Manuals / Allied Telesis / Computer Equipment / Network Router

Allied Telesis AT-9800 Removing a Description from a Switch Port, Changed description parameter

Models: AT-9900 AT-8700XL AT-9800 AT-8600 RAPIER I AT-8800 AT-8900 X900-48FE

1 232

Download 232 pages 5.78 Kb

Page 30

30

Switching Enhancements

Release Note

Removing a Description from a Switch Port

You can now return the description of a switch port to its original blank value by entering the following command:

set switch port=port-numberdescription=

and providing no value for the description parameter.

Command Changes

The following table summarises the modified command:

CommandChange

set switch port	Changed description parameter

Securing a Single VLAN through Switch Filters

On AT-8824, Rapier 24i, AT-8724XL and AT-8624 switches only (not on 48-port switches), this enhancement enables you to use switch filters to secure only the current VLAN, instead of securing all VLANs on the switch. To turn on this feature, a new command disables “vlansecure” mode for filters (see “Configuring vlansecure” on page 31).

Without this enhancement (the default situation) a switch filter only allows a host to access the network through a particular port on the switch. For example, if you have a PC connected to port 15 in vlan2, and define the following filter, the PC can only communicate when it is connected to port 15:

add switch filter entry=0 dest=pc-mac-addressvlan=2 port=15 action=forward

With this enhancement, the above filter limits the host to accessing vlan2 through port 15, but does not prevent the host from accessing other VLANs through other ports in vlan2. For example, if the above filter exists and you move the PC to another port in vlan2, this enhancement prevents the PC from communicating with devices in vlan2 but allows it access to other VLANs on the switch. The following figure shows a PC that has been moved from port 15 to port 16 to illustrate the effect.

Software Version 2.8.1 C613-10477-00 REV B

Image 30

Allied Telesis AT-9800, RAPIER I Removing a Description from a Switch Port, Securing a Single Vlan through Switch Filters

Contents

Software Version Release NoteRelease Note Software Version Introduction IntroductionProduct series Models Backwards Compatibility Issue when Upgrading Upgrading to Software VersionProduct name Release file GUI resource file CLI help file Overview of New Features Overview of New FeaturesQuickly Software Version AR400 AR7x5 AR750S Rapier AT-8800 AT-8600 AT-9800 AT-8900 X900-48FE AT-9900AR400 AR7x5 AR750S Rapier AT-8800 Snmp MIBs Restart LogClearing System Parameters Command ChangesSystem Enhancements Extended Monitoring of CPU UtilisationReset cpu utilisation Disable cpu extendedEnable cpu extended Activate cpu extendedEnable cpu extended Command Reference UpdatesDisable cpu extended Activate cpu extendedSet system location Reset cpu utilisationSet system contact Set system nameExample output from the show cpu extended command Show cpuParameter Meaning Command Line Interface CLI Enhancements Parts of a CommandMore flexibility in Separating Parameters and Values Command Additional Shortcuts when Editing Show command historyCreate config Create config Command Line Interface CLI EnhancementsParameter Description Set command assignmentoperator Show command history Example output from the show command history commandFile System Enhancement Add fileCreate file File System EnhancementShow file permanentredirect Reset file permanentredirectFile size Default 204 800 bytes Software Version Parameter DescriptionExample output from the show file permanentredirect command File System Enhancement Release NoteSwitching Enhancements Ordering Hardware Filters in 48-Port SwitchesSet switch hwfilter mode New command Switching EnhancementsCommandChange Show switch hwfilter New mode parameter in outputPortDisable Limiting Rapid MAC MovementSet switch port Create switch trunkEnable switch port vlan Set switch thrashlimitRoute Update Queue Length Set switch hwrouteupdateNew command Removing a Description from a Switch Port Securing a Single Vlan through Switch FiltersChanged description parameter Configuring vlansecure Show switch debug Change of Debug Command SyntaxEthernet Protection Switching Ring Epsr New DEV option in outputCreate switch trunk Disable switch port vlan Disable switch debugDisable switch filter vlansecure Debugging occurs on operations related to the switch chipEnable switch debug Enable switch filter vlansecureEnable switch port vlan Set lacp Set switch hwfilter mode Set switch hwrouteupdateSet switch port Set switch thrashlimit Set switch trunkAddress learn thrash timeout ... second Example output from the show lacp commandAddress learn thrash action ..... Learn Disable Show lacpShow switch Switching Enhancements Show switch debug Whether the debugging option for the router or switch isARL, DMA, DEV, PHY, or None New parameter in output of the show switch filter command Show switch filterShow switch hwfilter VlanSecureMeaning Show switch portNew parameters in output of the show switch port command ModeThrashaction is set to none PPPoE Access Concentrator Add ppp acserviceDelete ppp acservice Set ppp acservicePPPoE Access Concentrator Eth0 New parameter in output of the show ppp pppoe commandShow ppp pppoe InterfaceDisable mstp port Disable mstp portEnable mstp port Enable mstp portShow stp port STP EnhancementShow stp port New Port field in outputSet asyn Asynchronous Port EnhancementMaking Asynchronous Ports Respond More Quickly Show asynSet asyn Show asynAsynchronous Port Enhancement Release Note Ten timer value 100Ten timer value Which characters are bundledIgmp Proxy on x900 Series Switches Internet Group Management Protocol Igmp EnhancementsMulticast group GroupDownstream interfaces have members Downstream interfaceSet ip interface Igmp filtering extended to all Igmp message typesAdd ip interface Set ip igmp interfaceSet igmp filter Internet Group Management Protocol Igmp EnhancementsAdd igmp filter Show igmp filterMonitoring reception of Igmp general query messages Add igmp filter MSGType=QUEryREPortLEAVeAdd ip interface Set igmp filterSet ip igmp interface Set ip interface Passed Show igmp filterLeaves Is attached to Recd Attached toShow ip igmp Upstream General Query Reception Timeout .... NoneNew parameters in the output of the show ip igmp command An Snmp trap are generatedExpanded number of Eth interfaces per physical interface Expanded IP TroubleshootingInternet Protocol IP Enhancements IP Route Preference OptionsIPv4 Filter Expansion Assigning the Filter TypeEnhancements to Display of UDP Connections over IPv4 Waiting for a Response to an ARP RequestAdding Static ARP Entries with Multicast MAC Addresses Set ip arpwaittimeoutNew Arp wait timeout field Show ipDisable ip macdisparity Enable ip macdisparityNew IP/MAC address disparity parameter Add ip filter Syntax Traffic filterDisable ip macdisparity Enable ip macdisparity Reset ip counterSet ip arpwaittimeout Set ip filter Set ip route preferenceWith multicast MAC addresses. One of Enabled or Arp wait timeout SecsModified parameters on output of the show ip command Show ipShow ip cache Internet Protocol IP Enhancements Release NoteWhen the entry is used Show ip counterCount Number of times the entry was found Show ip filter Show ip udpGeneration/reception of logs using the Secure Router Log UDP on the router or switchTime synchronisation using the Network Time Protocol Generation/reception of logs using the Net Manage protocolDisplay of UDP Connections over IPv6 Show ipv6 udp New commandIPv6 Enhancements IPv6 Tunnel ExpansionShow ipv6 udp L2TP Enhancements L2TP EnhancementsResetting General L2TP Counters Handling PPP Link Negotiation FailuresProxyauth=offon Disable l2tp debug Add l2tp ipEnable l2tp debug Reset l2tp counter Show l2tp tunnel Proxy AuthenticationShow l2tp ip DecodeShow l2tp tunnel call Syntax SHow L2TP TUNnel CALL=1..65535Nssa Translator Role Ospf Interface PasswordOpen Shortest Path First Enhancements Add ospf interfaceAdd ospf area Set ospf areaShow ospf area Redistributing External Routes Interaction with global Ospf parametersOspf backward compatibility Add ospf redistribute Disable ospf debugEnable ospf debug Delete ospf redistributeAdd ospf area NSSAStability=1..3600 NSSATranslator=CANdidateALWaysAdd ospf interface Add ospf redistributeDisable ospf debug Enable ospf debugDelete ospf redistribute Set ospf BGPImport=ONOFFTrueFalseYESNOSet ospf area Set ospf interfaceSet ospf redistribute Show ospf area RoleStability Interval State Show ospf redistribute Software Version 101Upper and Lower Thresholds BGP EnhancementsBGP Backoff Lower Threshold BGP EnhancementsEnable and Disable Backoff BGP Peer and Peer Template EnhancementsDisplaying Routes Learned from a Specific BGP Peer Displaying the Number of Routes from a PeerDisplaying Information about Routes from a Peer Add bgp peer Software Version 105Disable bgp backoff Add bgp peertemplateSoftware Version 107 Enable bgp backoffSet bgp backoff BACkoffSet bgp peer Set bgp peertemplate Software Version 109Mem Upper Threshold Value 95% Mem Upper Notify Show bgp backoffBGP Enhancements Release Note Mem Lower Threshold Value 90% Mem Lower NotifyShow bgp peer Show bgp routeRoutes learned Icmp type for MLDv2 Reports MLD and MLD Snooping EnhancementsMLD Packet Formats MLD and MLD Snooping EnhancementsSoftware Version 113 MLD Snooping Group Membership DisplayChange of Maximum Query Response Interval for Show mldsnooping More consistent outputEnable ipv6 mld interface Set ipv6 mldSoftware Version 115 Show ipv6 mldShow mldsnooping V2 Draft CompatiblePrevious example output from the show mldsnooping command MLD and MLD Snooping EnhancementsRelease NoteSet classifier Extension to Range of Classifier fields for x900 SwitchesCreate classifier Show classifierExtension to Range of Classifier fields for x900 Switches Create classifierSoftware Version 119 Set classifier Show classifier Software Version 121Icmp type TCP FlagsIcmp code Igmp type 0x17 V2LEAVEFormat Classifier Rules 2222 MAC Address Aa-bb-cc-dd-ee-ff TypeVlan1234 Protocol 1234567890 Layer 3 Byte Offset Value MaskTCP Flags Igmp TypeParameter option in brackets if available One of URG, ACK, RST, SYN, or FINQoS Enhancements Port GroupsSoftware Version 125 Storm protection Set qos trafficclass Set qos policyCreate qos trafficclass Show qos trafficclassAdd qos portgroup port Create qos policyDefault portdisable With the enable switch port commandCreate qos trafficclass Protection is enabledCreate qos portgroup Storm protection is inactiveEnable switch port vlan command Is matching STORMTimeoutWith the enable switch port command, or STORMRateDestroy qos portgroup POrt Port to delete from this port group Default no defaultDelete qos portgroup port Specific port that consistsReset qos portgroup counters Set qos policySoftware Version 133 Set qos portgroup Uses Kbps. If you specify Mbps or Gbps, the rateSet qos trafficclass Software Version 135 Parameter DescriptionShow qos policy With the enable switch port or enable switchIs disabled by storm protection QoS Enhancements Release Note Parameter DescriptionPorts Assigned to Port Groups Assigned to 213-24 Rate 1kbps Window 100ms Timeout NoneShow qos port Storm Protection StatusShow qos portgroup QoS EnhancementsRelease NotePort Group Trunk Group None Software Version 139 Parameters in output of the show qos portgroup commandShow qos portgroup counters Integer from 1 to140 Show qos trafficclass Number of bytes that conforms with band with classStorm Protection Configuring the Client Configuring Secure CopyConfiguring the Server Secure Copy SCPManaging Secure Copy Sessions Configuring UsersUse the show ssh session command to see current sessions Software Version 143Loading using Secure Copy Loading Files to the SwitchLoading Files from a Remote Machine Uploading using Secure CopyUploading from the Switch Software Version 145Set loader Uploading Files from a Remote MachineLoad Show loaderDelete ssh session Disable ssh debugDisable ssh server Software Version 147Enable ssh debug Enable ssh serverWhether the SSH server supports SCP connections Load Software Version 149Copy is the default method for loading and uploading Default tftpSet loader Set ssh client Software Version 151192.168.1.1 Set ssh serverShow loader AliceSoftware Version 153 SSH Server Enabled SCP ServiceShow ssh DebugReset loader command Show ssh counterParameter Meaning WriteFileFailed Show ssh sessionSoftware Version 155 FailureSecure Copy SCP Release Note Parameter Meaning Secure Shell SessionUpload Software Version 157Characters long SSL Counter Enhancement SSL Counter EnhancementShow ssl counters Show ssl countersSession ID longer than 32 bytes Software Version 159BadSessionIdLen Client Counters for the SSL client BadSessionIdLenDisabling SIP ALG Call ID Translation Firewall EnhancementsFirewall Licencing Firewall EnhancementsFirewall Policy Rules Expansion Set firewall sipalg New commandDisplaying SIP ALG Session Details Software Version 161Set firewall sipalg Reset firewall sipalg counterDisplaying a Subset of Policy Rules Show firewall policyShow firewall Show firewall policyShow firewall sipalg Valid with the ip or summary commandsIp or callid commands CALLIdWithin the private network protected by the firewall Parameters in output of the show firewall sipalg commandService Active SIP SessionsGbl IP Router or switch. The router or switch only translates IPFirewall Enhancements Release Note Seen on the public side of the firewallShow firewall sipalg counter Start up or reset Current sessions Audio sessions createdSince start up or reset Past sessions Current SIP sessionsTotal number of SIP messages received that the SIP ALG ThemEnhancements to IPsec/VPN Responding to IPsec Packets from an Unknown TunnelSoftware Version 169 Modifying the Message Retransmission Delay Retrying Isakmp Phase 1 and 2 Negotiations New retryIkeAttemptsPh1 and retryIkeAttemptsPh2 VPN Tunnel LicencingNew retryikeattempts parameter New usePolIkeRetryGood and usePolIkeRetryFailedCreate ipsec policy Software Version 173Create isakmp policy Default incrementalMsgtimeout value Msgbackoff parameterAttempted over new Isakmp SAs After the first 16 attempts, a five minute delayRETRYIKEattempts Occurs between attemptsSet ipsec policy Set isakmp policy Software Version 177Show ipsec VPNs Maximum Current PeakParameter Meaning VPNs Respond Bad SPI Show ipsec policySoftware Version 179 Respond Bad SPIInBadSpiResponse Show ipsec policy counterInBadSpiResponse To true and packets processed by that policy have anShow isakmp counters Software Version 181RetryIkeAttemptsPh1 RetryIkeAttemptsPh2 UsePolIkeRetryGood UsePolIkeRetryFailed Message Back-off Incremental Show isakmp exchangeSoftware Version 183 Same NoneIskamp policy command Show isakmp policyShow isakmp sa Software Version 185Message Back-off None Snmp MIBs Shdsl Line MIBSnmp MIBs Logging Snmp operation Snmp request not processed due to excessive memoryUsage Traps on Ospf state changes Snmp Trap not sent due to excessive memory usageTrap on Vrrp topology changes Traps on Mstp state and topology changesSoftware Version 189 Trap on Login Failures Restart LogVLAN-based port state changes Show buffer Trap on Memory LevelsSoftware Version 191 New Buffer level 0 fieldBuffer level 1500 New parameters in output of the show buffer commandShow buffer Parameter Meaning Buffer level nCDP over WAN Interfaces Enable lldp cdp debug Disable lldp cdp interfaceDisable lldp cdp ppptemplate CDP over WAN InterfacesEnables debugging of PPP events Enable lldp cdp interfaceEnable lldp cdp ppptemplate Software Version 195Show lldp cdp interface PPP Templates Enabled PPP Templates DisabledShow lldp cdp Ppp0 Ppp1Permanent Assignments on AR400 Series Routers Software Version 197Page Introduction to Ethernet Protection Switching Ring Epsr ChapterIntroduction to Ethernet Protection Switching Ring Epsr Epsr Instances and DomainsData Vlan Ethernet Protection Switching Ring EpsrControl Vlan Master NodeFault Detection and Recovery Master Node Polling Fault DetectionTransit Node Unsolicited Fault Detection Fault Recovery Procedure Restoring Normal Operation Configuring Epsr Epsr Single Domain, Single Ring NetworkExample script for a 4 node ring network # For Transit Nodes 1, 2Single Ring, Dual Domain Network Example script for a Single Ring, Two Domain Network Node # Node 1 Master node for RingA Transit Node for RingBExample script for a Single Ring, Two Domain Network Nodes 2 # Node 3 Transit node for RingA Master Node for RingB Epsr and Spanning Tree Operation # For Transit Node Command Reference # For Transit Nodes 2Add epsr datavlan Add epsr datavlanEthernet Protection Switching Ring Epsr Create epsr Create epsrDefault 1s FAilovertime Only configured for the master nodeSeconds 32767s. Only configured for the master node Default 2s RIngflaptimeUnique name for the VLAN. This can be from 1 to Delete epsr datavlanHyphen character -. The epsr-name cannot be ALL Vlan-name cannot be a number or ALLDestroy epsr Destroy epsrEpsr instance to be disabled Disable epsrEthernet Protection Switching Ring Epsr Disable epsr String, 1 to 15 characters long. Valid characters areDisable epsr debug Disable epsr debugEnable epsr Ethernet Protection Switching Ring Epsr Enable epsrEpsr instance to be enabled Epsr instance whose debugging is to be enabled Enable epsr debugEnable epsr debug OUTputEthernet Protection Switching Ring Epsr Purge epsr Purge epsrSet epsr Set epsrEpsr to be set for the port Ethernet Protection Switching Ring Epsr Set epsr portSet epsr port VLANs within the ring domainShow epsr Show epsrEpsr instance whose details are displayed Ethernet Protection Switching Ring Epsr Show epsr Shown for a transit node Disabled. This parameter is only shown for a transit nodeSecond Port Second Port StatusCOUnter Ethernet Protection Switching Ring Epsr Show epsr counterShow epsr counter Epsr instancesRelated Commands show epsr Show epsr debug Show epsr debug