qos trafficclass=16-20,23 SET QOS Flowgroup To modify. The range is 0 toIf the None option is used, the frame’s current If you specify a new priority in a flow group and a Set qos flowgroup=15 priority=6 Packets with the new value specifiedSet qos flowgroup=25 classifierlist=23,41 Set qos flowgroup=41 markvalue=none SET QOS Policy TOS field of the packets. The range is 0 to To another policy with one command Ingressport14-22. The None option removes the policy ALL option adds it to all ports This command changes the ingress port for policy 8 to port This command changes the traffic classes assigned to policySet qos policy=8 ingressport=8 Set qos policy=41 trafficclasslist=12,23 Set qos port=5-8 type=ingress policy=12 SET QOS PortSet qos port=1,5 type=egress policy=none SET QOS Trafficclass Set qos trafficclass=integer Flow group, traffic class, and policy. a Dscp value When they leave the switch Tokens are added. The range is 4 to 512 KbpsThis parameter should be used with Bucket size without also specifying a maximum Set qos trafficclass=42 priority=17 With commas e.g., 4,11,13Set qos trafficclass=41 maxbandwidth=80 burstsize=400 Show QOS Flowgroup Show qos flowgroup=idnumberShow qos flowgroup Show qos flowgroup=12 Show QOS Policy Show qos policy=idnumberShow qos policy Show qos policy=54 Show QOS Trafficclass Show qos trafficclass=idnumberShow qos trafficclass Show qos trafficclass=14 Class of Service CoS Commands Guide for background information on Quality of Service MAP QOS Cosp Following command maps priorities 4 and 5, to egress queue Map qos cosp=4,5 qid=3 SET QOS Cosp Following command maps priorities 5 and 6, to egress queueSet qos cosp=5,6 qid=1 Set qos scheduling=strictwrr weights=weights Set qos scheduling=wrr weights=1,5,10,15SET QOS Scheduling Set qos scheduling=strict Show qos config Show QOS ConfigDisplays the QoS priority queues and scheduling Power Over Ethernet Commands Guide for background information on Power over Ethernet PoE Disable POE Port Disable poe port=portThis command disables PoE on port 5 Disable poe port=5,7 Enable POE Port Enable poe port=portThis commands activates PoE on port Enable poe port=2 SET POE Port Following command disables PoE on ports 4 Set poe port=4-5 poefunction=disableThis command sets the priority on port 6 and 11 to high Set poe port=14 powerlimit=12500 Set poe threshold=value SET POE ThresholdSet poe threshold=80 Show POE Config Show poe config port=portShow poe config Show poe config port=4 Show POE Status Show poe status port=port Show poe status Show poe status port=4 Igmp Snooping Commands Guide for background information on Igmp Snooping Disable igmpsnooping Disable IgmpsnoopingThis command deactivates Igmp snooping Enable igmpsnooping Enable IgmpsnoopingThis command activates Igmp snooping SET IP Igmp Set ip igmp snoopingstatus=disabled Set ip igmp hoststatus=singlehost Show Igmpsnooping Show igmpsnooping Show IP Igmp Show ip igmp hostlist routerlistShow ip igmp Show ip igmp hostlist Show ip igmp routerlist Denial of Service DoS Defense Commands Set dos ipaddress=ipaddress subnet=mask uplinkport=port SET DOSSet dos ipaddress=149.11.11.1 subnet=0.0.0.63 Set dos ipoption port=5,7,10 state=enable SET DOS IpoptionThan one port at a time Mirrorport Set dos land port=5,7 state=enable Set dos land port=port state=enabledisable mirrorport=portSET DOS Land SET DOS Pingofdeath Following command activates the defense on ports 1 Set dos pingofdeath port=1,5 state=enable Set dos smurf port=port state=enabledisable Port Specifies the switch ports on which you want toFollowing command activates this defense on port Set dos smurf port=17 state=enable Set dos synflood port=port state=enabledisable Following command activates the defense on ports 18 toSet dos synflood port=18-20 state=enable SET DOS Synflood SET DOS Teardrop Following command activates the defense on port Set dos teardrop port=22 state=enable Show DOS Show dos ipaddress subnet uplinkportShow dos defense port=port Show dos ipaddress subnet Show dos smurf port=4 STP Commands Activate STP Activate stp Disable stp Disable STPFollowing command disables STP Enable stp Enable STPFollowing command enables STP on the switch Purge STP Purge stp SET STP Following table. You specify the increment thatRepresents the desired bridge priority value. 32768 Seconds Set stp default Set stp hellotime=7 forwarddelay=25Set stp priority=11 SET STP Port Set stp port=6 portcost=15 portpriority=12 Set stp port=7-10 portcost=auto SET Switch Multicastmode Set switch multicastmode=abcdWhere the ingress port is a member Multicastmode Specifies one of the following Set switch multicastmode=a Show STP Show stp port=portShow stp Show stp port=1-4 Rstp Commands Activate Rstp Activate rstp Disable rstp Disable RstpFollowing command disables Rstp Enable rstp Enable RstpFollowing command enables Rstp Purge Rstp Following command resets RstpPurge rstp SET Rstp Range is divided into sixteen increments, asShown in the following table. You specify Increment that represents the desired bridge priority Forwarddelay STP compatible modeParameter settings, but Seconds Set rstp priority=5 hellotime=5 forwarddelay=20 Set rstp forceversion=stpcompatible Set rstp default SET Rstp Port Mbps 20,000 Portpriority You specify the increment that corresponds toPort is an edge port. Values are equivalent. This is Set rstp port=4 portcost=1000000 portpriority=14 Set rstp port=6-8 edgeport=no Show rstp portconfig=portportstate=port Show rstp portconfig=1-4Show Rstp Show rstp Following command displays Rstp port status for port Show rstp portstate=15 Mstp Commands 407 Activate Mstp Activate mstp ADD Mstp Add mstp mstiid=mstiid mstivlanassoc=vidsAdd mstp mstiid=8 mstivlanassoc=4 Add mstp mstiid=11 mstivlanassoc=24,44 Create Mstp Create mstp mstiid=mstiid mstivlanassoc=vidsAt a time. The range is 1 to Create mstp mstiid=8 mstivlanassoc=4 Delete Mstp Delete mstp mstiid=mstiid mstivlanassoc=vidsDelete mstp mstiid=8 mstivlanassoc=4 Delete mstp mstiid=11 mstivlanassoc=24,44 Destroy Mstp Mstiid Destroy mstp mstiid=mstiidThis example deletes the spanning tree instance Destroy mstp mstiid=4 Disable mstp Disable MstpFollowing command disables Mstp Enable mstp Enable MstpFollowing command enables Mstp Purge Mstp Purge mstp Performs the same function as the Reset Mstp Command. The spanning tree protocol must beDisabled to use this parameter SET Mstp Seconds Forwarddelay Those ports operating in the STP compatible modeConfigname Maxhops Specifies the maximum hops counter. Mstp Set mstp default Set mstp forceversion=forcestpcompatible Default value is 32,768, which is increment SET Mstp CistSet mstp cist priority=priority Is divided into sixteen increments, as shown Set mstp cist priority=11 Set mstp msti mstiid=mstiid priority=priority SET Mstp MstiMsti Priority Value Increments Set mstp msti mstiid=4 priority=11 Set mstp msti mstiid=6 priority=2 SET Mstp Mstivlanassoc Set mstp mstivlanassoc mstiid=mstiid vlanlist=vidsSet mstp mstivlanassoc mstiid=8 vlanlist=4 Set mstp mstivlanassoc mstiid=11 vlanlist=24,44 SET Mstp Port Mbps 20,000 Edgeport Connected to any device running STP or MstpSelections are Yes, on, true Port is an edge port. These BPDUs indefinitely. Set the migrationcheck Default setting is Auto-detect 0, which sets port Cost depending on the speed of the port. DefaultAn internal port cost. The range is 0 to 200,000,000 Mbps ports, and 20,000 for one gigabit ports Set mstp port=14,23 extportcost=500 Set mstp port=6-8 edgeport=yesSet mstp port=2-5 extportcost=auto Set mstp port=6-8 ptp=yes Set mstp port=7,10 portpriority=4 stpid=2 Set mstp port=7,10 intportcost=500Set mstp port=2-5 intportcost=auto Show Mstp Msti priority Regional root ID Show mstp portconfig=5 stpid=2 Show mstpShow mstp portstate=4 Show mstp cist VLANs and Multiple Vlan Mode Commands ADD Vlan Add vlan=name vid=vid port=portsall frame=untaggedtagged Add vlan=Service untaggedports=7-8 taggedports=5 Add vlan=sales port=4,7 frame=untaggedAdd vlan=sales untaggedports=4,7 Add vlan=production port=3 frame=tagged Create Vlan Create vlan=name vid=vid port=portsall frame=untaggedtagged Port Specifies the ports on the switch that are either This command creates a new port-based or tagged VlanExample, 1, 5, 14-22. To specify all ports on Frame parameter Create vlan=Service vid=16 port=1,4,5-7 frame=untagged Create vlan=Sales vid=3 port=4-8,12-16 frame=untaggedCreate vlan=Sales vid=3 untaggedports=4-8,12-16 Create vlan=Production vid=22 port=3,6 frame=tagged 438 Delete Vlan Delete vlan=name vid=vid port=ports frame=untaggedtaggedVlan Specifies the name of the Vlan to be modified Vid This parameter must be used with the Frame Delete vlan=sales port=4,7 frame=untagged Delete vlan=sales untaggedports=4,7Delete vlan=production port=13 frame=tagged Delete vlan=production untaggedports=13 To 8, the commands would be Delete vlan=Service untaggedports=6-8 taggedports=2 Destroy Vlan Destroy vlan vlan=nameall vid=vidDestroy vlan vlan=Sales Destroy vlan vlan=Sales vid=102 Set switch infiltering=yesnoonofftruefalse SET Switch InfilteringSet switch infiltering=off Set switch managementvlan=nameVID SET Switch ManagementvlanSet switch managementvlan=TechSupport SET Switch Vlanmode Set switch vlanmode=dotqmultiple uplinkport=4 Set switch vlanmode=userconfig Set vlan=name vid=vid type=portbased SET VlanSet vlan=gvrpvlan22 type=portbased Show Vlan Show vlan=namevidShow vlan Show vlan=sales Garp Vlan Registration Protocol Commands Guide for background information on the Gvrp Disable garp=gvrp gip Disable GarpDisable garp=gvrp Enable Garp Enable garp=gvrp gipThis commands enables Gvrp on the switch Enable garp=gvrp Purge Garp Purge garp=gvrp SET Garp Port Set garp=gvrp port=port mode=normalnoneSet garp=gvrp port=1-4 mode=none Set garp=gvrp port=3 mode=normal SET Garp Timer Following command sets the timers to their default values Set garp=gvrp timer default Show Garp Following command displays the above Gvrp informationShow garp=gvrp Show Garp Counter Show garp=gvrp counter Following command displays the above Garp counters Show Garp Database Following command displays the Garp databaseShow garp=gvrp database Show Garp GIP Following command displays the GIP-connected ringShow garp=gvrp gip Following command displays GID state machines Show Garp MachineShow garp=gvrp machine Port App Reg Protected Ports Vlan Commands ADD Vlan Group Add vlan=InternetGroups untaggedports=11 group=uplink Following command accomplishes the same thing using syntaxAdd vlan=InternetGroups port=5,6 frame=untagged group=4 Add vlan=InternetGroups untaggedports=5,6 group=4 Create vlan=name vid=vid portprotected Create Vlan PortprotectedCreate vlan=InternetGroups vid=12 portprotected Vlan Specifies the name or VID of the Vlan to be VID Delete vlan=InternetGroups port=12 frame=untagged Delete vlan=InternetGroups untagged=12 Following command deletes the Vlan called InternetGroups Following command deletes all VLANsDestroy vlan=namevidall Destroy vlan=InternetGroups Set vlan=namevid port=ports frame=taggeduntagged Set vlan=Sales port=4 frame=untagged Following command displays the Sales Vlan MAC Address Security Commands Guide for background information on port security SET Switch Port Intrusionaction Port Specifies the port where you want to changeSet switch port=12,21 intrusionaction=trap Snmp trap SET Switch Port Securitymode Trap, and disables the port Disable. This option does not apply when intrusionTo the Limited security mode. Intrusion actions are Action is set to discard. Options are Set switch port=8 securitymode=limited learn=5 Set switch port=15-16 learn=150Set switch port=2,6,18 securitymode=locked Set switch port=12-24 securitymode=secured Show Switch Port Intrusion Show switch port=port intrusionPort Specifies the port where you want to view Show switch port=12,21 intrusion Show switch port=port securitymode Show Switch Port SecuritymodeShow switch port=1-5 securitymode 802.1x Port-based Access Control Commands Disable Portaccessportauth Disable portaccessportauthPortaccess and Portauth keywords are equivalent Disable portaccess Disable radiusaccounting Disable RadiusaccountingFollowing command disables Radius accounting Enable portaccessportauth Enable PortaccessportauthEnable portaccess Enable Radiusaccounting Enable radiusaccounting SET Portaccessportauth Port ROLE=AUTHENTICATOR Port-based authenticationControl on the port Control Authentication messages Authentication server. EachAccess the network is Switch by using the clients Switch or the switch is Reset or power cycledClient before retransmitting the request. The default Is disabled by default. The default value is Authenticator port will handle egress broadcast Multicast traffic when in the unauthorized state. YouClient has logged on. This is the default Client’s authentication Set portaccess port=4-6 role=authenticator This command sets ports 4 to 6 to the Authenticator roleSet portaccess port=12,15 role=none SET Portaccessportauth Port ROLE=SUPPLICANT To adjust. You can specify more than one port at aTo 60 seconds. The default is 30 seconds Port Specifies the port that you want to set to Set portaccess port=4-6 role=supplicant SET Radiusaccounting Interim accounting updates to the Radius server Range is 30 to 300 seconds. The default isSet radiusaccounting status=enabled trigger=stoponly Set radiusaccounting updateenable=enabled interval=200 Show Portaccessportauth Show portaccessportauth configstatusShow portaccess config Show portaccess status Show Portaccessporauth Port Settings you want to view. You can specify moreShow portaccess port=10 authenticator status Show portaccess port=12 supplicant config Show Radiusaccounting Show radiusaccounting Web Server Commands Guide for background information on the web server Disable http server Disable Http ServerFollowing command disables the web server Enable http server Enable Http ServerFollowing command activates the web server Purge Http Server Purge http server Will listen on. The default for non-secure Http Secure Https modeSET Http Server Set http server security=disabled Set http server security=enabled sslkeyid=5 Set http server security=enabled sslkeyid=4 This command enables the web server enable http server 503 Set system distinguishedname=cn=149.44.44.44 This command disables the web server disable http serverCreate pki enrollmentrequest=sw24cer keypair=8 Set http server security=enabled sslkeyid=8 Show Http Server Following command displays the status of the web serverShow http server Encryption Key Commands Create Enco KEY Ssh Version 1 usersSsh2 Version 2 users Create enco key=12 type=rsa length=512 Syntax 2 Description Create enco key=12 type=rsa file=public12.key format=ssh Destroy enco key=key-id Destroy Enco KEYDestroy enco key=4 SET Enco KEY Set enco key=1 descriptionSwitch 22 keySet enco key=key-iddescription=description This command displays information about encryption key Show EncoShow enco key=key-id Show enco key=1 Public Key Infrastructure PKI Certificate Commands ADD PKI Certificate 517 Create PKI Certificate 519 520 Create PKI Enrollmentrequest Enclosed in double quotes. The managementSoftware automatically adds the .csr extension Type Formats the request according to Pkcs #10 Create pki enrollmentrequest=Switch12 keypair=4 PKCS10 Delete pki certificate=Switch 12 certificate Delete PKI CertificateDelete pki certificate=name Be enclosed in double quotes. Wildcards are not Purge PKI Purge pki Entity EE. This is the default SET PKI CertificateSpaces, it must be enclosed in quotes Yes, on, true Specifies that the certificate is from a Set pki certificate=Switch 12 certificate trusted=true Set pki certstorelimit=value SET PKI CertstorelimitSet pki certstorelimit=100 Set system distinguishedname=name SET System DistinguishednameSet system distinguishedname=cn=169.22.22.22 Show PKI Show pki Show pki certificate=Switch 12 certificate Show PKI CertificateShow pki certificate=name Show pki certificate Secure Sockets Layer SSL Commands Set ssl cachetimeout=180 Set ssl cachetimeout=value maxsessions=valueSET SSL Show SSL Show ssl Secure Shell SSH Commands Disable ssh server Disable SSH ServerFollowing command disables the Secure Shell server Enable SSH Server Enable ssh server hostkey=0 serverkey=1 General Configuration Steps for SSH Operation Enable ssh server hostkey=1 serverkey=2 SET SSH Server Set ssh server expirytime=1 Show SSH Show ssh TACACS+ and Radius Commands Add radiusserver ipaddress=149.245.22.22 order=1 ADD RadiusserverAdd radiusserver ipaddress=149.245.22.22 order=3 TACACS+ and Radius Commands ADD Tacacsserver Being the first server queriedAdd tacacsserver ipaddress=149.245.22.20 order=1 Add tacacsserver ipaddress=149.245.22.26 order=3 Delete radiusserver serveripaddress=ipaddress Delete RadiusserverDelete radiusserver ipaddress=149.245.22.22 Delete tacacsserver serveripaddress=ipaddress Delete TacacsserverDelete tacacsserver ipaddress=149.245.22.20 Disable Authentication Disable authentication Enable Authentication Enable authentication Purge authentication Purge AuthenticationFollowing command disables authentication on your switch Set authentication method=tacacs SET AuthenticationSet authentication method=tacacs secret=tiger54 Set authentication method=radius secret=leopard09 timeout=15 Show Authentication Show authentication=tacacsradiusShow authentication Show authentication=radius Management ACL Commands Guide for background information on the Management ACL ADD Mgmtacl Management ACL Commands Delete Mgmtacl Following command deletes an ACE from the Management ACLTcp Transmission control protocol Interface Disable mgmtacl Disable MgmtaclFollowing command disables the Management ACL Enable mgmtacl Enable MgmtaclFollowing command enables the Management ACL SET Mgmtacl 561 Set mgmtacl state=disableenable Enable Enables the Management ACL DisableSet mgmtacl state=enable SET Mgmtacl State Show Mgmtacl Show mgmtacl stateentriesShow mgmtacl state Show mgmtacl entries Configuring timeout value 198 aging timer Index Clear Screen command Create PKI Certificate command Disable Radiusaccounting command 481 Disable Rstp command Disable Snmp command Flow group Modifying 308, 324 Aging time 182 multicast groups Disabling 480 displaying 493, 494 SET Mgmtacl command SET Mstp command SET Mstp Msti commandSET POE Threshold command SET QOS Port command SET Switch Port command Show PKI Certificate command 530 Show PKI commandShow Switch command Show Switch Port Counter command Sntp Modifying 259 System files Deleting Downloading 238 Adding Converting dynamic VLANs Creating