NETGEAR GSM7228PS-100NAS ip access-list

Quality of Service (QoS) Commands

497

ProSafe Managed Switch

no access-list

This command deletes an IP ACL that is identified by the parameter <accesslistnumber>

from the system. The range for <accesslistnumber> 1-99 for standard access lists and

100-199 for extended access lists.

Format no access-list <accesslistnumber>

Mode

ip access-list

This command creates an extended IP Access Control List (ACL) identified by <name>,

consisting of classification fields defined for the IP header of an IPv4 frame. The <name>

parameter is a case-sensitive alphanumeric string from 1 to 31 characters uniquely

identifying the IP access list.

If an IP ACL by this name already exists, this command enters IPv4-Access_List config mode

to allow updating the existing IP ACL.

Note: The CLI mode changes to IPv4-Access-List Config mode when you

successfully execute this command.

[precedence <precedence> |

tos <tos> <tosmask> | dscp

<dscp>]

Specifies the TOS for an IP ACL rule depending on a match of

precedence or DSCP values using the parameters dscp,

precedence, tos/tosmask.

[log] Specifies that this rule is to be logged.

rate-limit The user can specify a simple rate limiter for packets matching an

ACL “permit” rule. The user needs to specify the burst size in kbytes

and allowed rate of traffic in kbps. The conforming traffic is allowed

to transmit, and non-conforming traffic is dropped. This action is

ignored for any “deny” rule, since by definition matching packets are

dropped.

[assign-queue <queue-id>] Specifies the assign-queue, which is the queue identifier to which

packets matching this rule are assigned.

[{mirror | redirect}

<unit/slot/port>] Specifies the mirror or redirect interface which is the unit/slot/port to

which packets matching this rule are copied or forwarded,

respectively.

Global Config

Format ip access-list <name>

Mode Global Config

Parameter Description

Contents

Main ProSafe Managed Switch Command Line Interface (CLI) User Manual Technical Support Trademarks Statement of Conditions Revision History Contents Chapter 1 Using the Command-Line Interface Chapter 2 Stacking Commands Chapter 3 Switching Commands Chapter 4 Multicast VLAN Registration (MVR) Chapter 5 Routing Commands Chapter 6 IP Multicast Commands Chapter 7 IPv6 Commands Chapter 8 IPv6 Multicast Commands Chapter 9 Quality of Service (QoS) Commands Chapter 10 Power over Ethernet (PoE) Commands Chapter 12 Management Commands Chapter 13 Log Messages Chapter 14 Captive Portal Commands Page Licensing and Command Support Page Command Syntax Command Conventions Common Parameter Values Unit/Slot/Port Naming Convention Using a Commands No Form Managed Switch Modules Command Modes Table 5. CLI Command Modes (Continued) Table 6 explains how to enter or exit each mode. Table 6. CLI Mode Access and Exit Command Completion and Abbreviation exit Table 6. CLI Mode Access and Exit (Continued) CLI Error Messages Table 7. CLI Error Messages CLI Line-Editing Conventions Table 8. CLI Editing Conventions Using CLI Help Accessing the CLI Dedicated Port Stacking stack member switch priority switch renumber movemanagement standby slot set slot disable set slot power reload (Stack) If you supply a value for <unit/slot>, the following additional information appears: show slot This command displays information about all the slots in the system or for a specific slot. show supported cardtype show switch When you specify a value for <unit>, the following information appears: show supported switchtype Stacking Commands stack-port show stack-port This command displays summary stack-port information for all interfaces. This command displays summary data counter information for all interfaces. For Each Interface: show stack-port counters Non-Stop Forwarding Commands nsf no nsf This command disables non-stop forwarding on the stack. show nsf This command displays global and per-unit information on NSF configuration on the stack. initiate failover show checkpoint statistics Use this command to display general information about the checkpoint service operation. This command clears the statistics for the checkpointing process. Example: clear checkpoint statistics Stack Firmware Synchronization Commands boot auto-copy-sw Page show auto-copy-sw Page Port Configuration Commands interface interface vlan interface lag auto-negotiate auto-negotiate all description mtu shutdown shutdown all speed speed all This command sets the speed and duplex setting for all interfaces. show port This command displays port information. show port protocol show port description This command displays the port description for every port. show port status Loopback Interface Commands interface loopback show interface loopback This command displays information about configured loopback interfaces. If you specify a loopback ID, the following information appears: Spanning Tree Protocol (STP) Commands spanning-tree spanning-tree auto-edge spanning-tree bpdufilter spanning-tree bpdufilter default spanning-tree bpduflood spanning-tree bpduguard spanning-tree bpdumigrationcheck spanning-tree configuration name spanning-tree configuration revision spanning-tree edgeport spanning-tree forceversion spanning-tree forward-time spanning-tree guard spanning-tree tcnguard spanning-tree max-age spanning-tree max-hops spanning-tree mst spanning-tree mst instance spanning-tree mst priority spanning-tree mst vlan spanning-tree port mode spanning-tree port mode all spanning-tree edgeport all spanning-tree bpduforwarding show spanning-tree show spanning-tree brief This command displays spanning tree settings for the bridge. The following information appears. show spanning-tree interface show spanning-tree mst port detailed Page tree. The <unit/slot/port> is the desired switch port. In this case, the following are displayed. show spanning-tree mst port summary show spanning-tree mst port summary active show spanning-tree mst summary show spanning-tree summary show spanning-tree vlan This section describes the commands you use to configure VLAN settings. VLAN Commands vlan database network mgmt_vlan vlan vlan acceptframe vlan ingressfilter vlan makestatic vlan name vlan participation vlan participation all vlan port acceptframe all vlan port ingressfilter all vlan port pvid all vlan port tagging all vlan protocol group vlan protocol group name vlan protocol group add protocol protocol group protocol vlan group protocol vlan group all vlan pvid vlan tagging vlan association subnet vlan association mac show vlan show vlan <vlanid> show vlan brief This command displays a list of all configured VLANs. show vlan port This command displays VLAN port information. show vlan association subnet Double VLAN Commands dvlan-tunnel ethertype mode dot1q-tunnel mode dvlan-tunnel show dot1q-tunnel show dvlan-tunnel Voice VLAN Commands voice vlan (Global Config) voice vlan (Interface Config) You can configure Voice VLAN in any of the following ways: voice vlan data priority Use this command to either trust or untrust the data traffic arriving on the Voice VLAN port. show voice vlan When the interface parameter is not specified, only the global mode of the Voice VLAN is displayed. Provisioning (IEEE 802.1p) Commands vlan port priority all vlan priority Protected Ports Commands switchport protected (Global Config) switchport protected (Interface Config) show switchport protected This command displays the status of all the interfaces, including protected and unprotected show interfaces switchport This command displays the status of the interface (protected/unprotected) under the groupid. Private Group Commands switchport private-group private-group name show private-group Private VLAN switchport private-vlan switchport mode private-vlan private-vlan vlan show vlan show interface ethernet <unit/slot/port> switchport GARP Commands set garp timer join set garp timer leave set garp timer leaveall show garp GVRP Commands set gvrp adminmode set gvrp interfacemode show gvrp configuration GMRP Commands set gmrp adminmode set gmrp interfacemode show gmrp configuration show mac-address-table gmrp This command displays the GMRP entries in the Multicast Forwarding Database (MFDB) table. Port-Based Network Access Control Commands clear dot1x statistics This command resets the 802.1x statistics for the specified port or for all ports. clear radius statistics dot1x guest-vlan dot1x initialize dot1x mac-auth-bypass dot1x max-req dot1x max-users dot1x port-control dot1x port-control all dot1x re-authenticate dot1x re-authentication dot1x system-auth-control dot1x timeout dot1x unauthenticated-vlan dot1x user clear dot1x authentication-history dot1x dynamic-vlan enable dot1x system-auth-control monitor show dot1x authentication-history show authentication methods This command displays information about the authentication methods. The following is an example of this command: show dot1x Page Page Page show dot1x clients show dot1x users This command displays 802.1x port security user information for locally configured users. 802.1X Supplicant Commands dot1x pae dot1x supplicant port-control dot1x supplicant max-start dot1x supplicant timeout start-period dot1x supplicant timeout held-period dot1x supplicant timeout auth-period dot1x supplicant user Storm-Control Commands storm-control broadcast storm-control broadcast level storm-control broadcast rate storm-control broadcast (Global) storm-control broadcast level (Global) storm-control broadcast rate (Global) storm-control multicast storm-control multicast level storm-control multicast rate storm-control multicast (Global) storm-control multicast level (Global) storm-control multicast rate (Global) storm-control unicast storm-control unicast level storm-control unicast rate storm-control unicast (Global) storm-control unicast level (Global) storm-control unicast rate (Global) show storm-control Flow Control Commands flowcontrol {symmetric|asymmetric} show flowcontrol Port-Channel/LAG (802.3ad) Commands addport deleteport (Interface Config) deleteport (Global Config) lacp admin key lacp collector max-delay lacp actor admin lacp actor admin key lacp actor admin state individual lacp actor admin state longtimeout lacp actor admin state passive lacp actor port priority lacp actor system priority lacp partner admin key lacp partner admin state individual lacp partner admin state longtimeout lacp partner admin state passive lacp partner port id lacp partner port priority lacp partner system id lacp partner system priority port-channel local-preference port-channel static port lacpmode port lacpmode enable all port lacptimeout (Interface Config) port lacptimeout (Global Config) port-channel adminmode port-channel linktrap notifications for all the port-channel load-balance no port-channel load-balance This command reverts to the default load balancing configuration. port-channel name port-channel system priority show lacp actor show lacp partner The following output parameters are displayed. show port-channel brief For each port-channel the following information is displayed: show port-channel This command displays an overview of all port-channels (LAGs) on the switch. show port-channel system priority Port Mirroring monitor session no monitor show monitor session Static MAC Filtering macfilter macfilter adddest macfilter adddest all macfilter addsrc macfilter addsrc all show mac-address-table static show mac-address-table staticfiltering DHCP L2 Relay Agent Commands dhcp l2relay dhcp l2relay circuit-id vlan dhcp l2relay remote-id vlan dhcp l2relay vlan dhcp l2relay trust show dhcp l2relay all show dhcp l2relay interface Use this command to display DHCP L2 relay configuration specific to interfaces. Example: The following shows example CLI display output for the command. show dhcp l2relay stats interface Use this command to display statistics specific to DHCP L2 Relay configured interface. DHCP Client Commands dhcp client vendor-id-option dhcp client vendor-id-option-string show dhcp client vendor-id-option DHCP Snooping Configuration Commands ip dhcp snooping ip dhcp snooping vlan ip dhcp snooping verify mac-address ip dhcp snooping database ip dhcp snooping database write-delay ip dhcp snooping binding ip verify binding ip dhcp snooping limit ip dhcp snooping log-invalid ip dhcp snooping trust ip verify source show ip dhcp snooping show ip dhcp snooping binding show ip dhcp snooping database Use this command to display the DHCP Snooping configuration related to the database persistency. show ip dhcp snooping interfaces Use this command to show the DHCP Snooping status of the interfaces. show ip dhcp snooping statistics Use this command to list statistics for DHCP Snooping security violations on untrusted ports. clear ip dhcp snooping binding Use this command to clear all DHCP Snooping bindings on all interfaces or on a specific clear ip dhcp snooping statistics Use this command to clear all DHCP Snooping statistics. show ip verify source Dynamic ARP Inspection Commands ip arp inspection vlan ip arp inspection validate ip arp inspection vlan logging ip arp inspection trust ip arp inspection limit ip arp inspection filter arp access-list permit ip host mac host show ip arp inspection show ip arp inspection statistics clear ip arp inspection statistics Use this command to reset the statistics for Dynamic ARP Inspection on all VLANs. show ip arp inspection interfaces show arp access-list IGMP Snooping Configuration Commands set igmp set igmp interfacemode set igmp fast-leave set igmp groupmembership-interval set igmp maxresponse set igmp mcrtrexpiretime set igmp mrouter set igmp mrouter interface set igmp report-suppression set igmp header-validation mac address-table multicast forbidden-unregistered vlan mac address-table multicast forward-unregistered vlan mac address-table multicast forward-all vlan show igmpsnooping When you specify the <unit/slot/port> values, the following information appears: When you specify a value for <vlan_id>, the following information appears: show igmpsnooping mrouter interface This command displays information about statically configured ports. show igmpsnooping mrouter vlan This command displays information about statically configured ports. show mac-address-table igmpsnooping This command displays the IGMP Snooping entries in the MFDB table. show mac address-table multicast filtering Use this command to display the multicast filtering details for a given VLAN. IGMP Snooping Querier Commands set igmp querier set igmp querier query-interval set igmp querier timer expiry set igmp querier version set igmp querier election participate show igmpsnooping querier When you specify a value for <vlanid>, the following additional information appears. MLD Snooping Commands set mld set mld interfacemode set mld fast-leave set mld groupmembership-interval set mld maxresponse set mld mcrtexpiretime set mld mrouter set mld mrouter interface show mldsnooping When you specify the unit/slot/port values, the following information displays. When you specify a value for vlanid, the following information appears. show mldsnooping mrouter interface Use this command to display information about statically configured multicast router attached show mldsnooping mrouter vlan Use this command to display information about statically configured multicast router-attached show mac-address-table mldsnooping MLD Snooping Querier Commands set mld querier no set mld querier set mld querier query_interval no set mld querier query_interval set mld querier timer expiry no set mld querier timer expiry set mld querier election participate no set mld querier election participate show mldsnooping querier Port Security Commands port-security port-security max-dynamic port-security max-static port-security mac-address port-security mac-address move port-security mac-address sticky show port-security show port-security dynamic show port-security static show port-security violation LLDP (802.1AB) Commands lldp transmit lldp receive lldp timers lldp transmit-tlv lldp transmit-mgmt lldp notification lldp notification-interval clear lldp statistics clear lldp remote-data show lldp Use this command to display a summary of the current LLDP configuration. show lldp interface show lldp statistics The table contains the following column headings: show lldp remote-device show lldp remote-device detail show lldp local-device show lldp local-device detail LLDP-MED Commands lldp med lldp med confignotification lldp med transmit-tlv lldp med all lldp med confignotification all lldp med faststartrepeatcount lldp med transmit-tlv all no lldp med transmit-tlv Use this command to remove a TLV. show lldp med Use this command to display a summary of the current LLDP MED configuration. show lldp med interface show lldp med local-device detail This command displays detailed information about the LLDP data a specific interface transmits. Page show lldp med remote-device show lldp med remote-device detail Page Denial of Service Commands dos-control all dos-control sipdip dos-control firstfrag dos-control tcpfrag dos-control tcpflag dos-control l4port dos-control icmp dos-control smacdmac dos-control tcpport dos-control udpport dos-control tcpflagseq dos-control tcpoffset dos-control tcpsyn dos-control tcpsynfin dos-control tcpfinurgpsh dos-control icmpv4 dos-control icmpv6 dos-control icmpfrag show dos-control MAC Database Commands bridge aging-time show forwardingdb agetime This command displays the timeout for address aging. show mac-address-table multicast show mac-address-table stats This command displays the Multicast Forwarding Database (MFDB) statistics. ISDP Commands isdp run isdp holdtime isdp timer isdp advertise-v2 isdp enable clear isdp counters This command clears ISDP counters. clear isdp table This command clears entries in the ISDP table. show isdp show isdp interface This command displays ISDP settings for the specified interface. show isdp entry show isdp neighbors This command displays the list of neighboring devices. show isdp traffic This command displays ISDP statistics. debug isdp packet Priority-Based Flow Control Commands datacenter-bridging priority-flow-control mode priority-flow-control priority show interface priority-flow-control <unit/slot/port>] About MVR MVR Commands mvr mvr group mvr mode mvr querytime mvr vlan mvr immediate mvr type mvr vlan group show mvr show mvr members The following table describes the output parameters. show mvr interface show mvr traffic This command displays global MVR statistics. The following table explains the output parameters. Page Address Resolution Protocol (ARP) Commands arp ip local-proxy-arp ip proxy-arp arp cachesize arp dynamicrenew arp purge arp resptime arp retries arp timeout clear arp-cache clear arp-switch show arp The following are displayed for each ARP entry: show arp brief This command displays the brief Address Resolution Protocol (ARP) table information. show arp switch IP Routing Commands routing ip routing ip address ip address dhcp ip default-gateway release dhcp renew dhcp show dhcp lease ip route ip route default ip route distance ip netdirbcast ip mtu encapsulation clear ip route all clear ip route counters show ip brief show ip interface This command displays all pertinent information about the IP interface. Page show ip interface brief show ip protocols show ip route Page show ip route ecmp-groups show ip route summary Page show ip route preferences show ip stats show routing heap summary Router Discovery Protocol Commands ip irdp ip irdp multicast ip irdp holdtime ip irdp maxadvertinterval ip irdp minadvertinterval ip irdp preference show ip irdp Virtual LAN Routing Commands vlan routing show ip vlan Virtual Router Redundancy Protocol Commands ip vrrp (Global Config) ip vrrp (Interface Config) ip vrrp mode ip vrrp ip ip vrrp authentication ip vrrp preempt ip vrrp priority ip vrrp timers advertise ip vrrp track interface ip vrrp track ip route ip vrrp <vrid> accept-mode no ip vrrp vrid accept-mode show ip vrrp interface stats show ip vrrp show ip vrrp interface show ip vrrp interface brief DHCP and BOOTP Relay Commands bootpdhcprelay cidoptmode bootpdhcprelay maxhopcount bootpdhcprelay minwaittime show bootpdhcprelay IP Helper Commands clear ip helper statistics ip helper-address (Global Config) ip helper enable ip helper-address ip helper-address discard show ip helper-address show ip helper statistics Open Shortest Path First (OSPF) Commands router ospf enable (OSPF) network area (OSPF) ip ospf area 1583compatibility area default-cost (OSPF) area nssa (OSPF) area nssa default-info-originate (OSPF) area nssa no-redistribute (OSPF) area nssa no-summary (OSPF) area nssa translator-role (OSPF) area nssa translator-stab-intv (OSPF) area range (OSPF) area stub (OSPF) area stub no-summary (OSPF) area virtual-link (OSPF) area virtual-link authentication area virtual-link dead-interval (OSPF) area virtual-link hello-interval (OSPF) area virtual-link retransmit-interval (OSPF) area virtual-link transmit-delay (OSPF) auto-cost (OSPF) bandwidth capability opaque clear ip ospf clear ip ospf configuration clear ip ospf counters clear ip ospf neighbor clear ip ospf neighbor interface clear ip ospf redistribution clear ip ospf stub-router default-information originate (OSPF) default-metric (OSPF) distance ospf (OSPF) distribute-list out (OSPF) exit-overflow-interval (OSPF) external-lsdb-limit (OSPF) log-adjacency-changes ip ospf authentication ip ospf cost ip ospf database-filter all out ip ospf dead-interval ip ospf hello-interval ip ospf network ip ospf priority ip ospf retransmit-interval ip ospf transmit-delay ip ospf mtu-ignore router-id (OSPF) redistribute (OSPF) maximum-paths (OSPF) passive-interface default (OSPF) passive-interface (OSPF) timers pacing flood timers pacing lsa-group timers spf trapflags (OSPF) Page show ip ospf This command displays information relevant to the OSPF router. Page Page show ip ospf abr show ip ospf area The following OSPF NSSA specific information displays only if the area is configured as an NSSA: show ip ospf asbr show ip ospf database The information below is only displayed if OSPF is enabled. For each link-type and area, the following information is displayed: show ip ospf database database-summary show ip ospf interface This command displays the information for the IFO object or virtual interface tables. The information below will only be displayed if OSPF is enabled. show ip ospf interface brief This command displays brief information for the IFO object or virtual interface tables. show ip ospf interface stats The command lists the number of OSPF packets of each type sent and received on the show ip ospf neighbor If you specify an IP address for the neighbor router, the following fields display: show ip ospf range show ip ospf statistics show ip ospf stub table show ip ospf traffic show ip ospf virtual-link show ip ospf virtual-link brief OSPF Graceful Restart Commands nsf no nsf nsf restart-interval no nsfrestart-interval nsf helper no nsf helper nsf helper disable nsf [ietf] helper strict-lsa-checking no nsf [ietf] helper strict-lsa-checking max-metric router-lsa OSPF Interface Flap Dampening Commands Dampening show dampening interface show interface dampening Routing Information Protocol (RIP) Commands router rip enable (RIP) ip rip auto-summary default-information originate (RIP) default-metric (RIP) distance rip distribute-list out (RIP) ip rip authentication ip rip receive version ip rip send version hostroutesaccept split-horizon redistribute (RIP) show ip rip This command displays information relevant to the RIP router. show ip rip interface brief show ip rip interface This command displays information related to a particular RIP interface. ICMP Throttling Commands ip unreachables ip redirects ip icmp echo-reply ip icmp error-interval Multicast Commands ip mcast boundary ip multicast ip multicast ttl-threshold ip mroute show ip mcast show ip mcast boundary This command displays all the configured administrative scoped multicast boundaries. show ip mcast interface This command displays the multicast information for the specified interface. show ip mcast mroute show ip mcast mroute group show ip mcast mroute source DVMRP Commands ip dvmrp(Global Config) ip dvmrp metric ip dvmrp trapflags ip dvmrp show ip dvmrp show ip dvmrp interface This command displays the interface information for DVMRP on the specified interface. The following field is displayed only when DVMRP is operational on the interface. The following fields are displayed only if DVMRP is enabled on this interface. show ip dvmrp neighbor show ip dvmrp nexthop show ip dvmrp prune This command displays the table listing the routers upstream prune information. show ip dvmrp route This command displays the multicast routing information for DVMRP. PIM Commands ip pim dense (Global Config) ip pim (Interface Config) ip pim hello-interval show ip pim interface show ip pim neighbor This command displays the neighbor information for PIM on the specified interface. ip pim sparse(Global Config) ip pim bsr-border ip pim bsr-candidate ip pim dr-priority ip pim join-prune-interval ip pim rp-address ip pim rp-candidate ip pim ssm ip pim-trapflags show ip pim Example 1: Example 2: show ip pim ssm This command shows the configured source specific IP multicast addresses. show ip pim bsr-router show ip pim rp-hash This command displays the rendezvous point selected for the specified group address.. show ip pim rp mapping This command displays the mappings for the PIM group to the active rendezvous points.. Example 1: Example 2: Example 3: Internet Group Message Protocol (IGMP) Commands ip igmp ip igmp version ip igmp last-member-query-count ip igmp last-member-query-interval ip igmp query-interval ip igmp query-max-response-time ip igmp robustness ip igmp startup-query-count ip igmp startup-query-interval show ip igmp show ip igmp groups If you use the detail keyword, the following fields appear: If you do not use the detail keyword, the following fields appear: The following fields are not displayed if the interface is not enabled: show ip igmp interface This command displays the IGMP information for the interface. show ip igmp interface membership This command displays the list of interfaces that have registered in the multicast group. If you use the detail keyword, the following fields appear: show ip igmp interface stats IGMP Proxy Commands ip igmp-proxy ip igmp-proxy unsolicit-rprt-interval ip igmp-proxy reset-status show ip igmp-proxy show ip igmp-proxy interface The column headings of the table associated with the interface are as follows: show ip igmp-proxy groups show ip igmp-proxy groups detail Page Tunnel Interface Commands interface tunnel tunnel source tunnel destination tunnel mode ipv6ip show interface tunnel IPv6 Routing Commands ipv6 hop-limit ipv6 unicast-routing ipv6 enable ipv6 address ipv6 address autoconfig ipv6 address dhcp ipv6 route ipv6 route distance ipv6 mtu ipv6 nd dad attempts ipv6 nd managed-config-flag ipv6 nd ns-interval ipv6 nd other-config-flag ipv6 nd ra-interval ipv6 nd ra-lifetime ipv6 nd reachable-time ipv6 nd suppress-ra ipv6 nd router-preference ipv6 unreachables ipv6 icmp error-interval show ipv6 brief Use this command to display the IPv6 status of forwarding mode and IPv6 unicast routing mode. show ipv6 interface If you specify an interface, the following information also appears. If an IPv6 prefix is configured on the interface, the following information also appears. show ipv6 neighbor clear ipv6 neighbors show ipv6 route Page show ipv6 route ecmp-groups show ipv6 route preferences show ipv6 route summary The following example shows CLI display output for the command. show ipv6 vlan This command displays IPv6 VLAN routing interface addresses. The rest of the output for this command is displayed in a table with the following column headings: show ipv6 traffic Page Page clear ipv6 route counters clear ipv6 statistics OSPFv3 Commands ipv6 ospf ipv6 ospf area ipv6 ospf cost ipv6 ospf dead-interval ipv6 ospf hello-interval ipv6 ospf mtu-ignore ipv6 ospf network ipv6 ospf priority ipv6 ospf retransmit-interval ipv6 ospf transmit-delay ipv6 router ospf area default-cost (OSPFv3) area nssa (OSPFv3) area nssa default-info-originate (OSPFv3) area nssa no-redistribute (OSPFv3) area nssa no-summary (OSPFv3) area nssa translator-role (OSPFv3) area nssa translator-stab-intv (OSPFv3) area range (OSPFv3) area stub (OSPFv3) area stub no-summary (OSPFv3) area virtual-link (OSPFv3) area virtual-link dead-interval (OSPFv3) area virtual-link hello-interval (OSPFv3) area virtual-link retransmit-interval (OSPFv3) area virtual-link transmit-delay (OSPFv3) auto-cost (OSPFv3) clear ipv6 ospf clear ipv6 ospf configuration clear ipv6 ospf counters clear ipv6 ospf neighbor clear ipv6 ospf neighbor interface clear ipv6 ospf redistribution default-information originate (OSPFv3) default-metric (OSPFv3) distance ospf (OSPFv3) enable (OSPFv3) exit-overflow-interval (OSPFv3) external-lsdb-limit (OSPFv3) maximum-paths (OSPFv3) passive-interface default (OSPFv3) passive-interface (OSPFv3) redistribute (OSPFv3) router-id (OSPFv3) trapflags (OSPFv3) Table 2. Trapflag Groups (OSPFv3) To enable all the flags, give the command as trapflags all. show ipv6 ospf This command displays information relevant to the OSPF router. Page Page show ipv6 ospf abr show ipv6 ospf area The following OSPF NSSA specific information displays only if the area is configured as an NSSA. show ipv6 ospf asbr show ipv6 ospf database show ipv6 ospf database database-summary show ipv6 ospf interface This command displays the information for the IFO object or virtual interface tables. The following information only displays if OSPF is initialized on the interface: show ipv6 ospf interface brief This command displays brief information for the IFO object or virtual interface tables. show ipv6 ospf interface stats show ipv6 ospf neighbor If you specify an IP address for the neighbor router, the following fields display: show ipv6 ospf range show ipv6 ospf stub table show ipv6 ospf virtual-link show ipv6 ospf virtual-link brief This command displays the OSPFV3 Virtual Interface information for all areas in the system. OSPFv3 Graceful Restart Commands nsf (OSPFv3) no nsf [ietf] (OSPFv3) nsf helper (OSPFv3) nsf ietf helper disable (OSPFv3) no nsf helper (OSPFv3) nsf helper strict-lsa-checking (OSPFv3) no nsf [ietf] helper strict-lsa-checking (OSPFv3) nsf restart-interval (OSPFv3) DHCPv6 Commands service dhcpv6 ipv6 dhcp server ipv6 dhcp relay destination ipv6 dhcp pool domain-name (IPv6) dns-server (IPv6) prefix-delegation (IPv6) show ipv6 dhcp show ipv6 dhcp statistics Page show ipv6 dhcp interface clear ipv6 dhcp show ipv6 dhcp pool This command displays configured DHCP pool. show ipv6 dhcp binding This command displays configured DHCP pool. Page IPv6 Multicast Forwarder Commands show ipv6 mroute show ipv6 mroute group show ipv6 mroute source IPv6 PIM Commands ipv6 pim dense(Global Config) ipv6 pim (Interface Config) ipv6 pim hello-interval no ipv6 pim hello-interval Use this command to set the PIM hello interval to the default value. show ipv6 pim Use this command to display PIM Global Configuration parameters and PIM interface status. show ipv6 pim neighbor show ipv6 pim interface ipv6 pim bsr-border no ipv6 pim bsr-border Use this command to disable the interface from being the BSR border. ipv6 pim bsr-candidate Use this command to configure the router to announce its candidacy as a bootstrap router (BSR). ipv6 pim dr-priority ipv6 pim join-prune-interval ipv6 pim rp-address ipv6 pim rp-candidate ipv6 pim ssm show ipv6 pim bsr-router show ipv6 pim rp-hash show ipv6 pim rp mapping IPv6 MLD Commands ipv6 mld router ipv6 mld query-interval ipv6 mld query-max-response-time ipv6 mld last-member-query-interval ipv6 mld last-member-query-count show ipv6 mld groups The following fields are displayed as a table when <unit/slot/port> is specified. The following table is displayed to indicate all the sources associated with this group. show ipv6 mld interface Use this command to display MLD-related information for the interface. The following information is displayed for each of the interfaces or for only the specified The following information is displayed if the operational mode of the MLD interface is enabled. show ipv6 mld traffic Use this command to display MLD statistical information for the router. IPv6 MLD-Proxy Commands ipv6 mld-proxy ipv6 mld-proxy unsolicit-rprt-interval ipv6 mld-proxy reset-status show ipv6 mld-proxy show ipv6 mld-proxy interface The column headings of the table associated with the interface are as follows: show ipv6 mld-proxy groups Use this command to display information about multicast groups that the MLD-Proxy reported. show ipv6 mld-proxy groups detail Use this command to display information about multicast groups that MLD-Proxy reported. Page Class of Service (CoS) Commands classofservice dot1p-mapping classofservice ip-dscp-mapping classofservice trust cos-queue min-bandwidth cos-queue strict cos-queue random-detect no cos-queue random-detect random-detect exponential weighting-constant no random-detect exponential weighting-constant random-detect queue-parms traffic-shape show classofservice dot1p-mapping show classofservice ip-precedence-mapping show classofservice ip-dscp-mapping show classofservice trust show interfaces cos-queue If you specify the interface, the command also displays the following information. Differentiated Services (DiffServ) Commands diffserv DiffServ Class Commands class-map class-map rename match ethertype match any match class-map match cos match secondary cos match ip6flowlbl match destination-address mac match dstip match dstip6 match dstl4port match ip dscp match ip precedence match ip tos match protocol match source-address mac match srcip match srcip6 match srcl4port match vlan match secondary-vlan DiffServ Policy Commands assign-queue drop mirror redirect conform-color class mark cos mark cos-as-sec-cos mark ip-dscp mark ip-precedence police-simple police-two-rate policy-map policy-map rename DiffServ Service Commands service-policy DiffServ Show Commands show class-map If the class-name is specified the following fields are displayed: show diffserv show policy-map If the Policy Name is specified the following fields are displayed: Page show diffserv service show diffserv service brief show policy-map interface show service-policy MAC Access Control List (ACL) Commands mac access-list extended mac access-list extended rename {deny | permit} (MAC ACL) The time-range parameter allows imposing time limitation on the MAC ACL rule as Page mac access-group show mac access-lists IP Access Control List (ACL) Commands access-list ip access-list ip access-list rename {deny | permit} (IP ACL) ip access-group acl-trapflags show ip access-lists show access-lists IPv6 Access Control List (ACL) Commands ipv6 access-list ipv6 access-list rename {deny | permit} (IPv6) ipv6 traffic-filter show ipv6 access-lists Time Range Commands for Time-Based ACLs time-range absolute periodic periodic {start|end} time show time-range AutoVOIP auto-voip {protocol-based | oui-based} auto-voip oui auto-voip vlan auto-voip oui-based priority auto-voip protocol-based {remark | traffic-class} show auto-voip interface show auto-voip oui-table iSCSI Commands iscsi enable iscsi target port iscsi cos iscsi aging time no iscsi aging time This command is to reset the aging time to the default. show iscsi This command displays the iSCSI settings. The following example displays the iSCSI settings. show iscsi sessions The show iscsi sessions Privileged EXEC mode command displays the iSCSI sessions. The following example displays the iSCSI sessions. About PoE PoE Commands poe poe detection poe high-power poe power limit poe power management poe priority poe reset poe timer schedule name poe usagethreshold poe traps Power over Ethernet (PoE) Commands ProSafe Managed Switch no poe traps Use this command to disable logging the PoE traps. show poe Use this command to get global information regarding the PoE status. show poe port configuration Power over Ethernet (PoE) Commands ProSafe Managed Switch show poe port info Example: (switch) #show poe port info all show poe pd Page Auto Install Commands show autoinstall boot host auto-save boot autoinstall start boot autoinstall stop boot host retry-count boot host dhcp Dual Image Commands delete boot system show bootvar filedescr update bootcode System Information and Statistics Commands show arp switch show eventlog show hardware show version show interface The display parameters, when the argument is <unit/slot/port>, are as follows: The display parameters, when the argument is switchport are as follows: show interface counters This command reports key summary statistics for all ports (physical, CPU, and port-channel). show interface ethernet When you specify a value for unit/slot/port, the command displays the following information. Page Page Page If you use the switchport keyword, the following information appears. Page show mac-addr-table process cpu threshold show process cpu Note: It is not necessarily the traffic to the CPU, but different tasks that keep the CPU busy. The following shows example CLI display output. show mbuf total This command shows the total system buffer pools status. The following shows an example of CLI display output for the command. show running-config show running-config interface show sysinfo show tech-support show tech-support techsupport length terminal length show terminal length memory free low-watermark processor Logging Commands logging buffered logging buffered wrap logging cli-command logging console logging host logging host remove logging syslog logging syslog source-interface show logging show logging buffered This command displays buffered logging (system startup and system operation logs). show logging hosts This command displays all configured logging hosts. show logging traplogs This command displays SNMP trap events and statistics. logging persistent Email Alerting and Mail Server Commands logging email logging email urgent logging email message-type to-addr logging email from-addr logging email message-type subject logging email logtime logging traps no logging traps This command resets the SNMP trap logging severity level to the default value. logging email test message-type This command sends an email to the SMTP server to test the email alerting function. show logging email config This command displays information about the email alert configuration. show logging email statistics clear logging email statistics mail-server security port username password show mail-server config System Utility and Clear Commands traceroute The following are examples of the CLI command. traceroute Success: traceroute Failure: traceroute ipv6 clear config clear eventlog clear mac-addr-table clear logging buffered clear counters clear igmpsnooping clear pass clear port-channel clear traplog enable password logout ping The following are examples of the CLI command. ping success: ping failure: ping ipv6 ping ipv6 interface quit reload save copy Page Page write memory Simple Network Time Protocol (SNTP) Commands sntp broadcast client poll-interval sntp client mode sntp client port sntp unicast client poll-interval sntp unicast client poll-timeout sntp unicast client poll-retry sntp server clock timezone clock set clock summer-time recurring clock summer-time date no clock summer-time Use the no clock summer-time command to reset the summertime offset. For example: console(config)#no clock summer-time show sntp This command is used to display SNTP settings and status. show sntp server This command is used to display SNTP server settings and configured servers. For each configured server: show clock DHCP Server Commands ip dhcp pool client-identifier client-name default-router dns-server hardware-address host lease network (DHCP Pool Config) bootfile domain-name netbios-name-server netbios-node-type next-server option ip dhcp excluded-address ip dhcp ping packets service dhcp ip dhcp bootp automatic ip dhcp conflict logging clear ip dhcp binding clear ip dhcp server statistics clear ip dhcp conflict show ip dhcp binding show ip dhcp global configuration show ip dhcp pool configuration The following additional field is displayed for Dynamic pool type: The following additional fields are displayed for Manual pool type: show ip dhcp server statistics This command displays DHCP server statistics. Message Received: Message Sent: show ip dhcp conflict DNS Client Commands ip domain lookup ip domain name ip domain list ip name server ip host ipv6 host ip domain retry ip domain timeout clear host show hosts Packet Capture Commands capture {start|stop} capture {file|remote|line} no capture Use this command to reset the capture mode to remote mode. capture remote port no capture remote port Use this command to reset the remote port to the default (2002). capture file size capture line wrap Serviceability Packet Tracing Commands debug arp debug auto-voip debug clear debug console debug dhcp packet debug dot1x packet debug igmpsnooping packet debug igmpsnooping packet transmit debug igmpsnooping packet receive debug ip acl debug ip dvmrp packet debug ip igmp packet debug ip mcache packet debug ip pimdm packet debug ip pimsm packet debug ip vrrp debug ipv6 dhcp debug ipv6 mcache packet debug ipv6 mld packet debug ipv6 pimdm packet debug ipv6 pimsm packet debug lacp packet debug mldsnooping packet debug ospf packet DB_DSCR packet field definitions: debug ipv6 ospfv3 packet debug ping packet A sample output of the trace message is shown below. no debug ping packet This command disables tracing of ICMP echo requests and responses. debug rip packet A sample output of the trace message is shown below. no debug rip packet This command disables tracing of RIP requests and responses. debug sflow packet Use this command to enable sFlow debug packet trace. debug spanning-tree bpdu debug spanning-tree bpdu receive debug spanning-tree bpdu transmit debug aaa accounting debug aaa authorization Cable Test Command cablestatus sFlow Commands sflow receiver no sflow receiver Use this command to set the sFlow collector parameters back to the defaults. sflow sampler sflow poller no sflow poller Use this command to reset the sFlow poller instance to the default settings. show sflow agent show sflow pollers Use this command to display the sFlow polling instances created on the switch. Use - for range. show sflow receivers Use this command to display configuration information related to the sFlow receivers. show sflow samplers Software License Commands show license show license features This command displays the features that are licensed on the switch IP Address Conflict Commands ip address-conflict-detect run show ip address-conflict clear ip address-conflict-detect Link Local Protocol Filtering Commands llpf blockall no llpf show llpf interface all RMON Stats and History Commands RFC 2819 RFC 3273 RFC 3434 rmon alarm rmon hcalarm no rmon hcalarm This command deletes the rmon hcalarm entry. rmon event This command sets the rmon event entry in the RMON event mib group. rmon collection history show rmon show rmon collection history show rmon events show rmon history show rmon log show rmon statistics interface show rmon {hcalarms | hcalarm <alarm index>} UDLD Commands udld enable udld message time udld timeout interval udld enable udld port udld reset This command resets all interfaces that have been shutdown by UDLD. show udld This command displays the global settings of UDLD. Page Page Configuring the Switch Management CPU ezconfig The following is an example of an ezconfig session. Network Interface Commands enable (Privileged EXEC access) network parms network protocol network mac-address network mac-type network javamode show network The following shows example CLI display output for the network port. Console Port Access Commands configuration line serial baudrate serial timeout login authentication enable authentication show serial Use this command to display serial communication settings for the switch. Telnet Commands ip telnet server enable telnet transport input telnet transport output telnet session-limit session-timeout telnetcon maxsessions telnetcon timeout show telnet show telnetcon Secure Shell (SSH) Commands ip ssh ip ssh protocol ip ssh server enable sshcon maxsessions sshcon timeout show ip ssh Management Security Commands crypto certificate generate crypto key generate rsa crypto key generate dsa Hypertext Transfer Protocol (HTTP) Commands ip http server ip http secure-server ip http java ip http session hard-timeout ip http authentication ip http session maxsessions ip http session soft-timeout ip http secure-session maxsessions ip http secure-session soft-timeout ip http secure-session hard-timeout ip https authentication ip http secure-port ip http secure-protocol show ip http Use this command to display the http settings for the switch. Access Commands disconnect show loginsession User Account Commands username username name nopassword username <username> unlock username snmpv3 accessmode username snmpv3 authentication username snmpv3 encryption show users show users accounts show users accounts detail show users long Use this command to display the users full name. show users login-history Use this command to display the users who have logged in previously. passwords min-length passwords history passwords aging passwords lock-out passwords strength-check passwords strength minimum uppercase-letters passwords strength minimum lowercase-letters passwords strength minimum numeric-characters passwords strength minimum special-characters passwords strength maximum consecutive-characters passwords strength maximum repeated-characters passwords strength minimum character-classes passwords strength exclude-keyword no passwords strength exclude-keyword Use this command to remove the exclude-keyword. show passwords configuration Use this command to display the configured password management settings. show passwords result aaa authentication login as the following command: aaa authentication enable aaa authentication dot1x aaa accounting no aaa accounting This command deletes the accounting method list. accounting (Console/Telnet/SSH) ip http/https accounting This command applies user exec accounting list to the line methods HTTP and HTTPs methods. no ip http/https accounting exec This command deletes the authorization method list. show accounting methods This command displays the configured accounting method lists. aaa authorization authorization(console/telnet/ssh) show authorization methods domain-name domain-name enable mac address-table multicast forbidden-unregistered vlan mac address-table multicast forward-unregistered vlan mac address-table multicast forward-all vlan set igmp report-suppression show mac address-table multicast filtering show domain-name aaa ias-user username aaa session-id password (AAA IAS User Configuration) clear aaa ias-users show aaa ias-users SNMP Commands snmp-server snmp-server community snmp-server community ipaddr snmp-server community ipmask snmp-server community mode snmp-server community ro snmp-server community rw snmp-server enable traps violation snmp-server enable traps snmp-server enable traps linkmode snmp-server enable traps multiusers snmp-server enable traps stpmode snmptrap snmptrap snmpversion snmptrap ipaddr snmptrap mode snmp trap link-status snmp trap link-status all show snmpcommunity show snmptrap The following shows an example of the CLI command. show trapflags RADIUS Commands authorization network radius radius accounting mode radius server attribute radius server host Page radius server key radius server msgauth radius server primary radius server retransmit radius server timeout show radius Use this command to display the values configured for the global parameters of the RADIUS client. show radius servers show radius accounting Use this command to display a summary of configured RADIUS accounting servers. show radius accounting statistics Use this command to display a summary of statistics for the configured RADIUS accounting servers. Page show radius statistics Use this command to display the summary statistics of configured RADIUS Authenticating servers. TACACS+ Commands debug tacacs packet tacacs-server host tacacs-server key tacacs-server keystring tacacs-server source interface tacacs-server timeout key port priority timeout show tacacs Configuration Scripting Commands script apply script delete script list script show script validate Pre-Login Banner and System Prompt Commands copy (pre-login banner) set prompt set clibanner Switch Database Management (SDM) Templates sdm prefer sdm prefer (Mixed Stacking) show sdm prefer IPv6 Management Commands network ipv6 enable network ipv6 address Disable the dhcpv6 client protocol on the network port (with the dhcp option). network ipv6 gateway no network ipv6 gateway Use this command to remove IPv6 gateways on the network port interface. show network ndp Use this command to display NDP cache information for the network port. The following shows sample CLI display output for the command: show network ipv6 dhcp statistics The following example shows CLI display output for the command: clear network ipv6 dhcp statistics Use this command to clear the DHCPv6 statistics on the network management interface. Page Core Table 3. BSP Log Messages Table 4. NIM Log Messages Table 5. System Log Messages Utilities Table 6. Trap Mgr Log Message Table 7. DHCP Filtering Log Messages Table 8. NVStore Log Messages Table 9. RADIUS Log Messages Management Table 10. TACACS+ Log Messages Table 11. LLDP Log Message Table 12. SNTP Log Message Table 13. SNMP Log Message Table 14. EmWeb Log Messages Table 15. CLI_UTIL Log Messages Table 16. WEB Log Messages Table 17. CLI_WEB_MGR Log Messages Table 18. SSHD Log Messages Table 19. SSLT Log Messages Table 18. SSHD Log Messages Switching Table 20. User_Manager Log Messages Table 21. Protected Ports Log Messages Table 22. IP Subnet VLANS Log Messages Table 23. Mac-based VLANs Log Messages Table 24. 802.1x Log Messages Table 25. IGMP Snooping Log Messages Table 23. Mac-based VLANs Log Messages Table 26. GARP/GVRP/GMRP Log Messages Table 25. IGMP Snooping Log Messages Table 27. 802.3ad Log Messages Table 28. FDB Log Message Table 29. Double VLAN Tag Log Message Table 30. IPv6 Provisioning Log Message Table 31. MFDB Log Message Table 32. 802.1Q Log Messages accessing DOT1Q config data for interface %d in dot1qMapIntfIsConfigurable. Table 33. 802.1S Log Messages Table 34. Port Mac Locking Log Message QoS Table 35. Protocol-based VLANs Log Messages Table 36. ACL Log Messages Table 37. CoS Log Message Routing/IPv6 Routing Table 38. DiffServ Log Messages Table 39. DHCP Relay Log Messages Table 40. OSPFv2 Log Messages Table 41. OSPFv3 Log Messages Table 40. OSPFv2 Log Messages (Continued) Table 42. Routing Table Manager Log Messages Table 43. VRRP Log Messages Table 44. ARP Log Message Multicast Table 45. RIP Log Message Table 46. DHCP6 Log Message Table 47. Cache Log Messages Table 48. IGMP Log Messages Table 49. IGMP-Proxy Log Messages Table 50. PIM-SM Log Messages Stacking Table 51. PIM-DM Log Messages Table 52. DVMRP Log Messages Table 53. EDB Log Message Technologies Page O/S Support Table 55. OSAPI Log Messages Table 55. OSAPI Log Messages (Continued) Captive Portal Global Commands captive-portal Use this command to enter the captive portal configuration mode. enable http port https port authentication timeout show captive-portal show captive-portal status Use this command to report the status of all captive portal instances in the system. Captive Portal Configuration Commands configuration (Captive Portal) enable (Instance) name protocol verification group redirect (Captive Portal) redirect-url max-bandwidth-down max-bandwidth-up network. The rate is Use this command to reset the maximum rate to the default max-input-octets max-output-octets max-total-octets session-timeout (Captive Portal) idle-timeout locale interface (Captive Portal) block Captive Portal Status Commands show captive-portal configuration show captive-portal configuration interface If the interface is specified. The following term will be displayed. show captive-portal configuration status If the interface is specified, the following terms are displayed. show captive-portal configuration locales show captive-portal trapflags Captive Portal Client Connection Commands show captive-portal client status If the macaddr is specified, the following terms are displayed. show captive-portal client statistics show captive-portal interface client status If the interface is specified, the following terms are displayed. (switch) show captive-portal configuration client status If the CP ID is specified, the following terms are displayed. captive-portal client deauthenticate Use this command to deauthenticate a specific captive portal client. The the Client MAC address. Captive Portal Interface Commands The following section describes captive portal interface commands. show captive-portal interface configuration status Captive Portal Local User Commands user password user name user group user session-timeout user idle-timeout Use this command to set the session idle timeout value for a captive portal user. user max-bandwidth-down user max-bandwidth-up user max-input-octets user max-output-octets user max-total-octets show captive-portal user clear captive-portal users Use this command to delete all captive portal user entries. Captive Portal User Group Commands user group (Create) user group name user group rename 15. Command List