SWTICHconfig# dot1x system-auth-control | Siemens S223, S323

User Manual	UMN:CLI
SURPASS hiD 6615 S223/S323 R1.5

4.5.7Sample Configuration

The following is to show the configuration after configuring pot number 4 as the authenti- cation port and registering IP address of authentication port and information of RADIUS server.

SWTICH(config)# dot1x system-auth-control

SWTICH(config)# dot1x nas-port4

SWTICH(config)# dot1x port-control force-authorized 4

SWTICH(config)# dot1x radius-server host 10.1.1.1 auth-port 4 key test

SWTICH(config)# show dot1x

802.1x authentication is enabled.

RADIUS Server : 10.1.1.1 (Auth key : test)

-------------------------------------------------------

		1	2	3	4
802.1x	123456789012345678901234567890123456789012

-------------------------------------------------------

PortEnable ...p......................................

PortAuthed ...u......................................

MacEnable ..........................................

MacAuthed ..........................................

-------------------------------------------------------

p= port-based, m = mac-based, a = authenticated, u = unauthenticated SWTICH(config)#

The following is configuring a term of re-authentication as 1800 and a tem of re- authentication as 1000 sec.

SWTICH(config)# dot1x timeout quiet-period 1000 4

SWTICH(config)# dot1x timeout reauth-period 1800 4

SWTICH(config)# dot1x reauth-enable 4

SWTICH(config)# show dot1x 4

Port 4

SystemAuthControl : Enabled

ProtocolVersion	: 0
PortControl	: Force-Authorized
PortStatus	: Unauthorized
ReauthEnabled	: True
QuietPeriod	: 1000
ReauthPeriod	: 1800
SWTICH(config)#

The following is an example of showing the configuration after configuring the authentica- tion based on MAC address.

SWTICH(config)# dot1x auth-mode mac-base 4

SWTICH(config)# show dot1x

802.1x authentication is enabled.

RADIUS Server : 10.1.1.1 (Auth key : test)

-------------------------------------------------------

		1	2	3	4
802.1x	123456789012345678901234567890123456789012

-------------------------------------------------------

PortEnable ..........................................

A50010-Y3-C150-2-7619

71

Image 71

Siemens S223, S323 user manual SWTICHconfig# dot1x system-auth-control, SWTICHconfig# dot1x auth-mode mac-base

Contents

A50010-Y3-C150-2-7619 Umncli A50010-Y3-C150-2-7619 Important Notice on Product SafetySurpass hiD 6615 S223/S323 R1.5 Details Reason for UpdateIssue History Summary System software upgrade added Contents 5.2 4.34.4 5.1 12.1 7.17.2 7.3 103 100101 102 127 124125 126 150 Surpass hiD 6615 S223/S323 R1.5 3.1147 149 182 179180 181 6.1 Surpass hiD 6615 S223/S323 R1.5 5.9216 217 247 1.161.17 246 3.8 Surpass hiD 6615 S223/S323 R1.5 3.2268 269 299 295297 298 10.1.1.2 Surpass hiD 6615 S223/S323 R1.5 10.1.1318 10.1.1.1 354 10.2.12353 10.2.13 Illustrations Igmp Snooping and PIM-SM Configuration Network 279 176 TablesTab 171 Tab .1 Overview of Chapters A50010-Y3-C150-2-7619 AudienceDocument Structure Tab .1 briefly describes the structure of this document CE Declaration of Conformity Tab .2 Command Notation of Guide BookDocument Convention Document Notation GPL/LGPL Warranty and Liability Exclusion System Overview IP Routing System FeaturesQuality of Service QoS Multicasting Broadcast Storm Control Spanning Tree Protocol STPLink Aggregation Trunking System Management based on CLI Radius and TACACS+ Command Mode Command Line Interface CLI Shows hiD 6615 S323 software mode structure briefly Tab .1 Main Commands of Privileged Exec View Mode Privileged Exec View ModePrivileged Exec Enable Mode Global Configuration Mode Tab .3 Main Commands of Global Configuration Mode Bridge Configuration Mode Opens Rule Configuration mode Rule Configuration ModeTab .4 Main Commands of Bridge Configuration Mode Command Mode Description Ip dhcp pool Pool Dhcp Configuration ModeDhcp Option 82 Configuration Mode Tab .6 Main Commands of Dhcp Configuration Mode Command Mode Description Interface Interface Interface Configuration ModeRmon Configuration Mode Command Mode Description Router Configuration ModeVrrp Configuration Mode Tab .10 Main Commands of Router Configuration Mode Route-Map Configuration Mode 6615 S223/S323 Listing Available CommandsVariables following after the commands Useful Tips Surpass hiD 6615 S223/S323 R1.5 Calling Command HistoryCommand SWITCH# show clock Using AbbreviationUsing Command of Privileged Exec Enable Mode Tab .13 Command Abbreviation Able mode, you will be logged out Exit Current Command ModeExits to Privileged Exec enable mode Step System LoginSystem Connection Passwd enable 8 Password Password for Privileged Exec ModeCommand Mode Description Passwd enable Password Creating System Account Changing Login PasswordManagement for System Account To display the created account, use the following command Configuring Security Level SWITCH# show list No privilege bgp level Command Mode Description No privilegeNo privilege configure level No privilege rmon-alarm level Shows a configured security level Command Mode Description Show privilege Limiting Number of User Telnet AccessSWITCH# write memory SWITCH# disconnect ttyp0 Auto Log-out System RebootingManual System Rebooting SWITCHconfig# show exec-timeout No auto-reset cpu memory System AuthenticationAuto System Rebooting Auto-reset memory 1-120 Primary Authentication Method Authentication MethodAuthentication Interface Radius Server Priority Radius Server for System AuthenticationTimeout of Authentication Request Radius Server 5.2 Tacacs Server Priority Tacacs Server for System AuthenticationTacacs Server Frequency of Retransmit Command Mode Description Login tacacs timeout Additional TACACS+ ConfigurationTCP Port for the Authentication Authentication Type Start stop both Accounting ModeDisplaying System Authentication Login accounting-mode none Tacacs Sample Configuration Assigning IP Address Disabling Interface Interface Configuration ModeTo enable the interface, use the following command Enabling Interface No ip route IP-ADDRESS/M Static Route and Default GatewayAssigning IP Address to Network Interface Ip address IP-ADDRESS/M Forwarding Information BaseFIB Retain Displaying Forwarding Information BaseFIB Table Show ip interface Interface ② On Interface Configuration ModeDisplaying Interface Show interface Interface SSH Server SSH Secure Shell SSH Client Assigning Specific Authentication KeyLogin to SSH Server 2.3 Configuring Authentication Key Ssh keygen rsa1 rsa dsa Configure the authentication key in the switchConnect to SSH server with the authentication key EAP over LAN EAP over Radius 802.1x AuthenticationServer Suppliant Authenticator Authentication Server Designate as default Response 1 802.1x AuthenticationConfiguring Radius Server Authentication Server Dot1x radius-server host Configuring Authentication ModeCommand Mode Description Dot1x radius-server move IP Command Mode Description Dot1x timeout tx-period Authentication PortForce Authorization Mode Description Dot1x port-control auto force Enabling 802.1x Re-Authentication 2 802.1x Re-Authentication1.7 Configuring Number of Request to Radius Server 1.8 Configuring Interval of Request to Radius Server 2.4 802.1x Re-authentication Configuring the Interval of Re-AuthenticationConfiguring the Interval of Requesting Re-authentication 6 802.1x User Authentication Statistic Initializing Authentication StatusApplying Default Value Displaying 802.1x Configuration SWTICHconfig# dot1x auth-mode mac-base SWTICHconfig# dot1x system-auth-control PortAuthed Show port Ports Port BasicSelecting Port Type Enabling Ethernet Port Ethernet Port ConfigurationTo enable/disable a port, use the following command Command Mode Description Port medium Port sfp rj45 Port speed Ports 10 100 Command Mode Description Port nego Ports on offAuto-negotiation Transmit Rate Half Duplex ModeCommand Mode Description Port duplex Ports full half Flow Control SWITCHbridge# show port description Following is an example of configuring flow control to portTo view description of port, use the following command SWITCHbridge# port flow-control 25 on Packets Statistics SWITCHbridge# show port statistics avg-pktSWITCHbridge# show port statistics rmon Traffic Statistics Protocol statistics To enable/disable protocol statisticsCPU statistics Port Status To display a port status, use the following commandSWITCH# show port Port Mirroring Command Mode Description Mirror add Ports ingress Activate the port mirroring, using the following commandDesignate the monitor port, use the following command Designate the mirrored ports, use the following command Configure the monitor port 1 and mirroring port 2, 3, 4 To disable monitoring function, use the following commandConnect a motoring PC to the monitor port of the switch Enable mirroring function Time and Date Environment ConfigurationHost Name Tab .1 World Time Zone Time ZoneNetwork Time Protocol Tab .1 shows the world time zone Following is an example of releasing NTP and showing it NTP Network Time ProtocolSimple Network Time Protocol Sntp No sntp Terminal ConfigurationTo display Sntp configuration, use the following command DNS Server Login BannerTo restore a default banner, use the following command To set a DNS server, use the following command CPU Load Fan OperationDisabling Daemon Operation System Threshold No threshold Port Ports rx Mode Description Threshold PortPort Traffic Fan Operation Threshold temp Value Value System TemperatureEnabling FTP Server System Memory All Option History router bgp pim rip Configuration ManagementDisplaying System Configuration Assigning IP Address of FTP Client Auto-Saving Saving System ConfigurationSystem Configuration File SWITCH# show running-config syslog SWITCHconfig# copy running-config SURPASShiD6615 Restoring Default ConfigurationTo delete backup file, use the following command Network Connection SWITCHconfig# restore factory-defaultsSystem Management Figured time interval. Default is 2 seconds Data pattern 0xABCD Type of serviceItems Description Source address or interface Set DF bit in IP header? no IP Source Routing A50010-Y3-C150-2-7619 IP Icmp Source-Routing Following is the basic information to trace packet routes Tracing Packet Route MAC Table Displaying User Connecting to SystemSWITCH# traceroute System Information Configuring Ageing timeSWITCH# show uptime Running Time of System Running Process System Memory InformationCPU packet limit Average of CPU Load Displaying System Image Displaying Installed OSDefault OS A50010-Y3-C150-2-7619 103 Switch StatusTech Support Ber of display lines of terminal screen No snmp community ro rw Community Command Mode Description Snmp community ro rw CommunitySimple Network Management Protocol Snmp Snmp Community A50010-Y3-C150-2-7619 105 Information of Snmp AgentFollowing is an example of creating 2 Snmp communities Snmp Group Following is an example of configuring Snmp com2secSWITCHconfig# show snmp com2sec Snmp Com2sec Following is an example of creating an Snmp view record Permission to Access Snmp View RecordSWITCHconfig# snmp view Test included Snmp View Record Snmp Version 3 User Lowing commandTo display Snmp version 3 user, use the following command Snmp access Snmp Trap Host Snmp Trap ModeTo set an Snmp trap host, use the following command To select an Snmp trap-mode, use the following command 110 A50010-Y3-C150-2-7619 Enabling Snmp Trap Node To disable Snmp trap, use the following commandDisabling Snmp Trap Displaying Snmp Trap Snmp AlarmEnabling Alarm Notification SWITCHconfig# snmp inform-trap-host To configure a priority of alarm, use the following command Default Alarm SeverityAlarm Severity Criterion 114 A50010-Y3-C150-2-7619 Generic Alarm Severity Critical major minor warning intermedi Adva Alarm SeveritySnmp Alarm-severity adva-if-sfp-mismatch A50010-Y3-C150-2-7619 115 116 A50010-Y3-C150-2-7619 ERP Alarm Severity A50010-Y3-C150-2-7619 117 Displaying Snmp ConfigurationSTP Guard Alarm Severity Disabling Snmp To disable Snmp feature, use the following commandSWITCHconfig# show snmp alarm-history A50010-Y3-C150-2-7619 119 Operation, Administration and Maintenance OAMDisables local OAM OAM Loopback Remote OAM Local OAM ModeOAM Unidirection A50010-Y3-C150-2-7619 121 Displaying OAM ConfigurationTo display OAM configuration, use the following command 122 A50010-Y3-C150-2-7619 Basic TLV Link Layer Discovery Protocol LldpLldp Operation Lldp Operation Type 124 A50010-Y3-C150-2-7619 Interval and Delay TimeLldp Message A50010-Y3-C150-2-7619 125 Displaying Lldp ConfigurationTo display Lldp configuration, use the following command Remote Monitoring Rmon To open RMON-historymode, use the following commandSWITCHconfig# show rmon-history config Command Mode Description Rmon-history Interval of Sample Inquiry Source Port of Statistical DataSubject of Rmon History Number of Sample Data Displaying Rmon History Deleting Configuration of Rmon HistoryActivating Rmon History A50010-Y3-C150-2-7619 129 Rmon AlarmSubject of Rmon Alarm Command Mode Description Rmon-alarm 130 A50010-Y3-C150-2-7619 Object of Sample InquiryAbsolute Comparison and Delta Comparison Upper Bound of Threshold Lower Bound of Threshold Configuring Standard of the First Alarm Rmon Event Activating Rmon AlarmDeleting Configuration of Rmon Alarm Displaying Rmon Alarm Activating Rmon Event Event DescriptionSubject of Rmon Event Event Type Activates Rmon event Deleting Configuration of Rmon EventDisplaying Rmon Event 134 A50010-Y3-C150-2-7619 Syslog Output Level without a Priority To set a syslog output level, use the following commandSyslog Syslog Output Level Log user uucp emerg alert crit err Syslog Output Level with a Priority136 A50010-Y3-C150-2-7619 Local5 local6 local7 lpr mail news sys A50010-Y3-C150-2-7619 137 Facility CodeSyslog Bind Address Displaying Syslog Message Displaying Syslog ConfigurationDebug Message for Remote Terminal Disabling Syslog Rule and QoS How to Operate Rule and QoS 140 A50010-Y3-C150-2-7619 Rule ConfigurationRule Creation Rule Priority A50010-Y3-C150-2-7619 141 Packet Classification Tcp 142 A50010-Y3-C150-2-7619 A50010-Y3-C150-2-7619 143 Rule Action Overwrites 802.1p CoS field in the packet same as IP 144 A50010-Y3-C150-2-7619 Remedy Select another name for the rule e.g. add a prefix Applying RuleModifying and Deleting Rule Displaying Rule 3 QoS Scheduling Algorithm Weighted Round Robin WRRWeighted Fair Queuing WFQ Strict Priority Queuing SP Weighted Fair Queuing 3.3 802.1p Priory-to-queue Mapping Qos Weight Queue Parameter Admin Access RuleTo configure a queue parameter, use the following command To display a configuration of QoS, enter following command Highest Defaul low Command Mode Description Rule Name create adminCommand Mode Description Priority low medium high A50010-Y3-C150-2-7619 151 152 A50010-Y3-C150-2-7619 Match permit Permits a packet Command Mode Description No-match denyCommand Mode Description Apply Applies an admin access rule to the system 154 A50010-Y3-C150-2-7619 Shows a current configuration of a rule A50010-Y3-C150-2-7619 155 NetBIOS FilteringInternet Max Host SWITCHbridge# show netbios-filterMartian Filtering Max New Hosts To display configured max host, use the following commandFollowing is an example of displaying configured max hosts Port Security on Port To configure max new hosts, use the following commandEnable port security on the port Port Security A50010-Y3-C150-2-7619 159 Set the violation mode and the action to be takenSet the maximum number of secure MAC address for the port Enter a secure MAC address for the port Maximum This is an example of configuring port security on portPort Security Aging Port A50010-Y3-C150-2-7619 161 MAC Table Clear mac Name Port Command Mode Description Clear macCommand Mode Description No mac Clear mac Name Adding Policy of MAC Filter Default Policy of MAC FilteringSample Configuration MAC Filtering Displaying MAC Filter Policy Deleting MAC Filter PolicyListing of MAC Filter Policy ARP Table Address Resolution Protocol ARPFollowing is an example of displaying one configuration 166 A50010-Y3-C150-2-7619 Registering ARP TableDisplaying ARP Table A50010-Y3-C150-2-7619 167 To display ARP alias, use the following commandARP Alias ARP Inspection 168 A50010-Y3-C150-2-7619 Proxy-ARP Icmp Message ControlGratuitous ARP Type Value Blocking Echo Reply MessageInterval for Transmit Icmp Message Tab Type Status 172 A50010-Y3-C150-2-7619 Command Mode Description Ip icmp interval rate-limitEnable Shows Icmp interval configuration Global Transmitting Icmp Redirect Message Policy of unreached messages RST ConfigurationIP TCP Flag Control Verifying Packet Dump SYN ConfigurationPacket Dump A50010-Y3-C150-2-7619 175 Packet Dump by ProtocolPacket Dump with Option Option Description Tab .4 shows the options for packet dumpTab .4 Options for Packet Dump 176 A50010-Y3-C150-2-7619 A50010-Y3-C150-2-7619 177 Displaying the usage of the packet routing tableDebug Packet Dump Strengthened Security VlanEnlarged Network Bandwidth Cost-Effective Way Port-Based Vlan Deleting Vlan Creating VlanSpecifying Pvid Assigning Port to Vlan Displaying Vlan Protocol-Based VlanMAC address-based Vlan Macbase MAC-ADDRESS Subnet-based VlanTagged Vlan Vlan Tag Mapping Frames to Vlan Vlan DescriptionDisplaying Vlan Information Tagged QinQTunnel Port Trunk Port Designate the QinQ port Double Tagging ConfigurationTo disable double tagging, use the following command Double Tagging Operation Private Vlan Tpid ConfigurationLayer 2 Isolation Private Vlan Edge No port protected Ports Command Mode Description Port protected PortsPort Isolation Shared Vlan Vlan fid Vlans FID 188 A50010-Y3-C150-2-7619 Vlan Translation Open Rule Configuration mode using rule Name create commandOpen Bridge Configuration mode using the bridge command Sample Configuration 1 Configuring Port-based Vlan Default br2 br3 br4 Sample Configuration 2 Deleting Port-based VlanFollowing is deleting vlan id 3 among configured Vlan Sample Configuration 3 Configuring Protocol-based Vlan SWITCHbridge# vlan dot1q-tunnel enable Sample Configuration 4 Configuring QinQSwitch Sample Configuration 5 Configuring Shared Vlan with FID Link Aggregation SWITCHbridge# vlan add br5 1-42untagged Dstip dstmac Srcdstip Configuring Port TrunkPort Trunk Trunk distmode Disabling Port Trunk Displaying Port Trunk ConfigurationLink Aggregation Control Protocol Lacp Packet Route Configuring LacpActivate Lacp function, using the following command 196 A50010-Y3-C150-2-7619 Operating Mode of Member PortTo disable configuring packets, use the following command A50010-Y3-C150-2-7619 197 Identifying Member Ports within LacpBpdu Transmission Rate Key value of Member Port 198 A50010-Y3-C150-2-7619 Priority of SwitchCommand Mode Description Lacp port priority Ports Priority of Member Port A50010-Y3-C150-2-7619 199 Displaying Lacp ConfigurationTo display a configured LACP, use the following command Spanning-Tree Protocol STP A50010-Y3-C150-2-7619 201 Root SwitchSTP Operation Switch Designated Switch Port Priority Designated Port and Root Port Learning DisabledPort States Listening Rstp Operation Switch B Switch CBackup Port Path Switch D Rapid Network Convergence Bpdu Policy 17 Network Convergence of 802.1w A50010-Y3-C150-2-7619 207 19 Network Convergece of 802.1w 208 A50010-Y3-C150-2-7619 Compatibility with 802.1d Mstp Operation Region B IST Switch D Switch EOperation A50010-Y3-C150-2-7619 211 Configuring STP/RSTP/MSTP/PVSTP/PVRSTP Mode RequiredRegion a IST Path-cost Configuring STP/RSTP/MSTPRoot Switch Activating STP/RSTP/MSTP A50010-Y3-C150-2-7619 213 Port-priorityTab STP Path-cost MST Region A50010-Y3-C150-2-7619 215 Mstp ProtocolPoint-to-point MAC Parameters Edge Ports To delete the edge port mode, use the following command Displaying Configuration A50010-Y3-C150-2-7619 217 Configuring PVSTP/PVRSTPCommand Mode Description Stp pvst enable VLAN-RANGE Activating PVSTP/PVRSTP 218 A50010-Y3-C150-2-7619 Ally. To configure port priority, use the following command6.3 Path-cost 6.4 Port-priority Restarting Protocol Migration Root Guard ConfigurationRoot Guard Hello Time Bridge Protocol Data Unit ConfigurationForward Delay Hello Time Max Age Forward Delay 9.5 Bpdu Filter To delete a configured max age, use the following commandFollowing command 9.4 Bpdu Hop Self Loop Detection Configure the specific port as edge-portConfigure Bpdu Guard 224 A50010-Y3-C150-2-7619 Displaying Bpdu Configuration Backup Route 226 A50010-Y3-C150-2-7619 Mstp ConfigurationSWITCHbridge# stp force-version mstp Internet Virtual Router Redundancy Protocol Vrrp 228 A50010-Y3-C150-2-7619 Configuring VrrpTo delete the Vrrp configuration, use the following command Associated IP Address A50010-Y3-C150-2-7619 229 Access to Associated IP AddressMaster Router and Backup Router SWTICH1config# router vrrp default Layer 3 Switch 2 IP Address 10.0.0.2/24 Vrrp Track Function To configure Vrrp Track, use the following command Authentication Password A50010-Y3-C150-2-7619 233 SWITCHconfig-vrrp#authentication cleartext networkPreempt Following is an example of disabling Preempt Vrrp Statistics Configuration modeRate Limit A50010-Y3-C150-2-7619 235 Configuring Rate LimitTo set a port bandwidth, use the following command 236 A50010-Y3-C150-2-7619 Configuring Flood-GuardFlood Guard A50010-Y3-C150-2-7619 237 Following is an example of configuration to bandwidth asSWITCHbridge# show mac-flood-guard Bandwidth IP Packet Broadcast Dhcp Server or Relay Agent Dynamic Host Configuration Protocol DhcpSaving Cost Efficient IP Management Dhcp Server Range of IP Address Dhcp Pool CreationDhcp Subnet A50010-Y3-C150-2-7619 241 Default GatewayFollowing is an example of specifying the default gateway IP Lease Time 242 A50010-Y3-C150-2-7619 DNS ServerManual Binding Following is an example of specifying a DNS server Recognition of Dhcp Client Domain NameDhcp Server Option Static Mapping Authorized ARP Command Mode Description Ip dhcp arp ping packetCommand Mode Description Ip dhcp arp ping timeout IP Address Validation A50010-Y3-C150-2-7619 245 Ignoring Bootp RequestProhibition of 1N IP Address Assignment Dhcp Packet Statistics 246 A50010-Y3-C150-2-7619 Displaying Dhcp Pool ConfigurationSWITCHconfig# show ip dhcp server statistics Command Mode Description Show ip dhcp pool Pool Relay Agent Information Pattern Dhcp Address Allocation with OptionDhcp Class Capability Dhcp Class Creation No address range A.B.C.D Associating Dhcp ClassRange of IP Address for Dhcp Class Text String A50010-Y3-C150-2-7619 249 Dhcp Lease DatabaseDhcp Database Agent Displaying Dhcp Lease Status PC= Dhcp Client Dhcp Relay AgentDeleting Dhcp Lease Database Dhcp Server Relay Agent Subnet C.D all Packet Forwarding AddressSmart Relay Agent Forwarding Dhcp Option Option 82 Sub-Option Enabling Dhcp Option Option 82 Trust Policy Default Trust PolicyOption 82 Reforwarding Policy Trusted Physical Port To specify a trusted remote ID, use the following commandSimplified Dhcp Option Trusted Remote ID 6.3 Dhcp Class ID Dhcp ClientEnabling Dhcp Client 6.2 Dhcp Client ID A50010-Y3-C150-2-7619 257 Displaying Dhcp Client ConfigurationRequesting Option Forcing Release or Renewal of Dhcp Lease 258 A50010-Y3-C150-2-7619 Dhcp SnoopingEnabling Dhcp Snooping Dhcp Trust State Source MAC Address Verification Mode Description Ip dhcp snooping Limit-leaseDhcp Rate Limit Dhcp Lease Limit 260 A50010-Y3-C150-2-7619 Dhcp Snooping Database AgentSpecifying Dhcp Snooping Database Agent Specifying Dhcp Snooping Binding Entry Source IP Address Filter Displaying Dhcp Snooping ConfigurationIP Source Guard Enabling IP Source Guard Static IP Source Binding Displaying IP Source Guard ConfigurationSource port-security commands together Command Mode Description Ip dhcp verify source Ports Dhcp Server Packet Filtering Command Mode Description Ip dhcp filter-addressDhcp Filtering Dhcp Packet Filtering 264 A50010-Y3-C150-2-7619 Command Mode Description Debug dhcp filterPacket service all Debugging Dhcp ERP Operation Ethernet Ring Protection ERP Normal Node RM Node Normal NodeSend Link Down Message RM Node ERP Domain Configuring ERPLoss of Test Packet Lotp Protected Activation RM NodePort of ERP domain Protected Vlan Test Packet Interval Manual Switch to SecondaryWait-to-Restore Time Learning Disable Time Show erp all DOMAIN-ID Displaying ERP ConfigurationStacking A50010-Y3-C150-2-7619 271 Switch GroupDesignating Master and Slave Switch Designate Mater switch using the following command Disabling Stacking Accessing to Slave Switch from Master SwitchTo disable stacking, use the following command Sample Configuration 1 Configuring Stacking A50010-Y3-C150-2-7619 273 SWITCHA# configure terminalSWITCHAconfig# stack device default SWITCHBconfig# stack device default Ticast dlf Rate Ports Broadcast Storm ControlTo disconnect, input as below Storm-control broadcast mul A50010-Y3-C150-2-7619 275 Command Mode Description Jumbo-frame PortsJumbo-frame Capacity 276 A50010-Y3-C150-2-7619 Blocking Direct BroadcastMaximum Transmission Unit MTU A50010-Y3-C150-2-7619 277 SWITCHconfig-if#show running-config interface Layer 3 Network Layer 2 Network Limitation of Mrib Routing Entry Command Mode Description Ip multicast route-limitMulticast Routing Information Base Enabling Multicast Routing Required 280 A50010-Y3-C150-2-7619 Clearing Mrib InformationClearing Total or Partial Group Entry of Mrib Clearing Statistics of Multicast Routing Table Mrib Debug Displaying Mrib InformationMulticast Time-To-Live Threshold 282 A50010-Y3-C150-2-7619 Multicast Aging Igmp Version Igmp Basic ConfigurationInternet Group Management Protocol Igmp Igmp Version per Interface Igmp Debug Igmp Static Join SettingIgmp Version Removing Igmp Entry Vlan Vlan port Port reporter Igmp Query ConfigurationCommand Mode Description Ip igmp static-group Maximum Number of Groups 286 A50010-Y3-C150-2-7619 Igmp Maximum Response Time A50010-Y3-C150-2-7619 287 Displaying the Igmp ConfigurationIgmp v2 Fast Leave Enabling Igmp Snooping per Vlan Igmp Snooping Basic ConfigurationStep Execute the ip multicast-routing command 3 L2 Mfib Igmp v2 Snooping Enable Igmp snooping on a Vlan interfaceCommand Mode Description Ip igmp snooping vlan Vlans Command Mode Description Show ip igmp snooping Vlan 290 A50010-Y3-C150-2-7619 Igmp v2 Snooping Fast LeaveMulticast Packet A50010-Y3-C150-2-7619 291 To disable Igmp querier, use the following commandIgmp v2 Snooping Querier Enabling Igmp Snooping Querier 292 A50010-Y3-C150-2-7619 Timeout Value of Igmp v2 Snooping Querier’s General QueryTo disable the max-response-time, use the following command Query Interval of Igmp v2 Snooping Querier Last-member-query-interval Igmp v2 Snooping Last-Member-IntervalA50010-Y3-C150-2-7619 293 Vlans querier detail 294 A50010-Y3-C150-2-7619 Configuring Mrouter Port per VlanIgmp v2 Snooping Report Method Mrouter Port Mrouter Port Learning Method Displaying Mrouter ConfigurationMulticast TCN Flooding Nected to on a Vlan interface Command Mode Description Ip igmp snooping tcn query296 A50010-Y3-C150-2-7619 Vlans flood A50010-Y3-C150-2-7619 297 Igmp v3 SnoopingIgmp Snooping Version Join Host Management Immediate Block To display a configuration, use the following commandMulticast Vlan Registration MVR A50010-Y3-C150-2-7619 299 Enabling MVRMVR Group Address MVR IP Address Send and Receive Port 7.5 Displaying MVR ConfigurationIgmp Filtering and Throttling A50010-Y3-C150-2-7619 301 Creating Igmp ProfilePolicy of Igmp Profile Group Range of Igmp Profile 302 A50010-Y3-C150-2-7619 To return to the default setting, use the following commandApplying Igmp Profile to the Filter Port Max Number of Igmp Join Group RPT and SPT PIM-SM Protocol Independent Multicast-Sparse ModeDisplaying Igmp Snooping Table Packet for the request PIM Common Configuration DR Priority PIM-SM and Passive Mode 306 A50010-Y3-C150-2-7619 To configure a query hold time, use the following commandFilters of Neighbor in PIM PIM Hello Query PIM Debug Bootstrap Router BSRTo activate PIM-SM debugging, use the following command BSR and RP Global Clears all RP sets Set RP InformationStatic RP for Certain Group Ip pim bsr-candidate A50010-Y3-C150-2-7619 309 Enabling Transmission of Candidate RP Message Rate Limit of Register Message PIM-SM Registration4.3 4.4 Ignoring RP Priority Source Address of Register Message Configure filtering out multicast sourcesCommand Mode Description Ip pim register-suppression Filters for Register Message from RP 312 A50010-Y3-C150-2-7619 SPT SwitchoverThis command is disabled by default Reachability for PIM Register Process Checksum of Full PIM Register Message PIM Join/Prune InteroperabilityCisco Router Interoperability With older Cisco IOS versions With older Cisco IOS versions, use the following command8.2 Candidate RP Message with Cisco BSR 8.3 Excluding GenID Option PIM Snooping PIM-SSM Group 316 A50010-Y3-C150-2-7619 Displaying PIM-SM Configuration Border Gateway Protocol BGP IP Routing Protocol Enabling BGP Routing Basic ConfigurationConfiguration Type of BGP Disabling BGP Routing Advanced ConfigurationGo back to Global Configuration mode using the exit command As-set summary-only Command Mode Description Aggregate-address A.B.C.D/MSummary of Path Automatic Summarization of Path No bgp deterministic-med Multi-Exit Discriminator MEDChoosing Best Path Bgp deterministic-med Aspath Command Mode Description Bgp bestpath as-path ignoreCommand Mode Description Bgp bestpath compare-confed Selects the best path using the router ID for identical Graceful Restart Configures the router to consider the MED in choosing 324 A50010-Y3-C150-2-7619 IP Address FamilyRestart Time Stalepath Time Peer Group Default RouteBGP Neighbor Force Shutdown To create a BGP Peer Group, use the following commandRoute Map Word shutdown BGP Session ResetSession Reset of All Peers 328 A50010-Y3-C150-2-7619 Session Reset of Peers within Particular AS A50010-Y3-C150-2-7619 329 Session Reset of Specific RouteSession Reset of External Peer 330 A50010-Y3-C150-2-7619 Session Reset of Peer Group A50010-Y3-C150-2-7619 331 Displaying and Managing BGP NEIGHBOR-IP routes 332 A50010-Y3-C150-2-7619 Enabling Ospf Open Shortest Path First Ospf No router ospf Command Mode Description Router ospf334 A50010-Y3-C150-2-7619 Ospf Interface ABR Type ConfigurationCommand Mode Description Network A.B.C.D/M area Compatibility Support 336 A50010-Y3-C150-2-7619 Authentication TypeAuthentication Key A50010-Y3-C150-2-7619 337 Interface Cost Routing Protocol Interval Blocking Transmission of Route Information Database A50010-Y3-C150-2-7619 339 To configure a dead interval, use the following commandTo configure a transmit delay, use the following command 340 A50010-Y3-C150-2-7619 Ospf Maximum Transmission Unit MTUOspf Priority A50010-Y3-C150-2-7619 341 Non-Broadcast NetworkOspf Network Type 342 A50010-Y3-C150-2-7619 Area AuthenticationOspf Area Area 0-4294967295filter-list prefix LIST-NAMEin out Default Cost of AreaArea 0-4294967295filter-list access LIST-NAMEin out No area 0-4294967295filter- list access LIST-NAMEin out No-summary Default-information-originateNot So Stubby Area Nssa No-redistribution Originate To delete configured NSSA, use the following commandOriginate metric Router Configures Nssa with one option A50010-Y3-C150-2-7619 345 C.D/M advertise not Advertise Area RangeShortcut Area 346 A50010-Y3-C150-2-7619 Virtual Link Stub Area 348 A50010-Y3-C150-2-7619 Transmit-delayDead-interval Hello-interval Default MetricTo delete the configuration, use the following command Graceful Restart Support 350 A50010-Y3-C150-2-7619 Grace-periodHelper Metric-type Default RouteOpaque-LSA Support Metric Metric-type Always Route-map MAP-NAME Metric-type Router Deletes the configurationFinding Period Route-map A50010-Y3-C150-2-7619 353 External Routes to Ospf NetworkMetric-type Route-map MAP-NAME External Inter-area Intra-area To delete the default metric, use the following commandRouter Deletes the default metric Ospf Distance A50010-Y3-C150-2-7619 355 To make it as a default, use the following commandHost Route Passive Interface Ospf Monitoring and Management Blocking Routing InformationSummary Routing Information As A.B.C.D To display the Ospf database, use the following commandDisplaying Ospf Protocol Information A50010-Y3-C150-2-7619 357 358 A50010-Y3-C150-2-7619 Command Mode Description Show ip ospf interface Interface A50010-Y3-C150-2-7619 359 Displaying Debugging InformationLimiting Number of Database Overflow database external Command Mode Description Overflow databaseMaximum Process of LSA 360 A50010-Y3-C150-2-7619 A50010-Y3-C150-2-7619 361 To use RIP protocol, you should enable RIPRouting Information Protocol RIP Enabling RIP RIP Neighbor Router Configure the network to operate as RIP RIP Version Redistributing Routing Information Creating available Static Route only for RIP Command Mode Description Route-map TAG deny permit Metrics for Redistributed Routes Routing Information Filtering Administrative DistanceOriginating Default Information Offset List Filtering Access List and Prefix ListDisabling the transmission to Interface Maximum Number of RIP Routes RIP Network TimerUpdate Timeout Split Horizon Authentication KeyTo adjust the timers, use the following command No timers basic Update Time UDP Buffer Size of RIP To disable RIP authentication, use the following commandRestarting RIP 372 A50010-Y3-C150-2-7619 Monitoring and Managing RIP A50010-Y3-C150-2-7619 373 General UpgradeCommand Mode Description Copy ftp tftp os Download 374 A50010-Y3-C150-2-7619 Boot Mode Upgrade A50010-Y3-C150-2-7619 375 To configure a subnet mask, use the following commandTo configure a default gateway, use the following command To the boot mode only 376 A50010-Y3-C150-2-7619 Boot load os1 10.27.41.82 V5212G.3.18.x A50010-Y3-C150-2-7619 377 FTP UpgradeUploads the new system software using the following command 378 A50010-Y3-C150-2-7619 Exit the FTP client using the following commandCommand! For more information, see Section Command Mode Description Exit CoS Class of Service Access Control ListAddress Resolution Protocol Command Line Interface Medium Access Control Internet Service ProviderLoss of Signal Loss of Power Transmission Control Protocol Type of ServiceSpanning Tree Protocol Software