Professional Documents
Culture Documents
www.3Com.com
Part Number: 10014916 Rev. AD
Published: April, 2007
3Com Corporation
350 Campus Drive
Marlborough, MA
USA 01752-3064
Copyright 2006-2007, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any
form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without
written permission from 3Com Corporation.
3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time
without obligation on the part of 3Com Corporation to provide notification of such revision or change.
3Com Corporation provides this documentation without warranty, term, or condition of any kind, either implied or
expressed, including, but not limited to, the implied warranties, terms or conditions of merchantability, satisfactory quality,
and fitness for a particular purpose. 3Com may make improvements or changes in the product(s) and/or the program(s)
described in this documentation at any time.
If there is any software on removable media described in this documentation, it is furnished under a license agreement
included with the product as a separate document, in the hard copy documentation, or on the removable media in a
directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy, please contact 3Com and a copy will
be provided to you.
UNITED STATES GOVERNMENT LEGEND
If you are a United States government agency, then this documentation and the software described herein are provided to
you subject to the following:
All technical data and computer software are commercial in nature and developed solely at private expense. Software is
delivered as Commercial Computer Software as defined in DFARS 252.227-7014 (June 1995) or as a commercial item
as defined in FAR 2.101(a) and as such is provided with only such rights as are provided in 3Coms standard commercial
license for the Software. Technical data is provided with limited rights only as provided in DFAR 252.227-7015 (Nov 1995) or
FAR 52.227-14 (June 1987), whichever is applicable. You agree not to remove or deface any portion of any legend provided
on any licensed program or documentation contained in, or delivered to you in conjunction with, this User Guide.
Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may not be registered
in other countries.
3Com and the 3Com logo are registered trademarks of 3Com Corporation.
Cisco is a registered trademark of Cisco Systems, Inc.
Funk RADIUS is a registered trademark of Funk Software, Inc.
Aegis is a registered trademark of Aegis Group PLC.
Intel and Pentium are registered trademarks of Intel Corporation. Microsoft, MS-DOS, Windows, and Windows NT are
registered trademarks of Microsoft Corporation. Novell and NetWare are registered trademarks of Novell, Inc. UNIX is a
registered trademark in the United States and other countries, licensed exclusively through X/Open Company, Ltd.
IEEE and 802 are registered trademarks of the Institute of Electrical and Electronics Engineers, Inc.
All other company and product names may be trademarks of the respective companies with which they are associated.
ENVIRONMENTAL STATEMENT
It is the policy of 3Com Corporation to be environmentally-friendly in all operations. To uphold our policy, we are committed
to:
Establishing environmental performance standards that comply with national legislation and regulations.
Conserving energy, materials and natural resources in all operations.
Reducing the waste generated by all operations. Ensuring that all waste conforms to recognized environmental standards.
Maximizing the recyclable and reusable content of all products.
Ensuring that all products can be recycled, reused and disposed of safely.
Ensuring that all products are labelled according to recognized environmental standards.
Improving our environmental record on a continual basis.
End of Life Statement
3Com processes allow for the recovery, reclamation and safe disposal of all end-of-life electronic components.
Regulated Materials Statement
3Com products do not contain any hazardous or ozone-depleting material.
CONTENTS
ABOUT THIS GUIDE
About This Software Version 3
Organization of the Manual 3
Intended Readership 3
Conventions
3
Related Manuals 4
Alphebetical Listing of Commands
13
NUMERICSCOMMANDS BY FUNCTION
Commands by Function
845
CONTENTS
This guide describes the command line interface (CLI) configuration commands
used to control the 3Com Switch 4200G Family of switches.
The software in the 3Com Switch 4200G Family is a subset of that used in some
other 3Com products. Depending on the capabilities of your hardware platform,
some commands described in this guide may not be available on your Switch,
although the unavailable commands may still display on the command line
interface (CLI). If you try to use an unavailable command, an error message
displays.
CAUTION: Any command that displays on the CLI, but is not described in this
guide, is not supported in Version #.# software. 3Com only supports the
commands described in this guide. Other commands may result in the loss of data,
and are entered at the users risk.
Organization of the
Manual
The 3Com Switch 4200G Family Command Reference Guide list all commands in
alphabetical order. A index of commands organized by function is provided at the
end of this document.
Intended Readership
Conventions
Network administrators
Network engineers
Notice Type
Description
Information note
Caution
Warning
Description
When you see the word enter in this guide, you must type something,
and then press Return or Enter. Do not press Return or Enter when an
instruction simply says type.
Fixed command
text
This typeface indicates the fixed part of a command text. You must type
the command, or this part of the command, exactly as shown, and press
Return or Enter when you are ready to enter the command.
Example: The command display history-command must be entered
exactly as shown.
Variable
command text
This typeface indicates the variable part of a command text. You must type
a value here, and press Return or Enter when you are ready to enter the
command.
Example: in the command super level, a value in the range 0 to 3 must
be entered in the position indicated by level
{ x | y | ... }
[]
Related Manuals
The 3Com Switch 4200G Family Getting Started Guide provides information about
installation.
The 3Com Switch 4200G Family Configuration Guide provides information about
configuring your network using the commands described in this guide.
ALPHABETICAL LISTING OF
COMMANDS
Alphebetical Listing of
Commands
access-limit 14
accounting 15
accounting domain 16
accounting-on enable 17
accounting optional 19
acl 21
acl 22
active region-configuration 24
add-member 25
address-check 26
administrator-address 27
am user-bind 28
apply qos-profile 29
apply qos-profile interface 30
arp check enable 31
arp static 32
arp timer aging 34
ascii 35
attribute 36
authentication 38
authentication-mode 40
authorization 42
auto-build 43
auto-execute command 44
binary 45
black-list add-mac 46
black-list delete-mac 47
boot attribute-switch 48
boot boot-loader 49
boot boot-loader 50
boot boot-loader backup-attribute 51
boot bootrom 52
boot web-package 53
broadcast-suppression 54
build 55
bye 56
bye 57
cd 58
cd 59
cd 60
cdup 61
cdup 62
check region-configuration 63
clock datetime 65
clock summer-time 66
clock timezone 68
close 69
cluster 70
cluster enable 71
cluster-local-user 72
cluster-mac 73
cluster-mac syn-interval 74
cluster-snmp-agent community 75
cluster-snmp-agent group v3 77
cluster-snmp-agent mib-view included 79
cluster-snmp-agent usm-user v3 81
cluster switch-to 83
cluster switch-to sysname 84
command-privilege level 86
copy 87
copy configuration 88
cut connection 89
data-flow-format 91
databits 93
debugging 94
debugging 95
debugging arp packet 96
debugging dhcp client 97
debugging dhcp-relay 98
debugging DLDP 100
debugging ntp-service 101
debugging radius 102
debugging snmp-agent 103
debugging udp-helper 104
delete 105
delete 107
delete 108
delete-member 109
delete static-routes all 110
description 111
description 112
description 113
description 114
dhcp relay information enable 115
dhcp relay information strategy 116
dhcp-security static 117
dhcp-server 118
dhcp-server ip 119
dir 120
dir 122
dir 124
disconnect 125
display acl 126
display am user-bind 127
display arp 128
display arp count 130
display arp timer aging 131
display boot-loader 132
display boot-loader 133
display bootp client 134
display brief interface 135
display channel 137
display clock 138
display cluster 139
display cluster base-topology 141
display cluster black-list 142
display cluster candidates 143
display cluster current-topology 145
display cluster members 147
display connection 149
display cpu 151
display current-configuration 152
display debugging 156
display debugging habp 157
display device 158
display dhcp client 159
display dhcp-security 160
display dhcp-server 161
display dhcp-server interface
vlan-interface 163
display dhcp-snooping 164
display dhcp-snooping 165
display dhcp-snooping trust 166
display dhcp-snooping trust 167
display diagnostic-information 168
491
ntp-service broadcast-client 492
ntp-service broadcast-server 493
ntp-service in-interface disable 494
ntp-service max-dynamic sessions
495
ntp-service multicast-client 496
ntp-service multicast-server 497
ntp-service reliable authentication-keyid 498
ntp-service source-interface 499
ntp-service unicast-peer 500
ntp-service unicast-server 502
open 504
packet-filter 505
packet-filter 506
parity 507
passive 508
password 509
password 510
peer-public-key end 511
ping 512
port 515
port access vlan 516
port hybrid pvid vlan 517
port hybrid vlan 518
port isolate 519
port link-aggregation group 520
port link-type 521
port-security enable 522
port-security intrusion-mode 523
port-security max-mac-count 525
port-security ntk-mode 527
port-security OUI 529
port-security port-mode 530
port-security timer disableport 533
port-security trap 534
port trunk pvid vlan 536
port trunk permit vlan 537
primary accounting 538
primary authentication 540
priority 542
priority trust 543
protocol inbound 545
protocol inbound 546
protocol-priority protocol-type 547
public-key-code begin 548
public-key-code begin 549
time-range 799
timer 801
timer 802
timer quiet 803
timer realtime-accounting 804
timer response-timeout 806
topology accept 807
topology restore-from 808
topology save-to 809
tracemac 810
tracert 811
traffic-limit 813
traffic shape 815
traffic-statistic 816
udp-helper enable 817
udp-helper port 818
udp-helper server 819
undelete 820
user 821
user-interface 822
user-name-format 823
user privilege level 824
verbose 825
virtual-cable-test 826
vlan 828
vlan-assignment-mode 830
vlan-mapping modulo 832
vlan-vpn enable 834
vlan-vpn tpid 835
vlan-vpn tunnel 836
vlan-vpn uplink enable 837
voice vlan 838
voice vlan aging 839
voice vlan enable 840
voice vlan mac-address 841
voice vlan mode 842
voice vlan security enable 843
COMMANDS
Commands
14 access-limit
access-limit
Purpose
Use the access-limit command to set the maximum number of access users that
can be contained in current ISP domain.
Use the undo access-limit command to restore the default maximum number.
Syntax
Parameters
disable
enable max-user-number
Example
To allow ISP domain aabbc.net to contain at most 500 access users, enter the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G]domain aabbc.net
New Domain added.
[S4200G-isp-aabbcc.net] access-limit enable 500
View
Description
This command limits the amount of supplicants contained in the current ISP domain.
Because resource contention may occur between access users, there is a need to
properly limit the number of access users in an ISP domain to provide reliable
performance to the users in the ISP domain.
accounting 15
accounting
Purpose
Use the accounting command to configure an accounting scheme for the current
ISP domain.
Use the undo accounting command to cancel the accounting scheme
configuration of the current ISP domain.
Syntax
Parameters
none
radius-scheme-name
Default
Example
View
Description
When you use the accounting command to specify a RADIUS scheme for the
current ISP domain, the RADIUS scheme must already be defined.
If the accounting command is used in an ISP domain view, the system uses the
scheme specified in this command to charge the users. Otherwise, the system uses
the scheme specified in the scheme command to charge the users.
Related Command
scheme
radius scheme
16 accounting domain
accounting domain
Purpose
Use the accounting domain command to enable the DHCP accounting function.
Use the undo accounting domain command to disable the DHCP accounting
function.
Syntax
Parameters
domain-name
Example
<S4200G> system-view
System View: return to User View with Ctrl+Z.
Enable the DHCP accounting function (assuming that domain 123 already exists).
[S4200G-dhcp-pool-test] accounting domain 123
View
accounting-on enable 17
accounting-on enable
Purpose
Syntax
Parameters
times
interval
Default
Example
To enable the user re-authentication upon device restart function for the RADIUS
scheme named CAMS, enter the following:
<S4200G> system-view
[S4200G] radius scheme CAMS
[S4200G-radius-CAMS] accounting-on enable
View
Description
The purpose of this feature is to resolve the following problem: users cannot re-log
onto the network after the switch reboots because they are already online. After this
feature is enabled, every time the switch reboots:
The switch sends the Accounting-On packet to the CAMS at regular intervals.
18 accounting-on enable
Once the CAMS receives the Accounting-On packet, it sends a response to the
switch. At the same time it finds and deletes the existing online information of the
user who was accessing the network through the switch before the reboot based
on the NAS-ID, NAS-IP and session ID contained in the Accounting-On packet, and
ends the charging of the user according to the last accounting update packet.
Once the switch receives the response from the CAMS, it stops sending other
Accounting-On packets.
If the switch has tried the set maximum times to transmit the Accounting-On
packet but still does not receive any response from the CAMS, it stops the sending
of the Accounting-On packet.
Note: The switch can automatically generate the main attributes (NAS-ID, NAS-IP and
session ID) of the Accounting-On packets. However, you can also manually configure
the NAS-IP attribute with the nas-ip command. When doing this, be sure to
configure a correct and valid IP address. If this attribute is not configured manually,
the switch will automatically select the IP address of the VLAN interface as the NAS-IP
address.
Related Command
nas-ip
accounting optional 19
accounting optional
Purpose
Syntax
accounting optional
undo accounting optional
Parameters
None
Default
Example
To open the accounting-optional switch for the ISP domain named aabbcc.net, enter
the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] domain aabbcc.net
New Domain added.
[S4200G-isp-aabbcc.net] accounting optional
To open the accounting-optional switch for the RADIUS scheme radius1, enter the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] accounting optional
View
Description
Note:
When the system charges an online user but it does not find any available RADIUS
accounting server or fails to communicate with any RADIUS accounting server, the
user can continue the access to network resources if the accounting
optional command has been used, otherwise the user is disconnected from the
system. The accounting optional command is often used in the cases
where only authentication is needed and no accounting is needed.
20 accounting optional
After the accounting optional command is used for a RADIUS scheme, the
system will no longer send real-time accounting update packets and
stop-accounting packets for any user in an ISP domain referencing the RADIUS
scheme.
This configuration takes effect only on the accounting using this RADIUS scheme.
acl 21
acl
Purpose
Use the acl command to reference ACL and implement the ACL control to the
TELNET users.
Use the undo acl command to remove the control from the TELNET users.
Syntax
Parameters
Example
acl-number
inbound
outbound
Apply ACL 2000 to filter users Telneting to the current switch (assuming that ACL
2,000 already exists.).
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] user-interface vty 0 4
[S4200G-ui-vty0-4] acl 2000 inbound
View
22 acl
acl
Purpose
Use the acl command to define an ACL identified by a number, and enter the
corresponding ACL View.
Use the undo acl command to delete all entries of an ACL or to delete all ACLs.
Syntax
Parameters
number acl-number
match-order
config
auto
all
Default
Example
Define rules for ACL 2000, and specify "depth-first" order as the rule match order.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] acl number 2000 match-order auto
[S4200G-acl-basic-2000]
View
Description
System view
After entering the corresponding ACL view, you can use the rule command to add
entries to the ACL.
An ACL supports the following types of match orders:
acl 23
Configured order: ACL rules are matched according to the configured order.
Automatic ordering: ACL rules are matched according to the "depth-first" order
Related Command
rule
24 active region-configuration
active region-configuration
Purpose
Syntax
active region-configuration
Parameters
None
Example
View
Description
This command causes the switch to operate with the new MST region settings, when
spanning trees are regenerated.
Changes of MST region parameters, especially those of the VLAN mapping tables, can
cause MSTP to recalculate the spanning trees, creating network topology jitters across
the network. To reduce network topology jitters caused by configuration changes,
MSTP does not recalculate the spanning trees immediately in response to region
configuration changes. Rather, MSTP brings the configurations into effect only after
you activate the new MST region settings or enable MSTP.
Related Commands
check region-configuration
instance
region-name
revision-level
vlan-mapping modulo
add-member 25
add-member
Purpose
Syntax
Parameters
member-number
H-H-H
password
Example
Add a candidate device to the cluster, setting the member number to 6. (Assume that
the MAC address and user password of the candidate device are 00E0-fc00-35e7 and
123456.)
<aaa_0.S4200G>system-view
System View: return to User View with Ctrl+Z.
[aaa_0.S4200G-cluster]
[aaa_0.S4200G-cluster] add-member 6 mac-address 00E0-fc00-35e7 password
123456
View
Description
Cluster view
26 address-check
address-check
Purpose
Syntax
address-check enable
address-check disable
Parameters
None
Default
Example
View
administrator-address 27
administrator-address
Purpose
Syntax
Parameters
mac-address
name name
Default
Example
View
Description
Cluster view
A cluster contains one (and only one) management device. After rebooting, a
member device identifies the management device by the MAC address of the
management device.
The recommended way to remove a cluster member from a cluster is to execute the
delete-member command on the management device.
28 am user-bind
am user-bind
Purpose
Use the am user-bind command to bind the MAC and IP addresses of a legal user
to a specified port.
Use the undo am user-bind command to cancel the binding.
Syntax
Parameters
Example
mac-address
ip-address
IP address to be bound.
interface-type
interface-number
Bind the legal user whose MAC address is 00e0-fc00-3900 and IP address is
10.153.1.1 to GigabitEthernet1/0/2 port.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] am user-bind mac-addr 00e0-fc00-5100 ip-addr 10.153.1.1
interface GigabitEthernet1/0/2
View
Description
System view
After a binding operation, only the valid user's packets can pass through the port.
You need to specify the bound port if you use this command in system view.
You do not need to specify the bound port if you use this command in Ethernet
port view, because the MAC and IP address will be bound to the current port.
You can bind up to 128 pairs of MAC and IP addresses on a unit. The system allows
only one binding operation for the same MAC address.
apply qos-profile 29
apply qos-profile
Purpose
Use the apply qos-profile command to manually apply the QoS profile to the
current port.
Use the undo apply qos-profile command to manually remove the QoS profile
from a port.
Syntax
Parameters
profile-name
Example
To apply the qos-profile named h3c on the current port manually, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface gigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] apply qos-profile h3c
View
Description
You cannot delete a QoS profile which has been applied to a port. Likewise a profile
has to be created before it can be assigned to a port.
Use the apply qos-profile interface command to manually apply a QoS profile
to one or more consecutive ports.
Use the undo apply qos-profile command to manually remove the configuration
from one or more consecutive ports.
Syntax
Parameters
profile-name
interface interface-type
interface-num [ to
interface interface-type
interface-num ]
Specifies the range of ports. The beginning interface
Example
View
Description
System view
You cannot delete the specific QoS profile that has been applied to the port.
Use the arp check enable command to enable the ARP entry checking function,
that is, to disable a switch from creating multicast MAC address ARP entries for MAC
addresses learned.
Use the undo arp check enable command to disable the ARP entry checking
function. In this case, a switch creates multicast MAC address ARP entries for MAC
addresses learned.
Syntax
Parameters
None
Default
By default, the checking of ARP entry is enabled and the device does not learn the
ARP entry where the MAC address is a multicast MAC address.
Example
To configure to create multicast MAC address ARP entries for MAC addresses learned,
enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] undo arp check enable
View
System view
32 arp static
arp static
Purpose
Use the arp static command to configure the static ARP mapping entries in the ARP
mapping table.
Use the undo arp ip_address command to remove a ARP mapping entry from the
ARP table.
Syntax
Parameters
ip_address
mac_address
vlan_id
interface_type
interface_number
Default
By default, the ARP mapping table is empty, and the Switch uses dynamic ARP to
maintain its address mapping.
Example
To Create a static ARP mapping entry, with the IP address of 202.38.10.2, the MAC
address of 00e0-fc01-0000. The ARP mapping entry belongs to GigabitEthernet1/0/1
port (assuming that GigabitEthernet1/0/1 port belongs to VLAN1), enter following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] arp static 202.38.10.2 00e0-fc01-0000 1 GigabitEthernet1/0/1
View
System view
Description
arp static 33
The system ARP mapping table is empty when a switch is just started. And the
dynamic address mapping entries are generated by ARP.
Note:
Related Commands
Static ARP mapping entries are valid as long as the Ethernet switch operates.
However, an ARP mapping entry is removed if the corresponding VLAN is
removed. By default, a dynamic ARP mapping entry remains valid for 20 minutes.
As for the arp static command, the value of the vlan-id argument must be
the ID of an existing VLAN, and the port identified by the interface-type and
interface-number arguments must belong to the VLAN.
reset arp
display arp
Use the arp timer aging command to configure the aging time for dynamic ARP
mapping entries.
Use the undo arp timer aging command to restore the default aging time.
Syntax
Parameters
aging-time
Default
Example
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] arp timer aging 10
View
Related Command
System view
ascii 35
ascii
Purpose
Use the ascii command to configure data transmission mode as ASCII mode.
Syntax
ascii
Parameters
None
Default
Example
View
Description
Perform this command if the user needs to change the file transmission mode to
default mode.
36 attribute
attribute
Purpose
Use the attribute command to configure attributes of a user whose service type is
lan-access.
Use the undo attribute command to cancel the attributes that have been defined
for this user.
Syntax
Parameters
ip ip-address
mac mac-address
idle-cut second
access-limit
max-user-number
vlan vlan-id
location
nas-ip ip-address
port port-number
Example
attribute 37
View
Related Command
display local-user
38 authentication
authentication
Purpose
Syntax
Parameters
radius-scheme
radius-scheme-name
local
none
Default
Example
View
Description
Related Command
authentication 39
scheme
radius scheme
40 authentication-mode
authentication-mode
Purpose
Syntax
Parameters
password
scheme
none
Default
By default, users logging in through the Console port are not authenticated, whereas
modem users and Telnet users are authenticated.
Example
View
Description
This command configures the authentication method for a user at log in.
If you specify the password keyword to authenticate users using the local
password, remember to set the local password using the set authentication
password { cipher | simple } password command.
If you specify the scheme keyword to authenticate users locally or remotely using
usernames and passwords, the actual authentication mode depends on other
related configuration. Refer to the Security module of this manual for more.
authentication-mode 41
The type of the authentication depends on your network configuration. For further
information, see AAA and RADIUS.
42 authorization
authorization
Purpose
Use the authorization none command to allow users in the current ISP domain
to use network services without being authorized.
Use the undo authorization command to restore the default authorization
scheme of the ISP domain.
Syntax
authorization none
undo authorization
Parameters
None
Default
Example
Allow users in current ISP domain to access the network services without being
authorized.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] domain aabbcc.net
New Domain added.
[S4200G-isp-aabbcc.net] authorization none
View
Related Command
scheme
radius scheme
auto-build 43
auto-build
Purpose
Syntax
auto-build [ recover ]
Parameters
recover
Example
<S4200G>system-view
System View: return to User View with Ctrl+Z
[S4200G] cluster
[S4200G-cluster] auto-build
View
Description
Cluster view
44 auto-execute command
auto-execute command
Purpose
Use the auto-execute command command to set the command that is executed
automatically after a user logs in.
Use the undo auto-execute command command to disable the specified
command from being automatically executed
Syntax
Parameters
text
Default
Example
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] user-interface vty0
[S4200G-ui-vty0] auto-execute command telnet 10.110.100.1
View
Description
binary 45
binary
Purpose
Use the binary command to specify that files be transferred in binary mode. That is,
data is transferred in binary streams.
Syntax
binary
Parameters
None
Example
View
46 black-list add-mac
black-list add-mac
Purpose
Use the black-list add-mac command to add a device into the blacklist.
Syntax
Parameters
mac-address
Example
<S4200G>system-view
System View: return to User View with Ctrl+Z
[S4200G] cluster
[S4200G-cluster] black-list add-mac 0ec0-fc00-0001
View
Description
Cluster view
black-list delete-mac 47
black-list delete-mac
Purpose
Use the black-list delete-mac command to delete a device from the blacklist.
Syntax
Parameters
mac-address
Example
<S4200G>system-view
System View: return to User View with Ctrl+Z
[S4200G] cluster
[S4200G-cluster] black-list delete-mac 0ec0-fc00-0001
View
Description
Cluster view
48 boot attribute-switch
boot attribute-switch
Purpose
Use the boot attribute-switch command to switch between the main and
backup attribute for all the files or a specified type of files. This changes a file with the
main attribute to one with the backup attribute, or vice versa.
Syntax
Parameters
all
app
configuration
web
Example
View
Description
User view
This command changes a file with the main attribute to one with the backup
attribute, or vice versa.
Note:
A configuration file is used to store and restore configuration, with cfg as the
extension.
A Web files is used for Web-based network management, with web as the
extension.
boot boot-loader 49
boot boot-loader
Purpose
Use the boot boot-loader command to configure an app file to be of the main
attribute. The app file specified by this command becomes the main startup file when
the device starts the next time.
Syntax
Parameters
file-url
Example
View
Description
User view
The app file specified by this command becomes the main startup file when the
device starts the next time.
CAUTION:
Make sure the app file to be specified as the most preferred startup file exists before
executing this command.
50 boot boot-loader
boot boot-loader
Purpose
Use the boot boot-loader command to specify the host software that will be
adopted when the current switch or a specified switch in the fabric reboots next time.
Syntax
Parameters
backup-attribute
file-url
device-name
Example
Specify the host software that will be adopted when the current switch reboots next
time.
<S4200G> boot boot-loader PLATV100R002B09D002.bin
The specified file will be booted next time on unit 1!
<S4200G>
View
Description
User view
You can use this command to specify a .bin file in the Flash memory as the host
software to be adopted at reboot.
Syntax
Parameters
file-url
Example
View
Description
User view
The app file specified by this command becomes the backup startup file when the
device starts up the next time. When the main startup file is unavailable, the backup
startup file is used to start the switch.
CAUTION:
Make sure the app file to be specified as the backup startup file exists before
executing this command.
52 boot bootrom
boot bootrom
Purpose
Syntax
Parameters
file-path
device-name
Example
View
User view
boot web-package 53
boot web-package
Purpose
Use the boot web-package command to configure a Web file to be of the main or
backup attribute.
Syntax
Parameters
webfile
main
backup
Example
View
Description
User view
CAUTION:
Make sure the Web file which the webfile argument identifies exists before
executing this command.
The configuration of the main or backup attribute of a Web file takes effect
immediately without restarting the device.
54 broadcast-suppression
broadcast-suppression
Purpose
Syntax
Parameters
ratio
max-pps
Default
Example
Allow the broadcast traffic passing through the Ethernet1/0/1 port to occupy at most
20% of the bandwidth.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface ethernet1/0/1
[S4200G-Ethernet1/0/1] broadcast-suppression 20
View
Description
System view
Once broadcast traffic exceeds the value set by the user, the system maintains an
appropriate broadcast traffic ratio by discarding the overflow traffic, so as to suppress
broadcast storm, avoid network congestion, and ensure normal network services.
build 55
build
Purpose
Use the build command to configure a cluster with the current switch as the
management device. Argument name specifies the name of the cluster.
Use the undo build command to configure the current management device as a
candidate.
Syntax
build name
undo build
Parameters
name
Default
Example
Configure the current switch to be a management device and specify the cluster
name to be 3COM.
<S4200G>system-view
System View: return to User View with Ctrl+Z
[S4200G] cluster
[S4200G-cluster] build 3COM
View
Description
Cluster view
After a cluster is created, the device on which the command is executed becomes the
management device and is assigned a member number of 0.
Executed this command on a management-capable device that does not belong to
any clusters. Running this command on a cluster member will fail. If the current
switch is already the management device of a cluster, whose name is different from
that specified in the command, the command will only set the name of the cluster to
the new one.
The member number of a management device is 0.
56 bye
bye
Purpose
Use the bye command to terminate the connection to the remote SFTP server and
return to system view.
Syntax
bye
Parameters
None
Example
Terminate the connection to the remote SFTP server (assume that the server IP address
is 10.1.1.2).
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] sftp 10.1.1.2
sftp-client> bye
[S4200G]
View
Description
This command has the same function as the exit and quit commands.
bye 57
bye
Purpose
Use the bye command to terminate the control connection and data connection
with the remote FTP server and quit to user view.
Syntax
bye
Parameters
None
Example
Terminate the connections with the remote FTP server and quit to user view.
[ftp] bye
<S4200G>
View
Description
This command has the same effect as that of the quit command.
58 cd
cd
Purpose
Use the cd command to change the current path on the remote SFTP server.
Syntax
cd [ remote-path ]
Parameters
remote-path
Example
sftp-client> cd new1
Current Directory is:
flash:/new1
View
Description
You can use the cd.. command to return to the upper level directory.
You can use the cd / command to return to the root directory of the system (that is,
flash:/).
cd 59
cd
Purpose
Syntax
cd directory
Parameters
directory
Default
Example
<S4200G> cd flash:
<S4200G> pwd
flash:
View
User view
60 cd
cd
Purpose
Use the cd command to change the work path on the remote FTP server.
Syntax
cd pathname
Parameters
pathname
Example
View
Description
cdup 61
cdup
Purpose
Syntax
cdup
Parameters
None
Example
View
62 cdup
cdup
Purpose
Syntax
cdup
Parameters
None
Example
View
check region-configuration 63
check region-configuration
Purpose
revision level
Syntax
check region-configuration
Parameters
None
Example
Vlans Mapped
1 to 9, 11 to 4094
10
Description
Format selector
Region name
Revision level
Instance Vlans Mapped Spanning tree instance-to-VLAN mappings in the MST region
View
Description
You can use this command to find the MST region the switch currently belongs to or
check to see whether or not the MST region-related configuration is correct.
MSTP-enabled switches are in the same region only when they have the same MST
region-related configuration. A switch cannot be in a respected region if any one of
the above three MST region-related settings does not be consistent with that of
another switch in the region.
64 check region-configuration
Related Commands
instance
region-name
revision-level
vlan-mapping modulo
active region-configuration
clock datetime 65
clock datetime
Purpose
Use the clock datetime command to set the current system time and date.
Syntax
Parameters
time
date
Example
Set the current date and time of the Ethernet switch to 0:0:0 2001/01/01.
<S4200G> clock datetime 0:0:0 2001/01/01
View
Related Command
User view
display clock
66 clock summer-time
clock summer-time
Purpose
Use the clock summer-time command to set the name, time range, and offset of
the daylight saving time.
Use the undo clock summer-time command to cancel the setting.
Syntax
Parameters
Example
zone-name
one-off
Sets the daylight saving time for only one year (the
specified year).
repeating
start-time
start-date
end-time
end-date
offset-time
Set the summer time named abc1, which starts from 06:00:00 2005/08/01, ends until
06:00:00 2005/09/01, and is one hour ahead of the standard time.
<S4200G> clock summer-time abc1 one-off 06:00:00 08/01/2005 06:00:00
09/01/2005 01:00:00
Set the summer time named abc2, which starts from 06:00:00 08/01, ends until
06:00:00 09/01, and is one hour ahead of the standard time every year from 2005
on.
<S4200G> clock summer-time abc2 repeating 06:00:00 08/01/2005 06:00:00
09/01/2005 01:00:00
View
User view
Description
clock summer-time 67
After the setting, you can use the display clock command to check the result.
68 clock timezone
clock timezone
Purpose
Use the clock timezone command to set local time zone information.
Use the undo clock timezone command to return to the default, which is
Universal Time Coordinated (UTC).
Syntax
Parameters
Example
zone_name
add
minus
HH:MM:SS
To set the local time zone as zone 5, and configure the local time to be 5 hours ahead
of UTC, enter the following:
<S4200G>clock timezone z5 add 05:00:00
View
User view
Description
Use the display clock command to check the summer time settings.
Related Command
clock summer-time
close 69
close
Purpose
Use the close command to terminate an FTP connection without quitting FTP client
view.
Syntax
close
Parameters
None
Example
View
Description
The close command has the same effect as that of the disconnect command.
70 cluster
cluster
Purpose
Syntax
cluster
Parameters
None
Example
View
System view
cluster enable 71
cluster enable
Purpose
Use the cluster enable command to enable the cluster function on a switch.
Use the undo cluster enable command to disable the cluster function on a
switch.
Syntax
cluster enable
undo cluster enable
Parameters
None
Default
By default, the cluster function is enabled on all the devices supporting cluster.
Example
View
Description
System view
You need to create a cluster with the build command before using the cluster enable
command on the management device.
These two commands can be used on any device supporting the cluster function.
When you execute the undo cluster enable command on a management device, the
cluster is removed, and the switch stops operating as a management device. When
you execute this command on a member device, the cluster function is disabled on
the switch, and the switch quit the cluster. When you execute this command on a
switch that belongs to no cluster, the cluster function is disabled on the switch.
72 cluster-local-user
cluster-local-user
Purpose
Syntax
Parameters
username
passwordstring
Default
Example
View
Description
Cluster view
This command is used to simplify user configuration. The Web username and
password are configured for all the member devices of a cluster. This enables all
the member switches in a cluster to login using the same Web username and
password.
The configuration remains valid on a member device even if the latter quits the
cluster.
cluster-mac 73
cluster-mac
Purpose
Use the cluster-mac command to configure a multicast MAC address for cluster
management. Run this command only on the management device only.
Syntax
cluster-mac H-H-H
Parameters
H-H-H
Default
Example
<aaa_0.S4200G> system-view
System View: return to User View with Ctrl+Z.
[aaa_0.S4200G] cluster
[aaa_0.S4200G-cluster] cluster-mac 0180-C200-0028
View
Description
Cluster view
Multicast MAC addresses enable the member devices of a cluster to receive multicast
information delivered by the management device, and thus multicast information
sending function is implemented on the management device.
74 cluster-mac syn-interval
cluster-mac syn-interval
Purpose
Use the cluster-mac syn-interval command to set the interval for the
management device to send multicast packets. This command can be executed on
the management device only.
Syntax
Parameters
time-interval
Example
<aaa_0.S4200G> system-view
System View: return to User View with Ctrl+Z.
[aaa_0.S4200G] cluster
[aaa_0.S4200G-cluster]
[aaa_0.S4200G-cluster] cluster-mac syn-interval 1
View
Description
Cluster view
When the interval is set as 0, the management device does not send multicast packets
to member devices.
cluster-snmp-agent community 75
cluster-snmp-agent community
Purpose
Syntax
Parameters
Example
read
write
community-name
view-name
In the cluster view of the master switch, set the community name to comaccess and
set the community to be read-only.
[3Com_0.S4200G-cluster] cluster-snmp-agent community read comaccess
View
Description
Cluster view
If you have configured a community name the same as the one configured by this
command, the current one replaces the one originally configured on a member
switch.
By default, no SNMP community is set for a cluster
76 cluster-snmp-agent community
The configuration remains valid on a member device even if the latter quits the
cluster.
cluster-snmp-agent group v3 77
cluster-snmp-agent group v3
Purpose
Syntax
Parameters
v3
group-name
authentication
privacy
read-view
read-view
write-view
write-view
notify-view
notify-view
Default
Example
View
Description
Cluster view
Use this command in the cluster view of the master switch. You can configure only
one SNMP group for a cluster.
78 cluster-snmp-agent group v3
Related Command
Use this command in the cluster view of the master switch. You can configure only
one SNMP group for a cluster.
The configuration remains valid on a member device even if the latter quits the
cluster.
snmp-agent group v3
Syntax
Parameters
view-name
oid-tree
included
Default
The default MIB view of a cluster is ViewDefault, in which the sub-tree with OID being
1 (that is, iso) can be accessed.
Example
View
Description
Cluster view
Use this command in the cluster view of a master switch. You must configure this
command manually. By default, this command is not configured. You can
configure only one such command.
The configuration remains valid on a member device even if the latter quits the
cluster.
Related Command
cluster-snmp-agent usm-user v3 81
cluster-snmp-agent usm-user v3
Purpose
Syntax
Parameters
v3
username
groupname
authentication-mode
Performs authentication.
md5
sha
authpassstring
privacy-mode
des56
privpassstring
Default
Example
Add a user named "wang" to the SNMP group named "3Com", with authentication
enabled, authentication protocol set to MD5, and authentication password set to
"pass".
[3Com_0.S4200G-cluster] cluster-snmp-agent usm-user v3 wang 3Com
authentication-mode md5 pass
82 cluster-snmp-agent usm-user v3
View
Description
Cluster view
The configuration remains valid on a member device even if the latter quits the
cluster.
cluster switch-to 83
cluster switch-to
Purpose
Syntax
Parameters
member-number
mac-address H-H-H
administrator
Example
Switch from the management device to the member device numbered 6 and then
switch back to the management device.
<aaa_0.S4200G> cluster switch-to 6
<aaa_6.S4200G> quit
<aaa_0.S4200G>
View
Description
User view
You can manage member devices in a cluster through the management device, on
which you can switch to member view to configure or manage specified member
devices, and then switch back to the management device.
Authentication is required when you switch from the management device to a
member device. Upon passing the member device authentication, the switchover is
allowed. If the password of the member device is different from that of the
management device, the switchover is rejected.
The view is inherited from the management device when you switch to a member
device from the management device. For example, the user view remains unchanged
after you switch from the management device to a member device.
Authentication is also required when you switch from a member device to the
management device. After passing the authentication, the system will enter user view
automatically.
When you execute this command on the management device, if the specified
member number n does not exist, an error message appears. Enter quit to stop the
switchover operation.
Use the cluster switch-to sysname command to switch between the master
device and a member device.
Syntax
Parameters
membersysname
Example
Switch to the member switch with the system name being abc (assuming that the
member number of the switch is 6) and then switch back to the master device by
executing the quit command.
Enter the member switch with the member number of 5 (assuming that member
devices numbered 5 and 6 share the system name of switch).
<Cluster_0.S4200-3rd>dis cluster members
SN
Device
MAC Address Status
Name
0 Switch4200G 12-Port 0016-e01f-7100
Admin
Cluster_1.4200-3rd
1 Switch4200G 12-Port 0016-e01f-7180 UP
Cluster_1.4200-2nd
To connect to a member:
<Cluster_0.S4200-3rd>cluster switch-to-sysname 4200-2nd
Trying ...
Press CTRL +K to abort
Connected ...
.
.
.
<Cluster_1.4200-2nd>
View
Description
User view
You can manage member devices through the master device. You can switch to a
specific member device from the master device to manage the member device and
then switch back to the master device.
When you execute this command, an error occurs if the member device to switch
to does not exist. Enter quit to stop switching.
When you switch to a member device, the user level remains the same. For
example, if you are in user view when switching to a member device, you are in
user view after switching to the member device.
Authentication is also performed when you switch back to the master device.
Once the authentication succeeds, you are in user view of the master device
automatically.
86 command-privilege level
command-privilege level
Purpose
Use the command-privilege level command to set the level of the specified
command in a specified view.
Use the undo command-privilege view command to restore the level of the
specified command in the specified view to the default.
Syntax
Parameters
level
view
command
Default
By default, the ping, tracert, and telnet commands are at the visit level (level
0); the display and debugging commands are at the monitor level (level 1); all
configuration commands are at the system level (level 2); and FTP/TFTP/XModem and
file system related commands are at the manage level (level 3).
Example
View
Description
System view
Commands fall into four command levels: visit, monitor, system, and manage, which
are identified as 0, 1, 2, and 3, respectively. The administrator can change the level of
a command to enable users of specific level to utilize the command.
copy 87
copy
Purpose
Syntax
Parameters
fileurl-source
fileurl-dest
Example
View
Description
User view
If the fileurl-dest argument identifies an existing file, the system prompts you for the
confirmation to overwrite the existing file.
88 copy configuration
copy configuration
Purpose
Use the copy configuration command to copy the configuration of a specific port
to other ports, to ensure consistent configuration.
Syntax
Parameters
interface-type
interface-number
source-agg-id
interface-list
destinatin-agg-id
Note:
Example
If you specify the source aggregation group ID, the system uses the port with the
smallest port number in the aggregation group as the source.
If you specify the destination aggregation ID, the configuration of the source port
will be copied to all ports in the aggregation group.
The port that is in an aggregation group will be removed from the destination
ports, that is, copy configuration cannot take effect on this port. If you need the
port to keep consistent configuration with the source port, you should configure
the aggregation group to which the port belongs as destination parameter.
The port that is enabled Voice VLAN feature will be removed from the destination
ports, that is, copy configuration cannot take effect on this port.
View
System view
cut connection 89
cut connection
Purpose
Use the cut connection command to cut the connection a user or a category of
users by force.
This command cannot cut the connections of Telnet and FTP users.
Syntax
Parameters
all
access-type{ dot1x |
mac authentication }
domain isp-name
mac mac-address
radius-scheme
radius-scheme-name
interface interface-type
interface-number
Specifies the connections to cut according to the port.
vlan vlan-id
ucibindex ucib-index
user-name user-name
90 cut connection
<
>
Example
View
Related Command
System view
display connection
data-flow-format 91
data-flow-format
Purpose
Use the data-flow-format command to set the units of measure for the data flow
sent to the RADIUS Server.
Use the undo data-flow format command to restore the default unit of measure.
Syntax
Parameters
data
byte
giga-byte
kilo-byte
mega-byte
packet
giga-packet
kilo-packet
mega-packet
one-packet
Default
By default, the unit of measure for data is byte and that for packets is one-packet.
Example
To specify to measure data and packets in data flows sent to RADIUS server in
kilobytes and kilo-packets respectively. enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] data-flow-format data kilo-byte packet
kilo-packet
View
Description
By default, the data unit is byte and the data packet unit is one-packet.
92 data-flow-format
Related Command
databits 93
databits
Purpose
Use the databits command to set the databits for the user interface.
Use the undo databits command to revert to the default data bits.
Syntax
databits { 7 | 8 }
undo databits
Parameters
Example
View
Description
This command can only be performed in the AUX user interface view.
94 debugging
debugging
Purpose
Syntax
debugging
undo debugging
Parameters
None
Example
View
User view
debugging 95
debugging
Purpose
Syntax
Parameters
all
module-name
debugging-option
Debugging option.
Default
Example
View
User view
Description
Enabling debugging will generate a great deal of debugging information and thus
will affect the efficiency of the system. Therefore, it is recommended not to enable
debugging for multiple functional modules at the same time. The undo debugging all
command brings great convenience for you to disable all debugging at a time instead
of disabling them one by one.
Related Command
display debugging
Syntax
Parameters
error
info
packet
Description
Example
Description
operation
View
Related Commands
sender_eth_addr
sender_ip_addr
Source IP address
target_eth_addr
MAC address of the target. For an ARP request packets, it is all zeros. This
field is set to the target MAC address in the ARP reply packets.
target_ip_addr
Target IP address
User view
arp static
display arp
Use the debugging dhcp client command to enable debugging for the DHCP
client/BOOTP client.
Use the undo debugging dhcp client command to disable debugging output.
Syntax
Parameters
all
error
event
packet
Default
Example
View
User view
98 debugging dhcp-relay
debugging dhcp-relay
Purpose
Syntax
debugging dhcp-relay
undo debugging dhcp-relay
Parameters
None
Default
Example
Description
Interface
ServerGroupNo
Type
ClientHardAddress
ServerIpAddress
AllocatedIpAddress
View
Related Commands
debugging dhcp-relay 99
User view
dhcp-server ip
dhcp-server
display dhcp-server
debugging DLDP
Purpose
Use the debugging dldp command to enable specific debugging for DLDP on all
ports with DLDP enabled.
Use the undo debugging dldp command to disable debugging for DLDP on all
ports with DLDP enabled.
Syntax
Parameters
error
neighbor
packet
state
Default
Example
View
User view
debugging ntp-service
Purpose
Use the debugging ntp-service command to debug different NTP (network time
protocol) services.
Use the undo debugging ntp-service command to disable corresponding
debugging function.
Syntax
Parameters
access
adjustment
all
authentication
event
filter
packet
parameter
refclock
selection
synchronization
validity
Default
Example
View
User view
debugging radius
Purpose
Use the debugging radius command to enable the debugging for RADIUS
protocol.
Use the undo debugging radius command to disable the debugging for RADIUS
protocol.
Syntax
Parameters
packet
Default
Example
View
User view
debugging snmp-agent
Purpose
Syntax
Parameters
header
packet
process
trap
Default
Example
View
Description
User view
debugging udp-helper
Purpose
Syntax
Parameters
event
packet
receive
send
Default
Example
View
User view
delete 105
delete
Purpose
Syntax
Parameters
Example
/unreserved
file-url
running-files
standby-files
View
Description
User view
The dir command cannot display the information about deleted files.
To display the information about deleted files, use the dir /all command.
106 delete
To delete the files in the recycle bin, use the reset recycle-bin command.
You can also use the delete command to delete files by file attribute. The delete
running-file command deletes all the files with the main attribute, and the delete
standby-file command deletes all the files with the backup attribute.
CAUTION:
For deleted files whose names are the same, only the latest deleted file can be
restored.
delete 107
delete
Purpose
Use the delete command to delete the specified file from the server.
Syntax
delete remote-file
Parameters
remote-file
Example
View
Description
108 delete
delete
Purpose
Syntax
delete remotefile
Parameters
remotefile
Example
File name.
View
delete-member 109
delete-member
Purpose
Use the delete-member command to remove a member device from the cluster.
Syntax
delete-member member-number
Parameters
member-number
Example
<aaa_0.S4200G> system-view
System View: return to User View with Ctrl+Z.
[aaa_0.S4200G] cluster
[aaa_0.S4200G-cluster]
[aaa_0.S4200G-cluster] delete-member 2
View
Description
Cluster view
Use the delete static-routes all command to delete all the static routes.
Syntax
Parameters
None
Example
View
Description
Related Commands
System view
The system requests your confirmation before it deletes all the configured static
routes.
ip route-static
display ip routing-table
description 111
description
Purpose
Syntax
description text
undo description
Parameters
text
Default
Example
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]interface ethernet 1/0/1
[S4200G-Ethernet1/0/1]description lanswitch-interface
[S4200G-Ethernet1/0/1]
View
112 description
description
Purpose
Use the description command to assign a description string for the VLAN.
Use the undo description command to restore the default description string.
Syntax
description string
undo description
Parameters
string
Example
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] vlan 1
[S4200G-vlan1] description research
View
VLAN view
description 113
description
Purpose
Syntax
description string
undo description
Parameters
Example
string
View
VLAN view
114 description
description
Purpose
Syntax
description text
undo description
Parameters
text
Example
<S4200G> system-view
[S4200G] acl number 3100
[S4200G-acl-adv-3100] description This acl is used in eth 0
View
Syntax
Parameters
None
Default
Example
View
Related Command
System view
Syntax
Parameters
drop
keep
replace
Default
By default, the DHCP relay replaces the option 82 carried by a DHCP request packet
with its own option 82.
Example
Instruct the DHCP relay to discard the DHCP request packets that carry option 82.
[S4200G] dhcp relay information strategy drop
Instruct the DHCP relay to perform the default operations to DHCP request packets
that carry option 82.
[S4200G] undo dhcp relay information strategy
View
Related Command
System view
dhcp-security static
Purpose
Syntax
Parameters
Example
ip-address
User IP address.
mac-address
all
dynamic
static
Configure a user address entry for the DHCP server group, with the user IP address
being 1.1.1.1 and the user MAC address being 0005-5D02-F2B3.
[S4200G] dhcp-security static 1.1.1.1 0005-5D02-F2B3
View
Related Command
System view
display dhcp-security
118 dhcp-server
dhcp-server
Purpose
Use the dhcp-server command to map the current VLAN interface to a DHCP
server group.
Use the undo dhcp-server command to cancel the mapping.
Syntax
dhcp-server groupNo
undo dhcp-server
Parameters
groupNo
Examples
<S4200G> system-view
System View: return to User View with Ctrl+Z.
View
Related Commands
dhcp-server ip
display dhcp-server
debugging dhcp-relay
dhcp-server ip 119
dhcp-server ip
Purpose
Syntax
Parameters
Examples
groupNo
ipaddress-1
ipaddress-list
Configure three DHCP server IP addresses 1.1.1.1, 2.2.2.2, and 3.3.3.3 for DHCP
server group 1, so that this group contains three DHCP servers (server 1, server 2 and
server 3).
[S4200G] dhcp-server 1 ip 1.1.1.1 2.2.2.2 3.3.3.3
View
Related Commands
System view
dhcp-server
display dhcp-server
debugging dhcp-relay
120 dir
dir
Purpose
Use the dir command to display the information about the specified files or
directories on a switch.
Syntax
Parameters
/all
file-url
Example
Display the information about all the normal files in the root directory of the file
system on the local unit.
<S4200G> dir
Directory of unit1>flash:/
1 (*)
-rw5792495 Apr 02 2000 00:06:50
s5100.bin
2 (*)
-rw1965 Apr 01 2000 23:59:13
3comoscfg.cfg
3
-rw5841301 Apr 02 2000 21:42:13
s5100d8.bin
4
-rw224 Apr 02 2000 01:36:30
s5100d9.bin
5
-rw279296 Apr 02 2000 00:22:01
test.abc
15367 KB total (3720 KB free)
(*) -with main attribute
(b) -with backup attribute
(*b) -with both main and backup attribute
Display the information about all the files in the root directory of the file system,
including the files in the recycle bin.
<S4200G> dir /all
Directory of unit1>flash:/
1 (*)
-rw5792495 Apr
2
-rwh
4 Apr
3
-rwh
151 Apr
4 (*)
-rw1965 Apr
5
-rw5841301 Apr
6
-rw224 Apr
7
-rw279296 Apr
8
-rw2370 Apr
15367 KB total (3720 KB free)
Directory of unit2>flash:/
0
-rwh
4 Apr
1 (*)
-rw4724347 Apr 01
2 (*)
-rw1475 Apr
3
-rw1737 Apr
4
-rw279296 Apr
5
-rw428 Apr
6
-rwh
151 Apr
02
01
02
01
02
02
02
02
2000
2000
2000
2000
2000
2000
2000
2000
00:06:50
23:55:26
00:05:53
23:59:13
21:42:13
01:36:30
00:22:01
02:49:12
s5100.bin
snmpboots
private-data.txt
3comoscfg.cfg
s5100d8.bin
s5100d9.bin
test.abc
[1.cfg]
01 2000 23:55:24
snmpboots
2000 23:59:45
s5100.bin
01 2000 23:59:53
3comoscfg.cfg
02 2000 00:46:21
cfg.cfg
02 2000 00:21:55
love.rar
02 2000 13:07:11
hostkey
01 2000 23:58:39
private-data.txt
dir 121
7
-rw572 Apr 02 2000 13:07:20
serverkey
8
-rw1589 Apr 02 2000 00:58:20
1.cfg
15367 KB total (10475 KB free)
(*) -with main attribute
(b) -with backup attribute
(*b) -with both main and backup attribute
Display the information about all the files whose names begin with the character t
(including those in the recycle bin) in the local directory unit1>flash:/test/.
<S4200G>dir /all test/t*
Directory of unit1>flash:/test/
0
-rw279296 Apr 04 2000 14:45:19
test.txt
15367 KB total (3720 KB free)
(*) -with main attribute
(b) -with backup attribute
(*b) -with both main and backup attribute
View
Description
User view
In the output information, files with the main, backup or main/backup attribute are
tagged. This command supports the wildcard of "*".
Note: In the output information of the dir /all command, deleted files (that is,
those in the recycle bin) are embraced in brackets.
122 dir
dir
Purpose
Syntax
Parameters
filename
localfile
Example
Display the information about all the files in the current directory.
[ftp] dir
200 PORT command okay
7 File Listing Follows in ASCII mode
-rwxrwxrwx
1 noone
nogroup
430585 Dec 21 2004 4.bin
-rwxrwxrwx
1 noone
nogroup
430585 Dec 21 2004 5.bin
-rwxrwxrwx
1 noone
nogroup
430585 Dec 23 2004 6. bin
-rwxrwxrwx
1 noone
nogroup
430585 Dec 21 2004 6. bin.bak
-rwxrwxrwx
1 noone
nogroup
638912 Nov 15 2004 abc.BTM
drwxrwxrwx
1 noone
nogroup
0 Dec 15 2004 TEST
-rwxrwxrwx
1 noone
nogroup 3212176 Jul 14 2004 21.bin
226 Transfer finished successfully.
FTP: 5346 byte(s) received in 6.782 second(s) 788.00 byte(s)/sec.
Display the information about the file named 4.app and save the output information
in the file named temp1.
[ftp] dir 4.app temp1
200 PORT command okay
150 File Listing Follows in ASCII mode
-rwxrwxrwx
1 noone
nogroup
430585 Dec 21 2004 4. bin
226 Transfer finished successfully.
FTP: 70 byte(s) received in 0.122 second(s) 573.00 byte(s)/sec.
View
Description
dir 123
The output information includes the name, size and creation time of a file in the
current directory.
If you do not specify the filename argument, the information about all the files in the
current directory is displayed.
124 dir
dir
Purpose
Use the dir command to display the files in the specified directory.
Syntax
dir [ remote-path ]
Parameters
remote-path
Example
View
1759
225
283
225
0
0
225
Aug
Aug
Aug
Sep
Sep
Sep
Sep
23
24
24
28
28
28
28
Description
dir flash:/
1 noone
nogroup
1 noone
nogroup
1 noone
nogroup
1 noone
nogroup
1 noone
nogroup
1 noone
nogroup
1 noone
nogroup
06:52
08:01
07:39
08:28
08:24
08:18
08:30
vrpcfg.cfg
pubkey2
pubkey1
pub1
new1
new2
pub2
disconnect 125
disconnect
Purpose
Use the disconnect command to terminate a FTP connection without quitting FTP
client view.
Syntax
disconnect
Parameters
None
Example
View
Description
The disconnect command has the same effect as that of the close command.
display acl
Purpose
Use the display acl command to view the detailed configuration information of an
ACL, including each rule and its number as well as the number and size in bytes of
the data packets that match the statement.
Syntax
Parameters
all
acl-number
Example
View
Description
Any view
The matched times displayed by this command are software matched times, namely,
the matched times of the ACL to be processed by the Switch CPU. You can use the
traffic-statistic command to calculate the matched times of hardware during
packet-forwarding
display am user-bind
Purpose
Syntax
Parameters
interface
interface-type
interface-number
mac-addr
ip-addr
Example
View
Description
Any view
By checking the output of this command, you can verify the current configuration.
display arp
Purpose
Use the display arp command to display the ARP mapping table entries by entry
type, or by a specified IP address.
Syntax
Parameters
ip-address
dynamic
static
begin
include
exclude
text
Example
To display the ARP entries from the first ARP mapping entry that contains the string 1,
enter the following:
<S4200G> display arp | begin 1
Type: S-Static
D-Dynamic
IP Address
MAC Address
VLAN ID Port Name / AL ID
Aging Type
1.1.1.9
0010-5ce1-1ae6 1
GigabitEthernet1/0/12 17
D
1.1.1.11
000f-1f9b-8ab2 1
GigabitEthernet1/0/1
18
D
--2 entries found
---
Example2
To display all ARP entries in the mapping table, enter the following:
<S4200G> display arp
IP Address
MAC Address
10.1.1.2
00e0-fc01-0102
10.110.91.175 0050-ba22-6fd7
---
View
2 entries found
VLAN ID
N/A
1
Port Name/AL ID
Aging
N/A
N/A
GigabitEthernet1/0/1 20
---
Any view
Type
Static
Dynamic
Related Commands
arp static
reset arp
Use the display arp count command to display the number of the specified
type of ARP mapping entries.
Syntax
Parameters
dynamic
static
begin
Include
exclude
text
ip-address
Default
If no optional parameter is specified, the number of all types of ARP mapping entries
is displayed.
Example
To display the number of all types of ARP mapping entries, enter the following:
<S4200G> display arp count
1 entry found
View
Related Command
Any view
arp static
reset arp
Use the display arp timer aging command to view the current setting of the
dynamic ARP aging timer.
Syntax
Parameters
None
Example
To display the current setting of the ARP aging timer, enter the following:
<S4200G> display arp timer aging
Current ARP aging time is 20 minute(s)(default)
View
Related Command
Any view
display boot-loader
Purpose
Use the display boot-loader command to display the information about the
app startup files of a switch, including the current app startup file name, the main
and backup app startup files to be used when the switch starts the next time.
Syntax
Parameters
unit unit-id
Example
Unit ID of a switch.
View
Any view
display boot-loader
Purpose
Use the display boot-loader command to display the host software (.bin file)
that will be adopted when the switch reboots.
Syntax
display boot-loader
Parameters
None
Example
Display the host software that will be adopted when the switch reboots.
<S4200G>display boot-loader
Unit 1:
The current boot app is: S4200G.bin
The main boot app is: S4200G.bin
The backup boot app is:
Table 6 Description on the fields of the display boot-loader command
View
Field
Description
Any view
Syntax
Parameters
vlan-id
Example
View
Field
Description
Vlan-interface1
Allocated IP
Transaction ID
Mac Address
Any view
Syntax
Parameters
interface-type
Port type.
interface-number
Port number.
begin
include
exclude
string
Example
Link-type PVID
access 1
View
Field
Description
Interface
Port type
Link
Speed
Link rate
Duplex
Duplex attribute
Link-type
PVID
Default VLAN ID
Any view
Description
Related Command
display interface
display channel
Purpose
Use the display channel command to display the details about the information
channel.
Syntax
Parameters
channel-number
channel-name
Example
View
Description
Any view
display clock
Purpose
Use the display clock command to display the current date and time of the system,
so that you can adjust them if they are wrong.
Syntax
display clock
Parameters
None
Example
View
Related Commands
Field
Description
Time Zone
Summer-Time
Any view
clock datetime
clock summer-time
clock timezone
display cluster
Purpose
Use the display cluster command to display the state and basic configuration
information of the cluster that contains the current switch.
Syntax
display cluster
Parameters
None
Example
Display cluster information (assuming that the current switch is a member device).
<S4200G> display cluster
Cluster name:"123"
Role:Member
Member number:4
Management-vlan:1(default vlan)
cluster-mac:0180-c200-000a
Handshake timer:10 sec
Handshake hold-time:60 sec
Administrator device mac address:00e0-fc00-1751
Administrator status:Up
Description
Cluster name
Role
Member number
Handshake timer
Handshake hold-time
View
Field
Description
Administrator device
mac address
Administrator status
Description
Any view
When being executed on a member device, this command displays the information
such as cluster name, member number of the current switch, the MAC address and
state of the management device, holdtime, and the interval to send packets.
When being executed on a management device, this command displays the
information such as cluster name, the number of the member devices in the cluster,
cluster state, holdtime and the interval to send packets.
Errors occur if you execute this command on a switch that does not belong to any
cluster.
Use the display cluster topology command to display the standard topology
view of the cluster.
Syntax
Parameters
mac-address
member-number
Example
View
Description
Any view
You can create a standard topology view by using the build or auto-build
command or save the current topology view as a standard topology view by using the
topology accept command. This command can be executed only on the
management device.
Syntax
Parameters
None
Example
Access port
Ethernet1/0/1
View
Field
Description
Device ID
ID of a device
Access Device ID
ID of an access device
Access port
Access port
Description
Any view
You can create a standard topology view by using the build or auto-build
command or save the current topology view as a standard topology view by using the
topology accept command. This command can be executed only on the
management device.
Syntax
Parameters
mac-address H-H-H
verbose
Example
Description
MAC
Hop
IP
Platform
View
Field
Description
Hostname
MAC
Hop
IP
Platform
Description
Any view
Use the display cluster current topology command to display the current
topology view or the topology path between two points.
Syntax
Parameters
member-number
mac-address
Example
Description
PeerPort
ConnectFlag
Connection flag
NativePort
Local port
SysName
normal connect
Normal connection
odd connect
Unidirectional connection
in blacklist
in the blacklist
lost device
Lost device
new device
STP discarding
STP block
View
Description
Any view
Use the display cluster members command to display the information about
cluster members.
Syntax
Parameters
member-number
verbose
Example
Description
SN
Member number
Device
Device type
MAC Address
Status
State of a device
Name
Name of a device
Display the detailed information about the management device and all member
devices.
<123_0.5100-EI_1> display cluster members verbose
Member number:0
Name:123_0.5100-EI_1
Device:S5100-EI
MAC Address:00e0-fc00-1751
Member status:Admin
Hops to administrator device:0
IP: 31.31.31.1/24
Version:
3Com Versatile Routing Platform Software
VRP (tm) Software, Version 3.10
Copyright (c) 2002-2005 By 3Com
S5100-EI 5100-EI-001
Member number:2
Name:123_2.5100-EI_4
Device:S5100-EI
MAC Address:00e0-fc00-3199
Member status:Up
Hops to administrator device:3
View
Field
Description
Member number
Name
Name of a device
Device
Device type
MAC Address
Member status
State of a device
Hops to administrator
device
IP
IP address of a device
Version
Description
Any view
display connection
Purpose
Use the display connection command to view the information for a specified
connection type.
Syntax
Parameters
access-type { dot1x |
mac-authentication }
domain isp-name
interface interface-type
interface-number
Specifies the connections to display according the port.
ip ip-address
mac mac-address
radius-scheme
radius-scheme-name
vlan vlan-id
ucibindex ucib-index
user-name user-name
<
>
Example
View
31 to 28
27 to 24
23 to 20
19 to 12
11 to 0
UNIT ID
Slot number
Subslot number
Port number
VLAN ID
Description
Any view
The output can help with user connection diagnosis and troubleshooting.
If no parameter is specified, this command displays the related information about all
connected users.
This command cannot display information about the connections of the FTP users.
Related Command
cut connection
display cpu
Purpose
Use the display cpu command to display CPU usage of a specified switch.
Syntax
Parameters
unit unit-id:
Example
<S4200G>display cpu
Unit 1
Board 0 CPU busy status:
12% in last 5 seconds
12% in last 1 minute
12% in last 5 minutes
View
Field
Description
Any view
display current-configuration
Purpose
Syntax
Parameters
configuration
configuration-type
interface
interface-type
interface-number
Port number.
vlan
vlan-id
VLAN ID.
by-linenum
begin
include
exclude
regular-expression
A Regular expression.
Use
Underline. It is similar to a
wildcard and can
represent the following
characters: (^|$|[,(){}]),
space, start symbol and
end symbol.
Left parenthesis. It
represents the in-stack
flag in programs.
Period. It is a wildcard
which matches any
character, including
space.
#
interface GigabitEthernet1/0/5
#
interface GigabitEthernet1/0/6
#
interface GigabitEthernet1/0/7
#
interface GigabitEthernet1/0/8
#
interface GigabitEthernet1/0/9
#
interface GigabitEthernet1/0/10
#
interface GigabitEthernet1/0/11
#
interface GigabitEthernet1/0/12
#
interface GigabitEthernet1/0/13
#
interface GigabitEthernet1/0/14
#
interface GigabitEthernet1/0/15
#
interface GigabitEthernet1/0/16
#
interface GigabitEthernet1/0/17
#
interface GigabitEthernet1/0/18
#
interface GigabitEthernet1/0/19
#
interface GigabitEthernet1/0/20
#
interface GigabitEthernet1/0/21
#
interface GigabitEthernet1/0/22
#
interface GigabitEthernet1/0/23
#
interface GigabitEthernet1/0/24
#
interface NULL0
#
management-vlan 2
#
user-interface aux 0 7
user-interface vty 0 4
#
return
Display the lines that include 10* in the configuration information. * means that
the zero before it may not appear or appear multiple times continuously.
<S4200G> display current-configuration | include 10*
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
local-server nas-ip 127.0.0.1 key easyKey
vlan 1
interface Vlan-interface1
ip address 10.1.1.2 255.255.255.0
interface GigabitEthernet1/0/1
speed 1000
interface
interface
interface
network
GigabitEthernet1/0/2
GigabitEthernet1/0/3
GigabitEthernet1/0/4
10.1.1.0 0.0.0.255
View
Description
Any view
This command will not display those configuration parameters that have the same
values with the corresponding default parameters.
After performing a group of configurations, you can use the display
current-configuration command to verify the configuration results by
checking the currently valid parameters in the display output. This command will not
display the parameters whose corresponding functions do not take effect even
though these parameters have been configured.
For example, although you can perform PPP-related configurations on an interface
encapsulated with X.25, the display current-configuration command does
not display the PPP configuration information.
Related Commands
display saved-configuration
reset saved-configuration
save
display debugging
Purpose
Syntax
Parameters
unit-id
Unit ID of a switch.
interface-type
interface-num
module-name
Example
View
Any view
Description
Executing this command without any parameter will display all enabled debugging.
Related Command
debugging
Use the display debugging habp command to display the state of HABP
debugging.
Syntax
Parameters
None
Example
View
Any view
display device
Purpose
Use the display device command to display the information, such as the module
type and operating status, about each board (main board and sub-board) of a
specified switch.
Syntax
Parameters
manuinfo
unit unit-id
Example
View
Description
Any view
Displayed information can include slot number, sub-slot number, number of ports,
versions of PCB, FPGA, CPLD and BootROM software, address learning mode,
and interface board type.
Use the display dhcp client command to display the DHCP client-related
information.
Syntax
Parameters
verbose
Example
View
Field
Description
Vlan-interface1
Alloced IP
lease
Lease period
T1
T2
Lease from.to.
Server IP
Transaction ID
Transaction ID
Default router
Gateway address
Any view
display dhcp-security
Purpose
Use the display dhcp-security command to display one or all user address
entries, or a specified type of user address entries in the valid user address table of a
DHCP server group.
Syntax
Parameters
ip-address
dynamic
static
tracker
Example
Display all user address entries contained in the valid user address table of the DHCP
server group.
<S4200G> display dhcp-security
IP Address
MAC Address
2.2.2.3
0005-5d02-f2b2
3.3.3.3
0005-5d02-f2b3
--2 dhcp-security item(s) found
IP Address Type
Static
Dynamic
---
View
Field
Description
IP Address
MAC Address
IP Address Type
Any view
display dhcp-server
Purpose
Syntax
Parameters
groupNo
Example
Description
DHCP_OFFER messages
DHCP_ACK messages
View
Related Commands
Field
Description
DHCP_NAK messages
DHCP_DECLINE messages
DHCP_DISCOVER messages
DHCP_REQUEST messages
DHCP_INFORM messages
DHCP_RELEASE messages
BOOTP_REQUEST messages
BOOTP_REPLY messages
Any view
debugging dhcp-relay
dhcp-server
dhcp-server ip
Syntax
Parameters
vlan-id
Examples
Display information about the DHCP server group to which VLAN 2 interface is
mapped.
VLAN ID.
View
Related Commands
Any view
debugging dhcp-relay
dhcp-server
display dhcp-server
display dhcp-snooping
Purpose
Use the display dhcp-snooping command to display the user IP-MAC address
mapping entries recorded by the DHCP snooping function.
Syntax
Parameters
unit-id
Example
Display the user IP-MAC address mapping entries recorded by the DHCP snooping
function.
ID of a unit in a fabric.
View
Any view
display dhcp-snooping
Purpose
Syntax
display dhcp-snooping
Parameters
None.
Example
Display the correspondence between user IP addresses and MAC addresses recorded
by the DHCP snooping function..
<S4200G> display dhcp-snooping
DHCP-Snooping is enabled.
The client binding table for all untrusted ports.
Type : D--Dynamic , S--Static
Unit ID : 1
Type IP Address
MAC Address
Lease
VLAN Interface
==== =============== =============== ========= ==== =================
--0 dhcp-snooping item(s) of unit 1 found
---
View
Any view
Syntax
Parameters
None
Example
Display the state of the DHCP snooping function and the trusted ports.
<S4200G> display dhcp-snooping trust
dhcp-snooping is enabled
dhcp-snooping trust become effective
Interface
Trusted
=================================
Ethernet1/0/1
Trusted
The above display information indicates that the DHCP snooping function is enabled,
and the Ethernet1/0/1 port is a trusted port.
View
Any view
Syntax
Parameters
None
Example
Interface
Trusted
=================================
GigabitEthernet1/0/1
Trusted
The above display indicates that DHCP-Snooping is enabled and that the rust function
is effective with GigabitEthernet1/0/1 being the trusted port.
View
Any view
display diagnostic-information
Purpose
Syntax
display diagnostic-information
Parameters
None
Example
View
Any view
display domain
Purpose
Syntax
Parameters
isp-name
Example
View
Field
Description
Domain
Domain name
State
State
Scheme
AAA scheme
Access-Limit
Vlan-assignment-mode
Idle-Cut
Self-service
Messenger Time
Any view
Description
Related Commands
This command is used to output the configuration of a specified ISP domain or display
the summary information of all ISP domains. If an ISP domain is specified, the
configuration information (content and format) will be displayed exactly the same as
the displayed information of the display domain command. The output information
can help with ISP domain diagnosis and troubleshooting. Note that the accounting
scheme to be displayed should have been created.
access-limit
domain
radius-scheme
state
display dot1x
Purpose
Use the display dot1x command to view the relevant information of 802.1x.
Displayed information includes:
Configuration information
Relevant statistics
Syntax
Parameters
sessions
statistics
interface
interface-list
Default
By default, all the relevant 802.1x information about each interface will be displayed.
Example
30 s,
60 s,
30 s,
Handshake Period
15 s
Quiet Period Timer is disabled
Server Timeout
100 s
Description
Description
The proxy trap checker is disabled here, which means the switch
does not send Trap packets when it detects that a supplicant
system logs in through a proxy. It can also be configured as
enabled, in which case the switch sends Trap packets when it
detects that a supplicant system logs in through a proxy.
Proxy logoff checker is disabled The proxy logoff checker is disabled here, which means that a
switch does not disconnect a supplicant system when it detects
that the latter logs in through a proxy. It can also be configured
as enabled, in which case the switch disconnects a supplicant
system when it detects that the latter logs in through a proxy.
Transmit Period
Handshake Period
Quiet Period
Supp Timeout
Server Timeout
GigabitEthernet1/0/1 is
link-down
Proxy logoff checker is disabled The proxy logoff checker is disabled here. It can also be
configured as enabled, in which case the switch disconnects a
supplicant system when it detects that the latter logs in through
a proxy.
Version-Check is disabled
Port Control Type is Mac-based The port access control method is MAC-based. That is,
supplicant systems are authenticated based on their MAC
addresses.
View
Description
Any view
Related Commands
dot1x
dot1x max-user
dot1x port-control
dot1x port-method
dot1x retry
dot1x timer
display fib
Purpose
Use the display fib command to view the summary of the forwarding information
base.
Syntax
display fib
Parameters
None
Example
To display the summary of the Forwarding Information Base, enter the following:
<S4200G> display fib
Flag:
U:Usable
G:Gateway
H:Host
B:Blackhole D:Dynamic
S:Static
R:Reject
E:Equal cost multi-path
L:Generated by ARP or ESIS
Destination/Mask
Nexthop
Flag TimeStamp
Interface
127.0.0.1/32
127.0.0.1
GHU t[50]
InLoopBack0
127.0.0.0/8
127.0.0.1
U
t[50]
InLoopBack0
Description
Destination/Mask
Nexthop
Flag
Interface
View
Description
Interface
Any view
The information includes: the destination address/mask length, next hop address,
current flag, and forward interface
display ftp-server
Purpose
Use the display ftp-server command to display the FTP server-related settings of a
switch when it operates as an FTP server.
You can use this command to verify FTP server-related configurations.
Syntax
display ftp-server
Parameters
None
Example
Display the FTP server-related settings of the switch (assuming that the switch is
operating as an FTP server).
<S4200G> display ftp-server
FTP server is running
Max user number
1
User count 0
Timeout value (in minute)
30
Description
View
User count 0
Any view
display ftp-user
Purpose
Use the display ftp-user command to display the settings of the current FTP
user, including the user name, host IP address, port number, connection idle time,
and authorized directory.
Syntax
display ftp-user
Parameters
None
Example
View
Any view
Use the display garp statistics command to display the GARP statistics on
specified (or all) ports.
Syntax
Parameters
interface-list
Example
View
Description
Any view
Use the display garp timer command to display the values of the GARP timers
on specified or all ports.
Syntax
Parameters
interface-list
Example
View
Related Commands
:
:
:
:
Description
Join Time
Leave Time
LeaveAll Time
Hold Time
Any view
garp timer
20 centiseconds
60 centiseconds
1000 centiseconds
10 centiseconds
Use the display gvrp statistics command to display the GVRP statistics
about specified (or all) Trunk ports.
Syntax
Parameters
interface-list
Example
View
Description
Status
: Enabled
Running
: YES
Failed Registrations
: 0
Last Pdu Origin : 0000-0000-0000
Registration Type
: Normal
Any view
GVRP status
Use the display gvrp status command to display the enable/disable status of
global GVRP.
Syntax
Parameters
None
Example
View
Any view
display habp
Purpose
Use the display habp command to display HABP configuration and status
information.
Syntax
display habp
Parameters
None
Example
View
Field
Description
HABP Mode
Bypass VLAN
Any view
Use the display habp table command to display the MAC address table
maintained by HABP.
Syntax
Parameters
None
Default
body
Example
To display the MAC address table maintained by HABP, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] display habp table
MAC
Holdtime Receive Port
001f-3c00-0030 53
GigabitEthernet1/0/1
View
Field
Description
MAC
Holdtime
Receive Port
Any view
Use the display habp traffic command to display statistics on HABP packets.
Syntax
Parameters
None
Example
View
Field
Description
Packets output
Input
ID error
Type error
Version error
Sent failed
Any view
display history-command
Purpose
Syntax
display history-command
Parameters
None
Example
View
Related Command
Any view
history-command max-size
Use the display icmp statistics command to view the statistics information
about ICMP packets.
Syntax
Parameters
None
Example
bad checksum
destination unreachable
redirects
parameter problem
information request
mask replies
0
0
0
0
0
0
destination unreachable
redirects
parameter problem
information reply
0
mask replies
0
0
0
View
Field
Description
bad formats
bad checksum
echo
destination unreachable
source quench
redirects
echo reply
parameter problem
timestamp
information request
mask requests
mask replies
information reply
time exceeded
Any view
Related Commands
reset ip statistics
Syntax
Parameters
None
Example
The above information shows: IGMP Snooping has already been enabled, the aging
time of the router port is 105 seconds, the maximum query response time is one
second, and the aging time of multicast member ports is 260 seconds.
View
Any view
Description
When IGMP Snooping is enabled on the switch, this command displays the following
information: IGMP Snooping status, aging time of the router port, query response
timeout time, and aging time of multicast member ports.
Related Command
igmp-snooping
Syntax
Parameters
vlan vlan-id
Example
View
Description
Any view
This command displays the following information: VLAN ID, router port, IP multicast
group address, member ports included in IP multicast group, MAC multicast group,
MAC multicast group address, member ports included in MAC multicast group.
Syntax
Parameters
None
Example
View
Any view
Description
This command displays the following information: the numbers of the IGMP general
query messages, IGMP group-specific query messages, IGMP V1 report messages,
IGMP V2 report messages, IGMP leave messages and error IGMP messages received,
and the number of the IGMP group-specific query messages sent.
Related Command
igmp-snooping
display info-center
Purpose
Use the display info-center command to display system log settings and memory
buffer record statistics.
Syntax
display info-center
Parameters
unit-id
Example
[ unit unit-id ]
Unit identification
Description
Information Center:
Log host:
Console:
Monitor:
SNMP Agent:
Log buffer:
Trap buffer:
View
Field
Description
SWITCH OF Device--Unit>1
Description
Related Commands
Any view
If the information in the current log/trap buffer is less than the specified sizeval,
display the actual log/trap information.
info-center enable
info-center logbuffer
display interface
Purpose
Use the display interface command to view the configuration information on the
selected interface.
Syntax
Parameters
interface-type
interface-number
You can use the interface_name at this command. This consists of the
interface_type and the interface_number combined as a single parameter. For
example, Ethernet1/0/1.
Example
View
Description
Any view
Along with others, this interface could be a specific port's interface (for example,
Ethernet1/0/1) or a specific VLAN interface (for example, vlan-interface 1).
Table 31 Output Description of the display interface command
Field
Description
Hardware address
Media type
PVID
Mdi type
Port link-type
Description
Tagged VLAN ID
Untagged VLAN ID
Description
If you specify neither port type nor port number, the command displays
information about all ports.
If you specify only port type, the command displays information about all ports of
this type.
If you specify both port type and port number, the command displays information
about the specified port.
Syntax
Parameters
vlan_id
Example
To display information about the management VLAN interface (assume that VLAN 1 is
the management VLAN) type the following:
View
Description
Related Command
Any view
Description string
interface VLAN-interface
display ip host
Purpose
Use the display ip host command to display all host names and their
corresponding IP addresses.
Syntax
display ip host
Parameters
None.
Example
To display all host names and their corresponding IP addresses, type the following:
<S4200G> display ip host
Host
Age
My
0
Aa
0
Flags
static
static
Address(es)
1.1.1.1
2.2.2.4
View
Field
Description
Host
Host name
Age
Flags
Flag
Address(es)
Host IP address
Any view
Syntax
Parameters
brief
interface-type
interface-number
Example
View
Any view
display ip routing-table
Purpose
Syntax
display ip routing-table
Parameters
None
Example
Nexthop
Interface
1.1.1.1
Vlan-interface1
127.0.0.1 InLoopBack0
127.0.0.1 InLoopBack0
127.0.0.1 InLoopBack0
Description
Destination/Mask
Protocol
Pre
Routing preference
Cost
Route cost
Nexthop
Interface
Each line in the table represents one route. The displayed information includes
destination address/mask length, protocol, preference, cost, next hop and output
interface.
View
Description
Any view
This command displays the summary information about a routing table, with the
items of a routing entry contained in one line. The information displayed includes
destination IP address/mask length, protocol, preference, cost, next hop and
outbound interface.
The display ip routing-table command only displays the routes currently in use, that is,
the optimal routes
Use the display ip routing-table acl command to display the routes permitted
by the specified basic ACL.
Syntax
Parameters
acl-number
verbose
Example
Display the summary information about the active routes permitted by ACL 2000.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] acl number 2000
[S4200G-acl-basic-2000] rule permit source 10.1.1.1 0.0.0.255
[S4200G-acl-basic-2000] rule deny source any
[S4200G-acl-basic-2000] display ip routing-table acl 2000
Routes matched by access-list 2000:
Summary count: 2
Destination/Mask
Protocol Pre Cost
Nexthop
Interface
10.1.1.0/24
DIRECT
0 0
10.1.1.2
Vlan-interface1
10.1.1.2/32
DIRECT 0 0
127.0.0.1
InLoopBack0
Description
Destination/Mask
Protocol
Pre
Routing preference
Cost
Route cost
Nexthop
Interface
Display the detailed information about the active and inactive routes permitted by
ACL 2000.
<S4200G> display ip routing-table acl 2000 verbose
Routes matched by access-list 2000:
+ = Active Route, - = Last Active, # = Both
* = Next hop in use
Summary count: 2
**Destination: 10.1.1.0
Mask: 255.255.255.0
Protocol: #DIRECT
Preference: 0
*NextHop: 10.1.1.2
Interface: 10.1.1.2(Vlan-interface1)
Vlinkindex: 0
State: <Int ActiveU Retain Unicast>
Age: 7:24
Cost: 0/0
**Destination: 10.1.1.2
Mask: 255.255.255.255
Protocol: #DIRECT
Preference: 0
*NextHop: 127.0.0.1
Interface: 127.0.0.1(InLoopBack0)
Vlinkindex: 0
State: <NoAdvise Int ActiveU Retain Gateway Unicast>
Age: 7:24
Cost: 0/0
Table 35
Field
Description
Destination
Destination address
Mask
Mask
Protocol
Preference
Routing preference
Nexthop
Interface
Outbound interface, through which the data packets destined for the
destination network segment are to be transmitted
Vlinkindex
State
Table 35
View
Field
Description
Age
The time period during which the route is allowed in the routing
table, in the form of hh:mm:ss.
Cost
Description
Any view.
This command is used to display the routes that passed the filtering rules in the
specified ACL.
The command only displays routes that passed basic ACL filtering rules.
Syntax
Parameters
ip-address
mask
longer-match
verbose
Example
Description
Destination/Mask
Protocol
Pre
Routing preference
Cost
Route cost
Nexthop
Interface
Display the detailed information of the routes with destination addresses matched
within the natural mask range.
Description
Destination
Destination address
Mask
Mask
Protocol
Preference
Routing preference
Nexthop
Interface
Outbound interface, through which the data packets destined for the
destination network segment are to be transmitted
Vlinkindex
Description
State
View
Age
The time period during which the route is allowed in the routing
table, in the form of hh:mm:ss.
Cost
Description
Any view
For the destination address ip-address, if there are some routes matched within the
natural mask range, all subnet routes will be displayed. Otherwise, only the active
routes which match ip-address longest will be displayed.
Only the routes that match exactly the specified destination address and mask are
displayed.
All routes with destination addresses matched within the natural mask range will be
displayed.
If the destination address, ip_address, has a corresponding route in natural mask
range, this command will display all subnet routes or only the route best matching the
destination address, ip_address, is displayed. And only the active matching route is
displayed.
Syntax
Parameters
Example
ip-address1 ip-address2
verbose
Display the information about the routes with their destinations within the range of
1.1.1.0 to 2.2.2.0.
<S4200G> display ip routing-table 1.1.1.0 24 2.2.2.0 24
Routing tables:
Summary count: 3
Destination/Mask
Protocol
Pre Cost
Nexthop
Interface
1.1.1.0/24
DIRECT
0 0
1.1.1.1
Vlan-interface1
Description
Destination/Mask
Protocol
Pre
Routing preference
Cost
Route cost
Nexthop
View
Field
Description
Interface
Any view
Syntax
Parameters
ip-prefix-name
verbose
Example
Display the summary information about the active routes matching the IP prefix list
named abc2 (assuming that the IP prefix list permits the routes with their prefix being
10.1.1.0 and the mask length in the range of 24 to 32).
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] ip ip-prefix abc2 permit 10.1.1.0 24 less-equal 32
[S4200G] display ip routing-table ip-prefix abc2
Routes matched by ip-prefix abc2:
Summary count: 2
Destination/Mask
Protocol Pre Cost
Nexthop
Interface
10.1.1.0/24
DIRECT
0
0
10.1.1.2
Vlan-interface1
10.1.1.2/32
DIRECT
0
0
127.0.0.1
InLoopBack0
Description
Destination/Mask
Protocol
Pre
Routing preference
Cost
Route cost
Nexthop
Interface
Display the detailed information about the active and inactive routes matching the IP
prefix list named abc2.
<S4200G> display ip routing-table ip-prefix abc2 verbose
Routes matched by ip-prefix abc2:
+ = Active Route, - = Last Active, # = Both
* = Next hop in use
Summary count: 2
**Destination: 10.1.1.0
Mask: 255.255.255.0
Protocol: #DIRECT
Preference: 0
*NextHop: 10.1.1.2
Interface: 10.1.1.2(Vlan-interface1)
Vlinkindex: 0
State: <Int ActiveU Retain Unicast>
Age: 3:23:44
Cost: 0/0
Tag: 0
**Destination: 10.1.1.2
Mask: 255.255.255.255
Protocol: #DIRECT
Preference: 0
*NextHop: 127.0.0.1
Interface: 127.0.0.1(InLoopBack0)
Vlinkindex: 0
State: <NoAdvise Int ActiveU Retain Gateway Unicast>
Age: 3:23:44
Cost: 0/0
Tag: 0
Description
Destination
Destination address
Mask
Mask
Protocol
Preference
Routing preference
Nexthop
Interface
Outbound interface, through which the data packets destined for the
destination network segment are to be transmitted
Vlinkindex
Description
State
View
Age
The time period during which the route is allowed in the routing
table, in the form of hh:mm:ss.
Cost
Description
Any view
You can use this command to trace routing policies and display the routes matching a
specified IP prefix list.
If the specified IP prefix list does not exist, the detailed information about all the active
and inactive routes is displayed when you execute this command with the verbose
keyword specified, and only the summary information about all the active routes is
displayed if you execute this command with the verbose keyword not specified.
Without the verbose parameter, this command displays the summary of the active
routes that passed filtering rules.
Syntax
Parameters
protocol
Example
inactive
verbose
Interface
Vlan-interface1
View
Field
Description
Destination/Mask
Protocol
Pre
Routing preference
Cost
Route cost
Nexthop
Interface
Any view
Use the display ip routing-table radix command to view the route information
in a hierarchical (tree) structure.
Syntax
Parameters
None
Example
View
Field
Description
INET
Address family
Inodes
Number of nodes
Routes
Number of routes
Any view
Syntax
Parameters
None
Example
deleted
0
0
0
View
Field
Description
Proto
route
active
added
Number of the routes that are added to the routing table after the
switch starts or the routing table is cleared last time.
deleted
Number of the routes with deleted flags (this type of routes will be
freed after a period of time).
Total
Description
Any view
Syntax
Parameters
None
Example
Destinations: 2
Routes: 2
Holddown: 0
Delete: 0
Hidden: 0
**Destination: 127.0.0.0
Mask: 255.0.0.0
Protocol: #DIRECT
Preference: 0
*NextHop: 127.0.0.1
Interface: 127.0.0.1(InLoopBack0)
State: <NoAdvise Int ActiveU Retain Unicast>
Age: 57:12
Cost: 0/0
**Destination: 127.0.0.1
Mask: 255.255.255.255
Protocol: #DIRECT
Preference: 0
*NextHop: 127.0.0.1
Interface: 127.0.0.1(InLoopBack0)
State: <NotInstall NoAdvise Int ActiveU Retain Gateway Unicast>
Age: 57:12
Cost: 0/0
The statistics of the routing table are displayed first, and then the detailed
descriptions of each route. Other generated information is described in Table 44.
Table 44 Output description of the display ip routing-table verbose command
View
Descriptor
Meaning
Holddown
Delete
Hidden
Description
Any view
This command displays the detailed information about the routing table, in the order
of route state, statistics of the routing table, and the information about each route.
You can use this command to display all the routes, including the inactive and invalid
routes
display ip socket
Purpose
Use the display ip socket command to display the information about the sockets
in the current system.
Syntax
Parameters
sock-type
task-id
socket-id
Example
To display the information about the socket of TCP type, enter the following:
<S4200G>display ip socket socktype 1
SOCK_STREAM:
Task = VTYD(18), socketid = 1, Proto = 6,
LA = 0.0.0.0:23, FA = 0.0.0.0:0,
sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0,
socket option = SO_ACCEPTCONN SO_KEEPALIVE SO_SENDVPNID
SO_SETKEEPALIVE,
socket state = SS_PRIV SS_ASYNC
Task = VTYD(18), socketid = 2, Proto = 6,
LA = 10.153.17.99:23, FA = 10.153.17.56:1161,
sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0,
socket option = SO_KEEPALIVE SO_OOBINLINE SO_SENDVPNID SO_SETKEEPALIVE,
socket state = SS_ISCONNECTED SS_PRIV SS_ASYNC
Task = VTYD(18), socketid = 3, Proto = 6,
LA = 10.153.17.99:23, FA = 10.153.17.82:1121,
sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0,
socket option = SO_KEEPALIVE SO_OOBINLINE SO_SENDVPNID SO_SETKEEPALIVE,
socket state = SS_ISCONNECTED SS_PRIV SS_ASYNC
Description
SOCK_STREAM
Task
The ID of a task
socketid
The ID of a socket
Proto
sndbuf
rcvbuf
sb_cc
The current data size in the sending buffer. The value makes sense
only for the socket of TCP type, because only TCP is able to cache
data
rb_cc
View
Field
Description
socket option
socket state
Any view
display ip statistics
Purpose
Use the display ip statistics command to view the statistics information about
IP packets.
Syntax
display ip statistics
Parameters
None
Example
local
bad format
bad options
local
no route
112
0
0
27
2
output
couldn't fragment 0
timeouts
0
Output:
Fragment:
Reassembling:
Description
sum
local
bad protocol
bad format
bad checksum
bad options
forwarding
local
dropped
no route
compress fails
input
output
dropped
fragmented
couldn't fragment
sum
timeouts
View
Related Commands
Any view
reset ip statistics
Use the display isolate port command to display the information about the
Ethernet ports added to an isolation group.
Syntax
Parameters
None
Example
Display the information about the Ethernet ports added to the isolation group.
<S4200G>display isolate port
Isolated port(s) on UNIT 1:
GigabitEthernet1/0/2, GigabitEthernet1/0/3, GigabitEthernet1/0/4
View
Any view
Use the display lacp system-id command to view actor system ID, including
system priority and system MAC address.
Syntax
Parameters
None
Example
View
Related Commands
Any view
Syntax
Parameters
interface-type
interface-name
to
Example
Description
Selected AggID
Local:
View
Any view
Description
Link aggregation group ID, port priority, operation key and protocol status flag of
the port at the local end,
Device ID, port number, port priority, operation key and protocol status flag at the
remote end, and,
For a manual aggregation group, value 0 is displayed for all the above items of the
remote end (which does not indicate the real information of the remote end), since
information about the remote end cannot be obtained for a manual aggregation
group.
Related Command
Syntax
Parameters
None
Example
View
Field
Description
Actor ID
AL ID
Aggregation group ID
AL Type
Partner ID
Select Ports
Unselect Ports
Share Type
Master Port
Any view
Use the display link-aggregation verbose command to display the details about
a specified aggregation group.
Syntax
Parameters
agg-id
Example
View
Description
Any view
Aggregation group ID, aggregation group type, load sharing type, aggregation
group description,
Local end details: device ID, member port, port status, port priority, operation key
and protocol status flag, and
Remote end details: local end port, and corresponding port index, port priority,
operation key, device ID and protocol status flag of the remote end.
For a manual aggregation group, value 0 is displayed for all the above items of the
remote end (which does not indicate the real information of the remote end), since
information about the remote end cannot be obtained for a manual aggregation
group.
Use the display local-server statistics command to view the statistics of all
local RADIUS authentication server.
Syntax
Parameters
None
Example
To display the statistics about local RADIUS authentication server, enter the following:
<S4200G> display local-server statistics
The localserver packet statistics:
Receive:
30
Send:
Discard:
0
Receive Packet Error:
Auth Receive:
10
Auth Send:
Acct Receive:
20
Acct Send:
View
Related Command
Any view
local-server
30
0
10
20
display local-user
Purpose
Use the display local-user command to view information about all the local
users or the specified one(s).
Syntax
Parameters
domain isp-name
idle-cut
vlan vlan-id
service-type
state
user-name user-name
ftp
ssh
telnet
<
>
Example
L--LanAccess
S--SSH
View
Field
Description
State
ServiceType Mask
Idle-Cut
Access-Limit
Current AccessNum
Bind location
Vlan ID
IP address
MAC address
Any view
Description
This command displays the relevant information about a specified or all the local
users. The output can help you with the fault diagnosis and troubleshooting related
to local user.
Related Command
local-user
display logbuffer
Purpose
Use the display logbuffer command to display the status of the log buffer and
the records in the log buffer.
Syntax
Parameters
unit-id
Unit identification
level
severity
Example
Severity
Value
Description
emergencies
Emergent errors
alerts
critical
Critical errors
errors
warnings
notifications
informational
debugging
Debug information
size
buffersize
begin
exclude
include
regular-expression
Regular expression.
Display the status of the log buffer and the records in the log buffer.
screen display
<S4200G> display logbuffer
Logging buffer configuration and contents:enabled
Allowed max buffer size : 1024
View
Any view
Use the display logbuffer summary command to display the summary of the
log buffer.
Syntax
Parameters
Level severity
Example
View
Any view
display-loopback-detection 235
display-loopback-detection
Purpose
Syntax
display loopback-detection
Parameters
None
Example
View
Fields
Explanation
Port GigabitEthernet1/0/1
loopback-detection is running.
Description
Any view
If loopback detection is enabled, the time interval for loopback detection and the
loopback ports will also be displayed.
display mac-address
Purpose
Use the display mac-address command to display MAC address table information.
Syntax
Parameters
display-option
Description
interface interface-type
Displays information about the MAC address
interface-number [ vlan vlan-id ] [ count entries concerning a specified port.
]
Example
count
statistics
mac-addr
static
dynamic
blackhole
interface-type
interface-number
vlan-id
count
statistics
Display the MAC address table information about the MAC address of
00e0-fc01-0101.
<S4200G> display mac-address 00e0-fc01-0101
MAC ADDR
VLAN ID STATEPORT INDEX
AGING TIME(s)
00
View
Field
Description
MAC ADDR
MAC address
VLAN ID
STATE
The state of the MAC address. The value of this field can be "Static",
"Learned", and so on.
PORT INDEX
AGING TIME(s)
Aging time
Description
Related Commands
Any view
Use the display mac-address command to display information about MAC address
entries in a MAC address table, including: MAC address, VLAN and port
corresponding to the MAC address, the type (static or dynamic) of a MAC address
entry, aging time and so on.
mac-address
mac-address timer
Use the display mac-address aging-time command to display the aging time of
the dynamic entry in the MAC address table.
Syntax
Parameters
None
Example
The output information indicates that the aging time of the dynamic MAC address
entries is 300 second.
View
Related Commands
Any view
display mac-address
mac-address
mac-address timer
Syntax
Parameters
Example
Display all the multicast MAC address entries manually configured in VLAN 1.
<S4200G>display mac-address multicast static vlan 1
MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)
0100-0000-0001 1 Config static GigabitEthernet1/0/1 NOAGED
000f-e207-f2e0 1 Learned GigabitEthernet1/0/28 AGING
--- 2 mac address(es) found ---
View
Description
Any view
Executing this command with neither mac-address vlan vlan-id nor vlan
vlan-id will display all the multicast MAC address entries added on the switch.
Executing this command with vlan vlan-id but without mac-address will
display all the multicast MAC address entries manually added in the specified
VLAN.
Executing this command with both mac-address and vlan vlan-id will display
the multicast MAC address entry manually added in the specified VLAN with the
specified multicast MAC address.
Syntax
Parameters
interface-type
interface-number
vlan-id
count
Example
View
Description
Any view
By checking the output of this command, you can verify the current configuration.
display mac-authentication
Purpose
Timer settings
Syntax
Parameters
interface-list
Example
View
Field
Description
authentication mode
quiet period
current domain
The information about the silent user. When the user fails to
pass MAC address authentication because of inputting error
user name and password, the switch sets the user to be in
quiet state. During quiet period, the switch does not
authenticate this user.
GigabitEthernet1/0/1 is link-up
Authenticate state
CONNECTING: Connecting
LOGOFF: Offline
MAC ADDR
Authenticate state
AuthIndex
Any view
display memory
Purpose
Use the display memory command to display the memory usage of a specified
switch.
Syntax
Parameters
unit-id
Example
<S4200G>display memory
Unit 1
System Available Memory(bytes): 37238784
System Used Memory(bytes): 8201352
Used Rate: 22%
View
Field
Description
Used Rate
Any view
display mirroring-group
Purpose
Syntax
Parameters
group-id
local
remote-destination
remote-source
all
Example
View
Description
Any view
Group number
Group status
Group number
Group status
Group number
Group status
display ndp
Purpose
Use the display ndp command to display global NDP configuration information,
including the interval to send NDP packets, the holdtime of NDP information, and the
information about the neighbors of all the ports.
Syntax
Parameters
interface port-list
Example
Description
Neighbor Discovery
Protocol is enabled
Neighbor Discovery
Protocol Ver: 1
Hello Timer:
Aging Timer:
The holdtime of the NDP information sent by the local switch is 180
seconds.
Interface:
Status: Enabled
Pkts Snd:
Pkts Rvd:
Pkts Err:
Neighbor 1: Aging
Time:
MAC Address
Port Name
View
Field
Description
Software Ver
Device Name
Port Duplex
Product Ver
Any view
display ntdp
Purpose
Use the display ntdp command to display the global NTDP information. The
information includes the range (in hop count) within which topology information is
collected, the interval to collect topology information (the NTDP timer), the delay time
for a device to forward topology-collection requests, the delay time for a
topology-collection request to be forwarded through a port, and the time cost during
the last topology collection.
Syntax
display ntdp
Parameters
None
Example
Description
NTDP is running.
Hops
Timer
Hop Delay
Port Delay
View
Any view
Use the display ntdp device-list command to display the device information
collected through NTDP.
Syntax
Parameters
verbose
Example
PLATFORM
S5100-EI
S5100-EI
S5100-EI
S5100-EI
3Com S3528P
S5100-EI
View
Field
Description
MAC
HOP
PLATFORM
IP
Any view
Syntax
Parameters
h-h-h
Example
Display the information about the switch whose MAC address is 00e0-fc00-5111 in
detail.
Peer Port ID
Native Port ID
Speed
GigabitEthernet1/0/7
1000
Description
Hostname
MAC
Hop
Platform
IP
Version
Version information
Cluster
Cluster information
Administrator MAC
Stack
Stack information
Peer MAC
Peer Port ID
Native Port ID
View
Field
Description
Speed
Duplex
Cluster view
Use the display ntp-service sessions command to display the status of all the
sessions maintained by NTP (Network Time Protocol) service provided by the local
equipment.
Syntax
Parameters
verbose
Default
By default, the status of all the sessions maintained by NTP service provided by the
local equipment will be displayed.
Example
Description
View
Field
Description
source
reference
stra
reach
poll
Polling interval in seconds, that is, the maximum interval between two
successive messages
now
offset
Clock offset
delay
Network delay
disper
The maximum offset of the local clock with regard to the reference clock
Description
Any view
When you configure this command without the verbose parameter, the Switch will
only display brief information about all the sessions it maintains.
With the verbose parameter configured, the Switch will display detailed information
about all the sessions it maintains.
Use the command display ntp-service status to display the NTP service status.
Syntax
Parameters
None
Example
View
Description
Any view.
Meaning
clock status:unsynchronized
clock stratum: 16
reference clock ID
nominal frequency
actual frequency
clock precision
clock offset
root delay
root dispersion
peer dispersion
reference time
Reference timestamp.
Use the display ntp-service trace command to display the brief information of
each NTP time server along the time synchronization chain from the local device to
the reference clock source.
Syntax
Parameters
None
Example
ntp-service trace
4, offset 0.0019529,
3, offset 0.0124263,
2, offset 0.0019298,
1, offset 0.0019298,
synch
synch
synch
synch
distance
distance
distance
distance
0.144135
0.115784
0.011993
0.011993 refid
View
Any view
display packet-filter
Purpose
Syntax
Parameters
interface-type
interface-num }
unit-id
Example
View
Any view
display port
Purpose
Use the display port command to display all current ports with their type indicated.
Syntax
Parameters
hybrid
trunk
combo
vlan-vpn
Example
The example above indicates that the current configuration has two hybrid ports,
Ethernet1/0/1 and Ethernet1/0/2.
View
Any view
display port-security
Purpose
Syntax
Parameters
Example
View
Field
Description
Disableport Timeout: 20 s
OUI value
GigabitEthernet1/0/1 is link-up
Intrusion mode is
disableportTemporarily
Description
Any view
This command will display global and all ports' security configuration information
if the interface-list argument is not specified.
This command will display global and particular port's security configuration
information if the interface-list argument is specified.
Use the display port vlan-vpn command to display the information about the
VLAN VPN configuration of the current system, including current TPID value,
VLAN-VPN ports, and VLAN-VPN uplink ports.
Syntax
Parameters
None
Example
View
Any view
display protocol-priority
Purpose
Syntax
display protocol-priority
Parameters
None
Example
View
Any view
Syntax
Parameters
None
Example
View
Any view
Syntax
Parameters
None
Example
View
Any view
Syntax
Parameters
None
Example
View
Any view
Syntax
Parameters
None
Example
View
Any view
Syntax
Parameters
None
Example
View
Any view
Syntax
Parameters
None
Example
View
Any view
Syntax
Parameters
None
Example
View
Any view
Use the display qos-interface all command to display all the QoS settings
of the port.
Syntax
Parameters
interface-name |
interface-type
interface-num
unit-id
Example
View
Description
Any view
Redirect configurations
Related Commands
port
traffic-limit
Syntax
Parameters
interface-type
interface-num
unit-id
Example
View
Any view
Description
This command displays the name and priority-trust mode of the port.
Related Command
priority trust
Use the display qos-interface traffic-limit command to view the traffic limit
settings.
Syntax
Parameters
interface-name |
interface-type
interface-num
unit-id
Example
View
Description
Related Commands
Any view
The name of the port and the name of the traffic policing action
Referenced ACL
port
Syntax
Parameters
interface-type
interface-num
unit-id
Example
To display the parameter configurations of traffic limit on the port, enter the
following:
<S4200G> display qos-interface gigabitethernet1/0/1 traffic-shape
GigabitEthernet1/0/1 Port Shaping: Enable
20 kbps, 4 burst
QID:
status
max-rate(kbps)
burst-size(byte)
---------------------------------------------------0 :
Disable
0
0
1 :
Disable
0
0
2 :
Disable
0
0
3 :
Disable
0
0
4 :
Disable
0
0
5 :
Disable
0
0
6 :
Disable
0
0
7 :
Disable
0
0
View
Description
Related Command
Any view
traffic shape
Syntax
Parameters
interface-name |
interface-type
interface-num
unit-id
Example
View
Description
Related Commands
Any view
The name of the port and the name of the traffic statistics
Referenced ACL
port
traffic-statistic
display qos-profile
Purpose
Use the display qos-profile command to view the configurations of the QoS
profile.
Syntax
Parameters
all
name profile-name
interface { interface-name
| interface-type
interface-num }
Displays QoS profiles applied on the specified port.
user user-name
Example
To display the configurations of all the QoS profiles, enter the following:
<S4200G> display qos-profile all
qos-profile: test, 2 actions
packet-filter inbound ip-group 2000 rule 0
traffic-limit inbound ip-group 2000 rule 0 1
View
Description
Any view
The name of the QoS profile and the number of configured actions
display queue-scheduler
Purpose
Use the display queue-scheduler command to view queue scheduling mode and
corresponding parameters.
Syntax
display queue-scheduler
Parameters
None
Default
Example
To display the queue-scheduling mode and the related parameters, enter the
following:
<S4200G> display queue-scheduler
QID:
scheduling-group
weight
----------------------------------0 :
sp
0
1 :
sp
0
2 :
sp
0
3 :
sp
0
4 :
sp
0
5 :
sp
0
6 :
sp
0
7 :
sp
0
View
Description
Related Command
Any view
Queue ID
queue-scheduler
display radius
Purpose
Use the display radius command to view the configuration information about all
RADIUS schemes or a specified scheme.
Syntax
Parameters
radius-scheme-name
Example
To display the configuration information about all RADIUS schemes, enter the
following:
Description
SchemeName
Index
Type
View
Field
Description
Accounting method
Accounting method
TimeOutValue (seconds)
RetryTimes
RealtimeACCT(in minute)
Quiet-interval(min)
Wait time for the primary servers to restore the active state
Username format
Packet unit
Related Command
Any view
radius-scheme
Use the display radius statistics command to view the statistics information
about RADIUS packet.
Syntax
Parameters
None
Example
AuthSucc=0
RLTWait=0
Stop=0
,
,
,
,
,
,
,
,
,
,
,
,
,
,
Err=0
Err=0
Err=0
Err=0
Err=0
Err=0
Err=0
Err=0
Err=0
Err=0
Err=0
Err=0
Err=0
Err=0
,
,
,
,
,
,
,
,
,
,
,
,
,
,
Succ=0
Succ=0
Succ=0
Succ=0
Succ=0
Succ=0
Succ=0
Succ=0
Succ=0
Succ=0
Succ=0
Succ=0
Succ=0
Succ=0
No-response-acct-stop packet =0
Discarded No-response-acct-stop packet for buffer overflow =0
0
View
Related Command
Any view
radius-scheme
Use the display rmon alarm command to display the configuration of a specified
alarm entry or all the alarm entries.
Syntax
Parameters
alarm-table-entry
Example
View
Field
Description
Samples type
Related Command
Any view
rmon alarm
Use the display rmon event command to display the configuration of a specified
event entry or all the event entries.
Syntax
Parameters
event-entry
Example
View
Field
Description
Event table 1
VALID
Description
Event description
Any view
Description
The displayed information includes: event entry index, event entry owner, event
description, the action triggered by the event (log or alarm messages), and the time
(in seconds) when the latest event is triggered (in terms of the time elapsed since the
system is started/initialized).
Related Command
rmon event
Use the display rmon eventlog command to display the log of a specified event
entry or all the event entries.
Syntax
Parameters
event-entry
Example
View
Description
Any view
The displayed information includes: the indexes and status of the event entries in the
event table, the time (in seconds) when an event log is generated (in terms of the
time elapsed since the system is started or initialized), and the event description.
Use the display rmon history command to display the RMON history information
about a specified port. The information about the latest sample, including utilization,
the number of errors, the total number of packets and so on, is also displayed.
Syntax
Parameters
interface-type
interface-number
Interface number
unit unit-number
Example
View
Related Command
Any view
rmon history
Syntax
Parameters
prialarm-entry-number
Example
View
Related Command
Any view
rmon prialarm
Use the display rmon statistics command to display the RMON statistics of a
specified port.
Syntax
Parameters
interface-type
Interface type.
interface-number
Interface number.
unit unit-number
Example
View
:
:
:
:
:
0
0
0
0
0
Any view
Description
The displayed information include the number of the following items: collisions,
packets with CRC errors, undersize or oversize packets, broadcast packets, multicast
packets, received bytes, and received packets.
Related Command
rmon statistics
Use the display rsa local-key-pair public command to display the public
key of the server host key pair. If no key pair is generated, the system prompts %RSA
keys not found.
Syntax
Parameters
None
Example
View
Related Command
Any view
Use the display rsa peer-public-key command to display the client public
key of the specified RSA key pair. If no key name is specified, the command displays
all public keys of the client
Syntax
Parameters
brief
keyname
Example
View
Any view
64B0DF17 8C55FA83
B809808E B0D1F52D
A0DCC48E 3306367F
828D55A3 6F1CDDC4
display saved-configuration
Purpose
Syntax
Parameters
unit unit-id
by-linenum
Example
#
interface Ethernet1/0/14
#
interface Ethernet1/0/15
#
interface Ethernet1/0/16
#
interface Ethernet1/0/17
#
interface Ethernet1/0/18
#
interface Ethernet1/0/19
#
interface Ethernet1/0/20
#
interface Ethernet1/0/21
#
interface Ethernet1/0/22
#
interface Ethernet1/0/23
#
interface Ethernet1/0/24
#
interface GigabitEthernet1/1/1
#
interface GigabitEthernet1/2/1
#
interface NULL0
#
management-vlan 2
#
user-interface aux 0 7
user-interface vty 0 4
#
return
The configurations above are listed in the following order: global, port configuration,
and user interface configurations.
View
Description
Any view
If an Ethernet switch does not work normally after it is powered on, you can use the
display saved-configuration command to view the startup configurations
of the switch.
Syntax
Parameters
None
Example
View
Related Command
Any view
reboot
schedule reboot at
display snmp-agent
Purpose
Use the display snmp-agent command to view engine ID of the local or remote
SNMP entity.
Syntax
Parameters
local-engineid
remote-engineid
Example
View
Description
Any view
The SNMP engine is a unique identifier of an SNMP entity in the SNMP domain. It
performs the function of sending, receiving and authenticating SNMP messages,
extracting PDUs, packet encapsulations, and communication with SNMP applications.
Use the display snmp-agent community command to view the information about
the currently configured community names for SNMPv1 or SNMPv2c.
display snmp-agent community [ read | write ]
Parameters
Example
read
write
View
Field
Description
community name
community name
Group name
Group name
storage-type
Any view
Use the display snmp-agent group command to view group name, security model,
state of various views and storage models.
Syntax
Parameters
groupname
Example
View
Field
Description
groupname
Security model
readview
writeview
notifyview
storage-type
Any view
The display snmp-agent mib-view command is used to view the MIB view
configuration information of the current Ethernet switch.
Syntax
Parameters
exclude
include
viewname
view-name
Example
View
Field
Description
View name
View name
MIB Subtree
MIB Subtree
Storage-type
Storage type
ViewType: included/excluded
View status
Description
Any view
The display snmp-agent mib-view command is used to view the MIB view
configuration information of the Switch.
If the SNMP Agent is disabled, "SNMP Agent disabled" will be displayed after you
execute the above display commands.
Syntax
Parameters
None
Example
Description
0 Messages delivered to the SNMP entity Total number of the input SNMP packets
0 Messages which were for an
unsupported version
Description
0 SNMP PDUs which had a general error Number of SNMP packets with General_errors
0 SNMP PDUs which had a noSuchName Number of the packets requesting nonexistent MIB
error
objects
0 SNMP PDUs which had a tooBig error
(Maximum packet size 1500)
View
Description
Any view
Use the display snmp-agent sys-info command to view the system information
of SNMP configuration.
Syntax
Parameters
contact
location
version
Example
Description
Any view
The information includes the character string sysContact (system contact), the
character string describing the system location, the version information about the
running SNMP in the system.
Syntax
Parameters
None
Example
View
Related Command
Any view
Syntax
Parameters
engineid
username
groupname
Example
View
Field
Description
User name
Group name
Engine ID
Storage type
userStatus
Any view
Use the display ssh server command to display the status or session
information about the SSH server
Syntax
Parameters
status
session
Example
View
Related Commands
Any view
Username
1
Syntax
Parameters
None
Example
Display the association between the server public keys and the servers.
<S4200G> display ssh server-info
Server Name(IP)
Server public key name
______________________________________________________
192.168.0.1
abc_key01
192.168.0.2
abc_key02
View
Any view
Syntax
Parameters
username
Example
View
Related Commands
Any view
display startup
Purpose
Syntax
Parameters
unit unit-id
Example
Unit ID of a switch.
View
Related Command
Any view
startup saved-configuration
NULL
flash:/123.cfg
flash:/back.cfg
enabled
display stop-accounting-buffer
Purpose
Syntax
Parameters
radius-scheme
radius-scheme-name
session-id session-id
time-range start-time
stop-time
<
>
Example
View
Description
Any views
Related Command
reset stop-accounting-buffer
stop-accounting-buffer enable
retry stop-accounting
display stp
Purpose
Use the display stp command to display the state and statistical information
about one or all spanning trees.
Syntax
Parameters
instance-id
interface-list
Example
slot slot-number
brief
To display the state and statistical information about a spanning tree, enter the
following:
<S4200G> display stp instance 0 interface GigabitEthernet 1/0/1 to
GigabitEthernet 1/0/4 brief
MSTID
Port
Role STP State
Protection
0
GigabitEthernet1/0/1
ALTE DISCARDING
LOOP
0
GigabitEthernet1/0/2
DESI FORWARDING
NONE
0
GigabitEthernet1/0/3
DESI FORWARDING
NONE
0
GigabitEthernet1/0/4
DESI FORWARDING
NONE
View
Field
Description
MSTID
Port
Role
Port role
STP State
Protection
Description
Any view
The state and statistical information about MSTP can be used to analyze and maintain
the topology of a network. It also can be used to make MSTP operating properly.
If neither spanning tree instance nor port list is specified, the command displays
spanning tree information about all spanning tree instances on all ports in order of
port number.
If only a port list is specified, the command displays information about all spanning
tree instances on these ports in order of port number.
If both a spanning tree instance and a port list are specified, the command displays
spanning tree information about the specified spanning tree instance and the
specified ports in order of spanning tree instance ID.
Global CIST parameters: Protocol operation mode, switch priority in the CIST
instance, MAC address, Hello time, Max Age, Forward delay, Max hop count, the
common root bridge of the CIST, the external path cost for the switch to reach the
CIST common root bridge, the region root, the internal path cost for the switch to
reach the region root, CIST root port of the switch, and the status of the BPDU
protection function (enabled or disabled).
CIST port parameters: Port protocol, port role, port priority, path cost, the
designated bridge, the designated port, edge port/non-edge port, connected/not
connected to a point-to-point link, the maximum transmission speed, the type of
the root protection feature, VLAN mappings, Hello time, Max age, Forward delay,
Message-age time, and Remaining-hops.
Global MSTI parameters: MSTI ID, bridge priority of the instance, region root,
internal path cost, MSTI root port, and Master bridge.
MSTI port parameters: Port status, role, priority, path cost, the designated bridge,
the designated port, and Remaining Hops.
The statistics includes the number of the TCN BPDUs, the configuration BPDUs, the
RST BPDUs, and the MST BPDUs transmitted/received by the port.
Related Command
reset stp
Syntax
Parameters
None
Example
Vlans Mapped
21 to 4094
1 to 10
11 to 20
Description
Format selector
Region name
Revision level
Instance Vlans Mapped Spanning tree instance-to-VLAN mappings in the MST region
View
Related Command
Any view
stp region-configuration
Use the display tcp statistics command to view the statistics information about
TCP packets.
Syntax
Parameters
None
Example
Description
Received packets
Indicates that the following is the statistics for the received packets.
Total
packets in sequence
checksum error
offset error
short error
duplicate packets
Description
partially duplicate
packets
out-of-order packets
ACK packets
Sent packets
Indicates that the following is the statistics for the sent packets.
Total
urgent packets
control packets
View
data packets
ACK-only packets
Retransmitted timeout
connections dropped in
retransmitted timeout
Keepalive timeout
keepalive probe
keepalive timeout, so
connections
disconnected
Initiated connections
accepted connections
established connections
Closed connections
Description
Related Commands
Any view
The statistics are mainly divided into two parts: those for received packets, and those
for sent packets. Each part contains information about different types of packets,
such as duplicate packets and checksum error packets in received packets. At the end
of the display output are the statistics relevant to the connections, such as the
accepted connections, the number of the retransmitted packets, and the number of
keepalive probe packets. Most of the above statistics are offered in packets; several
ones are offered in bytes.
Use the display tcp status command to view the TCP connection state.
Syntax
Parameters
None
Example
Local Add:port
0.0.0.0:4001
100.0.0.204:23
Foreign Add:port
0.0.0.0:0
100.0.0.253:65508
View
Field
Description
Local Add:port
Foreign Add:port
State
Any view
State
Listening
Established
display this
Purpose
Use the display this command to display the current configuration performed in
the current view of the system.
Syntax
Parameters
by-linenum
Example
Display the running configuration parameters in the current view of the system with
each line number.
View
Description
Any view
After performing a group of configurations in a view, you can use the display
this command to verify the configuration results by checking the currently valid
parameters.
This command does not display the currently valid configuration parameters which
have the same values with the corresponding default working parameters.
This command does not display the parameters whose corresponding functions do
not take effect even though these parameters have been configured.
display time-range
Purpose
Use the display time-range command to view the configuration and status of the
current time range. You will see the active or inactive state outputs respectively.
Syntax
Parameters
all
name
Example
Description
Description
View
Related Command
Any view
time-range
display trapbuffer
Purpose
Use the display trapbuffer command to display the status of the trap buffer
and the records in the trap buffer.
Syntax
Parameters
unit-id
Unit identification.
size
buffersize
Example
Display the status of the trap buffer and the records in the trap buffer.
<S4200G> display trapbuffer
Trapping Buffer Configuration and contents:
enabled
allowed max buffer size : 1024
actual buffer size : 256
channel number : 3 , channel name : trapbuffer
dropped messages : 0
overwrote messages : 0
current messages : 6
#Dec 31 14:01:25 2004 S4200G DEV/2/LOAD FINISHED:
Trap 1.3.6.1.4.1.2011.2.23.1.12.1.20: frameIndex is 0, slotIndex 0.4
#Dec 31 14:01:33 2004 S4200G DEV/2/BOARD STATE CHANGE TO NORMAL:
Trap 1.3.6.1.4.1.2011.2.23.1.12.1.11: frameIndex is 0, slotIndex 0.2
#Dec 31 14:01:40 2004 S4200G DEV/2/BOARD STATE CHANGE TO NORMAL:
Trap 1.3.6.1.4.1.2011.2.23.1.12.1.11: frameIndex is 0, slotIndex 0.
View
Description
Any view
Executing the command with the size buffersize parameters will display the latest trap
records, with the number of the records being the specified size at most.
Syntax
Parameters
vlan_id
Example
View
Any view
display user-interface
Purpose
Syntax
Parameters
type number
number
summary
Example
Int
-
+
: Current user-interface is active.
F
: Current user-interface is active and work in async mode.
Idx : Absolute index of user-interface.
Type : Type and relative index of user-interface.
Privi: The privilege of user-interface.
Auth : The authentication mode of user-interface.
Int : The physical location of UIs.
A : Authenticate use AAA.
N: Current UI need not authentication.
P: Authenticate use current UI's password.
Description
Indicates that the current user interface is in use and working in asynchronous
mode
Idx
Type
Displays the user interface type and relative index of the user interface
Tx/Rx
Modem
Privi
Indicates the command level that can be accessed from this user interface
Auth
Int
(U)
(X)
View
Field
Description
0: U
UIs name
Description
Any view
display users
Purpose
Use the display users command to display the information about user interfaces. If
you do not specify the all keyword, only the information about the current user
interface is displayed.
Syntax
Parameters
all
Example
Ipaddress
Username
Userlevel
3
AUX 0
00:00:00
View
Field
Description
Indicates that the user interface is in use and is working in asynchronous mode
UI
The numbers in the left sub-column are the absolute user interface indexes, and
those in the right sub-column are the relative user interface indexes.
Delay
Indicates the interval from the latest input until now, in seconds.
Type
IPaddress
Username
Display the login name of the user who is using this interface
Userlevel
Any view
display users
Purpose
Use the display users command to display the status and configuration
information about user terminal interfaces. Use the display users all command to
view the information on all user terminal interfaces.
Syntax
Parameters
all
Example
To display the status and configuration information about user terminal interfaces.
<S4200G>
[S4200G] display users
UI
Delay
F 0
AUX 0
00:00:00
+
F
View
Type
Ipaddress
Username
Any view
Userlevel
3
display version
Purpose
Use the display version command to view the software version, issue date and the
basic hardware configuration information.
Syntax
display version
Parameters
None
Example
View
Any view
display vlan
Purpose
Use the display vlan command to display the ports operating in the
manual/automatic mode in the current voice VLAN.
Syntax
Parameters
vlan-id
Example
Display the ports included in the current voice VLAN, assuming that the current voice
VLAN is VLAN 6.
The output indicates that Ethernet1/0/5 and Ethernet1/0/6 ports are in the current
voice VLAN.
View
Related Command
Any view
display vlan
Purpose
Use the display vlan command to view related information about specified
VLANs or all VLANs.
Syntax
Parameters
vlan-id1
to
vlan-id2
all
static
dynamic
Example
GigabitEthernet1/0/3
View
Field
Description
VLAN ID
VLAN ID
VLAN Type
Route interface
Description
Description string
Name
VLAN name
Tagged Ports
Untagged Ports
Any view
Description
VLAN ID
Whether the routing function is enabled (If yes, the primary IP address and mask
are displayed.)
VLAN description
Member ports
If no value or keyword is specified, this command displays the list of all the existing
VLANs. If the dynamic or static keyword is specified, this command displays the list of
the VLANs that are created dynamically or statically.
Related Command
vlan
Use the display voice vlan oui command to display the currently supported
OUI addresses and the related information.
Syntax
Parameters
None
Examples
Display the OUI addresses and the related information of the voice VLAN.
<S4200G> display voice vlan oui
Oui Address
Mask
00e0-bb00-0000
ffff-ff00-0000
0003-6b00-0000
ffff-ff00-0000
00e0-7500-0000
ffff-ff00-0000
00d0-1e00-0000
ffff-ff00-0000
00aa-bb00-0000
ffff-ff00-0000
View
Related Command
Any view
Description
3com phone
Cisco phone
Polycom phone
Pingtel phone
ABC
Use the display voice vlan status command to display voice VLAN-related
information, including voice VLAN operation mode, port mode (manual mode or
automatic mode), and so on.
Syntax
Parameters
None
Example
Description
CAUTION: The "Current voice vlan enable port mode" field lists the ports with the
voice VLAN function enabled. Note that a port listed in this field may not currently
operate in a voice VLAN.
View
Related Commands
Any view
display vlan
330 domain
domain
Purpose
Use the domain command to create an ISP domain and enter its view, or enter the
view of an existing ISP domain, or configure the default ISP domain.
Use the undo domain command to delete a specified ISP domain.
Syntax
Parameters
isp-name
default
<
>
Default
By default, a domain named system has been created in the system. The attributes of
system are all default values. There is one and only one default ISP domain.
Example
View
System view
Description
domain 331
After you execute the domain command, the system creates a new ISP domain if the
specified ISP domain does not exist. Once an ISP domain is created, it is in the active
state. You can manually configure the default domain only when it already exists.
ISP domain is a group of users belonging to the same ISP. Generally, for a username in
the userid@isp-name format, taking gw20010608@3Com163.net as an example, the
isp-name (that is, 3Com163.net) following the @ is the ISP domain name. When
3Com 4200G Series Ethernet Switches control user access, as for an ISP user whose
username is in userid@isp-name format, the system will take userid part as
username for identification and take isp-name part as domain name.
The purpose of introducing ISP domain settings is to support the application
environment with several ISP domains. In this case, an access device may have
supplicants from different ISP domains. Because the attributes of ISP users, such as
username and password structures, service types, may be different, it is necessary to
separate them by setting ISP domains. In ISP Domain View, you can configure a
complete set of exclusive ISP domain attributes for each ISP domain, which includes
AAA schemes (RADIUS scheme applied and so forth.)
For a Switch, each supplicant belongs to an ISP domain. The system supports up to 16
ISP domains. If a user has not reported its ISP domain name, the system will put it into
the default domain.
When this command is used, if the specified ISP domain does not exist, the system
will create a new ISP domain. All the ISP domains are in the active state when they
are created.
Related Commands
access-limit
display domain
radius-scheme
state
332 dot1x
dot1x
Purpose
Use the dot1x command to enable 802.1x on the specified port or globally, (that is
on the current device).
Use the undo dot1x command to disable the 802.1x on the specified port or
globally.
Syntax
Parameters
interface interface-list Ethernet port list. You can specify multiple Ethernet
Default
By default, 802.1x is disabled on all the ports and globally on the device.
Example
View
System view
dot1x 333
Description
When being executed in system view, the dot1x command enables 802.1x globally if
you do not provide the interface-list argument. And if you specify the interface-list
argument, the command enables 802.1x for the specified Ethernet ports. When
being executed in Ethernet port view, this command enables 802.1x for the current
Ethernet port only. In this case, the interface-list argument is not needed.
You can perform 802.1x-related configurations (globally or on specified ports) either
before or after 802.1x is enabled. If you do not previously perform other
802.1x-related configurations when enabling 802.1x globally, the switch adopts the
default 802.1x settings.
802.1x-related configurations take effect on a port only after 802.1x is enabled both
globally and on the port.
Configurations of 8021.x and the maximum number of MAX addresses that can be
learnt are mutually exclusive. This means that when 802.1x is enabled for a port, it
cannot also have the maximum number of MAX addresses to be learned configured
at the same time. And if you configure the maximum number of MAX addresses that
can be learnt for a port, 802.1x is unavailable to it.
Related Command
display dot1x
dot1x authentication-method
Purpose
Syntax
Parameters
chap
pap
eap
Default
Example
View
Related Command
System view
display dot1x
dot1x dhcp-launch
Purpose
Syntax
dot1x dhcp-launch
undo dot1x dhcp-launch
Parameters
None
Default
Example
View
Related Command
System view
dot1x
dot1x guest-vlan
Purpose
Use the dot1x guest-vlan command to enable the Guest VLAN function for
specified ports.
Use the undo dot1x guest-vlan command to disable the Guest VLAN function
for specified ports.
Syntax
Parameters
vlan-id
interface-list
Example
To enable the Guest VLAN function for all ports, enter the following:
[S4200G] dot1x guest-vlan 1
View
System view
Description
When being executed in system view, these two commands apply to all ports if you
do not provide the interface-list argument. If you provide this argument, these two
commands apply to the specified ports.
When being executed in Ethernet port view, these two commands apply to the
current port and the interface-list argument is not needed.
CAUTION:
The Guest VLAN function is available only when the switch operates in the port-based
authentication mode.
Only one Guest VLAN can be configured for a switch.
Supplicant systems that are not authenticated, fail to pass the authentication, or are
offline belong to Guest VLANs.
Before configuring the Guest VLAN function, make sure the VLAN to be specified as
the Guest VLAN already exists.
Related Command
name
vlan-assignment-mode
dot1x max-user
Purpose
Use the dot1x max-user command to set the maximum number of systems an
Ethernet port can accommodate.
Use the undo dot1x max-user command to restore the default value.
Syntax
Parameters
user-number
interface-list
Example
View
Description
System view
When being executed in system view, these two commands apply to all Ethernet
ports of the switch if you do not provide the interface-list argument. And if you
specify the interface-list argument, these commands apply to the specified Ethernet
ports.
When being executed in Ethernet port view, these two commands apply to the
current Ethernet port only. In this case, the interface-list argument is not needed.
Related Command
display dot1x
dot1x port-control
Purpose
Use the dot1x port-control command to specify the access control method for
specified Ethernet ports.
Use the undo dot1x port-control command to revert to the default access control
method.
Syntax
Parameters
auto
authorized-force
unauthorized-force
interface-list
Default
Example
View
Description
System view
When being executed in system view, these two commands apply to all Ethernet
ports of the switch if you do not provide the interface-list argument. And if
you specify the interface-list argument, these commands apply to the
specified Ethernet ports.
When being executed in Ethernet port view, these two commands apply to the
current Ethernet port only. In this case, the interface-list argument is not
needed.
Related Command
display dot1x
dot1x port-method
Purpose
Use the dot1x port-method command to specify the access control method for
specified Ethernet ports.
Use the undo dot1x port-method command to restore the default access control
base.
Syntax
Parameters
macbased
portbased
interface-list
Default
The default access control method is MAC address-based. That is, the macbased
keyword is specified by default.
View
Example
Description
Related Command
Note:
If you specify to authenticate supplicant systems by MAC addresses (that is, the
macbased keyword is specified), all supplicant systems connected to the specified
Ethernet ports are authenticated separately. And if an online user logs off, others
are not affected.
If you specify to authenticate supplicant systems by port numbers (that is, the
portbased keyword is specified), all supplicant systems connected to a specified
Ethernet port are able to access the network without being authenticated if a
supplicant system among them passes the authentication. And when the
supplicant system logs off, the network is inaccessible to all other supplicant
systems either.
When being executed in system view, these two commands apply to all Ethernet
ports of the switch if you do not provide the interface-list argument. And if you
specify the interface-list argument, these commands apply to the specified
Ethernet ports.
When being executed in Ethernet port view, these two commands apply to the
current Ethernet port only. In this case, the interface-list argument is not needed.
display dot1x
dot1x quiet-period
Purpose
Syntax
dot1x quiet-period
undo dot1x quiet-period
Parameters
None
Default
Example
View
Description
Related Commands
System view
When a supplicant system fails to pass the authentication, the authenticator system
(such as a S4200G Ethernet switch) will stay quiet for a period (determined by the
quiet-period timer) before it performs another authentication. During the quiet
period, the authenticator system performs no 802.1x authentication.
display dot1x
dot1x timer
dot1x retry
Purpose
Use the dot1x retry command to specify the maximum number of times a switch
can transmit the authentication request frame to supplicant systems.
Use the undo dot1x retry command to restore the default.
Syntax
Parameters
max-retry-value
Example
To specify the maximum number of times that the switch will re-send authentication
request packets to be 9, enter the following:
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] dot1x retry 9
View
System view
Description
After the Switch has transmitted an authentication request frame to the user for the
first time, if no user response is received during the specified time-range, the Switch
will re-transmit authentication request to the user. This command is used to specify
how many times the Switch can re-transmit the authentication request frame to the
supplicant. When the time is 1, the Switch is configured to transmit the
authentication request frame only once. 2 indicates that the Switch is configured to
transmit authentication request frame once again when no response is received for
the first time and so on. This command has an effect on all the ports after
configuration.
Related Command
display dot1x
dot1x retry-version-max
Purpose
Syntax
Parameters
max-retry-version-value
Default
The default is 3.
Example
To configure the maximum number of times that the switch will re-send version
request packets to be 6, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] dot1x retry-version-max 6
View
Description
Related Commands
System view
Having sent a version request packet to the supplicant system, the switch will re-send
the packet if within a preset period (as determined by the client version timer) it still
has not received any response from the supplicant system. When the number set by
this command has reached and there is still no response from the supplicant system,
the switch will continue its following authentication without sending further version
requests. This command applies to all ports.
display dot1x
dot1x timer
dot1x timer
Purpose
Syntax
Parameters
handshake-period
handshake-period-value
quiet-period
quiet-period-value
Specifies how long the quiet period is. Valid values are
10 to 120 seconds. If not specified, the default is 60
seconds.
server-timeout
server-timeout-value
supp-timeout
Example
supp-timeout-value
tx-period
tx-period-value
ver-period
ver-period-value
To set the Authentication Server timeout timer to 150s, enter the following:
<SW4200G> system-view
System View: return to User View with Ctrl+Z.
[SW4200G]dot1x timer server-timeout 150.
View
System view
Description
During an 802.1x authentication process, multiple timers are triggered to ensure that
the supplicant systems, the authenticator systems, and the Authenticator servers
interact with each other in an arranged way. To make authentications being
processed in a desired way, you can use the dot1x timer command to set values for
these timers as needed. This may be necessary in certain situations or for some tough
network environments. Normally, the defaults are recommended. (Note that some
timers cannot be adjusted.)
Related Command
display dot1x
dot1x version-check
Purpose
Syntax
Parameters
interface-list
Default
Example
To configure GigabitEthernet1/0/1 port to check the version of the 802.1x client upon
receiving authentication packets, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] dot1x version-check
View
System view
Description
In system view, execution of the dot1x version-check command enables the client
version checking function for specified ports if the interface-list argument is specified,
otherwise it enables the function globally. In Ethernet port view, only the current port
can have their client version checking function enabled by executing this command
and the interface-list argument is not needed.
duplex 351
duplex
Purpose
Syntax
Parameters
Example
auto
full
half
View
Related Command
speed
Use the enable snmp trap updown command to enable the port to send LINK
UP and LINK DOWN Trap information.
Use the undo enable snmp trap command to disable the port to send LINK UP
and LINK DOWN Trap information.
Syntax
Parameters
None
Default
Example
Enable port GigabitEthernet1/0/1 to send LINK UP and LINK DOWN Trap information.
The community name public is used.
<S4200G> system-view
[S4200G] snmp-agent trap enable
[S4200G] snmp-agent target-host trap address udp-domain 10.1.1.1 params
securityname public
[S4200G] interface GigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] enable snmp trap updown
View
System view
Description
The enable snmp trap and snmp-agent target-host commands are used
at the same time. You can use the snmp-agent target-host command to
specify the hosts receiving Trap information. To send Trap information, you must
configure at least one snmp-agent target-host command.
Related Command
None
Syntax
Parameters
ip-address
Example
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]end-station polling ip-address 202.38.160.244
View
Description
System view
The switch can ping an IP address every one minute to test if it is reachable. Three
PING packets can be sent at most for every IP address in every testing with a time
interval of five seconds. If the switch cannot ping successfully the IP address after the
three PING packets, it assumes that the IP address is unreachable.
You can configure up to 50 IP addresses by using the command repeatedly.
Related Commands
ping
tracert
354 execute
execute
Purpose
Syntax
execute filename
Parameters
filename
Example
To execute the batch file test.bat in the directory of flash:/, enter the following:
<S4200G>sys
System View: return to User View with Ctrl+Z.
[S4200G]execute test.bat
View
Description
System view
The batch command executes the command lines in the batch file one by one. There
should be no invisible character in the batch file. If invisible characters are found, the
batch command will quit the current execution. The forms and contents of the
commands are not restricted in the batch file.
exit 355
exit
Purpose
Use the exit command to terminate the connection to the remote SFTP server and
return to system view.
This command has the same function as the bye and quit commands.
Syntax
exit
Parameters
None
Example
View
file prompt
Purpose
Use the file prompt command to modify the prompt mode of file operations on the
Switch.
Syntax
Parameters
alert
quiet
Example
View
Description
System view
If the prompt mode is set as quiet, so no prompts are shown for file operations,
some non-recoverable operations may lead to system damage.
flow-control 357
flow-control
Purpose
Use the flow-control command to enable port flow control, to avoid packet loss in
the event of network congestion.
Use the undo flow-control command to disable flow control on the port.
Syntax
flow-control
undo flow-control
Parameters
None
Default
Example
358 format
format
Purpose
Syntax
format device
Parameters
device
Example
Format flash:
Device name.
View
Description
User view
CAUTION:
Formatting a storage device causes all the files on the storage device to get lost.
The operation is irretrievable.
The format operation on the Flash leads to the loss of the configuration files.
free user-interface
Purpose
Use the free user-interface command to reset a specified user interface to its
default settings. The user interface will be disconnected after the reset.
Use free user-interface type to reset the interface with the specified type and
type number to its default settings.
Use free user-interface number to reset the interface with the specified index
number to its default settings.
Syntax
Parameters
type
number
Example
After you execute this command, user interface 1 will be disconnected. The user in it
must log in again to connect to the switch.
View
Description
User view
free web-users
Purpose
Use the free web-users command to disconnect a specified Web user or all Web
users by force.
Syntax
Parameters
userid
username
all
Example
View
User view
ftp 361
ftp
Purpose
Use the ftp command to establish a control connection with an FTP server and enter
FTP client view.
Syntax
Parameters
ipaddress
port-number
Example
View
User view
ftp cluster
Purpose
Use the ftp cluster command to establish a control connection with a cluster FTP
server. This command also leads you to FTP client view.
Syntax
ftp cluster
Parameters
None
Example
View
User view
ftp server
363
ftp server
Purpose
Use the ftp server command to configure an FTP server on the management device
for the member devices in the cluster.
Use the undo ftp server command to remove the FTP server configured for the
member devices in the cluster.
Syntax
Parameters
ip-address
Default
Example
<aaa_0.S4200G>system-view
System View: return to User View with Ctrl+Z.
[aaa_0.S4200G]cluster
[aaa_0.S4200G-cluster] ftp-server 1.0.0.9
View
Description
System view
You need to configure the IP address of an FTP server first for the member
devices in a cluster to access the FTP server through the management device.
Use the ftp server enable command to enable FTP server and allow FTP users to
log in.
Use the undo ftp server command to disable FTP server and inhibit FTP users
from logging in.
Syntax
Parameters
None
Default
Example
View
System view
ftp timeout
Purpose
Syntax
Parameters
minute
Example
View
Description
System view
An FTP server considers an FTP connection to be invalid and terminates the FTP
connection if no data exchange occurs between it and the FTP client for a specific
period of time known as connection idle time.
garp timer
Purpose
Use the garp timer command to set the GARP Hold, Join or Leaver timer value on
the current port.
Use the undo garp timer command to restore the default value of the GARP
Hold, Join or Leaver timer on the current port.
Syntax
Parameters
Example
hold
join
leave
timer-value
Set the timeout time of the GARP Join timer on the port GigabitEthernet1/0/1 to 20
centiseconds.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] garp timer join 20
View
Description
The ranges of the timers vary depending on the values of other timers. You can set a
timer to a value out of the current range by set the associated timer to another value.
The following table describes the relations between the timers:
Table 82 Relations between the timers
Related Command
Timer
Lower threshold
Upper threshold
Hold
10 centiseconds
Join
Leave
LeaveAll
Use the garp timer leaveall command to set the GARP LeaveAll timer to a
specified value.
Use the undo garp timer leaveall command to restore the default value of
the GARP LeaveAll timer.
Syntax
Parameters
timer-value
Example
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] garp timer leaveall 100
View
System view
Description
Once a GARP entity starts up, it starts the LeaveAll timer, and sends out a LeaveALL
message after the timer times out, so that other GARP entities can re-register all the
attribute information on this entity. After that, the entity restarts the LeaveAll timer to
begin a new cycle.
Related Command
get 369
get
Purpose
Use the get command to download a remote file and save the file to the local device.
Syntax
Parameters
localfile
remotefile
Example
View
Description
If no local file name is specified, the switch will save the remote file locally with the
same file name as that on the remote FTP server
370 get
get
Purpose
Use the get command to download a remote file and save it as a local file.
Syntax
Parameters
localfile
remotefile
Example
View
Description
If you do not specify the localfile argument, the downloaded file is saved using its
original name.
Syntax
gratuitous-arp-learning enable
undo gratuitous-arp-learning enable
Parameters
None
Default
Example
To enable the gratuitous ARP packet learning function on the switch named
S4200GA, enter the following:
<S4200GA> system-view
System View: return to User View with Ctrl+Z.
[S4200GA] gratuitous-arp-learning enable
View
Description
System view
When the gratuitous ARP packet learning function is enabled on a switch and the
switch receives a gratuitous ARP packet, the switch updates the corresponding ARP
entry (if available in the cache of the switch) using the hardware address of the sender
carried in the gratuitous ARP packet. A switch operates like this whenever it receives a
gratuitous ARP packet.
372 gvrp
gvrp
Purpose
Use the gvrp command to enable GVRP globally (in system view) or on a port (in
Ethernet port view).
Use the undo gvrp command to disable GVRP globally (in system view) or on a port
(in Ethernet port view).
Syntax
gvrp
undo gvrp
Parameters
None
Default
Example
View
Description
Related Command
System view
Note:
Before enabling GVRP on a port, you must first enable GVRP globally.
If GVRP is disabled globally, it is also disabled on ports and you are not allowed to
enable it on any port.
After enabling GVRP on the Trunk port, you are not allowed to change the port to
a different type.
gvrp registration
Purpose
Use the gvrp registration command to configure the GVRP registration type on
a port.
Use the undo gvrp registration command to restore the default GVRP
registration type on a port.
Syntax
Parameters
fixed
forbidden
normal
Default
Example
View
Description
Related Command
habp enable
Purpose
Syntax
habp enable
undo habp enable
Parameters
None
Default
Example
View
Description
System view
If an 802.1x-enabled switch does not have HABP enabled, it cannot manage the
switches attached to it.
Syntax
Parameters
vlan-id
Default
Example
To specify the switch to operate as an HABP server and the HABP packets to be
broadcast in VLAN 2, enter the following:
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] habp server vlan 2
View
Description
System view
To specify a switch to operate as an HABP server, you need to enable HABP (using the
habp enable command) for the switch first. Even if HABP is not enabled, the client
can still configure the switch to work as an HABP client, although this has no effect.
habp timer
Purpose
Use the habp timer command to set the interval for a switch to send HABP request
packets.
Use the undo habp timer command to revert to the default interval.
Syntax
Parameters
interval
Example
To configure the switch to send HABP request packets once in every 50 seconds
(assuming that the switch operates as an HABP server), enter the following:
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] habp timer 50
View
Description
System view
header 377
header
Purpose
Use the header command to set the banners that are displayed when a user logs
into a switch. The login banner is displayed on the terminal when the connection is
established. And the session banner is displayed on the terminal if a user successfully
logs in.
Use the undo header command to disable displaying a specific banner or all
banners.
Syntax
Parameters
login
shell
text
Example
When you log in again, the session banner appears on the terminal as the following:
378 header
Continue entering the banner and end the banner with the character identical with
the beginning character of the banner.
Hello! Welcome % (Press <Enter>.)
[S4200G]
When you log in again, the session banner appears on the terminal as the following:
[S4200G] quit
<S4200G> quit
Please press ENTER
%SHELL: (Note that the beginning character of the banner appears.)
Hello! Welcome
<S4200G>purpose_body
View
Description
System view
Note:
If you specify any one of the three keywords without providing the text argument,
the specified keyword will be regarded as the login banner.
As for the beginning character of a banner, note that:
If you only type one character in the first line of a banner, the character is regarded
as the beginning mark and is not displayed.
If you type multiple characters in the first line of a banner and the beginning and
the end characters of the banner in this line are not the same, the character is
displayed.
If you type multiple characters in the first line for the banner and the beginning
and the end character are the same, the beginning character is not displayed.
help 379
help
Purpose
Use the help command to get the help information about the specified or all SFTP
client commands.
Syntax
help [ command ]
Parameters
command
Example
View
Description
If the command argument is not specified, the help information about all commands
is displayed.
history-command max-size
Purpose
Use the history-command max-size command to set the size of the history
command buffer.
Use the undo history-command max-size command to revert to the default
history command buffer size.
Syntax
Parameters
value
Example
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] user-interface aux0
[S4200G-ui-aux0] history-command max-size 20
View
holdtime 381
holdtime
Purpose
Syntax
holdtime seconds
undo holdtime
Parameters
seconds
Example
<aaa_0.S4200G>system-view
System View: return to User View with Ctrl+Z.
[aaa_0.S4200G]cluster
[aaa_0.S4200G-cluster] holdtime 30
View
Description
Cluster view
If a switch does not receive any information of a peer device during the holdtime, it
sets the state of the peer device to "down". When the communication between the
two resumes, the corresponding member device is re-added to the cluster
(automatically). If the downtime does not exceed the holdtime, the member device
stays in the normal state and needs not to be added again.
Execute these two commands on management devices only. The member devices in a
cluster acquire the holdtime setting from the management device.
382 idle-cut
idle-cut
Purpose
Use the idle-cut command to set the user idle-cut function in current ISP domain.
Syntax
Parameters
disable
enable
minute
flow
Default
Example
To allow users in ISP domain aabbcc.net to enable the idle-cut attribute in user
template (that is, allow the user to use the idle-cut function), with the maximum idle
time of 50 minutes and the minimum data flow of 500 bytes, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] domain aabbcc.net
New Domain added.
[S4200G-isp-aabbcc.net] idle-cut enable 50 500
View
Description
The user template is a set of default user attributes. If a user requesting for the
network service does not have some required attributes, the corresponding attributes
in the template will be endeavored to him as default ones. The user template of the
Switch you are using may only provide user idle-cut settings. After a user is
authenticated, if the idle-cut is configured to enable or disable by neither the user nor
the RADIUS server, the user will adopt the idle-cut state in the template.
Because a user template only works in one ISP domain, it is necessary to configure
user template attributes for users from different ISP domain respectively.
Related Command
domain
idle-timeout 383
idle-timeout
Purpose
Use the idle-timeout command to configure the amount of time you want to allow
a user interface to remain idle before it is disconnected.
Use the undo idle-timeout command to revert to the default timeout time.
Syntax
Parameters
Example
minutes
seconds
To configure the timeout value to 1 minute on the AUX user interface, enter the
following:
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]user-interface aux 0
[S4200G-ui-aux0]idle-timeout 1 0
View
Description
Use the igmp host-join vlan command to configure a routing port to join to a
multicast group.
Use the undo igmp host-join vlan command to remove the configuration.
Syntax
Parameters
group-address
Default
Example
<S4200G> system-view
[S4200G] interface GigabitEthernet 1/0/1
[S4200G-GigabitEthernet1/0/1] port access vlan 10
[S4200G-GigabitEthernet1/0/1] igmp host-join 225.0.0.1 vlan 10
View
Description
Use this command to configure a routing port to join or remove from a multicast
group.
Related Command
igmp group-policy
igmp-snooping 385
igmp-snooping
Purpose
Syntax
Parameters
enable
disable
Default
Example
View
System view
VLAN view
igmp-snooping fast-leave
Purpose
Syntax
igmp-snooping fast-leave
undo igmp-snooping fast-leave
Parameters
None
Default
Example
View
Description
Normally, when receiving an IGMP Leave message, IGMP Snooping does not
immediately remove the port from the multicast group, but sends a group-specific
query message. If no response is received in a given period, it then removes the port
from the multicast group.
If this command is executed, when receiving an IGMP Leave message, IGMP Snooping
removes the port from the multicast group immediately. When the port has only one
user, enabling IGMP fast leave processing can save bandwidth.
Note: If the client(s) under the port are IGMP V2enabled, this feature operates
normally (that is, it functions only when the port has only one user). Otherwise, when
the port has multiple users, the leave of one user may disrupt the multicast to every
other user under the port in the same multicast group.
igmp-snooping group-limit
Purpose
Syntax
| overflow-replace ]
Parameters
limit
overflow-replace
vlan-list
Default
By default, there is no limit on the number of multicast groups the port can join.
Example
View
igmp-snooping group-policy
Purpose
Syntax
Parameters
acl-number
vlan-id
Default
Example
Configure ACL 2000 to allow users under port Ethernet 1/0/1 to access the multicast
streams in groups 225.0.0.0 to 225.255.255.255.
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] acl number 2000
[S4200G-acl-basic-2000] rule permit source 225.0.0.0 0.255.255.255
[S4200G] vlan 2
[S4200G-vlan2] port GigabitEthernet 1/0/1
Configure ACL 2000 on the GigabitEthernet 1/0/1 port to allow this VLAN 2 port
to join only the IGMP multicast groups defined in the rule of ACL 2000.
Configure ACL 2001 to allow users under GigabitEthernet 1/0/2 port to access the
multicast streams in any groups except groups 225.0.0.0 to 225.0.0.255.
[S4200G] vlan 2
[S4200G-vlan2] port GigabitEthernet 1/0/2
Configure ACL 2001 on the GigabitEthernet 1/0/2 port to allow this VLAN 2 port
to join any IGMP multicast groups except those defined in the deny rule of ACL
2001.
View
Description
System view
You can configure some multicast filter ACLs globally or on the switch ports
connected to user ends so as to use the IGMP Snooping filter function to limit the
multicast programs that the users can access. With this function, you can treat
different VoD users in different ways by allowing them to access the multicast streams
in different multicast groups.
In practice, when a user orders a multicast program, an IGMP report message is
generated. When the message arrives at the switch, the switch examines the
multicast filter ACL configured on the access port to determine if the port can join the
corresponding multicast group or not. If yes, it adds the port to the forward port list
of the multicast group. If not, it drops the IGMP report message and does not forward
the corresponding data stream to the port. In this way, you can control the multicast
programs that users can access.
An ACL rule defines a multicast address or a multicast address range (for example
224.0.0.1 to 239.255.255.255) and is used to:
Allow the port(s) to join only the multicast group(s) defined in the rule by a permit
statement.
Inhibit the port(s) from joining the multicast group(s) defined in the rule by a deny
statement.
One port can belong to multiple VLANs. But for each VLAN on the port, you can
configure only one ACL.
If no ACL rule is configured or the port does not belong to the specified VLAN, the
filter ACL you configured does not take effect on the port.
Since most devices broadcast unknown multicast packets, this function is often
used together with the unknown multicast packet drop function to prevent
multicast streams from being broadcasted to a filtered port as unknown multicast.
igmp-snooping host-aging-time
Purpose
Syntax
Parameters
seconds
Default
Example
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] igmp-snooping host-aging-time 300
View
System view
Description
The aging time of multicast member ports determines the refresh frequency of
multicast group members. In an environment where multicast group members
change frequently, you should set a relatively short aging time, and vice versa.
Related Command
igmp-snooping
igmp-snooping max-response-time
Purpose
Syntax
Parameters
seconds
Default
Example
Set the maximum response time to an IGMP Snooping query message to 15 seconds.
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] igmp-snooping max-response-time 15
View
Description
Related Commands
System view
The maximum response time you configured determines how long the switch can
wait for a response to an IGMP Snooping query message.
igmp-snooping
igmp-snooping router-aging-time
igmp-snooping router-aging-time
Purpose
Syntax
Parameters
seconds
Default
Example
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] igmp-snooping router-aging-time 500
View
Description
Related Commands
System view
The router port here refers to the port connecting the Layer 2 switch to the router.
The Layer 2 switch receives IGMP general query messages from the router through
this port. The aging time of the router port should be a value about 2.5 times of the
general query interval.
igmp-snooping
igmp-snooping max-response-time
Use the info-center channel name command to name the channel of the specified
number.
Syntax
Parameters
channel-number
channel-name
Example
View
Description
System view
Syntax
Parameters
channel-number
channel-name
Default
By default, the switch does not output log information to the console.
Example
View
System view
Description
This command works only when the information center is enabled for the system.
Related Command
display info-center
info-center enable
info-center enable
Purpose
Syntax
info-center enable
undo info-center enable
Parameters
None
Default
Example
View
Description
Related Commands
System view
The switch can output system log information to the log host, the console, and
other destinations only when the information center is enabled.
display info-center
info-center logbuffer
info-center logbuffer
Purpose
Syntax
Parameters
channel
channel-number
channel-name
size
buffersize
Default
By default, the switch outputs information to the log buffer, which holds 512 records
by default.
Example
Configure the switch to output information to the log buffer with the size of 50.
<S4200G> system-view
[S4200G] info-center logbuffer size 50
View
System view
Description
Related Command
info-center enable
display info-center
Syntax
Parameters
channel-number
channel-name
Default
Example
View
System view
Description
This command works only when the information center is enabled for the system
Related Commands
display info-center
info-center enable
Use the info-center snmp channel command to enable information output to the
SNMP through a specified channel.
Use undo info-center snmp channel command to restore the default SNMP
channel, that is, channel 5.
Syntax
Parameters
Example
channel-number
channel-name
View
Related Command
System view
snmp-agent
display info-center
info-center source
Purpose
Use the info-center source command to add a record (that is, an information
source) to an information channel.
Use the undo info-center source command to delete an information source from
an information channel.
Syntax
Parameters
modu-name
default
log
trap
debugging
level
severity
Note: If you only specify the level for one or two of the three types of information,
the level(s) of the unspecified type(s) return to the default. For example, if you only
define the level of the log information, then the levels of the trap and debugging
information return to the defaults.
You may specify any of the following severity levels:
emergencies
channel-name
state
state
Description
8021X
802.1X module
ACL
AM
ARP
CFAX
CFG
CFM
CMD
COMMONSY
DEV
DHCC
DHCP
DRV
Driver module
DRV_MNT
ESP
ETH
Ethernet module
FIB
Forwarding module
FTM
FTMCMD
FTPS
HA
HTTPD
IFNET
IGSP
IP
IP module
IPC
IPMC
IP multicast module
L2INF
Example
Module name
Description
LACL
LQOS
LS
MPM
NTP
PPRDT
PTVL
QACL
QoS/ACL module
QOSF
RDS
Radius module
RM
Routing management
RMON
RSA
RTPRO
Routing protocol
SHELL
User interface
SNMP
SOCKET
Socket
SSH
STP
SYSMIB
TELNET
Telnet module
UDPH
VFS
VTY
WCN
XM
XModem module
Configure to output the log information of the VLAN module on the snmp channel,
and only output the log information above the "emergencies" severity.
<S4200G> system-view
[S4200G] info-center source vlan channel snmpagent log level
emergencies
View
Description
System view
This command can be used for filtering of log, trap, or debug information. For
example, it can control log output from the IP module to any direction. You can
configure IP module log information above the "warning" severity to be output to
the log host, and those above the "informational" severity output to the log buffer.
You can also configure IP module trap information to be output to a specific trap
host.
In addition, you can use this command to specify the filtering channel for each output
direction. Information is sent to the proper direction after being filtered through the
specified channel. Therefore, in this command, you can set the channel to be used for
an output direction and the filter of the channel for information filtering and
redirection.
Each output direction is assigned with a default information channel at present,
shown as follows:
Table 84 Information channel in each output direction by default
Output direction
Console
console
Monitor terminal
monitor
Log buffer
logbuffer
Trap buffer
trapbuffer
snmp
snmpagent
Each information channel is configured with a default record, whose module name is
"all" and module number is 0xffff0000. In the record, the default settings for log,
trap and debug information may differ with channels. If no record is configured for a
channel, this default record is adopted.
info-center synchronous
Purpose
Syntax
info-center synchronous
undo info-center synchronous
Parameters
None
Default
Example
View
Description
System view
info-center timestamp
Purpose
Use the info-center timestamp command to set the format of time stamp
included in the log/trap/debug information or specify not to include time stamp in the
information.
Use the undo info-center timestamp command to restore the default time stamp
format.
Syntax
Parameters
log
trap
debugging
boot
date
None
Default
By default, the date time stamp is adopted for all types of information.
Example
View
System view
info-center trapbuffer
Purpose
Syntax
Parameters
Example
size
buffersize
channel
channel-number
channel-name
Channel name.
Enable the switch to send information to the trap buffer, whose size is set to 30.
<S4200G> system-view
[S4200G] info-center trapbuffer size 30
View
System view
Description
Related Commands
display info-center
info-center enable
406 instance
instance
Purpose
Use the instance command to map specified VLANs to a specified spanning tree
instance.
Use the undo instance command to remove the mappings from specified VLANs
to a specified spanning tree instance.
Syntax
Parameters
instance-id
vlan-list
Default
Example
View
Description
VLAN-to-spanning tree instance mappings are recorded in the VLAN mapping table of
an MSTP switch. So these two commands are actually used to manipulate the VLAN
mapping table. You can add/remove a VLAN to/from the VLAN mapping table of a
specific spanning tree instance by using these two commands.
Note that a VLAN cannot be mapped to multiple spanning tree instances at the same
time. A VLAN-to-spanning tree instance mapping is automatically removed if you map
the VLAN to another spanning tree instance.
Related Commands
instance 407
active region-configuration
check region-configuration
region-name
revision-level
vlan-mapping modulo
408 interface
interface
Purpose
Use the command interface command to enter Ethernet port view. To configure
parameters for a port, you must enter the port view first.
Syntax
interface-number
Example
View
System view
interface VLAN-interface
409
interface VLAN-interface
Purpose
Syntax
Parameters
vlan-id
Example
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] vlan 10
[S4200G-vlan10] quit
[S4200G] management-vlan 10
[S4200G] interface vlan-interface 10
[S4200G-Vlan-interface10]
View
Description
System view
Before creating a management VLAN interface, make sure the VLAN identified by the
vlan-id argument is created and is configured to be the management VLAN.
Note:
To configure the management VLAN of a switch operating as a cluster management
device to be a cluster management VLAN (using the management-vlan vlan-id
command) successfully, make sure the vlan-id argument provided in the
management-vlan vlan-id command is consistent with that of the management
VLAN.
Related Command
410 ip address
ip address
Purpose
Syntax
Parameters
Example
ip-address
net-mask
Assign an IP address (and the mask) to the management VLAN interface. (Assume
that VLAN 1 is the management VLAN.)
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface vlan-interface 1
[S4200G-Vlan-interface1] ip address 1.1.1.1 255.0.0.0
View
Description
Usually, only one IP address is required for each interface. If you want to connect the
interface to several subnets, you can configure an IP addresses for each subnet.
Before you can cancel the primary IP address of an interface, you must cancel any
secondary IP addresses.
The subnet address of an IP address can be identified by subnet mask. For instance,
the IP address of an interface is 202.38.10.102, and the mask is 255.255.0.0. You can
confirm that the subnet address is 202.38.0.0 by performing the logic operation
AND on the IP address and mask.
Note: The VLAN interface cannot be configured with the secondary IP address if its IP
address is set to be allocated by BOOTP or DHCP.
Related Command
ip address bootp-alloc
Purpose
Syntax
ip address bootp-alloc
undo ip address bootp-alloc
Parameters
None
Default
By default, the VLAN interface does not use BOOTP to obtain an IP address.
Example
View
Related Command
ip address dhcp-alloc
Purpose
Syntax
ip address dhcp-alloc
undo ip address dhcp-alloc
Parameters
None
Default
By default, the VLAN interface does not use DHCP to obtain an IP address.
Example
View
ip host 413
ip host
Purpose
Use the ip host command to configure a host name and the corresponding IP
address for a switch.
Use the undo ip host command to remove the host name and the corresponding IP
address of a switch.
Syntax
Parameters
Example
hostname
ip-address
View
Related Command
System view
display ip host
ip http acl
Purpose
Use the ip http acl command to apply an ACL to filter Web users.
Use the undo ip http acl command to disable the switch from filtering Web users
using the ACL.
Syntax
Parameters
acl-number
Example
Apply ACL 2000 to filter Web users (assuming that ACL 2,000 already exists.)
<S4200G> system-view
[S4200G] ip http acl 2000
View
System view
ip-pool 415
ip-pool
Purpose
Use the ip-pool command to configure a private IP address range for cluster
members on the switch to be set as the management device.
Use the undo ip-pool command to cancel the IP address configurations of the
cluster.
Syntax
Parameters
Example
administrator-ipaddress
ip-mask
ip-mask-length
View
Description
Cluster view
Before setting up a cluster, the user should configure a private IP address pool for
cluster member devices. When a candidate device is added, the management device
will dynamically assign a private IP address, which can be used for communication
inside the cluster. In this way, the user can use the management device to manage
and maintain the member devices.
The commands can only be executed on a non-cluster-member switch. The IP address
range of an existing cluster cannot be modified.
416 ip route-static
ip route-static
Purpose
Syntax
Parameters
ip-address
mask
IP address mask.
mask-length
preference-value
reject
blackhole
description text
Default
By default, the system can obtain the routes to the subnets directly connected to a
router.
Example
View
ip route-static 417
Description
System view
If you do not specify the preference when configuring a static route, the value
specified by the ip route-static default-preference command (which defaults to 60) is
adopted. Note that routes with the same destinations, the same next hops, but
different preferences are different routes. Among these routes, the one with least
preference (which means the highest preference) is chosen to be the current route. A
route configured using the ip route-static command is a reachable route if neither of
the reject and blackhole keywords is specified.
Note the following when configuring a static route:
Related Command
The next hop address of a static route cannot be the VLAN interface address of the
local switch.
A static route with both its destination IP address and mask both being 0.0.0.0 is
the default route. When no matched entry is found in the routing table, a received
packet is forwarded according to the default route.
display ip routing-table
ip route-static default-preference
418 ip route-static
ip route-static
Purpose
Syntax
Parameters
ip-address
mask
Subnet mask.
mask-length
interface-type
interface-number
Example
next-hop
preference-value
reject
blackhole
View
ip route-static 419
System view
jumboframe enable
Purpose
Use this command to allow jumbo frames to pass through the Ethernet port.
Syntax
jumboframe enable
undo jumboframe enable
Example
View
Description
Use the jumboframe enable command to allow jumbo frames to pass through the
current Ethernet port. The maximum frame size supported is 9216 bytes.
Use the undo jumboframe enable command to inhibit jumbo frames from passing
through the current Ethernet port.
key 421
key
Purpose
Use the key command to specify a shared key for the RADIUS
authentication/authorization packets or accounting packets.
Use the undo key command to restore the corresponding default shared key.
Syntax
Parameters
Example
accounting
authentication
string
To set the shared key for the RADIUS accounting packets in RADIUS scheme radius1
to ok.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] key authentication hello
To set the shared key for the RADIUS accounting packets in RADIUS scheme radius1
to ok.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] key accounting ok
View
Description
The RADIUS client and server adopt MD5 algorithm to encrypt the RADIUS packets
exchanged with each other. The two parties verify the validity of the exchanged
packets by using the shared keys that have been set on them, and can accept and
respond to the packets sent from each other only if both of them have the same
shared keys. If the authentication/authorization server and the accounting server are
422 key
two separate devices and the two servers have different shared keys, you must set the
shared keys for authentication/authorization packets and accounting packets
respectively on the switch.
Related Commands
primary accounting
primary authentication
radius scheme.
lacp enable
Purpose
Use the lacp enable command to enable the LACP protocol on the current port.
Use the undo lacp enable command to disable the LACP protocol on the current
port.
Syntax
lacp enable
undo lacp enable
Parameters
None
Example
View
Description
The Switch will select the lowest port number as the master port for the link
aggregation. This applies to all types of link aggregation. If the aggregation spans a
stack of units and the same ports are used, the unit number will be the tie-breaker.
For example, 1/0/1 and 2/0/1 are in an aggregation. Port 1/0/1 will be the master port.
lacp port-priority
Purpose
Use the lacp port priority command to configure port priority value.
Use the undo lacp port-priority command to restore the default port priority
value.
Syntax
Parameters
port-priority
Example
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] lacp port-priority 64
View
Related Commands
lacp system-priority
Purpose
Syntax
Parameters
system-priority
Example
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] lacp system-priority 64
View
Related Command
System view
426 language-mode
language-mode
Purpose
Use the language-mode command to toggle between the language modes (that is,
language environments) of the command line interface (CLI) to meet your
requirement.
Syntax
Parameters
chinese
english
Default
Example
View
User view
lcd 427
lcd
Purpose
Use the lcd command to display the local work directory on the FTP client.
Syntax
lcd
Parameters
None
Example
View
428 level
level
Purpose
Use the level command to set the priority level of the user.
Use the undo level command to restore the default priority level of the user.
Syntax
level level
undo level
Parameters
level
Default
Example
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] local-user user1
New local user added.
[S4200G-luser-user1] level 3
View
Description
The priority level of the user corresponds to the command level of the user. Refer to
the description of the command-privilege level command in the command
line interface module.
If the configured authentication mode is none authentication or password
authentication, the command level that a user can access after login depends on the
priority of user interface. In the case of authentication requiring both username and
password, however, the accessible command level depends on user priority level.
lIf the configured authentication method requires a user name and a password, the
command level that a user can access after login is determined by the priority level of
the user. For SSH users, when they use RSA shared keys for authentication, the
commands they can access are determined by the levels sets on the user interfaces.
Related Command
local-user
Syntax
Parameters
Example
agg-id
agg-name
View
System view
Description
If you have saved the current configuration with the save command, after system
reboot, the manual and static aggregation groups and their descriptions still exist, but
the dynamic aggregation groups and their descriptions disappear.
Related Command
Syntax
Parameters
Example
agg-id
manual
static
View
Description
System view
The Switch will select the lowest port number as the master port for the link
aggregation. This applies to all types of link aggregation. If the aggregation spans a
stack of units and the same ports are used, the unit number will be the tie-breaker.
For example, 1/0/1 and 2/0/1 are in an aggregation. Port 1/0/1 will be the master port.
A manual or static aggregation group can have up to eight ports. You can use the
link-aggregation group agg-id mode command to change an existing dynamic
aggregation group into a manual or static one. If the port number in a group exceeds
eight, this operation fails and the system prompts you about the configuration failure.
Related Command
local-server 431
local-server
Purpose
Use the local-server command to configure the parameters of local RADIUS server.
Use the undo local-server command to cancel a local RADIUS server.
Syntax
Parameters
nas-ip ip-address
key password
Default
By default, a local RADIUS authentication server has already been created with the
NAS-IP and key set to 127.0.0.1 and 3Com respectively.
Example
View
Description
System view
Note:
The switch not only supports the traditional RADIUS client service to accomplish
user AAA management through foreign authentication/authorization server and
accounting server, but also provides a simple local RADIUS server function for
authentication and authorization. This function is called local RADIUS
authentication server function.
When you use the local RADIUS authentication server function, the UDP port
number for the authentication/authorization service must be 1645, the UDP port
number for the accounting service is 1646.
The packet encryption key set by the local-server command with the key
password parameter must be identical with the authentication/authorization
packet encryption key set by the key command in RADIUS scheme view.
The switch supports at most 16 local RADIUS authentication servers (including the
default local RADIUS authentication server).
432 local-server
Related Commands
key
radius-scheme
state
local-user 433
local-user
Purpose
Use the local-user command to add a local user and enter local user view.
Use the undo local-user command to delete the specified local users.
Syntax
local-user user-name
undo local-user { user-name | all [ service-type { ftp | lan-access |
ssh | telnet | terminal } ] }
Parameters
user-name user-name
<
>
Example
all
service-type
ftp
ssh
telnet
434 local-user
View
Related Command
System view
display local-user
service-type
Syntax
Parameters
auto
cipher-force
Default
Example
To display all access user passwords in cipher text forcibly, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] local-user password-display-mode cipher-force
View
Description
Related Command
System view
When the cipher-force mode is adopted, all passwords will be displayed in cipher text
even through some users have specified to display their passwords in plain text by
using the password command with the simple keyword.
display local-user
password
436 lock
lock
Purpose
Use the lock command to lock the current user interface and prevent unauthorized
users from accessing it.
Syntax
lock
Parameters
None
Example
View
Description
User view
logging-host 437
logging-host
Purpose
Syntax
logging-host ip-address
undo logging-host
Parameters
ip-address
Default
Example
<aaa_0.S4200G>system-view
System View: return to User View with Ctrl+Z.
[aaa_0.S4200G]cluster
[aaa_0.S4200G-cluster] logging-host 10.10.10.9
View
Description
Cluster view
Only after you assign an IP address for the logging host of the cluster, member
devices can send log information to the logging host through the management
device.
Syntax
Parameters
None
Default
By default, the loopback detection and control function is disabled for both the Trunk
and Hybrid ports.
Example
View
Description
Note:
When the loopback port control function is enabled on the trunk or hybrid port
and loopback is found on the port, the system disables the port, sends a Trap
message to the client and removes the corresponding MAC forwarding entry.
When the loopback port control function is disabled, the system sends a Trap
message to the client if a loopback port is found. The port still operates normally.
CAUTION:
This command is invalid for the access port, since the loopback port control function
is always enabled on the access port.
loopback-detection enable
Purpose
Syntax
loopback-detection enable
undo loopback-detection enable
Parameters
None
Default
Example
View
Description
System view
CAUTION:
Note:
For Access port: If system detects loopback for a port, it will shut down that port,
send a Trap message to the terminal, and delete the corresponding MAC address
forwarding entry.
For Trunk ports and Hybrid ports: If system detects loopback for a port, it will send
a Trap message to the terminal. If the loopback detection and control function for
that port is enabled at the same time, the system will then shut down the given
port, send a Trap message to the terminal, and delete the corresponding MAC
address forwarding entry.
Related Command
loopback-detection interval-time
Purpose
Syntax
Parameters
Time
Example
Set the time interval for regular external loopback detection to 10 seconds.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] loopback-detection interval-time 10
View
Related Command
System view
display-loopback-detection
Syntax
Parameters
None
Default
By default, system runs loopback detection only on the default VLAN for the trunk
and hybrid ports.
Example
Configure the system to run loopback detection on all VLANs for the
GigabitEthernet1/0/1 trunk port.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] loopback-detection per-vlan enable
View
Description
CAUTION:
This command is invalid for the Access ports.
ls 443
ls
Purpose
Syntax
ls [ remote-path ]
Parameters
remote-path
Example
View
ls flash:/
1 noone
1 noone
1 noone
1 noone
1 noone
1 noone
1 noone
nogroup
nogroup
nogroup
nogroup
nogroup
nogroup
nogroup
1759
225
283
225
0
0
225
Aug
Aug
Aug
Sep
Sep
Sep
Sep
23
24
24
28
28
28
28
06:52
08:01
07:39
08:28
08:24
08:18
08:30
vrpcfg.cfg
pubkey2
pubkey1
pub1
new1
new2
pub2
Description
If the remote-path argument is not specified, the files in the current directory are
displayed.
This command has the same function as the dir command.
444 ls
ls
Purpose
Use the ls command to display the information about a specified remote file.
Syntax
ls [ remotefile [ localfile ] ]
Parameters
remotefile
Localfile
Example
View
Description
If you do not specify the remotefile argument, the names of all the files in the current
directory are displayed.
The ls command only displays file names, while the dir command displays file
information in more detail, including file size, creation date and so on.
mac-address 445
mac-address
Purpose
Use the mac-address command to add/modify the MAC address table entry.
Use the undo mac-address command to delete MAC address table entry
Syntax
In System view:
mac-address { static | dynamic | blackhole } mac-address interface
interface-type interface-number } vlan vlan-id
undo mac-address [ mac-address-attribute ]
In Port view:
mac-address { static | dynamic | blackhole } mac-address vlan vlan-id
undo mac-address [ { static | dynamic | blackhole } mac-address vlan
vlan-id
Parameters
static
dynamic
blackhole
mac-address
interface-type
interface-number
vlan-id
mac-address-attribute
Description
interface interface-type
interface-number
vlan vlan-id
446 mac-address
Example
Value
Description
mac-address [ interface
interface-type
interface-number ] vlan vlan-id
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] mac-address static 00e0-fc01-0101 interface GigabitEthernet
1/0/1 vlan 2
View
Description
System view
Port view
If the MAC address you input in the mac-address command already exists in the MAC
address table, the system will modify the attributes of the corresponding MAC
address entry according to your settings in the command.
When being executed in port view, these two commands only apply to the current
port. In this case, the interface keyword is unnecessary.
Related Command
display mac-address
mac-address max-mac-count
Purpose
Syntax
Parameters
count
Default
By default, the number of MAC addresses an Ethernet port can learn is unlimited.
Example
Set the maximum number of MAC addresses GgiabitEthernet1/0/3 port can learn to
600.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet1/0/3
[S4200G-GigabitEthernet1/0/3] mac-address max-mac-count 600
View
Description
mac-address max-mac-count 0
Purpose
Syntax
mac-address max-mac-count 0
undo mac-address max-mac-count
Parameters
None
Default
Example
View
VLAN view
Syntax
Parameters
Example
mac-address
interface-list
vlan-id
VLAN ID.
Add a multicast MAC address entry, with multicast address 0100-5e0a-0805, forward
port GigabitEthernet 1/0/1, and VLAN 1 to which the entry belongs.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] mac-address multicast 0100-5e0a-0805 interface GigabitEthernet
1/0/1 vlan 1
View
System view
Description
A multicast address entry contains the following information: multicast MAC address,
Forward port, and VLAN ID.
Related Command
Syntax
Parameters
Example
mac-address
vlan-id
VLAN ID.
Add a multicast MAC address entry on the GigabitEthernet1/0/1 port, with multicast
address 0100-1000-1000 and VLAN 1 to which the entry belongs.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1]mac-address multicast 0100-1000-1000 vlan
1
View
Description
A multicast MAC address entry contains a multicast MAC address, a VLAN ID, and
other information.
Related Command
mac-address security
Purpose
Syntax
Parameters
interface-type
interface-number
vlan-id
Default
Example
Configure the maximum number of MAC addresses allowed to access the port to
100.
[S4200G-GigabitEthernet1/0/1] port-security max-mac-count 100
View
Description
System view
You can add Security MAC address only when the port-security is enabled globally
and the port-security port-mode autolearn command is configured on
the port.
mac-address timer
Purpose
Use the mac-address timer command to set the aging time for dynamic MAC
address entries.
Use the undo mac-address timer command to revert to the default aging time.
Syntax
Parameters
Example
aging age-time
no-aging
View
Description
System view
Setting the aging time on the switch to be too long or too short will cause the switch
to broadcast data packets without MAC addresses, this will affect the operational
performance of the switch.
If the aging time is set too long, the switch will store out-of-date MAC address tables.
This will consume MAC address table resources and the switch will not be able to
update MAC address table according to the network change.
If aging time is set too short, the switch may delete valid MAC address table entries.
mac-authentication 453
mac-authentication
Purpose
Syntax
Parameters
interface-list
Default
Example
<S4200G> system-view
[S4200G] mac-authentication interface GigabitEthernet 1/0/1
View
Description
System view
454 mac-authentication
mac-authentication authmode
Purpose
Syntax
Parameters
usernameasmacaddress
usernamefixed
Default
Example
To specify to perform MAC address authentication in the fixed mode, enter the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] mac-authentication authmode usernamefixed
View
System view
mac-authentication authpassword
Purpose
Syntax
Parameters
password
Default
Example
<S4200G> system-view
[S4200G] mac-authentication authpassword mac
View
System view
mac-authentication authusername
Purpose
Syntax
Parameters
username
Default
By default, the user name used in MAC address authentication (in the fixed mode) is
mac.
Example
To set the user name to vipuser for MAC addresses authentication (in the fixed mode),
enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] mac-authentication authusername vipuser
View
System view
mac-authentication domain
Purpose
Syntax
Parameters
isp-name
Default
By default, the domain for centralized MAC address authentication users is not
configured.
Example
<S4200G> system-view
[S4200G] mac-authentication domain Cams
View
System view
mac-authentication timer
Purpose
Syntax
Parameters
offline-detect
offline-detect-value
quiet quiet-value
server-timeout
server-timeout-value
Example
To set the server timeout timer to 150 seconds, enter the following:
<S4200G> system-view
[S4200G] mac-authentication timer server-timeout 150
View
Related Command
System view
display mac-authentication
460 management-vlan
management-vlan
Purpose
Syntax
management-vlan vlan-id
undo management-vlan
Parameters
vlanid
Default
Example
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] management-vlan 2
View
Description
System view
The management VLAN specified for devices in the same cluster must be the same
VLAN.
The management VLAN must be specified before the cluster is set up. You cannot
change the management VLAN of an existing VLAN. If necessary, you can delete
the cluster, re-specify the management VLAN and then re-create the cluster.
Syntax
Parameters
None
Default
Example
View
Description
Cluster view
462 mdi
mdi
Purpose
Syntax
Parameters
across
auto
normal
Default
By default, the network cable type is recognized automatically (the mdi auto
command).
Example
View
Description
Note: The mdi and undo mdi commands cannot be configured on the combo
ports.
messenger 463
messenger
Purpose
Use the messenger time command to enable or disable the messenger alert and
configure the related parameters.
Use the undo messenger time command to restore messenger alert to default
settings.
Syntax
Parameters
limit
interval
Default
Example
To enable the switch to send prompt messages at intervals of 5 minutes to the users
in the ISP domain system after the remaining online time is less than 30 minutes.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] domain system
[S4200G-isp-system] messenger time enable 30 5
View
Description
This function allows the clients to inform the online users about their remaining
online time through a message dialog.
You can use messenger time enable command to set a remaining online time
limit and the interval to send prompt messages. After that, the switch regularly sends
prompt messages at the set interval to the clients of the users whose remaining online
time is less than the set limit, and the clients inform the users of their remaining
online time in the form of message dialog.
mirroring group
Purpose
Syntax
Parameters
Example
group-id
local
remote-destination
remote-source
all
View
System view
mirroring-group mirroring-port
Purpose
Syntax
Parameters
group-id
mirroring-port
mirroring-port-list
Example
both
inbound
outbound
Configure GigabitEthernet1/0/1 as the source port and monitor all packets received
via this port.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] mirroring-group 1 mirroring-port Gigabitethernet1/0/1 inbound
View
System view
mirroring-group reflector-port
Purpose
Syntax
Parameters
group-id
reflector-port
reflector-port
Example
Configure GigabitEthernet1/0/1 as a reflector port and monitor all packets received and
sent via this port.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] mirroring-group 1 reflector-port Ethernet1/0/1
View
System view
Syntax
Parameters
group-id
remote-probe vlan
remote-probe-vlan-id
Example
View
System view
468 mirroring-port
mirroring-port
Purpose
Syntax
Parameters
Example
Configure GigabitEthernet1/0/1 as the source port and mirror all packets received and
sent and via this port.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface gigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] mirroring-port both
View
Description
The Switch supports one monitor port and one mirroring port. If several Switches
form a Fabric, only one monitor port and one mirroring port can be configured in the
Fabric. You need to configure the monitor port before configuring the monitored
port.
Related Command
display mirroring-group
mkdir 469
mkdir
Purpose
Use the mkdir command to create a directory on the remote SFTP server.
Syntax
mkdir remote-path
Parameters
remote-path
Example
View
470 mkdir
mkdir
Purpose
Syntax
mkdir directory
Parameters
directory
Example
Create a directory in the current directory, with the name being dd.
<S4200G> mkdir dd
% Created dir flash:/dd
View
Description
User view
When using the mkdir command to create a directory, the names of the directories
and files in the same directory must be unique.
mkdir 471
mkdir
Purpose
Use the mkdir command to create a directory on the remote SFTP server.
Syntax
mkdir pathname
Parameters
Pathname
Example
Path name.
View
Description
The mkdir command is only available to the FTP clients that are assigned the
permission to create directories on FTP servers.
472 monitor-port
monitor-port
Purpose
Syntax
monitor-port
undo monitor-port
Parameters
None
Example
View
Description
You can configure only one destination port on the switch; all mirrored packets will
be sent to the destination port.
The Switch supports one monitor port and one mirroring port. If several Switches
form a Fabric, only one monitor port and one mirroring port can be configured in the
Fabric. You need to configure monitor port before configuring monitored port.
Related Command
display mirroring-group
more 473
more
Purpose
Syntax
more file-url
Parameters
file-url
Example
View
Description
User view
474 move
move
Purpose
Use the move command to move a file to a specified directory. You can also assign a
new name for the file.
Syntax
Parameters
fileurl-source
fileurl-dest
Example
Move the file named sample.txt from flash:/test/ to flash:/, with the name not
changed.
<S4200G> move flash:/test/sample.txt flash:/sample.txt
Move flash:/test/sample.txt to flash:/sample.txt ?[Y/N]:y
% Moved file flash:/test/sample.txt to flash:/sample.txt
View
Description
User view
When the destination filename is the same as that of an existing file, the system will
ask whether to overwrite the existing file.
name 475
name
Purpose
Use the name command to set a name for the assigned VLAN.
Use the undo name command to restore to the default VLAN name.
Syntax
name string
undo name
Parameters
string
Default
By default, the VLAN ID (like VLAN 0001) is used as the name of the assigned VLAN.
Example
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] vlan 2
[S4200G-vlan2] name abc
View
VLAN view
476 name
name
Purpose
Use the name command to set a name for the assigned VLAN.
Use the undo name command to delete the name of the assigned VLAN.
Syntax
name string
undo name
Parameters
string
Default
By default, a VLAn uses its VLAN ID (like VLAN 0001) as its name.
Example
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] vlan 100
[S4200G-vlan100] name test
View
Description
Related Commands
VLAN view
This command is used for the dynamic VLAN assignment function. For details about
this function, refer to the vlan-assignment-mode command.
dot1x guest-vlan
vlan-assignment-mode
nas-ip 477
nas-ip
Purpose
Use the nas-ip command to set the source IP address used by the switch to send
RADIUS packets.
Use the undo nas-ip command to remove the source IP address setting.
Syntax
nas-ip ip-address
undo nas-ip
Parameters
ip-address
Default
By default, the IP address of the outbound interface is used as the source IP address of
the packet.
Example
To set the source IP address used by the switch to send the RADIUS packets to
10.1.1.1, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] nas-ip 10.1.1.1
View
Description
Related Commands
You can specify the source IP address used to send RADIUS packets to prevent the
unreachability of the packets returned from the server due to physical interface
trouble. It is recommended to use the loopback interface address as the source IP
address.
display radius
radius nas-ip
ndp enable
Purpose
Use the ndp enable command in system view to enable NDP globally on the
switch. When being executed in Ethernet port view, this command enables NDP for
an Ethernet port.
Use the undo ndp enable command in system view to disable NDP globally on the
switch. When being executed in Ethernet port view, this command disables NDP for
an Ethernet port.
Syntax
Parameters
port-list
Default
By default, NDP is enabled both globally on the switch and on an Ethernet port.
Example
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] ndp enable
View
System view
Use the ndp timer aging command to set how long a device will hold the NDP
packets received from the local device. After the aging timer expires, the device will
discard the received NDP neighbor node information.
Use the undo timer aging command to restore the default NDP information
aging time (180 seconds).
Syntax
Parameters
aging-in-seconds
Example
Configure the holdtime of the NDP information sent by the local switch to be 60
seconds.
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] ndp timer aging 60
View
Description
System view
A user can specify how long an adjacent device will hold the NDP information sent by
the local device. An adjacent device holds the NDP information of the local switch
according to the holdtime carried in the NDP packets received from the local switch
and removes the NDP information when the aging timer expires.
Normally, NDP information holdtime is longer than the interval to send NDP packets.
Otherwise, the neighbor information table of an NDP port becomes unstable.
Use the ndp timer hello command to define how often to transmit the NDP
packets.
Use the undo ndp timer hello command to restore the default NDP packet
interval (60 seconds).
Syntax
Parameters
timer-in-seconds
Default
Example
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] ndp timer hello 80
View
Description
System view
nm-interface vlan-interface
Purpose
Syntax
Parameters
vlan-id
Example
<123> system-view
System View: return to User View with Ctrl+Z
[123] cluster
[123-cluster] nm-interface Vlan-interface 2
View
Description
Cluster view
Note:
If the VLAN where the port connected with the NMS device resides is not a
management VLAN, since no NAT server is configured on this interface by default,
IP addresses cannot be translated. In this case, the network administrator of the
external network is unable to access the management device, so he cannot
manage internal devices of the cluster.
By specifying an NMS interface on the management device, you can enable the
NAT server configuration on the NMS interface instead of the management VLAN
interface. In this case, the network administrator can access the management
device through the NMS interface to manage internal devices of this cluster.
ntdp enable
Purpose
Use the ntdp enable command in system view to enable NTDP globally. When
being executed in Ethernet port view, this command enables NTDP for an Ethernet
port.
Use the undo ntdp enable command in system view to disable NTDP globally.
When being executed in Ethernet port view, this command disables NTDP for an
Ethernet port.
Syntax
ntdp enable
undo ntdp enable
Parameters
None
Default
By default, NTDP is enabled globally on the switch and the ports supporting NDP. For
a port that does not support NDP, NTDP cannot operate even if NTDP is enabled on it.
Example
View
System view
ntdp explore
Purpose
Use the ntdp explore command to start topology information collection manually.
Syntax
ntdp explore
Parameters
None
Example
View
Description
User view
Normally, NTDP collects network topology information periodically. You can also start
topology information collection manually whenever needed by executing this
command. When you execute this command, NTDP collects the NDP information of
every device and the information about the connections between the local switch and
all of its neighbor switches in the specified network scope. The information is useful
for the management device or network management system to acquire the network
topology and to manage and monitor the devices.
ntdp hop
Purpose
Use the ntdp hop command to set a range (in terms of hop count) for topology
information collection.
Use the undo ntdp hop command to restore the default range for topology
information collection.
Syntax
Parameters
hop-value
Example
<aaa_0.S4200G> system-view
System View: return to User View with Ctrl+Z.
[aaa_0.S4200G] ntdp hop 5
View
Description
System view
With the ntdp hop command, you can specify to collect the topology information of
the devices within a specified range to avoid infinitive collection. The limit is
performed by controlling the permitted hops from collection origination. For example,
if you set the hop number limit to 2, only the switches less than 2 hops away from the
switch starting the topology collection are collected.
This command is only applicable to the topology-collecting device. A broader
collection scope requires more memory of the topology-collecting device.
ntdp timer
Purpose
Use the ntdp timer command to configure the interval to collect topology
information.
Use the undo ntdp timer command to restore the default topology collection
interval.
Syntax
Parameters
Interval-in-minutes
Example
View
Description
System view
A switch collects topology information once in each period set by the ntdp timer
command.
Use the ntdp timer hop-delay command to set the delay time for a switch to
forward topology-collection request packets.
Use the undo ntdp timer hop-delay command to restore the default delay
value.
Syntax
Parameters
time
Example
Set the delay time for the switch to forward topology-collection request packets
through the first port to 300 ms.
<aaa_0.S4200G> system-view
System View: return to User View with Ctrl+Z.
[aaa_0.S4200G] ntdp timer hop-delay 300
View
Description
System view
Use the ntdp timer port-delay command to set the delay time for a switch to
forward a received topology-collection request packet through its successive ports.
Use the undo ntdp timer port-delay command to restore the default delay
time.
Syntax
Parameters
time
Example
Set the delay time for the switch to forward topology-collection request packets
through the successive ports to 40 ms.
<aaa_0.S4200G> system-view
System View: return to User View with Ctrl+Z.
[aaa_0.S4200G] ntdp timer port-delay 40
View
Description
System view
Use the ntdp timer port-delay command to set the delay time for a switch to
forward a received topology-collection request packet through its successive ports. A
switch forwards received topology request packets to all its ports in turn. After
forwarding a received topology-collection request packet through one port, the
switch delays for specific period before it forwards the packet through the next port.
To avoid network congestion caused by large amount of topology response packets
received in short periods, a switch delays for specific period before it forwards a
received topology-collection request packet through the next port. You can use the
ntdp timer port-delay command to set the delay time.
These two commands are intended for switches that collect topology information.
They actually set the port-delay value for topology-collection request packets sent by
these switches. The port-delay value determines the delay time for a switch receiving
topology-collection request packets to forward them through the next port.
ntp-service access
Purpose
Use the ntp-service access command to set the authority to access the local
equipment.
Use the undo ntp-service access command to cancel the access authority
settings.
Syntax
Parameters
peer
server
synchronization
query
acl-number
Default
Example
Configure the access permission of the peer defined in ACL 2076 to be peer.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] ntp-service access peer 2076
Configure the access permission of the peer defined in ACL 2028 to be server.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] ntp-service access server 2028
View
Description
System view
Configuring access control permission to the NTP server only provides a least security
measure. Performing authentication is a more reliable way to improve security.
A received access is matched in this order: peer, server, synchronization, and query.
Syntax
Parameters
None
Default
Example
View
System view
ntp-service authentication-keyid
Purpose
Syntax
Parameters
Default
keyid
value
Example
Configure an MD5 authentication key, with the key ID being 10 and the key being
BetterKey.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] ntp-service authentication-keyid 10 authentication-mode md5
BetterKey
View
System view
ntp-service broadcast-client
Purpose
Syntax
ntp-service broadcast-client
undo ntp-service broadcast-client
Parameters
None
Default
Example
View
Description
Designate an interface on the local Switch to receive NTP broadcast messages and
operate in broadcast client mode. The local Switch listens to the broadcast from the
server. When it receives the first broadcast packet, it starts a brief client/server mode
to switch messages with a remote server for estimating the network delay. Thereafter,
the local Switch enters broadcast client mode and continues listening to the
broadcast and synchronizes the local clock according to the arrived broadcast
message.
ntp-service broadcast-server
Purpose
Syntax
Parameters
authentication-keyid
keyid
version
number
Default
Example
Configure to send NTP broadcast packets through VLAN interface 1, using the key
numbered 4 for encryption and setting the NTP version number to 3.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface vlan-interface1
[S4200G-Vlan-Interface1] ntp-service broadcast-server
authentication-key 4 version 3
View
Description
Designate an interface on the local equipment to broadcast NTP packets. The local
equipment runs in broadcast-server mode and regularly broadcasts packets to its
clients.
Syntax
Parameters
None
Default
Example
View
Syntax
Parameters
number
Example
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] ntp-service max-dynamic-sessions 50
View
System view
ntp-service multicast-client
Purpose
Syntax
Parameters
ip-address
Default
Example
Configure to receive NTP multicast packets through VLAN interface 1, with the
corresponding multicast group address being 224.0.1.1.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface vlan-interface 1
[S4200G-Vlan-Interface1] ntp-service multicast-client 224.0.1.1
View
Description
Designate an interface on the local Switch to receive NTP multicast messages and
operate in multicast client mode. The local Switch listens to the multicast from the
server. When it receives the first multicast packet, it starts a brief client/server mode to
switch messages with a remote server for estimating the network delay. Thereafter,
the local Switch enters multicast client mode and continues listening to the multicast
and synchronizes the local clock according to the arrived multicast message.
ntp-service multicast-server
Purpose
Syntax
Parameters
ip-address
authentication-keyid
keyid
ttl
ttl-number
version
number
Default
Example
Configure to send NTP multicast packets through VLAN interface 1, with the
multicast group address being 224.0.1.1, the key numbered 4 used for encryption,
and the NTP version number set to 3.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface vlan-interface 1
[S4200G-Vlan-Interface1]ntp-service multicast-server 224.0.1.1
authentication-keyid 4 version 3
View
Description
Designate an interface on the local equipment to transmit NTP multicast packet. The
local equipment operates in multicast-server mode and multicasts packets regularly to
its clients.
Syntax
Parameters
key-id
Default
Example
Enable NTP authentication, with MD5 algorithm adopted, key ID being 37, the key of
BetterKey and being a trusted key.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] ntp-service authentication enable
[S4200G] ntp-service authentication-keyid 37 authentication-mode md5
BetterKey
[S4200G] ntp-service reliable authentication-keyid 37
View
Description
System view
ntp-service source-interface
Purpose
Syntax
Parameters
vlan-interface
Example
Specify the source IP addresses of all the NTP packets sent to be the IP address of
VLAN interface 1.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] ntp-service source-interface Vlan-Interface 1
View
Description
System view
The source address specifies where the packets are transmitted from.
You can use this command to designate an interface to transmit all the NTP packets
and take the source address of these packets from its IP address. If you do not want
any other interface to receive the acknowledgement packets, use this command to
specify one interface to send all the NTP packets.
ntp-service unicast-peer
Purpose
Syntax
Parameters
remote-ip
string
version number
authentication-keyid
keyid
source-interface
Vlan-interface
vlan-interface-number
priority
Default
Example
Configure the switch to obtain time information from the peer with the IP of
128.108.22.44. The local peer can also provide time information to the remote peer.
Set the NTP version number to 3. The source IP addresses of NTP packets sent are that
of VLAN interface 1.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
View
Description
System view
This command sets the remote server at ip-address as a peer of the local
equipment, which operates in symmetric active mode. ip-address specifies a host
address other than an IP address of broadcast, multicast, or reference clock. By
operating in this mode, a local device can synchronize and be synchronized by a
remote server.
Note:
If you specify a remote server to be the peer of the local Ethernet switch by providing
the remote-ip argument in the ntp-service unicast-peer command, the local switch
operates in the active peer mode. In this case, the local switch and the remote server
can be synchronized to each other.
ntp-service unicast-server
Purpose
Syntax
Parameters
remote-ip
string
number
authentication-keyid
keyid
priority
source-interface
vlan-interface-number
Interface number.
version
number
Default
Example
Configure the local device to be synchronized to the NTP server using the IP address
of 128.108.22.44, with the version number set to 3.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] ntp-service unicast-server 128.108.22.44 version 3
View
Description
System view
An Ethernet can operate as a client and be synchronized to the remote NTP server
identified by the remote-ip argument. Note that an NTP server will not be
synchronized to the local switch.
504 open
open
Purpose
Use the open command to establish a control connection with an FTP server.
Syntax
Parameters
ip-address
server-name
port
Example
Establish a control connection with the FTP server whose IP address is 1.1.1.1.
[ftp]open 1.1.1.1
Trying ...
Press CTRL+K to abort
Connected.
220220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(none):abc
331 Give me your password, please
Password:
230 Logged in successfully
View
Related Command
close
packet-filter 505
packet-filter
Purpose
Use the packet-filter command to define the packet filter function in the QoS
profile.
Use the undo packet-filter command to disable the definition of the packet
filter function in the QoS profile.
Syntax
Parameters
inbound
acl-rule
Example
ip-group acl-number
link-group acl-number
To add the packet filter function in the QoS profile named h3c to filter the received
packets matching with ACL 4000 rules, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] qos-profile h3c
[S4200G-qos-profile-h3c] packet-filter inbound link-group 4000
View
506 packet-filter
packet-filter
Purpose
Use the packet-filter command to apply ACL rules on the port to filter packets.
Use the undo packet-filter command to remove the ACL rules applied on the
port.
Syntax
Parameters
inbound
acl-rule
Example
Combination mode
Form of acl-rule
ip-group acl-number
link-group acl-number
View
parity 507
parity
Purpose
Use the parity command to set the check mode of the user interface.
Use the undo parity command to revert to the default check mode.
Syntax
Parameters
even
mark
none
odd
space
Default
Example
View
Description
The parity and undo parity commands can only be used in AUX User
Interface view.
508 passive
passive
Purpose
Use the passive command to set the data transmission mode to be passive mode.
Use the undo passive command to set the data transmission mode to be active
mode.
Syntax
passive
undo passive
Parameters
None
Default
Example
View
password 509
password
Purpose
Use the password command to configure or change the system login password
for a user.
Syntax
password
Parameters
None.
Example
Configure the system login password for the user test to 9876543210.
S4200G<S4200G> system-view
System View: return to User View with Ctrl+Z.
S4200G[S4200G] local-user test
New local user added.
[S4200G-luser-test] password
Password:**********
confirm:**********
Change the system login password for the user test to 0123456789.
[S4200G-luser-test]password
Password:**********
Confirm :**********
Updating the password file ,please wait ...
View
510 password
password
Purpose
Use the password command to set a password for the local users.
Use the undo password command to cancel the specified password display mode.
Syntax
Parameters
Example
simple
cipher
password
To set the password of user1 to 20030422 and to specify that the password be
displayed in plain text, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] local-user user1
New local user added.
[S4200G-luser-user1] password simple 20030422
22
View
Description
Related Command
display local-user
peer-public-key end
Purpose
Use the peer-public-key end command to return to system view from public key
view.
Syntax
peer-public-key end
Parameters
None
Example
View
Related Commands
public-key-code begin
rsa peer-public-key
512 ping
ping
Purpose
Use the ping command to check the IP network connection and the reachability of
the host.
Syntax
Parameters
-a ip-address
-c: count
-d
-f
-h ttl
-i
null-interfacenumber
vlan-interfacenumber
interface-name
ip
-n
-p
-q
-r
ping 513
-s packetsize
-t timeout
-tos tos
host
Example
-v
Default
the default padding operation starts from 0x01 and ends on 0x09 (progressively),
then performs again,
sequence=1
sequence=2
sequence=3
sequence=4
sequence=5
ttl=255
ttl=255
ttl=255
ttl=255
ttl=255
time
time
time
time
time
=
=
=
=
=
1ms
2ms
1ms
3ms
2ms
514 ping
View
Description
Description
Any view
the default padding operation starts from 0x01 and ends on 0x09 (progressively),
then performs again,
The executing procedure of the ping command is as follows: First, the source host
sends an ICMP ECHO-REQUEST packet to the destination host. If the connection
to the destination network is normal, the destination host receives this packet and
responds with an ICMP ECHO-REPLY packet.
You can use the ping command to check the network connectivity and the quality
of a network line. This command can output the following information:
You can set a relatively long timeout time waiting for response packet if the
network transmission is slow.
Related Command
tracert
port 515
port
Purpose
Using the port command, you can add one port or one group of ports to a VLAN.
Using the undo port command, you can cancel one port or one group of ports from
a VLAN.
Syntax
port interface-list
undo port interface-list
Parameters
interface-list
&<1-10>
CAUTION: The port command is only applicable to access ports. To add trunk ports
and hybrid ports to a VLAN, use the port trunk permit vlan and port
hybrid vlan commands in Ethernet port view.
Default
Example
View
VLAN view
Use the port access vlan command to assign the access port to a specified VLAN.
Use the undo port access vlan command to remove the access port from the
specified VLAN.
Syntax
Parameters
vlan_id
Example
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]vlan 3
[S4200G-vlan3]quit
[S4200G]interface GigabitEthernet 1/0/1
[S4200G-GigabitEthernet1/0/1]port access vlan 3
View
Use the port hybrid pvid vlan command to configure the default VLAN ID of the
hybrid port.
Use the undo port hybrid pvid command to restore the default VLAN ID of the
hybrid port.
Syntax
Parameters
vlan_id
Default
To guarantee the proper packet transmission, the default VLAN ID of the local hybrid
port should be identical with that of the hybrid port on the peer switch.
Example
Set the default VLAN ID for the GigabitEthernet1/0/1 hybrid port as 100.
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]interface GigabitEthernet 1/0/1
[S4200G-GigabitEthernet1/0/1]port hybrid pvid vlan 100
View
Related Command
port link-type
Use the port hybrid vlan command to add the port to the specified VLAN(s). The
port needs to have been made a hybrid port before you can do this. See the related
command below.
Use the undo port hybrid vlan command to remove the port from the specified
VLAN(s).
Syntax
Parameters
vlan-id-list
Example
tagged
untagged
Add the GigabitEthernet1/0/1 hybrid port to VLAN 2, VLAN 5 and VLAN 50 through
VLAN 100, with tags assigned to their packets.
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]interface GigabitEthernet 1/0/1
[S4200G-GigabitEthernet1/0/1]port hybrid vlan 2 4 50 to 100 tagged
View
Description
A hybrid port can belong to multiple VLANs. A port can only be added to a VLAN if
the VLAN has already been created. When you use the command several times, all
VLANs specified in the commands will be allowed to pass the port.
Related Command
port link-type
port isolate
Purpose
Use the port isolate command to add an Ethernet port to the isolation group.
Use the undo port isolate command to remove an Ethernet port from an isolation
group.
Syntax
port isolate
undo port isolate
Parameters
None
Default
Example
View
Use the port link-aggregation group agg_id command to add an Ethernet port
to a manual or static aggregation group.
Use the undo port link-aggregation group command to delete an Ethernet port
from a manual or static aggregation group
Syntax
Parameters
agg-id
Example
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] port link-aggregation group 22
View
Related Command
port link-type
Purpose
Use the port link-type command to configure the link type of the Ethernet port.
Use the undo port link-type command to restore the default link type, that is,
access.
Syntax
Parameters
access
hybrid
trunk
Default
Example
To configure the Ethernet port Ethernet1/0/1 as a trunk port, enter the following:
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]interface GigabitEthernet 1/0/1
[S4200G-Ethernet1/0/1]port link-type trunk
View
Description
You can configure the three types of ports on the same device. However, note that
you cannot directly switch a port between trunk and hybrid and you must set the port
as access before the switching. For example, to change a trunk port to hybrid, you
must first set it as access and then hybrid.
port-security enable
Purpose
Syntax
port-security enable
undo port-security enable
Parameters
None
Default
Example
View
Description
System view
CAUTION: To avoid confliction, the following limitation on the 802.1x and the MAC
address authentication will be taken after port security is enabled:
The access control mode (set by the dot1x port-control command) automatically
changes to auto.
The dot1x port-method command can be successfully executed only when no user
is online.
port-security intrusion-mode
Purpose
Syntax
Parameters
disableport
disableport-temporarily
blockmac
Default
Example
Set the action mode of the Intrusion Protection feature on GigabitEthernet1/0/1 port
to disableport.
[S4200G-GigabitEthernet1/0/1] port-security intrusion-mode disableport
View
Description
By way of checking the source MAC addresses of the data frames received on a port,
the Intrusion Protection feature discovers illegal packets and takes appropriate action
(temporarily/permanently disabling the port, or filtering out the packets with these
source MAC addresses) to guarantees the security on the port.
The illegal packets include:
Packets with unknown source MAC addresses received when MAC address
learning is disabled on the port
Packets with unknown source MAC addresses received when the number of MAC
addresses on the port has reached the set maximum number of MAC addresses
allowed to access the port.
The action mode of the Intrusion Protection feature can be set to disableport,
disableport-temporarily or blockmac. For the
disableport-temporarily mode, you can set the time during which the system
temporarily disables a port by using the port-security timer disableport
command.
Related Command
port-security max-mac-count
Purpose
Syntax
Parameters
count-value
Default
By default, there is no limit on the number of MAC addresses allowed to access the
port.
Example
<S4200G> system-view
Set the maximum number of MAC addresses allowed to access the port to 100.
[S4200G-GigabitEthernet1/0/1] port-security max-mac-count 100
View
Description
Use the port-security max-mac-count command to set the maximum number of MAC
addresses allowed to access the port. The number is the sum of the following:
CAUTION: The maximum number of MAC addresses set by this command does not
include the number of the static MAC address entries set manually.
Related Commands
port-security enable
port-security port-mode
port-security ntk-mode
Purpose
Syntax
Parameters
ntkonly
ntk-withbroadcasts
ntk-withmulticasts
Default
By default, no packet transmission mode of the NTK feature is set on the port.
Example
Set the packet transmission mode of the NTK feature to ntkonly on the current port.
[S4200G-GigabitEthernet1/0/1] port-security ntk-mode ntkonly
View
Description
By way of checking the destination MAC addresses of the data frames to be sent
from a port, this feature ensures that only successfully authenticated devices can
obtain data frames from the port so as to prevent illegal devices from filching
network data.
The packet transmission mode of the NTK feature can be set to ntkonly,
ntk-withbroadcasts or ntk-withmulticasts.
CAUTION: The port-security ntk-mode command and the unknown-multicast drop
enable command (which enables the unknown multicast packet drop function),
cannot be used together. Or else, the system prompts a failure.
port-security OUI
Purpose
Use the port-security OUI command to set an OUI value for authentication.
Use the undo port-security OUI command to cancel an OUI value setting.
Syntax
Parameters
OUI-value
index-value
Example
Set an OUI value by specifying the MAC address 00ef-ec00-0000, and set the OUI
index to five.
[S4200G] port-security oui 00ef-ec00-0000 index 5
View
System view
Description
CAUTION: The OUI value set by this command takes effect only when the security
mode of the port is set to userlogin-withoui (by the port-security port-mode
command).
Related Command
port-security port-mode
port-security port-mode
Purpose
Use the port-security port-mode command to set the security mode of the
port.
Use the undo port-security port-mode command to restore the normal
operating mode of the port.
Syntax
Parameters
mode
Default
Example
<S4200G> system-view
View
Description
Description
Feature
autolearn
userlogin
userlogin-secure
userlogin-withoui
mac-authentication
userlogin-secure-or-mac
userlogin-secure-else-mac
Description
userlogin-secure-ext
userlogin-secure-or-mac-ext
userlogin-secure-else-mac-ext
Feature
Use the port-security timer disableport command to set the time during
which the system temporarily disables a port.
Use undo port-security timer disableport command restore the default
time.
Syntax
Parameters
timer
Example
Set the time during which the system temporarily disables a port to 50 seconds.
<S4200G> system-view
[S4200G] port-security timer disableport 50
View
Description
System view
The time set by the port-security timer disableport command takes effect when the
disableport-temporarily mode is set by the port-security intrusion-mode command.
port-security trap
Purpose
Use the port-security trap command to enable the sending of the specified
type(s) of trap messages.
Use the undo port-security trap command to disable the sending of the
specified type(s) of trap messages.
Syntax
Parameters
addresslearned
intrusion
dot1xlogon
dot1xlogoff
dot1xlogfailure
ralmlogon
ralmlogoff
ralmlogfailure
Default
By default, the system disables the sending of any types of trap messages.
Example
View
Description
System view
This command is designed based on the Device Tracking feature. The Device Tracking
feature enables the switch to send trap messages in case special data packets
(generated by special actions such as illegal intrusion, and abnormal user
logon/logoff) pass through a port for the convenience of network administrator to
monitor these special actions.
Use the port trunk pvid vlan command to configure the default VLAN ID for a
trunk port.
Use the undo port trunk pvid command to restore the default VLAN ID for a trunk
port.
Syntax
Parameters
vlan_id
Default
The default VLAN ID of local trunk port should be consistent with that of the trunk
port on the peer switch, otherwise packets cannot be properly transmitted.
Example
To configure the trunk port Ethernet1/0/1 to the default VLAN of 100, enter the
following:
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[SW4200G]interface GigabitEthernet 1/0/1
[SW4200G-GigabitEthernet1/0/1]port trunk pvid vlan 100
View
Related Command
port link-type
Use the port trunk permit vlan command to add a trunk port to one VLAN, a
selection of VLANs, or all VLANs.
Use the undo port trunk permit vlan command to remove the hybrid port from
one VLAN, a selection of VLANs or all VLANs.
Syntax
Parameters
Example
vlan-id
all
Add the GigabitEthernet1/0/1 trunk port to VLAN 2, VLAN 5 and VLAN 50 through
VLAN 100.
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]interface GigabitEthernet 1/0/1
[SW4200G-GigabitEthernet1/0/1]port trunk permit vlan 2 4 50 to 100
Please wait...
Done.
View
Description
A trunk port can belong to multiple VLANs. If the port trunk permit vlan
command is used many times, then the VLAN enabled to pass on trunk port is the set
of these vlan_id_list.
Related Command
port link-type
primary accounting
Purpose
Use the primary accounting command to set the IP address and port number for
the primary accounting server.
Use the undo primary accounting command to restore the default IP address and
port number of the primary RADIUS accounting server.
Syntax
Parameters
Default
ip-address
port-number
By default, the IP address of the primary accounting server is 0.0.0.0 and the UDP
port number of the primary accounting service is 1813.
The IP address and UDP port number of the primary accounting server used by the
default RADIUS scheme system are 127.0.0.1 and 1646.
Example
To set the IP address and UDP port number of the primary accounting server of the
RADIUS scheme radius1 to 10.110.1.2 and 1813, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] primary accounting 10.110.1.2 1813
View
Description
After creating a RADIUS scheme, you are supposed to set IP addresses and UDP port
numbers for the RADIUS servers, including primary/second
authentication/authorization servers and accounting servers. In real networking
environments, the above parameters shall be set according to the specific
requirements. However, you must set at least one authentication/authorization server
and an accounting server. Besides, ensure that the RADIUS service port settings on the
Switch is consistent with the port settings on the RADIUS server.
Related Commands
key
radius scheme
state
primary authentication
Purpose
Use the primary authentication command to configure the IP address and port
number for the primary RADIUS authentication/authorization server.
Use the undo primary authentication command to restore the default IP address
and port number of the primary RADIUS authentication/authorization server.
Syntax
Parameters
ip-address
port-number
Default
Example
View
Description
Note:
After creating a new RADIUS scheme, you should configure the IP address and
UDP port number of each RADIUS server you want to use in this scheme. These
RADIUS servers fall into two types: authentication/authorization, and accounting.
And for each kind of server, you can configure two servers in a RADIUS scheme:
primary and secondary servers. A RADIUS scheme has the following attributes: IP
addresses of the primary and secondary servers, shared keys, and types of the
RADIUS servers.
Related Commands
key
radius scheme
state
542 priority
priority
Purpose
Syntax
priority priority-level
undo priority
Parameters
priority-level
Default
Example
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface gigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] priority 7
View
Description
This command is used to set the priority of Ethernet ports. After the command is
configured, the switch replaces the 802.1p priority carried in the packet with the
priority of the port receiving the packet. Then the switch places the packet in the
corresponding port output queue according to the new priority of the packet.
priority trust
Purpose
Use the priority trust command to configure the precedence mapping mode on
the port of the switch.
Syntax
Parameters
cos [ automap ]
Default
Example
View
Related Command
priority
protocol inbound
Purpose
Use the protocol inbound command to configure the protocols supported in the
current user interface.
Syntax
Parameters
all
ssh
telnet
Default
Example
View
Description
After you use this command with SSH enabled, your configuration cannot take effect
till next login if no RSA key pair is configured.
CAUTION:
When SSH protocol is specified, to ensure a successful login, you must configure
the AAA authentication using the authentication-mode scheme command.
protocol inbound
Purpose
Use the protocol inbound command to specify the protocols supported by the
user interface.
Syntax
Parameters
all
ssh
telnet
Default
Example
View
Description
Use the protocol inbound command in VTY User Interface view only.
Related Command
user-interface vty
protocol-priority protocol-type
Purpose
Use the protocol-priority command to set the global traffic priority that
applies to a given protocol.
Use the undo protocol-priority command to remove such a configuration.
Syntax
Parameters
protocol-type
protocol-type
ip-precedence
ip-precedence
dscp dscp-value
Example
View
System view
public-key-code begin
Purpose
Use the public-key-code begin command to enter public key edit view and
input the client public key.
Syntax
public-key-code begin
Parameters
None
Example
Enter public key edit view and input client public keys.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] rsa peer-public-key S4200G003
[S4200G-rsa-public-key] public-key-code begin
[S4200G-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463
[S4200G-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913
[S4200G-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4
[S4200G-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC
[S4200G-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16
[S4200G-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125
[S4200G-key-code] public-key-code end
[S4200G-rsa-public-key]
View
Description
Related Commands
You can key in a blank space between characters (since the system can remove the
blank space automatically), or press <Enter> to continue your input at the next line.
But the public key, which is generated randomly by the SSH 2.0-supported client
software, should be composed of hexadecimal characters.
public-key-code end
rsa peer-public-key
public-key-code begin
Purpose
Use the public-key-code begin command to enter public key edit view and set
server public keys.
Syntax
public-key-code begin
Parameters
None
Example
Enter public key edit view and set server public keys.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] rsa peer-public-key S4200G003
[S4200G-rsa-public-key] public-key-code begin
[S4200G-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463
[S4200G-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913
[S4200G-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4
[S4200G-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC
[S4200G-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16
[S4200G-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125
[S4200G-key-code] public-key-code end
[S4200G-rsa-public-key]
View
Description
Related Commands
You can key in a blank space between characters (since the system can remove the
blank space automatically), or press <Enter> to continue your input at the next line.
But the public key, which are generated randomly after you use the rsa
local-key-pair create command on the server, should be composed of
hexadecimal characters.
public-key-code end
rsa peer-public-key
public-key-code end
Purpose
Use the public-key-code end command to return from public key edit view to
public key view and save the public keys you set.
Syntax
public-key-code end
Parameters
None
Example
Exit from public key edit view and save the public keys.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G]rsa peer-public-key zhangshan
[S4200G-rsa-public-key]public-key-code begin
[S4200G-rsa-key-code] public-key-code end
[S4200G-rsa-public-key]
View
Description
Related Command
After you use this command to terminate the public key editing, public key validity
will be checked before the keys are saved. If there are illegal characters in the keys,
the prompt will be given and the keys will be discarded. Your configuration this time
fails. If the keys are valid, they will be saved in the public key list of the client.
public-key-code begin
rsa peer-public-key
public-key-code end
Purpose
Use the public-key-code end command to return from public key edit view to
public key view and save the public keys you set.
Syntax
public-key-code end
Parameters
None
Example
Exit from public key edit view and save the public keys.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] rsa peer-public-key S4200G003
[S4200G-rsa-public-key] public-key-code begin
[S4200G-rsa-key-code] public-key-code end
[S4200G-rsa-public-key]
View
Description
Related Commands
After you use this command to terminate the public key editing, public key validity
will be checked before the keys are saved. If there are illegal characters in the keys,
the prompt will be given and the keys will be discarded. Your configuration this time
fails. If the keys are valid, they will be saved in the public key list of the client.
public-key-code begin
rsa peer-public-key
552 put
put
Purpose
Use the put command to upload a local file to the remote SFTP server.
Syntax
Parameters
local-file
remote-file
Example
Upload local file temp.c to the remote SFTP server and save it with the name temp1.c.
sftp-client> put temp.c temp1.c
View
Description
If no name is specified for the file to be saved on the remote SFTP server, the name of
the source file is used.
put 553
put
Purpose
Use the put command to upload a local file to the remote FTP server.
Syntax
Parameters
local-file
remote-file
Example
Upload local file temp.c to the remote STP server and save it with the name temp1.c.
<S4200G> ftp 2.2.2.2
Trying ...
Press CTRL+K to abort
Connected.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(none):switch
331 Give me your password, please
Password:*****
230 Logged in successfully
[ftp]
View
Description
If no name is specified for the file to be saved on the remote FTP server, the name of
the source file is used.
554 pwd
pwd
Purpose
Use the pwd command to display the current directory on the SFTP server.
Syntax
pwd
Parameters
None
Example
View
pwd 555
pwd
Purpose
Use the pwd command to display the current path. If the current path is not
configured, an error occurs when you execute this command.
Syntax
pwd
Parameters
None
Example
View
User view
556 pwd
pwd
Purpose
Use the pwd command to display the current directory on the remote FTP Server.
Syntax
pwd
Parameters
None
Example
View
qos cos-drop-precedence-map
Purpose
Syntax
Parameters
Default
cos0-map-drop-prec
cos0-map-drop-prec
cos0-map-drop-prec
cos0-map-drop-prec
cos0-map-drop-prec
cos0-map-drop-prec
cos0-map-drop-prec
cos0-map-drop-prec
Drop-precedence
Example
Drop-precedence
View
Description
System view
The switch will assign a set of service parameters to one packet according to a certain
rule when it receives the packet. Service parameters include CoS value, local
precedence and drop precedence. Service parameters are assigned according to the
802.1p priority of the packet. COS value is the 802.1p priority of the packet, and local
precedence and drop precedence are obtained through the "COS
->Local-precedence" mapping relationship and the "COS ->Drop-precedence"
mapping relationship respectively. You can use this command to modify the
"COS->Drop-precedence" mapping relationship as required.
qos cos-dscp-map
Purpose
Syntax
Parameters
Default
cos0-map-dscp
cos0-map-dscp
cos0-map-dscp
cos0-map-dscp
cos0-map-dscp
cos0-map-dscp
cos0-map-dscp
cos0-map-dscp
DSCP
16
24
32
40
48
56
Example
DSCP
View
System view
qos cos-local-precedence-map
Purpose
Syntax
Parameters
Default
cos0-map-local-prec
cos1-map-local-prec
cos2-map-local-prec
cos3-map-local-prec
cos4-map-local-prec
cos5-map-local-prec
cos6-map-local-prec
cos7-map-local-prec
DSCP
Example
DSCP
View
System view
qos dscp-cos-map
Purpose
Syntax
Parameters
Default
dscp-list
cos-value
802.1p priority
0 to 7
8 to 15
16 to 23
24 to 31
32 to 39
40 to 47
48 to 55
56 to 63
Example
802.1p priority
View
System view
qos dscp-drop-precedence-map
Purpose
Syntax
Parameters
Default
dscp-list
drop-precedence
Drop Precedence
0 to 7
8 to 15
16 to 23
24 to 31
32 to 39
40 to 47
48 to 55
56 to 63
Example
Drop Precedence
View
System view
qos dscp-dscp-map
Purpose
Syntax
Parameters
Default
dscp-list
dscp-value
Example
DSCP
New DSCP
61
61
62
62
63
63
New DSCP
View
System view
qos dscp-local-precedence-map
Purpose
Syntax
Parameters
Default
dscp-list
local-precedence
Local Precedence
0 to 7
8 to 15
16 to 23
24 to 31
32 to 39
40 to 47
48 to 55
56 to 63
Example
Local Precedence
View
System view
qos-profile 571
qos-profile
Purpose
Use the qos-profile command to create a QoS profile and enter the corresponding
view.
If this profile has existed, use the qos-profile command to enter view of this
profile.
Use the undo qos-profile command to delete a specific QoS profile or all QoS
profiles.
Syntax
qos-profile profile-name
undo qos-profile { profile-name | all }
Parameters
Example
profile-name
all
View
Description
System view
The switch does not allow your deletion of QoS profiles applied to ports.
qos-profile port-based
Purpose
Syntax
qos-profile port-based
undo qos-profile port-based
Parameters
None
Default
Example
To configure the port-based application mode of QoS profiles on ports, enter the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface gigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] qos-profile port-based
View
Description
After the QoS profile function is configured, the switch will apply the QoS profiles
corresponding to you to your access port when you pass the authentication. The
processing procedures of the switches of different application modes are as follows
respectively:
User-based mode: If the source information (source MAC, source IP, or source
MAC + source IP) is defined in the traffic rule adopted by the QoS profile, the QoS
profile cannot be applied dynamically successfully. If the source information is not
defined, the switch will create a new traffic rule by adding the source MAC and
source IP information of the user into the former rule, and then apply all the traffic
actions in the QoS profile to the user access port.
Port-based mode: The switch will apply all the actions in the QoS profile to the
user access port directly. When the mode is used, all the users with the same
access port must use the same QoS profile.
queue-scheduler 573
queue-scheduler
Purpose
Syntax
Parameters
wrr
group1
group2
queue-id
queue-weight
&<1-8>
Default
By default, all the output queues on the ports of the switch adopt SP
queue-scheduling algorith.
Example
To:
Add queue3, queue4, and queue5 into WRR scheduling group1 and their weights
are 20, 20, and 30 respectively.
Add queue0, queue1, and queue2 into WRR scheduling group2, and their weights
are 20, 20, and 40 respectively.
Queue6 and queue7 are scheduled according the default strict priority.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] queue-scheduler wrr group1 3 20 4 20 5 30 group2 0 20 1 20 2 40
View
Description
System view
One port of the switch supports 8 output queues. Different queues can adopt
different queue-scheduling algorithms in the switch. You can respectively set the
574 queue-scheduler
Related Command
The queues in each group must be consecutive. For example, queue3, queue4,
and queue5 are consecutive queues.
display queue-scheduler
quit 575
quit
Purpose
Use the quit command to terminate the connection to the remote SSH server.
Syntax
quit
Parameters
None
Example
View
User view
576 quit
quit
Purpose
Use the quit command to terminate the connection to the remote SFTP server and
exit to system view.
Syntax
quit
Parameters
None
Example
View
Description
This command has the same function as the bye and exit commands.
quit 577
quit
Purpose
Use the quit command to terminate FTP control connection and FTP data connection
and quit to user view. This command has the same effect as that of the bye
command.
Syntax
quit
Parameters
None.
Example
Terminate the FTP control connection and FTP data connection and quit to user view.
[ftp] quit
<S4200G>
View
578 quit
quit
Purpose
Use the quit command to return from current view to lower level view, or exit the
system if current view is user view.
Syntax
quit
Parameters
None.
Example
View
Description
Related Command
Any view
The following lists the three levels of views available (from lower level to higher level):
User view
System view
radius nas-ip
Purpose
Use the radius nas-ip command to set the source IP address used by the switch to
send RADIUS packets.
Use the undo radius nas-ip command to restore the default setting.
Syntax
Parameters
ip-address
Default
Example
To set the source IP address used by the switch to send the RADIUS packets to
129.10.10.1, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius nas-ip 129.10.10.1
View
Description
Related Command
System view
Note:
By specifying the source address of the RADIUS packet, you can avoid unreachable
packets as returned from the server upon interface failure. The source address is
normally recommended to be a loopback interface address.
This command specifies only one source address; therefore, the newly configured
source address may overwrite the original one.
nas-ip
580 radius-scheme
radius-scheme
Purpose
Use the radius-scheme command to specify the RADIUS scheme to be used by the
current ISP domain.
Syntax
radius-scheme radius-scheme-name
Parameters
radius-scheme-name
Example
To specify the scheme 3Com as the RADIUS scheme to be used by current ISP domain
3Com163.net, enter the following.
View
Description
Related Commands
The RADIUS scheme specified in the radius-scheme command must exist. This
command is equivalent to the scheme radius-scheme command.
display radius
radius scheme
scheme
radius scheme
Purpose
Use the radius scheme command to create a RADIUS scheme and enter its view.
Use the undo radius scheme command to delete the specified RADIUS scheme.
Syntax
Parameters
radius-scheme-name
Default
Example
To create a RADIUS scheme named radius1 and enter its view, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1]
View
Description
System view
Note:
A default RADIUS scheme named system has been created in the system. The
attributes of system are all default values.
A RADIUS scheme can be used by multiple ISP domains simultaneously. You can
configure up to 16 RADIUS schemes, including the default RADIUS scheme named
as System.
Although undo radius scheme can remove a specified RADIUS scheme, the
default one cannot be removed. Note that a scheme currently in use by the online
user cannot be removed.
Related Commands
key
retry realtime-accounting
radius-scheme
timer realtime-accounting
stop-accounting-buffer enable
retry stop-accounting
server-type
state
user-name-format
retry
display radius
radius trap
Purpose
Use the radius trap command to enable the switch to send trap messages when
its RADIUS authentication or accounting server turns down.
Use the undo radius trap command to disable the switch from sending trap
messages when its RADIUS authentication or accounting server turns down.
Syntax
Parameters
Default
Example
To enable the switch to send trap messages when its RADIUS authentication server
turns down, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G]radius trap authentication-server-down
View
Description
System view
584 reboot
reboot
Purpose
Syntax
Parameters
unit-id
Example
Unit ID of a switch.
<S4200G> reboot
This will reboot device. Continue? [Y/N] y
Start to check configuration with next startup configuration file,
please wait......
This command will reboot the device. Current configuration may be lost
in next
startup if you continue.
Continue? [Y/N] y
<S4200G>
%Apr 2 00:06:01:148 2000 S4200G DEV/5/DEV_LOG:- 1 Switch is rebooted.
Starting......
Description
The system will check whether there is any configuration change before it restarts,
and will ask whether you want to proceed or not if there is any change, to prevent
you from losing your original configuration due to forgetting after the restart.
View
User view
reboot member
Purpose
Use the reboot member command to reboot a specified member device on the
management device.
Syntax
Parameters
member-number
mac-address H-H-H
eraseflash
Example
View
Description
Cluster view
586 region-name
region-name
Purpose
Syntax
region-name name
undo region-name
Parameters
name
Default
Example
To set the MST region name of the switch to hello, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp region-configuration
[S4200G-mst-region] region-name hello
View
Description
Related Commands
The MST region name, along with MST region VLAN mapping table and MSTP
revision level, determines the MST region to which a switch belongs.
active region-configuration
check region-configuration
instance
revision-level
vlan-mapping modulo
remote-probe vlan
Purpose
Use the remote-probe vlan enable command to enable the remote-probe port
mirror port feature on the VLAN of the switch.
Use the undo remote-probe vlan enable command to disable the
remote-probe port mirror port feature on the VLAN of the switch.
Syntax
Parameters
None
Example
View
Description
VLAN view
After setting a VLAN as remote-probe VLAN, you cannot add any more access port to
the VLAN.
588 remotehelp
remotehelp
Purpose
Use the remotehelp command to display help information about the FTP protocol
command.
Syntax
remotehelp [ protocol-command ]
Parameters
protocol-command
Example
<SW4200G>ftp 1.1.1.1
Trying ...
Press CTRL+K to abort
Connected.
220 FTP service ready.
User(none):hello
331 Password required for hello.
Password:
230 User logged in
[ftp]remotehelp user
214 Syntax: USER <sp> <username>
[ftp]
Description
This command works only when the FTP server provides the help information about
FTP protocol commands.
CAUTION:
View
This command is always valid when a S4200G series switch operates as the FTP
server.
remove 589
remove
Purpose
Use the remove command to delete the specified file from the server.
Syntax
remove remote-file
Parameters
remote-file
Example
View
Description
590 rename
rename
Purpose
Use the rename command to change the name of the specified file on the SFTP
server.
Syntax
Parameters
old name
new name
Example
View
rename 591
rename
Purpose
Use the rename command to rename a file or a directory. If the target file name or
directory name is the same with any existing file name or directory name, you will fail
to rename a file.
Syntax
Parameters
fileurl-source
fileurl-dest
Example
View
User view
592 rename
rename
Purpose
Syntax
Parameters
remote-source
remote-dest
Example
View
Description
If when renaming a file the destination file name conflicts with the name of an
existing file or directory, you will fail to rename the file.
reset arp
Purpose
Use the reset arp command to remove information that is no longer required from
the ARP mapping table.
Syntax
Parameters
dynamic
static
interface_name
interface_type
interface_num
Example
View
Related Command
User view
arp static
display arp
Use the reset counters interface command to clear the statistics of the port,
preparing for a new statistics collection.
Syntax
Parameters
interface-type
interface-number
Example
View
Description
User view
If you specify neither port type nor port number, the command clears statistics of
all ports.
If specify only port type, the command clears statistics of all ports of this type.
If specify both port type and port number, the command clears statistics of the
specified port
Use the reset dot1x statistics command to clear the statistics of 802.1x.
Syntax
Parameters
interface-list
Example
View
User view
Description
Execution of the reset dot1x statistics command clears statistics globally and on all
ports if the interface-list argument is not provided, otherwise only resets statistics on
ports specified by the interface-list argument.
Related Command
display dot1x
Use the reset garp statistics command to clear the GARP statistics (such as
the information about the packets received/sent/discarded by GVRP/GMRP) on
specified (or all) ports.
Use the reset garp statistics command without parameters to clear the
GARP statistics on specified (or all) ports.
Syntax
Parameters
interface-list
Example
View
Related Command
User view
Syntax
Parameters
None
Example
View
Related Command
User view
igmp-snooping
reset ip statistics
Purpose
Syntax
reset ip statistics
Parameters
None
Example
View
Related Commands
User view
display ip statistics
reset logbuffer
Purpose
Use the reset logbuffer command to clear information in the log buffer.
Syntax
Parameters
unit-id
Example
Unit ID
<S4200G>reset logbuffer
View
User view
Use the reset ndp statistics command to reset the NDP counters to clear the
NDP statistics.
Syntax
Parameters
interface port-list
Example
View
User view
Use the reset radius statistics command to clear the statistics information
about the RADIUS protocol.
Syntax
Parameters
None
Example
View
Related Command
User view
display radius
reset recycle-bin
Purpose
Use the reset recycle-bin command to completely delete file(s) in the recycle
bin in the Flash.
Syntax
Parameters
file-url
/force
Example
View
Description
User view
The files that are deleted using the delete command are still stored in the recycle
bin. To delete them completely, use the reset recycle-bin command.
reset saved-configuration
Purpose
Syntax
Parameters
main
backup
Example
View
Description
User view
The configuration files in the Flash are not compatible with the system software.
(This may occur after you upgrade the software of the switch.)
The network where the switch operates changes. In this case, the existing
configuration files may conflict with the new network. You need to delete the
existing configuration files and configure the switch again.
CAUTION:
Related Command
Upon powered on, a switch initiates using the default parameters if the Flash
contains no configuration file.
save
reset stop-accounting-buffer
Purpose
Syntax
Parameters
radius-scheme
radius-scheme-name
session-id session-id
time-range start-time
stop-time
user-name user-name
user-name user-name
<
>
Example
To delete the stop-accounting request packets buffered in the system for the user
user0001@aabbcc.net, enter the following:
<S4200G> reset stop-accounting-buffer user-name user0001@aabbcc.net
View
Example
User view
Related Commands
stop-accounting-buffer enable
retry stop-accounting
display stop-accounting-buffer
reset stp
Purpose
Use the reset stp command to clear the STP statistics of specified Ethernet ports.
Syntax
Parameters
interface-list
Example
View
Description
User view
The spanning tree statistics include the numbers of the TCN BPDUs, configuration
BPDUs, RST BPDUs, and MST BPDUs sent/received through one or more specified
ports or all ports (note that STP BPDUs and TCN BPDUs are counted only for CISTs.)
This command clears the spanning tree-related statistics on specified ports if you
specify the interface-list argument. If you do not specify the interface-list argument,
this command clears the spanning tree-related statistics on all ports.
Related Command
display stp
Use the reset tcp statistics command to clear the TCP statistics information.
Syntax
Parameters
None
Example
View
Related Command
User view
reset traffic-limit
Purpose
Use the reset traffic-limit command to clear the statistics of the traffic
policing matching with the specified ACL rules.
Syntax
Parameters
inbound
acl-rule
Example
ip-group acl-number
link-group acl-number
To clear the statistics of the traffic policing matching with ACL 2000, enter the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface gigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] reset traffic-limit inbound ip-group 2000
View
reset traffic-statistic
Purpose
Use the reset traffic-statistic command to clear the traffic statistics of the
packets matching with the specified ACL rules.
Syntax
Parameters
inbound
acl-rule
ip-group acl-number
link-group acl-number
Issue a rule in an IP ACL and a rule in a Link ACL at the ip-group acl-number rule rule
same time
link-group acl-number rule rule
Example
To clear the traffic statistics of the packets matching with ACL 2000 rules, enter the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface gigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] reset traffic-statistic inbound ip-group
2000
View
reset trapbuffer
Purpose
Use the reset trapbuffer command to clear information in the trap buffer.
Syntax
Parameters
unit-id
Example
Unit ID
<S4200G>reset trapbuffer
View
User view
612 retry
retry
Purpose
Use the retry command to set the maximum number of transmission attempts of
RADIUS requests.
Use the undo retry command to restore the default maximum number of
transmission attempts.
Syntax
retry retry-times
Parameters
retry-times
Example
To set the maximum transmission times of RADIUS requests in the RADIUS scheme
radius1 to five, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] retry 5
View
Description
Related Command
Note:
radius scheme
retry realtime-accounting
Purpose
Syntax
Parameters
retry-times
Default
Example
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] retry realtime-accounting 10
View
Description
Note:
Generally, the RADIUS server uses the connection timeout timer to determine
whether a user is online or not. If the RADIUS server receives no real-time
accounting packet for a specified period of time, it will consider that the line or the
switch is in trouble and stop the accounting of the user. To make the switch
cooperate with this feature on the RADIUS server, it is necessary to cut down the
user connection on the switch as soon as possible after the RADIUS server
terminates the charging and connection of the user in the case of unforeseen
trouble. For this purpose, you can limit the number of continuous real-time
no-response accounting requests, and the switch will cut down the user
connection if it sends out the maximum number of real-time accounting requests
but does not receive any response.
Suppose that the response timeout time of the RADIUS server is T (three seconds
for example), the real-time accounting interval is t (12 minutes for example), and
the maximum number of continuous no-response real-time accounting requests is
retry-times (five for example). In this case, the switch sends an accounting request
every 12 minutes; if the switch does not receive a response within 3 seconds after
it sends out an accounting request, it re-sends the request; If the switch
continuously sends five accounting requests but does not receive any response, it
considers this real-time accounting a failure. Generally, T x retry-times should be
less than t.
Related Command
radius-scheme
timer realtime-accounting
retry stop-accounting
Purpose
Syntax
Parameters
retry-times
Default
Example
To indicate that, when stopping accounting request for the server 3Com in the
RADIUS server group, the Switch will retransmit the packets for up to 1000 times,
enter the following:
To specify that the switch can transmit a buffered stop-accounting request at most
1000 times in RADIUS scheme radius1, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] retry stop-accounting 1000
View
Description
Related Commands
Stop-accounting requests are critical to billing and will eventually affect the charges of
the users; they are important for both the users and the ISP. Therefore, the switch
should do its best to transmit them to the RADIUS accounting server. If the RADIUS
server does not respond to such a request, the switch should first buffer the request
on itself, and then retransmit the request to the RADIUS accounting server until it gets
a response, or the maximum number of transmission attempts is reached (in this case,
it discards the request).
display stop-accounting-buffer
radius-scheme
reset stop-accounting-buffer
616 return
return
Purpose
Use the return command to return to user view from any other view.
Syntax
return
Parameters
None
Example
To return to user view from any other view (the example below shows the command
entered from the system view), enter the following.
<S4200G> system-view
[S4200G] return
<S4200G>
Description
View
revision-level 617
revision-level
Purpose
Use the revision-level command to set the MSTP revision level for a switch.
Use the undo revision-level command to restore the default revision level.
Syntax
revision-level level
undo revision-level
Parameters
level
Default
Example
To set the MSTP revision level of the MST region to 5, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp region-configuration
[S4200G-mst-region] revision-level 5
View
Description
Related Commands
MSTP revision level, along with MST region name and VLAN mapping table,
determines the MST region to which a switch belongs.
active region-configuration
check region-configuration
instance
region-name
vlan-mapping modulo
618 rmdir
rmdir
Purpose
Use the rmdir command to delete the specified directory from the remote SFTP
server.
Syntax
rmdir remote-path
Parameters
remote-path
Example
View
rmdir 619
rmdir
Purpose
Syntax
rmdir directory
Parameters
directory
Example
View
Description
User view
Because only empty directories can be deleted, you need to delete the files in a
directory before deleting it.
620 rmdir
rmdir
Purpose
Use the rmdir command to delete the specified directory from the remote FTP
server.
Syntax
rmdir pathname
Parameters
pathname
Example
Remove the directory flash:/temp1 on the FTP server. (Assume that the
directory is empty.)
View
Description
You can only use this command to remove directories that are empty.
rmon alarm
Purpose
Use the rmon alarm command to add an entry to the alarm table.
Use the undo rmon alarm command to delete an entry from this table.
Syntax
Parameters
entry-number
alarm-variable
sampling-time
delta
absolute
rising-threshold
threshold-value1
event-entry1
falling-threshold
threshold-value2
Example
event-entry2
owner text
Upper threshold: 50
Lower threshold: 5
Owner: user1.
<S4200G> system-view
[S4200G] rmon event 1 log
[S4200G] rmon event 2 none
[S4200G]rmon alarm 1 1.3.6.1.2.1.16.1.1.1.4.1 10 absolute
rising_threshold 50 1 falling_threshold 5 2 owner user1
View
Description
System view
You can use the rmon alarm command to define an alarm entry so that a specific
alarm event can be triggered under specific circumstances. The act (such as logging
and sending trap messages to NMS) taken after an alarm event occurs is determined
by the corresponding alarm entry.
With an alarm entry is defined in an alarm group, a network device performs the
following operations accordingly:
Sample the defined alarm variables (alarm-variable) once in each specified period,
which is specified by the sampling-time argument.
Comparing the sampled value with the set threshold and performing the
corresponding operations, as described in Error! Reference source not found.
Operation
The sample value is smaller than the set lower threshold Triggering the event identified by the
(threshold-value2)
event-entry2 argument
Note:
Before adding an alarm entry, you need to use the rmon event command to define
the events to be referenced by the alarm entry.
Make sure the node to be monitored exists before executing the rmon alarm
command.
rmon event
Purpose
Use the rmon event command to add an entry to the event table.
Use the undo rmon event command to delete an entry from this table.
Syntax
Parameters
Example
event-entry
description string
log
Logs events.
trap
trap-community
log-trap
log-trapcommunity
none
owner rmon-station
Add the event entry numbered 10 to the event table and configure it to be a log
event.
<S4200G> system-view
[S4200G] rmon event 10 log
View
Description
System view
When adding an event entry to an event table, you need to specify the event index.
You need also to specify the corresponding actions, including logging the event,
sending trap messages to the NMS, or both, for the network device to perform
corresponding operation when an alarm referencing the event is triggered.
rmon history
Purpose
Use the rmon history command to add an entry to the history control table.
Use the undo rmon history command to delete an entry from history control table.
Syntax
Parameters
entry-number
buckets number
(measured in seconds).
owner text
Example
Create the history entry numbered 1 for Ethernet1/0/1 port, with the table size being
10, the sampling interval being 5 seconds, and the owner being user1.
<S4200G> system-view
[S4200G]interface GigabitEthernet 1/0/1
[S4200G-GigabitEthernet1/0/1]rmon history 1 buckets 10 interval 5 owner
user1
View
Description
You can use the rmon history command to sample a specific port. You can also
set the sampling interval and the number of the samples that can be saved. After you
execute this command, the RMON system samples the port periodically and stores the
samples for later retrieval. The sampled information includes utilization, the number
of errors, and total number of packets.
You can use the display rmon history command to display the statistics of the
history control table.
rmon prialarm
Purpose
Use the rmon prialarm command to add an entry to the extended RMON alarm
table.
Use the undo rmon prialarm command to delete an entry from the extended RMON
alarm table.
Syntax
Parameters
entry-number
prialarm-formula
prialarm-des
sampling-timer
delta | absolute |
changeratio
threshold-value1
event-entry1
threshold-value2
event-entry2
forever
Example
cycle
cycle-period
owner text
Upper threshold: 50
Lower threshold: 5
Event 1 is triggered when the change ratio is larger than the upper threshold.
Event 2 is triggered when the change ratio is less than the lower threshold.
<S4200G> system-view
[S4200G]interface GigabitEthernet 1/0/1
[S4200G-GigabitEthernet1/0/1] rmon statistics 1
[S4200G-GigabitEthernet1/0/1] quit
[S4200G] rmon prialarm 2 ((.1.3.6.1.2.1.16.1.1.1.4.1)*100) test 10
changeratio rising_threshold 50 1 falling_threshold 5 2 entrytype
forever owner user1
Remove the extended alarm entry numbered 2 from the extended alarm table.
[S4200G] undo rmon prialarm 2
View
Description
System view
With an extended alarm entry defined in an extended alarm group, the network
devices perform the following operations accordingly:
Sampling the alarm variables referenced in the defined extended alarm expressions
(prialarm-formula) once in each period specified by the sampling-timer argument.
Comparing the operation result with the set thresholds and perform
corresponding operations, as described in the following Table.
Operation
Note:
Before adding an extended alarm entry, you need to use the rmon event
command to define the events to be referenced by the entry.
Make sure the node to be monitored exists before executing the rmon event
command.
rmon statistics
Purpose
Use the rmon statistics command to add an entry to the statistic table.
Use the undo rmon statistics command to delete an entry from statistic table.
Syntax
Parameters
Example
entry-number
owner text
View
Description
The RMON statistics management function is used to take statistics of the usage of
the monitored ports and errors occurred to them. The statistics include the number of
the following items: collisions, packet with CRC errors, undersize (or oversize)
packets, broadcast and multicast packets, received packets and bytes.
You can use the display rmon statistics command to display the statistics entries.
Note:
For each port, only one rmon alarm table entry can be created, that is to say, if one
RMON alarm table entry was already created for a given port, creation of another
entry with a different index number for the same port will not succeed.
Use the rsa local-key-pair create command to generate RSA key pairs,
whose names are in the format of switch name plus _host, for example,
S4200G_host.
Syntax
Parameters
None
Example
View
Description
System view
After you use the command, the system prompts you to define the key length.
In SSH 2.0, the key length is in the range of 1024 to 2048 (bits). To make SSH 1.x
compatible, 512- to 2,048-bit keys are allowed on clients, but the length of server
keys must be more than 1,024 bits. Otherwise, clients cannot be authenticated.
CAUTION:
If you use this command to generate an RSA key provided an old one exits, the
system will prompt you to replace the previous one or not.
For a successful SSH login, you must generate the local RSA key pairs first. You just
need to execute the command once, with no further action required even after the
system is rebooted.
Related Commands
Use the rsa local-key-pair destroy command to destroy all existing RSA key
pairs at the server end.
Syntax
Parameters
None
Example
View
Related Command
System view
rsa peer-public-key
Purpose
Syntax
Parameters
key-name
Examples
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] rsa peer-public-key S4200G002
[S4200G-rsa-public-key]
View
Description
Related Commands
System view
You can use this command along with the public-key-code begin command
to configure on the server client public keys, which are generated randomly by the
SSH 2.0-supported client software.
public-key-code begin
public-key-code end
rsa peer-public-key
Purpose
Syntax
Parameters
key-name
Examples
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] rsa peer-public-key S4200G002
[S4200G-rsa-public-key]
View
Description
Related Commands
System view
You can use this command along with the public-key-code begin command
to configure on the client the server public keys, which are generated randomly after
you use the rsa local-key-pair create command.
public-key-code begin
public-key-code end
Syntax
Parameters
deny
permit
rule-string
Type
Function
Description
protocol
Protocol type
Type of protocol
over IP
source { sour-addr
sour-wildcard | any }
Source address
information
Specifies the
source address
information in the
rule
destination {
dest-addr
dest-wildcard | any }
Destination
address
information
Specifies the
destination
address
information in the
rule
precedence
precedence
Packet
precedence
Packet priority
Value range: 0 to 7
tos tos
Packet
precedence
ToS priority
Value range: 0 to 15
dscp dscp
Packet
precedence
DSCP priority
Value range: 0 to 63
fragment
Fragment
information
Type
Function
Description
time-range
time-name
Time range
information
If the protocol type is TCP or UDP, you can also define the following information:
Table 108 TCP/UDP-specific rule information
Parameter
Type
Function
Description
source-port operator
port1 [ port2 ]
Source port(s)
destination-port
Destination
operator port1 [ port2 ] port(s)
established
Defines the
destination port
information of
UDP/TCP packets
TCP-specific argument
If the protocol type is ICMP, you can also define the following information:
Table 109 ICMP-Specific Rule Information
Parameter
Type
Function
Description
icmp-type icmp-type
icmp-code
Type and
message code
information of
ICMP packets
If the protocol type is ICMP, you can also directly input the ICMP message name after
the icmp-type argument. The following table describes some common ICMP
messages.
Table 110 ICMP messages
Name
ICMP TYPE
ICMP CODE
echo
Type=8
Code=0
echo-reply
Type=0
Code=0
fragmentneed-DFset
Type=3
Code=4
host-redirect
Type=5
Code=1
host-tos-redirect
Type=5
Code=3
host-unreachable
Type=3
Code=1
information-reply
Type=16
Code=0
ICMP TYPE
ICMP CODE
information-request
Type=15
Code=0
net-redirect
Type=5
Code=0
net-tos-redirect
Type=5
Code=2
net-unreachable
Type=3
Code=0
parameter-problem
Type=12
Code=0
port-unreachable
Type=3
Code=3
protocol-unreachable
Type=3
Code=2
reassembly-timeout
Type=11
Code=1
source-quench
Type=4
Code=0
source-route-failed
Type=3
Code=5
timestamp-reply
Type=14
Code=0
timestamp-request
Type=13
Code=0
ttl-exceeded
Type=11
Code=0
Example
source
source-port
destination
destination-port
icmp-type
precedence
tos
dscp
time-range
fragment
Define a rule to permit packets from hosts in the network segment of 129.9.0.0 to
hosts in the network of 202.38.160.0 and with the port number of 80 to pass.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] acl number 3101
[S4200G-acl-adv-3101] rule permit tcp source 129.9.0.0 0.0.255.255
destination 202.38.160.0 0.0.0.255 destination-port eq 80
View
Description
Before you can delete a rule, you must specify the rule ID. If you do not know the rule
ID, you can view it by using the display acl command.
In the case that you specify the rule ID when defining a rule:
If the rule corresponding to the specified rule ID already exists, you will edit the
rule, and the modified part in the rule will replace the original content, while other
parts remain unchanged.
If the rule corresponding to the specified rule ID does not exists, you will create
and define a new rule.
The content of a modified or created rule must not be identical with the content
of any existing rule; otherwise the rule modification or creation will fail, and the
system will prompt that the rule already exists.
If you do not specify a rule ID, you will create and define a new rule, and the system
will assign an ID for the rule automatically.
Syntax
Parameters
deny
permit
fragment
source { sour-addr
sour-wildcard | any }
time-range time-name
fragment
source
time-range
Example
View
Description
Use the undo rule command to delete an ACL rule or the attribute information of
an ACL rule.
Before you can delete a rule, you must specify the rule ID. If you do not know the rule
ID, you can view it by using the display acl command.
In the case that you specify the rule ID when defining a rule:
If the rule corresponding to the specified rule ID already exists, you will edit the
rule, and the modified part in the rule will replace the original content, while other
parts remain unchanged.
If the rule corresponding to the specified rule ID does not exists, you will create
and define a new rule.
The content of a modified or created rule must not be identical with the content
of any existing rule; otherwise the rule modification or creation will fail, and the
system will prompt that the rule already exists.
If you do not specify a rule ID, you will create and define a new rule, and the system
will assign an ID for the rule automatically.
rule comment
Purpose
Use the rule comment command to define the comment string for an ACL rule.
Use the undo rule comment command to delete the comment string for an ACL
rule.
Syntax
Parameters
comment text
Example
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] acl number 3000
[S4200G-acl-adv-3000] rule 0 comment test
View
Description
Before defining the comment string for an ACL rule, make sure that this ACL rule
exists.
Syntax
Parameters
deny
permit
rule-string
Type
Function
Description
format-type
Link layer
encapsulation
type
lsap lsap-code
lsap-wildcard
lsap field
source { source-addr
Source MAC
source-mask | vlan-id }* address
information
dest dest-addr
dest-mask
cos vlan-pri
Priority
type protocol-type
protocol-mask
Protocol type of
Ethernet frames
Example
View
Description
Before you can delete a rule, you must specify the rule ID. If you do not know the rule
ID, you can view it by using the display acl command.
In the case that you specify the rule ID when defining a rule:
If the rule corresponding to the specified rule ID already exists, you will edit the
rule, and the modified part in the rule will replace the original content, while other
parts remain unchanged.
If the rule corresponding to the specified rule ID does not exists, you will create
and define a new rule.
The content of a modified or created rule must not be identical with the content
of any existing rule; otherwise the rule modification or creation will fail, and the
system will prompt that the rule already exists.
If you do not specify a rule ID, you will create and define a new rule, and the system
will assign an ID for the rule automatically.
save 643
save
Purpose
Use the save command to save the current configuration to a configuration file in
the flash memory.
Syntax
Parameters
cfgfile
safely
backup
main
Example
644 save
View
Description
Any view
Executing the save command with neither backup nor main assigns the main
attribute to the file to which the current configurations are saved.
The system provides two methods to save the current configurations.
If the safely keyword is not used, the system saves the current configurations in
fast mode. This mode is fast, but the configuration file may be lost if the switch
restarts or powers down.
If the safely keyword is used, the system saves the current configurations in safe
mode. This mode is relatively slow, but the configuration file still remains in the
flash memory without being lost even if the switch restarts or powers down during
the saving.
The fast mode is recommended under the circumstances with stable power system,
while the safe mode is recommended under the circumstances with bad power
system or in the case of remote maintenance.
If the cfgfile argument is not specified, the system saves the current configuration
to the configuration file used in this startup, or saves the current configuration
with the default configuration file name if the default configuration is used in this
startup.
To make a switch to adopt the current configuration when it starts the next time,
save the current configuration using the save command before restarting the
switch.
schedule reboot at
Purpose
Syntax
Parameters
hh:mm
mm/dd/yyyy or yyyy/mm/dd
Default
Example
Suppose the current time is 05:06, schedule a reboot so that the switch reboots at
22:00 on the current day.
<S4200G> schedule reboot at 22:00
Reboot system at 22:00 2000/04/02(in 16 hours and 53 minutes)
confirm?[Y/N]:y
<S4200G>
View
Description
User view
After you execute the schedule reboot at command with a future date specified, the
switch will reboot at the specified time with at most one minute delay.
After you execute the schedule reboot at command without specifying a date, the
switch will:
lReboot at the specified time on the current day if the specified time is later than the
current time.
lReboot at the specified time on the next day if the specified time is earlier than the
current time.
After you execute the command, the system will prompt you to confirm. Enter "Y" or
"y" for your setting to take effect, and your setting will overwrite the old one (if
available).
If you adjust the system time by the clock command after executing the schedule
reboot at command, the schedule reboot at command will be invalid and the
scheduled reboot will not happen.
Related Command
reboot
Use the schedule reboot delay command to schedule a reboot on the switch,
and set the reboot waiting delay.
Use the undo schedule reboot command to cancel the scheduled reboot.
Syntax
Parameters
hhh:mmm
mmm
Default
Example
Suppose the current time is 05:02, schedule a reboot so that the switch reboots after
70 minutes.
<S4200G> schedule reboot delay 70
Reboot system at 06:12 2000/04/02(in 1 hours and 10 minutes)
confirm?[Y/N]:y
<S4200G>
View
Description
User view
After you execute the schedule reboot at command with a future date specified, the
switch will reboot at the specified time with at most one minute delay.
You can set the reboot waiting delay in two formats: hhh:mm and mmm. The former
is hours:minutes, the latter is the absolute minutes, and both must be less than or
equal to 302460 (that is, 30 days).
After you execute the command, the system will prompt you to confirm. Enter "Y" or
"y" for your setting to take effect. Your setting will overwrite the old one (if
available).
If you adjust the system time by the clock command after executing the schedule
reboot delay command, the schedule reboot delay command will be invalid and the
scheduled reboot will not happen.
Related command: reboot, schedule reboot at, undo schedule reboot, and display
schedule reboot.
648 scheme
scheme
Purpose
Use the scheme command to configure the AAA scheme to used by the current ISP
domain.
Use the undo scheme command to restore the default AAA scheme used by the ISP
domain.
Syntax
Parameters
radius-scheme-name
local
none
Default
Example
To specify the RADIUS scheme radius1 as the primary AAA scheme referenced by the
ISP domain aabbcc.net and specify the local scheme as the secondary authentication
scheme, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] domain aabbcc.net
New Domain added.
[S4200G-isp-aabbcc.net] scheme radius-scheme raduis1 local
View
Description
When the scheme command is used to specify the RADIUS scheme to be referenced
by current ISP domain, the specified RADIUS scheme must has already been
configured.
If you execute the scheme radius-scheme radius-scheme-name local command, the
local scheme becomes the secondary scheme in case the RADIUS server does not
response normally. That is, if the communication between the switch and the RADIUS
server is normal, no local authentication is performed; otherwise, local authentication
is performed.
scheme 649
If you execute the scheme local command, the local scheme is adopted as the primary
scheme. In this case, only local authentication is performed, no RADIUS
authentication is performed. If you execute the scheme none command, no
authentication is performed.
Related Command
radius scheme
650 screen-length
screen-length
Purpose
Use the screen-length command to set the number of lines the terminal screen
can contain.
Use the undo screen-length command to revert to the default number of lines.
Syntax
screen-length screen-length
undo screen-length
Parameters
screen-length
Set the number of lines the terminal screen can contain to 20.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] user-interface aux0
[S4200G-ui-aux0] screen-length 20
View
Description
You can use the screen-length 0 command to disable the function to display
information in pages.
secondary accounting
Purpose
Use the secondary accounting command to set the IP address and port number of
the secondary RADIUS accounting server.
Use the undo secondary accounting command to restore the default IP address and
port number of the secondary RADIUS accounting server.
Syntax
Parameters
ip-address
port-number
Default
By default, the IP addresses of secondary accounting server is at 0.0.0.0 and the port
number is 1813.
Example
To set the IP address and UDP port number of the secondary accounting server of the
RADIUS scheme radius1 to 10.110.1.1 and 1813, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] secondary accounting 10.110.1.1 1813
View
Related Commands
key
radius scheme
state
secondary authentication
Purpose
Use the secondary authentication command to set the IP address and port
number of the secondary RADIUS authentication/authorization server.
Use the undo secondary authentication command to restore the default IP
address and port number of the secondary RADIUS authentication/authorization
server.
Syntax
Parameters
ip-address
port-number
Default
Example
View
Related Commands
key
radius scheme
state
security-policy-server 653
security-policy-server
Purpose
Syntax
security-policy-server ip-address
undo security-policy-server [ ip-address | all ]
Parameters
Example
ip-address
all
View
Description
For each RADIUS scheme, a maximum of eight security policy servers with different IP
addresses can be configured. While users are surfing the Internet, the switch will only
respond to the session control packets sent from the authentication server and the
security policy server.
654 self-service-url
self-service-url
Purpose
Syntax
Parameters
url-string
Default
Example
Using the default ISP domain system, set the URL of the web page used to modify
user password on the self-service server to
http://10.153.89.94/selfservice/modPasswd1x.jsp|userName, by entering the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] domain system
[S4200G-isp-system] self-service-url enable
http://10.153.89.94/selfservice/modPasswd1x.jsp|userName
View
Description
self-service-url 655
client, the client opens the default browser (for example, IE or NetScape) and locates
the specified URL page used to change user password on the self-service server. Then,
the user can change the password.
A user can choose the [change user password] option on the client only after passing
the authentication. If the user fails the authentication, this option is in grey and is
unavailable.
656 send
send
Purpose
Use the send command to send messages to a specified user interface or all user
interfaces.
Syntax
Parameters
all
number
type
Example
View
User view
server-type 657
server-type
Purpose
Use the server-type command to configure the RADIUS server type supported by
the Switch.
Use the undo server-type to restore the RADIUS server type to the default value.
Syntax
Parameters
3Com
standard
Default
By default, the switch supports the standard type of RADIUS server. The type of
RADIUS server in the default RADIUS scheme "system" is 3Com.
Example
To set the RADIUS server type in RADIUS scheme radius1 to 3Com, enter the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] server-type 3Com
View
Description
The Switch 4200G supports standard RADIUS protocol and the extended RADIUS
service platform independently developed by 3Com.
Related Command
radius-scheme
658 service-type
service-type
Purpose
Use the command service-type to authorize a user access to the specified services.
Use the command undo service-type to inhibit the user for accessing the specified
services.
Syntax
Parameters
ftp
lan-access
telnet
ssh
terminal
level level
ftp-directory directory
Default
Example
View
Description
service-type 659
0 - Visit level. Users at this level have access to network diagnosis tools (such as
ping and tracert), and the Telnet commands. A user at this level cannot save the
configuration file.
1 - Monitoring level. Users at this level can perform system maintenance, service
fault diagnosis, and so on. A user at this level cannot save the configuration file.
2 - System level. Users at this level can perform service configuration operations,
including routing, and can enter commands that affect each network layer.
Configuration level commands are used to provide direct network service to the
user.
3 - Management level. Users at this level can perform basic system operations, and
can use file system commands, FTP commands, TFTP commands, XModem
downloading commands, user management commands and level setting
commands.
660 service-type
service-type
Purpose
Use the service-type command to specify the login type and the corresponding
available command level.
Use the undo service-type command to cancel login type configuration.
Syntax
Parameters
Example
ftp
lan-access
ssh
telnet
terminal
level level
Configure commands of level 0 are available to the users logging in using the user
name of zbr.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] local-user zbr
[S4200G-luser-zbr] service-type telnet level 0
To verify the above configuration, you can quit the system, log in again using the user
name of zbr, and then list the available commands, as listed in the following.
[S4200G] quit
<S4200G> ?
User view commands:
cluster
Run cluster command
language-mode Specify the language environment
ping
Ping function
quit
Exit from current command view
super
Privilege specified user priority level
telnet
Establish one TELNET connection
tracert
Trace route function
undo
Negate a command or set its default
View
service-type 661
Description
Commands fall into four command levels: access, monitor, system, and
administration, which are described as follows:
Access level: Commands of this level are used to diagnose network and change
the language mode of user interface, such as the ping, tracert, and
language-mode command. The Telnet command is also of this level.
Commands of this level cannot be saved in configuration files.
Monitor level: Commands of this level are used to maintain the system, to debug
service problems, and so on. The display and debugging command are of
monitor level. Commands of this level cannot be saved in configuration files.
System level: Commands of this level are used to configure services. Commands
concerning routing and network layers are of system level. You can utilize network
services by using these commands.
Administration level: Commands of this level are for the operation of the entire
system and the system supporting modules. Services are supported by these
commands. Commands concerning file system, file transfer protocol (FTP), trivial
file transfer protocol (TFTP), downloading using XModem, user management, and
level setting are of administration level.
service-type multicast
Purpose
Syntax
service-type multicast
undo service-type multicast
Parameters
None
Default
Example
View
Description
VLAN view
Use the set authentication password command to set the local password.
Use the undo set authentication password command to remove the local
password.
Syntax
Parameters
Default
cipher
simple
password
Example
View
Description
664 sftp
sftp
Purpose
Use the sftp command to establish a connection to the SFTP server and enter SFTP
client view.
Syntax
Parameters
host-ip
host-name
port-num
prefer_kex
dh_group1
dh_exchange_group
prefer_ctos_cipher
prefer_stoc_cipher
des
aes128
prefer_ctos_hmac
prefer_stoc_hmac
sha1
HMAC-SHA1 algorithm.
sha1_96
HMAC-SHA1_96 algorithm.
md5
HMAC-MD5 algorithm.
md5_96
HMAC-MD5-96 algorithm.
Example
Establish a connection to the SFTP server with IP address 10.1.1.2 and use the default
encryption algorithms.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] sftp 10.1.1.2
View
sftp 665
System view
Use the sftp server enable command to enable the secure FTP (SFTP) server.
Use the undo sftp server enable command to disable the SFTP server.
Syntax
Parameters
None
Default
Example
View
System view
sftp time-out
Purpose
Use the sftp time-out command to set the timeout time for the SFTP user
connection.
Use the undo sftp time-out command to restore the default timeout time.
Syntax
Parameters
time-out-value
Example
Set the timeout time for the SFTP user connection to 500 minutes.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] sftp timeout 500
View
Description
System view
After you set the timeout time for the SFTP user connection, the system will
automatically release the connection when the time is up.
668 shell
shell
Purpose
Use the shell command to make terminal services available for the user interface.
Use the undo shell command to make terminal services unavailable to the user
interface.
Syntax
shell
undo shell
Parameters
None
Default
Example
Log into user interface 0 and make terminal services unavailable in VTY 0 through
VTY 4.
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]user-interface vty 0 4
[S4200G-ui-vty0-4]undo shell
View
Description
When using the undo shell command, note the following points.
For reasons of security, the undo shell command can only be used on user
interfaces other than the AUX user interface. The AUX port (also the Console) is
exclusively used for configuring the switch.
This command prompts for confirmation when being executed in any valid user
interface.
shutdown 669
shutdown
Purpose
Syntax
shutdown
undo shutdown
Parameters
None
Default
Example
View
670 shutdown
shutdown
Purpose
Syntax
shutdown
undo shutdown
Parameters
None
Default
By default, a management VLAN interface is down if all the Ethernet ports in the
management VLAN are down, and the management VLAN interface is up if one or
more Ethernet ports in the management VLAN are up.
Example
Bring up the management VLAN interface. (Assume that VLAN 1 is the management
VLAN.)
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface vlan-interface 1
[S4200G-Vlan-interface1] undo shutdown
View
Description
This command can be used to start the interface after the related parameters and
protocols of VLAN interface are set. Or when the VLAN interface fails, the interface
can be shut down first and then restarted, in this way, the interface may be restored
to normal status. Shutting down or starting VLAN interface will not take any effect on
any Ethernet port of this VLAN.
smarton 671
smarton
Purpose
Use the smarton command to enable the SmartOn function for an Ethernet port
with supplicant systems attached.
Use the undo smarton command to disable the SmartOn function.
Syntax
smarton
undo smarton
Parameters
None
Default
Example
To enable 802.1x authentication and the SmartOn function, enter the following:
[S4200G-GigabitEthernet1/0/2] dot1x
802.1X is enabled on port GigabitEthernet1/0/2
View
Description
Caution: When executing the smarton command, make sure 802.1x authentication
is enabled on the port.
smarton password
Purpose
Use the smarton password command to set the password to be used by the
SmartOn function.
Use the undo smarton password command to revert to the default password.
Syntax
Parameters
cipher
simple
Password
Default
Example
To set the password to be used by the SmartOn function to Test, enter the following:
[S4200G] smarton password Test
View
System view
smarton switchid
Purpose
Syntax
Parameters
switch-ID
Default
Example
To enter system view and set the switch ID to Switch, enter the following:
<S4200G> system-view
[S4200G] smarton switchid Switch
View
System view
smarton timer
Purpose
Use the smarton timer command to set the supplicant timeout timer for
SmartOn-enabled supplicant systems.
Use the undo smarton timer command to revert to the default supplicant timeout
timer setting.
Syntax
Parameters
supp-timeout
supp-timeout-value
max-tx value
Default
Example
To enter system view and set the supplicant timeout timer to 50 seconds, enter the
following:
<S4200G> system-view
[S4200G] smarton timer supp-timeout 50
View
System view
snmp-agent 675
snmp-agent
Purpose
Syntax
snmp-agent
undo snmp-agent
Parameters
None
Default
Example
View
Related Command
System view
None
snmp-agent community
Purpose
Use the snmp-agent community command to set a community name and to enable
users to access the switch through SNMP. You can also optionally use this command
to apply an ACL to filter network management users.
Use the undo snmp-agent community command to cancel community-related
configuration for the specified community.
Syntax
Parameters
read
write
community-name
mib-view
view-name
acl acl-number
Default
Example
Set the community name to "3Com", enable users to access the switch in the name
of the community (with read-only permission), and apply ACL 2,000 to filter network
management users (assuming that ACL 2000 already exists.).
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] snmp-agent community read 3Com acl 2000
View
System view
snmp-agent community
Purpose
Use the snmp-agent community command to set the community access name and
enable access to SNMP.
Use the undo snmp-agent community command to cancel the settings of
community access name.
Syntax
Parameters
Example
read
write
community-name
view-name
acl acl-list
View
System view
snmp-agent group
Purpose
Use the snmp-agent group command to configure a SNMP group. You can also
optionally use this command to apply an ACL to filter network management users.
Use the undo snmp-agent group command to delete a specified SNMP group.
Syntax
Parameters
Example
v1
v2
v3
group-name
authentication
privacy
read-view
read-view
write-view
write-view
notify-view
notify-view
acl acl-number
Create a SNMP group named "3Com" and apply ACL 2001 to filter network
management users (assuming that ACL 2001 already exists).
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] snmp-agent group v1 3Com acl 2001
View
Description
System view
3Com recommends that you do not use the notify-view parameter when
configuring an SNMP group, for the following reasons:
Any change of the SNMP group notify-view will affect all the users related to
this group.
snmp-agent group
Purpose
Use the snmp-agent group command to configure a new SNMP group, that is, to
map SNMP user to SNMP view.
Use the undo snmp-agent group command to cancel a specified SNMP group.
Syntax
Parameters
Example
v1
v2c
v3
group-name
authentication
privacy
read-view
read-view
write-view
write-view
notify-view
notify-view
acl acl-list
View
Description
Related Command
3Com recommends that you do not use the notify-view parameter when
configuring an SNMP group, for the following reasons:
Any change of the SNMP group notify-view will affect all the users related to
this group.
snmp-agent mib-view
snmp-agent usm-user
snmp-agent local-engineid
Purpose
Use the snmp-agent local-engineid command to set the engine ID of the local
SNMP entity.
Use the undo snmp-agent local-engineid command to restore the default setting
of engine ID.
Syntax
Parameters
engineid
Example
<S4200G> system-view
[S4200G] snmp-agent local-engineid 123456789A
View
Description
Related Command
System view
snmp-agent usm-user
snmp-agent log
Purpose
Use the snmp-agent log command to enable the logging function for network
management.
Use the undo snmp-agent log command to disable the logging function.
Syntax
Parameters
set-operation
get-operation
all
Default
Example
Enable the logging function for both the get and the set operations.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] snmp-agent log all
View
Description
System view
You can use the display logbuffer command to display logging information for the get
and the set operations sent from network management station (NMS).
In a network that contains no fabric, you can use the display logbuffer
command to view the logs of the get and set operations performed by the
network administrator.
As for a fabric, you can execute the display logbuffer command on the
master device to view the logs of the set operations performed by the network
administrator, and execute the display logbuffer command on the devices
to which the get operations are performed to view the logs of corresponding get
operations.
snmp-agent mib-view
Purpose
Use the snmp-agent mib-view command to create or update the view information,
limiting the MIB objects to be accessed by the NMS.
Use the undo snmp-agent mib-view command to cancel the current setting.
Syntax
Parameters
included
excluded
view-name
oid-tree
Default
Example
Related Command
System view
snmp-agent group
Use the snmp-agent packet max-size command to set the maximum size of SNMP
packet that the Agent can send/receive.
Use the undo snmp-agent packet max-size command to restore the default size of
SNMP packet.
Syntax
Parameters
max-size
Example
Set the maximum size of SNMP packet that the Agent can send/receive to 1,042
bytes.
<S4200G> system-view
[S4200G] snmp-agent packet max-size 1042
View
Description
System view
The sizes of the SNMP packets received/sent by the Agent are different in different
network environments.
snmp-agent sys-info
Purpose
Syntax
Parameters
Example
sys-contact
sys-location
version
v1
SNMP V1.
v2c
SNMP V2C.
v3
SNMP V3.
all
Set contact information for system maintenance as Dial System Operator # 1234.
<S4200G> system-view
[S4200G] snmp-agent sys-info contact Dial System Operator # 1234
View
Related Command
System view
snmp-agent target-host
Purpose
Syntax
Parameters
trap
address
udp-domain
ip-addr
udp-port udp-port-number Specifies the UDP port number of the host to receive
Example
params
security-string
v1
v2c
v3
authentication
privacy
Enable sending SNMP Trap packets to 10.1.1.1 with community name public.
<S4200G> system-view
[S4200G] snmp-agent trap enable standard
[S4200G] snmp-agent target-host trap address udp-domain 10.1.1.1 params
securityname public
Description
View
Related Command
The snmp-agent target-host command and the snmp-agent trap enable or enable
snmp trap updown command must be used at the same time on the device to send
Trap packets.
Use the snmp-agent trap enable or enable snmp trap updown command to set
Trap packets allowed to send (all Trap packets can be sent by default).
Use the snmp-agent target-host command to set the address of the destination
host receiving SNMP Trap packets.
System view
Use the snmp-agent trap enable command to enable the device to send Trap
packets.
Use the undo snmp-agent trap enable command to disable Trap package sending.
Syntax
Parameters
configuration
flash
standard
authentication
coldstart
linkdown
linkup
warmstart
system
Default
Example
Enable to send the Trap packet of SNMP authentication failure to 10.1.1.1. The
community name is public.
<S4200G> system-view
[S4200G] snmp-agent trap enable authentication
[S4200G] snmp-agent target-host trap address udp-domain 10.1.1.1 params
securityname public
View
System view
Description
Use the snmp-agent trap life command to set aging time for Trap packets.
Use the undo snmp-agent trap life command to restore the default aging time for
Trap packets.
Syntax
Parameters
seconds
Example
<S4200G>system-view
<S4200G> system-view
[S4200G] snmp-agent trap life 60
View
System view
Description
Related Commands
snmp-agent target-host
Syntax
Parameters
size
Example
<S4200G> system-view
[S4200G] snmp-agent trap queue-size 200
View
Related Commands
System view
Use the snmp-agent trap source command to configure the source address for
sending Trap messages.
Use the undo snmp-agent trap source command to cancel the source address for
sending Trap messages.
Syntax
Parameters
interface-type
interface-number
Default
Example
Configure the IP address of the VLAN interface 1 as the source address for
transmitting the Trap packets.
<S4200G> system-view
[S4200G] snmp-agent trap source Vlan-interface 1
View
Description
System view
The SNMP Trap message sent from a server has a source IP address no matter which
interface the Trap message is sent from.
You can configure this command to trace a specific event using the source address of
a Trap packet
Note: Before setting the IP address of an interface address as the source address of
the sent Trap packet, you must configure an IP address for the interface.
snmp-agent usm-user
Purpose
Use the snmp-agent usm-user command to add a new community name or, if you
use the V3 parameter, a new user to an SNMP group.
Use the undo snmp-agent usm-user command to delete a user from an SNMP
group.
Syntax
Parameters
username
groupname
v1
v2c
v3
authentication-mode
md5
sha
authpassstring
privacy-mode
des 56
privpassstring
acl acl-list
Enter the access control list for this user, based on USM
name.
Example
To add a user named JohnQ to the SNMP group 3Com, then configure the use
of MD5, and set the authentication password to pass, enter the following:
<SW4200G>system-view
System View: return to User View with Ctrl+Z.
[SW4200G]snmp-agent usm-user v3 JohnQ 3Com authentication-mode md5 pass
[SW4200G]
View
Description
Related Commands
System view
Note:
For V1 and V2C, this command will add a new community name. For V3, it will
add a new user for an SNMP group. See Related Commands below.
display snmp-agent
snmp-agent usm-user
Purpose
Use the snmp-agent usm-user command to add a new user to an SNMP group. You
can also optionally use this command to apply an ACL to filter network management
users.
Use the undo snmp-agent usm-user command to remove the user from the
corresponding SNMP group. The operation also frees the user from the corresponding
ACL-related configuration.
Syntax
Parameters
v1
v2c
v3
user-name
group-name
authentication-mode
md5
sha
auth-password
privacy
des56
priv-password
acl acl-number
local
engineid
engineid-string
Example
Add the user named "3Com" to the SNMP group named "3Comgroup", specifying
to authenticate the user, specifying the authentication protocol to be
HMAC-MD5-96, the authentication password to be "S4200G", and applying ACL
2002 to filter network management users (assuming that ACL 2002 already exists).
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] snmp-agent usm-user v3 3Com 3Comgroup authentication-mode md5
S4200G acl 2002
View
System view
snmp-agent usm-user
Purpose
Use the snmp-agent usm-user command to add a new user to an SNMP group.
Use the undo snmp-agent usm-user command to remove the user from the related
SNMP group.
Syntax
Parameters
v1
V 1 security mode.
v2c
V 2 security mode.
v3
V 3 security mode.
user-name
group-name
authentication-mode
md5
sha
auth-password
privacy
des56
priv-password
acl-number
local
Example
engineid
engineid-string
View
Description
System view
Related Commands
snmp-agent group
snmp-agent community
snmp-agent local-enginid
snmp-agent usm-user
Purpose
Use the snmp-agent usm-user command to add a new community name or, if you
use the V3 parameter, a new user to an SNMP group.
Use the undo snmp-agent usm-user command to delete a user from an SNMP
group.
Syntax
Parameters
username
groupname
v1
v2c
v3
authentication-mode
md5
sha
authpassstring
privacy-mode
des 56
privpassstring
acl acl-list
Example
To add a user named JohnQ to the SNMP group 3Com, then configure the use
of MD5, and set the authentication password to pass, enter the following:
<SW4200G>system-view
System View: return to User View with Ctrl+Z.
[SW4200G]snmp-agent usm-user v3 JohnQ 3Com authentication-mode md5 pass
[SW4200G]
View
Description
Related Commands
System view
Note:
For V1 and V2C, this command will add a new community name. For V3, it will
add a new user for an SNMP group. See Related Commands below.
display snmp-agent
snmp-agent usm-user
702 snmp-host
snmp-host
Purpose
Use the snmp-host command to configure an SNMP host for the member devices
inside a cluster on the management device.
Use the undo snmp-host command to cancel the SNMP host configuration.
Syntax
snmp-host ip-address
undo snmp-host
Parameters
ip-address
Default
Example
<aaa_0.S4200G>system-view
System View: return to User View with Ctrl+Z.
[aaa_0.S4200G]cluster
[aaa_0.S4200G-cluster] snmp-host 1.0.0.9
View
Description
Cluster view
Only after you configure the IP address of the network management site for the
cluster, cluster members can send the trap information to the site through the
management device.
These commands can only be executed on the management device.
speed 703
speed
Purpose
Use the speed command to set the transmission speed of the user interface.
Use the undo speed command to revert to the default transmission speed.
Syntax
speed speed-value
undo speed
Parameters
speed-value
Example
To configure the transmission speed on the AUX (Console) port as 9600 b/s, enter the
following:
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]user-interface aux 0
[S4200G-ui-aux0]speed 9600
View
Description
Note: The speed and undo speed commands can only be performed in AUX User
Interface view
704 speed
speed
Purpose
Syntax
Parameters
10
100
1000
auto
Default
Example
View
Description
Note: The speed and undo speed commands cannot be configured on a combo
port.
Related Command
duplex
Use the ssh client assign rsa-key command to specify on the client the
public key for the server to be connected to guarantee the client can be connected to
a reliable server.
Use the undo ssh client assign rsa-key command to remove the
association between the public keys and servers.
Syntax
Parameters
Example
server-ip
Server IP address.
server-name
keyname
Specify on the client the public key of the server (with IP address 192.168.0.1) as abc.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] ssh client 192.168.0.1 assign rsa-key abc
View
System view
Use the ssh client first-time enable command to configure the client to
run the initial authentication.
Use the undo ssh client first-time command to remove the configuration.
Syntax
Parameters
None
Default
Example
View
Description
System view
In the initial authentication, if the SSH client does not have the public key for the
server which it accesses for the first time, the client continues to access the server and
save locally the public key of the server. Then at the next access, the client can
authenticate the server with the public key saved locally.
When the initial authentication function is not available, the client does not access
the server if it does not have the public key of the server locally. In this case, you need
first to save the public key of the target server to the client in other ways.
Syntax
Parameters
times
Example
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] ssh server authentication-retries 4
View
System view
Description
Note: If you have used the ssh user authentication-type command to configure the
authentication type to password-publickey, you must set the authentication retry
times to a number greater than or equal to 2, for one is counted when a client sends
a public key to the server.
Related Command
Use the ssh server timeout command to set authentication timeout time for
SSH connections.
Use the undo ssh server timeout command to restore the default timeout
time. The default value takes effect at next login.
Syntax
Parameters
seconds
Example
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] ssh server timeout 80
View
Related Command
System view
Use the ssh user assign rsa-key command to allocate public keys to SSH
users.
Use the undo ssh user assign rsa-key command to remove the association
between the public keys and SSH users. The configuration takes effect at the next
login.
Syntax
Parameters
Example
username
keyname
Set the client public key for the zhangsan user to key1.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] ssh user zhangsan assign rsa-key key1
[S4200G]
View
System view
Description
If the user already has a public key, the new public key overrides the old one.
Related Command
Use the ssh user authentication-type command to define on the server the
available authentication type for an SSH user.
Use the undo ssh user authentication-type command to restore the
default setting.
Syntax
Parameters
username
password
rsa
password-publickey
SSHv1 client users can access the switch as long as they pass one of the two
authentications.
SSHv2 client users can access the switch only when they pass both the
authentications.
all
Default
By default, no authentication type is specified for new users, so they cannot access
the switch.
New users must specify authentication type. Otherwise, they cannot access the
switch. The new authentication type configured takes effect at the next login.
Example
View
System view
Description
This command defines available authentication type on the server. The actual
authentication type, however, is determined by the client.
Related Command
Use the ssh user service-type command to specify service type for a user.
Use the undo ssh user service-type command to restore the default service
type for the SSH user in the system.
Syntax
Parameters
Example
username
stelnet
sftp
all
View
Related Command
System view
ssh2 713
ssh2
Purpose
Use the ssh2 command to enable the connection between SSH client and server,
define key exchange algorithm preference, encryption algorithm preference and
HMAC algorithm preference on the server and client.
Syntax
Parameters
host-ip
Server IP address.
host-name
port-num
prefer_kex
dh_group1
dh_exchange_group
prefer_ctos_cipher
prefer_stoc_cipher
des
aes128
prefer_ctos_hmac
prefer_stoc_hmac
sha1
HMAC-SHA1 algorithm.
sha1_96
HMAC-SHA1_96 algorithm.
md5
HMAC-MD5 algorithm.
md5_96
HMAC-MD5-96 algorithm.
714 ssh2
Example
Log into the SSH 2.0 server with IP address 10.214.50.51 and make these settings:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] ssh2 10.214.50.51 prefer_kex dh_exchange_group
prefer_stoc_cipher aes128 prefer_ctos_hmac md5 prefer_stoc_hmac sha1_96
View
System view
Syntax
Parameters
None
Default
By default, the user is disabled from entering the main Boot Menu with customized
password.
Example
Specify to prompt for the customized password before entering the BOOT menu.
<S4200G> startup bootrom-access enable
View
Related Command
User view
You can use the display startup command to check the executing results of the
above commands.
startup saved-configuration
Purpose
Syntax
Parameters
cfgfile
backup
main
unit unit-id
Unit ID of a switch.
CAUTION: To make a switch to start without loading the configuration file, do not
execute the save command after executing the undo startup
saved-configuration command.
Example
Configure the file named vrpcfg.cfg to be the main configuration file for the switch to
start the next time.
<S4200G>startup saved-configuration vrpcfg.cfg main
Please wait......Done!
%Apr 2 02:55:10:025 2000 S4200G CFM/3/CFM_LOG:- 1 -Unit1 set the
configuration
successfully.
View
User view
Description
Related Command
display startup
state 717
state
Purpose
Use the state command to configure the state of the current ISP domain/current
user.
In ISP Domain view or Local User view, use the state command to configure the
state of the current ISP domain/current user.
In RADIUS view, use the state command to set the status of a RADIUS server.
Syntax
In RADIUS view:
state { block | active } { primary | secondary } { accounting |
authentication }
Parameters
active
In RADIUS view:
Sets the status of the specified RADIUS server to
active (that is, the normal working state).
block
In RADIUS view:
Sets the status of the specified RADIUS server to
block (that is, the down state).
Default
primary
secondary
accounting
authentication
In ISP Domain view or Local User view, an ISP domain and the local user are in the
active state upon creation.
718 state
In RADIUS view, all the RADIUS servers in a user-defined RADIUS scheme are in the
active state; and the RADIUS servers in the default RADIUS scheme "system" are in
the block state.
Example
In ISP Domain view or Local User view to set the ISP domain aabbcc.net to the block
state, so that all its offline users cannot access the network, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] domain aabbcc.net
New Domain added.
[S4200G-isp-aabbcc.net] state block
In ISP Domain view or Local User view to set user1 to the block state.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] local-user user1
[S4200G-user-user1] state block
In RADIUS view to set the timeout time of the response timeout timer for the RADIUS
scheme radius1 to 5 seconds, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] timer 5
View
Description
RADIUS view
After an ISP domain is set to the block state, except the online users, the users
under this domain are not allowed to access the network.
After the local user is set to the block state, the user is not allowed to access the
network.
If the switch gets no response from the RADIUS server after sending out a RADIUS
request (authentication/authorization request or accounting request) and waiting
for a time, it should retransmit the packet to ensure that the user can obtain the
RADIUS service. This wait time is called response timeout time of RADIUS server;
and the timer in the switch system that is used to control this time is called the
response timeout timer of RADIUS server. You can use the timer command to set
the timeout time of this timer.
Appropriately setting the timeout time of this timer according to the network
situation can improve the performance of the system.
state 719
Related Command
The timer command has the same effect with the timer response-timeout
command.
domain
radius scheme
retry
720 state
state
Purpose
Syntax
Parameters
primary
secondary
accounting
authentication
block
active
Default
By default, as for the newly created RADIUS scheme, the primary and secondary
accounting/authentication servers are in the state of block; as for the "system"
RADIUS scheme created by the system, the primary accounting/authentication servers
are in the state of active, and the secondary accounting/authentication servers are in
the state of block.
Example
View
Description
state 721
the primary server to be active manually, in order that NAS can communicate with it
right after the troubleshooting.
When the primary and second servers are all active or block, NAS will send the
packets to the primary server only.
Related Commands
primary accounting
primary authentication
radius-scheme
secondary accounting
secondary authentication
stop-accounting-buffer enable
Purpose
Syntax
stop-accounting-buffer enable
undo stop-accounting-buffer enable
Parameters
None
Default
By default, the switch is enabled to buffer the stop-accounting requests that bring no
response.
Example
To enable the switch to buffer the stop-accounting requests that bring no response
from the servers in RADIUS scheme radius1, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] stop-accounting-buffer enable
View
Description
Related Commands
Stop-accounting requests are critical to billing and will eventually affect the charges;
they are important for both the users and the ISP. Therefore, the switch should do its
best to transmit them to the RADIUS server. If the RADIUS accounting server does not
respond to such a request, the switch should first buffer the request on itself, and
then retransmit the request to the RADIUS accounting server until it gets a response,
or the maximum number of transmission attempts is reached (in this case, it discards
the request).
display stop-accounting-buffer
radius scheme
reset stop-accounting-buffer
stopbits 723
stopbits
Purpose
Use the stopbits command to set the stop bits of the user interface.
Use the undo stopbits command to revert to the default stop bits.
Syntax
stopbits { 1 | 1.5 | 2 }
undo stopbits
Parameters
Example
1.5
View
Description
724 stp
stp
Purpose
Use the stp command to enable or disable MSTP globally or for a port.
Use the undo stp command to restore the default MSTP status globally or for a
port.
Syntax
Parameters
enable
disable
Default
Example
View
Description
System view
With MSTP enable, a switch determines whether to operate in STP mode, RSTP mode,
or MSTP mode according to your configuration. A switch becomes a transparent
bridge if you disable MSTP.
With MSTP enabled, a switch dynamically maintains the status of spanning trees by
processing BPDUs of the corresponding VLANs. After MSTP is disabled, the switch
stops doing so.
Related Commands
stp interface
stp mode
stp bpdu-protection
Purpose
Syntax
stp bpdu-protection
undo stp bpdu-protection
Parameters
None
Default
Example
View
Description
System view
Normally, access ports of access layer devices have terminals (such as PCs) or file
servers directly connected to them. These ports are usually configured to be edge
ports to achieve rapid transition. When they receive BPDUs, however, they are set as
non-edge ports automatically, which causes MSTP to recalculate the spanning trees,
resulting in network topology jitters.
In normal cases, edge ports are free of BPDUs. But malicious users may attack the
switches by sending forged BPDUs to the edge ports to create network jitters. You
can prevent this type of attack by utilizing the BPDU protection function. With this
function enabled on a switch, once an edge port receives a BPDU, the system
automatically shut it down and notifies the network administrator of the situation.
Only the administrator can restore edge ports that are shut down.
CAUTION:
As 1000 Mbps ports of a 3Com Switch 4200G Family switch cannot be shut down,
the BPDU protection function is not applicable to these ports even you enable the
BPDU protection function and specify these ports to be MSTP edge ports.
stp bridge-diameter
Purpose
Syntax
Parameters
bridgenum
Default
Example
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp bridge-diameter 5
View
Description
System view
An MSTP-enabled switch adjusts its Hello time, Forward delay, and Max age settings
accordingly after you configure the network diameter on the switch. With the
network diameter set to 7 (the default), the three time settings are set to their
defaults as well.
The stp bridge-diameter command applies to CISTs only; it is invalid for MSTIs.
Related Commands
stp config-digest-snooping
Purpose
Syntax
stp config-digest-snooping
undo stp config-digest-snooping
Parameters
None
Default
Example
To enable the digest snooping feature for GigabitEthernet1/0/1 port, enter the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] stp config-digest-snooping
[S4200G-GigabitEthernet1/0/1] quit
[S4200G]stp config-digest-snooping
View
Description
According to IEEE 802.1s, two connected switches can interwork with each other
through MSTIs in an MST region only when the two switches have the same MST
region-related configuration. With MSTP employed, interconnected switches
determine whether or not they are in the same MST region by checking the
configuration IDs of the BPDUs between them. (A configuration ID contains
information such as region ID and configuration digest.)
As some partners' switches adopt proprietary spanning tree protocols, they cannot
interwork with other switches in an MST region even if they are configured with the
same MST region-related settings as other switches in the MST region.
This kind of problems can be overcome by implementing the digest snooping feature.
If a switch port is connected to a partner's switch that has the same MST
region-related settings but adopts a proprietary spanning tree protocol, you can
enable digest snooping on the port. Then the switch regards the peer switch
connected to the port as in the same region and records the configuration digests
carried in the BPDUs received from the switch, which will be put in the BPDUs to be
send to the peer switch.. In this way, the switch can interwork with the partners'
switches in an MST region.
Note:
The digest snooping feature is needed only when your S5100-EI series switch is
connected to partner's proprietary protocol-adopted switches.
To enable the digest snooping feature successfully, you must first enable it on all
the switch ports that connect to partner's proprietary protocol-adopted switches
and then enable it globally.
The digest snooping feature must be enabled on all the switch ports that connect
to partners' proprietary protocol-adopted switches in the same MST region..
stp cost
Purpose
Use the stp cost command to set the path cost of a port in a spanning tree
instance.
Use the undo stp cost command to restore the default.
Syntax
Parameters
instance-id
cost
Specifies the path cost for the port. Valid values are 1
to 200,000,000.
Default
Example
To set the path cost of GigabitEthernet1/0/3 port in spanning tree instance 2 to 200.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet1/0/3
[S4200G-GigabitEthernet1/0/3] stp instance 2 cost 200
View
Description
The path cost of a port affects the role of the port. By configuring the same ports to
have different path costs in different MSTIs, you can enable flows of different VLANs
to travel along different physical links, implementing VLAN-based load balancing.
Path cost changes for ports of an MSTP-enabled switch can cause MSTP to
redetermine the roles of the ports and to perform state transitions.
If you specify the instance-id argument to be 0 or do not specify this argument,
the stp cost command sets the path cost of the port in the CIST.
Related Command
stp edged-port
Purpose
Use the stp edged-port command to configure the current Ethernet port as
either an edge port or a non-edge port.
Use the undo stp edged-port command to restore the current Ethernet port to
its default state.
Syntax
Parameters
enable
disable
Default
Example
View
Description
An edge port is a port that is directly connected to a user terminal instead of another
switch or a network segment. Rapid transition is applied to edge ports because, on
these ports, no loops can be incurred by network topology changes. You can enable a
port to transit to the forwarding state rapidly by setting it to an edge port. And you
are recommended to configure the Ethernet ports directly connected to user
terminals as edge ports to enable them to transit to the forwarding state rapidly.
Normally, configuration BPDUs cannot reach an edge port because the port is not
connected to another switch. But when the BPDU protection function is disabled on
an edge port, configuration BPDUs sent deliberately by a malicious user may reach the
port. If an edge port receives a BPDU, it turns to a non-edge port.
CAUTION:
Among loop prevention function, root protection function and edge port setting,
only one can be valid on the same port.
Related Command
stp interface
Purpose
Use the stp interface command in system view to enable or disable MSTP for
specified ports.
Syntax
Parameters
interface-list
Default
enable
disable
Example
View
System view
Description
CAUTION:
Disabling MSTP on ports may result in loops.
Related Command
stp
stp mode
Syntax
Parameters
interface-list
Default
Example
View
Description
System view
According to IEEE 802.1s, two interconnected MSTP switches can interwork with
each other through MSTIs in an MST region only when the two switches have the
same MST region-related configuration. Interconnected MSTP switches determine
whether or not they are in the same MST region by checking the configuration IDs of
the BPDUs between them. (A configuration ID contains information such as region ID
and configuration digest.)
As some partners' switches adopt proprietary spanning tree protocols, they cannot
interwork with other switches in an MST region even if they are configured with the
same MST region-related settings as other switches in the MST region.
This problem can be overcome by implementing the digest snooping feature. If a port
on an S5100-EI series switch is connected to a partner's switch that has the same
MST region-related settings as its own but adopts a proprietary spanning tree
protocol, you can enable digest snooping on the port. Then the S5100-EI switch
regards the partner's switch as in the same region; it records the configuration digests
carried in the BPDUs received from the partner's switch, and put them in the BPDUs
to be send to the partner's switch. In this way, the S5100-EI switches can interwork
with the partners' switches in the same MST region.
Note:
The digest snooping feature is needed only when your S5100-EI series switch is
connected to partner's proprietary protocol-adopted switches.
To enable the digest snooping feature successfully, you must first enable it on all
the ports of your S5100-EI series switch that are connected to partner's proprietary
protocol-adopted switches and then enable it globally.
The digest snooping feature must be enabled on all the ports of your S5100-EI
series switch that are connected to partners' proprietary protocol-adopted
switches in the same MST region.
Use the stp interface cost command to set the path cost of specified ports in
a specified spanning tree instance.
Use the undo stp interface cost command to restore the default path costs.
Syntax
Parameters
interface-list
Default
instance-id
cost
Specifies the path cost for the ports. Valid values are
1 to 200,000,000.
By default, a switch calculates the path costs of ports in each spanning tree instance
automatically according to the specified standard.
If you specify the instance-id argument to be 0 or do not specify this argument,
the stp interface cost command sets the path cost of the port in the CIST.
Example
To set the path cost of GigabitEthernet1/0/3 port in spanning tree instance 2 to 400 in
system view, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp instance 2 interface GigabitEthernet 1/0/3 cost 400
View
System view
Description
The path cost of a port affects the role of the port. By configuring the same ports to
have different path costs in different MSTIs, you can enable flows of different VLANs
to travel along different physical links, implementing VLAN-based load balancing.
Path cost changes for ports of an MSTP-enabled switch can cause MSTP to recalculate
the roles of the ports and to perform state transitions.
Related Command
stp cost
Syntax
Parameters
interface-list
Default
enable
disable
Example
View
Description
System view
An edge port is a port that is directly connected to a user terminal instead of another
switch or a network segment. Rapid transition is applied to edge ports because, on
these ports, no loops can be incurred by network topology changes. You can enable a
port to transit to the forwarding state rapidly by setting it to an edge port. And you
are recommended to configure the Ethernet ports directly connected to user
terminals as edge ports to enable them to transit to the forwarding state rapidly.
Normally, configuration BPDUs cannot reach an edge port because the port is not
connected to another switch. But when the BPDU protection function is disabled on
an edge port, configuration BPDUs sent deliberately by a malicious user may reach the
port. If an edge port receives a BPDU, it turns to a non-edge port.
CAUTION:
Only one function among loop prevention, root protection, and edge port can be
valid at a time.
Related Command
stp edged-port
Syntax
Parameters
interface-list
Default
Example
View
System view
Description
CAUTION:
Only one function among loop prevention, root protection, and edge port can be
valid at a given time.
Related Command
stp loop-protection
Use the stp interface mcheck command to perform the mCheck operation for
specified ports.
Syntax
Parameters
interface-list
Example
View
Description
Related Commands
System view
stp mcheck
stp mode
Syntax
Parameters
interface-type
Port type.
interface-number
Port number.
Default
Example
To enable the rapid transition feature for GigabitEthernet1/0/1 port, enter the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G]stp interface GigabitEthernet1/0/1 no-agreement-check
View
Description
System view
Some partners' switches adopt proprietary spanning tree protocols that are similar to
RSTP in the way to implement rapid transition on designated ports. When a switch of
this kind operates as the upstream switch of the 4200G series switch running MSTP,
the upstream designated port fails to change their states rapidly.
The rapid transition feature is developed to avoid this case. When the 4200G series
switch running MSTP is connected in the upstream direction to a partner's switch
running proprietary spanning tree protocol, you can enable the rapid transition
feature on the ports of the 4200G series switch operating as the downstream switch.
Among these ports, those operating as the root ports will then send agreement
packets to their upstream ports after they receive proposal packets from the upstream
designated ports, instead of waiting for agreement packets from the upstream
switch. This enables designated ports of the upstream switch to change their states
rapidly.
Note: Enable the rapid transition feature on root ports or alternate ports only.
Related Command
Syntax
Parameters
interface-list
Default
force-true
force-false
auto
Example
View
Description
System view
Related Command
stp point-to-point
Use the stp interface port priority command to set the port priority of
specified ports in a spanning tree instance.
Use the undo stp interface port priority command to restore the
default port priority of the specified ports in the spanning tree instance.
Syntax
Parameters
interface-list
Example
instance-id
priority
To set the port priority of GigabitEthernet1/0/3 port (with regard to spanning tree
instance 2) to 16, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp interface GigabitEthernet 1/0/3 instance 2 port priority
16
View
System view
Description
Related Command
Syntax
Parameters
interface-list
Default
Example
View
System view
Description
Configuration errors and malicious attacks may cause legal root bridges to receive
BPDUs of higher priorities, and give up their roles as root bridges, which means
network topology jitters. In this case, flows that should travel along high-speed links
may be led to low-speed links, and network congestions may occur.
You can avoid this problem by utilizing the root protection function. Ports with this
function enabled can retain their roles in all spanning tree instances. When such a
port receives BPDUs of higher priorities, its state is set to discarding and it stops
forwarding any packets as if the connected link were down. Only when it receives no
BPDUs of higher priorities in a specified period, does it resumes its normal state.
CAUTION:
Only one function among loop prevention, root protection, and edge port can be
valid at a time.
Related Command
stp root-protection
Syntax
Parameters
interface-list
packetnum
Example
View
System view
Description
Related Command
stp transmit-limit
stp loop-protection
Purpose
Use the stp loop-protection command to enable the loop prevention function
for the current port.
Use the undo stp loop-protection command to restore the default operation
state of the loop prevention function.
Syntax
stp loop-protection
undo stp loop-protection
Parameters
None
Default
Example
View
stp max-hops
Purpose
Use the stp max-hops command to set the maximum hop count of the MST region
to which the switch belongs.
Use the undo stp max-hops command to restore the default.
Syntax
Parameters
hops
Default
Example
To set the maximum hops of the current MST region to 35, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp max-hops 35
View
Description
System view
The maximum hop count configured on the region root for an MST region is used to
limit the size of the MST region.
A BPDU contains a hop counter field. In a MST region, after a BPDU leaves the root
bridge, its hop counter decreases by 1 whenever it is forwarded by a switch; once its
hop counter reaches 0, it is dropped. Such a mechanism disables the switches that are
beyond the maximum hop count from participating in spanning tree calculation, and
thus limits the size of an MST region.
With such a mechanism, once a switch becomes the root bridge of a CIST or MSTI,
the maximum hop count configured on it determines the network diameter of the
spanning tree and limits the size of the spanning tree. The switches that are not the
root bridge in an MST region adopts the maximum hop count configured on the root
bridge.
stp mcheck
Purpose
Use the stp mcheck command to perform the mCheck operation for the current
port.
Syntax
stp mcheck
Parameters
None
Example
View
Description
System view
Related Commands
stp mode
stp mode
Purpose
Use the stp mode command to set the MSTP operation mode of the switch.
Use the undo stp mode command to restore the default MSTP operation mode.
Syntax
Parameters
stp
mstp
rstp
Default
Example
View
Description
Related Commands
System view
To make a switch compatible with STP/RSTP, MSTP provides another two operation
modes besides the MSTP mode: STP and RSTP. When a switch operates in STP mode,
the packets sent by the ports of the switch are STP BPDUs. When a switch operates in
RSTP mode, the packets sent by the ports of the switch are RSTP BPDUs. And when a
switch operates in MSTP mode, the packets sent by the ports of the switch are MSTP
BPDUs. When a switch detects that STP-/RSTP-enabled switches are connected to its
ports, the corresponding ports change to operate in STP/RSTP mode automatically.
stp
stp interface
stp mcheck
stp no-agreement-check
Purpose
Syntax
stp no-agreement-check
undo stp no-agreement-check
Parameters
None
Default
Example
View
Description
Some partners' switches adopt proprietary spanning tree protocols that are similar to
RSTP in the way to implement rapid transition on designated ports. When a switch of
this kind operates as the upstream switch of an S5100-EI series switch running MSTP,
the upstream designated port fails to change their states rapidly.
The rapid transition feature is developed to resolve this problem. When an S5100-EI
series switch running MSTP is connected in the upstream direction to a partner's
switch running proprietary spanning tree protocol, you can enable the rapid transition
feature on the ports of the S5100-EI series switch operating as the downstream
switch. Among these ports, those operating as the root ports will then send
agreement packets to their upstream ports after they receive proposal packets from
the upstream designated ports, instead of waiting for agreement packets from the
upstream switch. This enables designated ports of the upstream switch to change
their states rapidly.
Note: Enable the rapid transition feature on root ports or alternate ports only.
Related Command
stp pathcost-standard
Purpose
Use the stp pathcost-standard command to set the standard used for
calculating the default path costs of ports.
Use the undo stp pathcost-standard command to restore the default
standard.
Syntax
Parameters
dot1d-1998
dot1t
legacy
Default
By default, the switch uses the legacy standard to calculate the default path costs of
ports
Example
To configure the switch to use the IEEE 802.1D-1998 standard to calculate the default
path costs of its ports, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp pathcost-standard dot1d-1998
To configure the switch to use the IEEE 802.1t standard to calculate the default path
costs of its ports, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp pathcost-standard dot1t
View
System view
Description
The following table lists transmission speeds and their corresponding path costs.
Table 112 Transmission speeds and the corresponding path costs
Standard
defined by
3Com
Transmission
speed
Operation mode
(half-/full-duplex)
802.1D-1998
IEEE 802. 1t
65,535
200,000,000 200,000
10 Mbps
Half-Duplex
100
2,000,000
2,000
Full-Duplex
99
1,999,999
2,000
1,000,000
1,800
666,666
1,600
500,000
1,400
Half-Duplex
19
200,000
200
Full-Duplex
18
199,999
200
100,000
180
66,666
160
50,000
140
Full-Duplex
20,000
20
10,000
18
6,666
16
5,000
14
Full-Duplex
2,000
1,000
666
500
100 Mbps
1,000 Mbps
10 Gbps
Normally, the path cost of a port in full-duplex mode is slightly less than that of the
port in half-duplex mode.
When calculating the path cost of an aggregate link, the 802.1D-1998 standard does
not take the number of the aggregated links into account, whereas the 802.1T
standard does so by using the following equation:
Path cost = 200,000,000/link transmission speed
Where, the link transmission speed is the sum of the speeds of the unblocked ports
for the aggregate link measured in 100 kbps units.
stp point-to-point
Purpose
Use the stp point-to-point command to specify whether the port must
connect to point-to-point link.
Use the undo stp point-to-point command to restore the default setting.
Syntax
Parameters
force-true
force-false
auto
Default
Example
View
Description
The rapid transition feature is not applicable to ports that are connected to
non-point-to-point links.
If an Ethernet port is the master port of an aggregation port or operates in full-duplex
mode, then the link to which the port is connected is a point-to-point link. It is
recommended that you specify the auto keyword in the stp interface
point-to-point command for links of this kind to enable the type of the links
being automatically determined by MSTP.
These two commands only apply to CISTs and MSTIs. If you configure the link to
which a port is connected is a point-to-point link (or a non-point-to-point link), the
configuration applies to all spanning tree instances (that is, the port is configured to
Related Command
Use the stp port priority command to set the priority of the current port in a
specified spanning tree instance.
Use the undo stp port priority command to restore the default priority.
Syntax
Parameters
instance-id
Example
To set the port priority of GigabitEthernet1/0/3 port in spanning tree instance 2 to 16,
enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet1/0/3
[S4200G-GigabitEthernet1/0/3] stp instance 2 port priority 16
View
Description
If you specify the instance-id argument to be 0 or do not specify the argument, these
two commands apply to the port priorities on the CIST. The role a port plays in a
spanning tree instance is determined by the port priority in the instance. A port on a
MSTP-enabled switch can have different port priorities and play different roles in
different MSTIs. This enables packets of different VLANs to be forwarded along
different physical paths, so as to achieve load balancing by VLANs. Changing port
priorities result in port roles being re-determined and may cause state transitions.
Related Command
stp priority
Purpose
Use the stp priority command to set the priority of a switch in a spanning tree
instance.
Use the undo stp priority command to restore the default priority of a switch.
Syntax
Parameters
instance-id
priority
Default
Example
To set the priority of the switch in spanning tree instance 1 to 4,096, enter the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp instance 1 priority 4096
View
Description
System view
The priorities of switches are used for spanning tree generation. Switch priorities are
spanning tree-specific. That is, you can set different priorities for the same switch in
different spanning tree instances.
If you do not specify the instance-id argument, the configuration applies to the
CIST.
stp region-configuration
Purpose
Syntax
stp region-configuration
undo stp region-configuration
Parameters
None
Default
Example
View
Description
System view
MST region-related settings include: region name, revision level, and VLAN mapping
table. The three MST region-related settings default to:
And you can modify the three settings after entering MST region view by using the
stp region-configuration command.
Use the stp root primary command to configure the current switch to be the
root bridge of a specified spanning tree instance.
Use the undo stp root command to cancel the configuration.
Syntax
Parameters
Default
instance-id
bridgenum
centi-seconds
Example
To configure the current switch as the root bridge of spanning tree instance 1, setting
the network diameter of the switched network to 4, and the Hello time to 500
centiseconds, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp instance 1 root primary bridge-diameter 4 hello-time 500
View
Description
System view
You can specify the current switch as the root bridge of a spanning tree instance
regardless of the priority of the switch. You can also specify the network diameter of
the switched network by using the stp root primary command. The switch will
then figure out the following three time parameters: Hello time, Forward delay, and
Max age. As the Hello time figured out by the network diameter is not always the
optimal one, you can set it manually through the hello-time keyword. Normally, you
are recommended to set the network diameter and leave the Forward delay and Max
age parameters being automatically determined by the network diameter you set.
CAUTION:
You can configure only one root bridge for a spanning tree instance and can
configure one or more secondary root bridges for a spanning tree instance.
Configuring multiple root bridges for a spanning tree instance causes
unpredictable results.
Once a switch is configured to be the root bridge or a secondary root bridge, its
priority cannot be modified.
stp root-protection
Purpose
Use the stp root-protection command to enable the root protection function
for the current port.
Use the undo stp root-protection command to restore the default operation
state of the root protection function.
Syntax
stp root-protection
undo stp root-protection
Parameters
None
Default
Example
View
Description
Configuration errors and malicious attacks may cause legal root bridges to receive
BPDUs of higher priorities, and give up their roles as root bridges, which means
network topology jitters. In this case, flows that should travel along high-speed links
may be led to low-speed links, and network congestions may occur.
You can avoid this problem by utilizing the root protection function. Ports with this
function enabled can retain their roles in all spanning tree instances. When such a
port receives BPDUs of higher priorities, its state is set to discarding and it stops
forwarding any packets as if the connected link were down. Only when it receives no
BPDUs of higher priorities in a specified period, does it resumes its normal state.
Related Command
Use the stp root secondary command to configure the current switch as a
secondary root bridge of a specified spanning tree instance.
Use the undo stp root command to cancel the configuration.
Syntax
Parameters
Default
instance-id
bridgenum
centi-seconds
Example
View
Description
System view
You can configure one or more secondary root bridges for a spanning tree instance. If
the switch operating as the root bridge fails or is turned off, the secondary root
bridge with the smallest MAC address becomes the root bridge.
You can also specify the network diameter and the Hello time of the switch while
specifying a switch to be a secondary root bridge. The switch will then figures out the
other two correlated settings (that is, the Forward delay and Max age). You can
configure only one root bridge for a spanning tree instance and can configure one or
more secondary root bridges for a spanning tree instance.
Once a switch is configured to be the root bridge or a secondary root bridge, its
priority cannot be modified.
stp tc-protection
Purpose
Use the stp tc-protection command to enable or disable the TC-BPDU attack
prevention function for the switch.
Syntax
Parameters
None
Default
Example
To enable the TC-BPDU attack prevention function for the switch, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp tc-protection enable
View
Description
System view
A switch removes MAC address entries and ARP entries upon receiving TC-BPDUs. If a
malicious user sends large amounts of TC-BPDUs to a switch in a short period, the
switch may be busy removing MAC address entries and ARP entries, which may
decrease the performance of the switch and introduce potential stability risks.
With the TC-BPDU attack prevention function enabled, a switch performs removing
operation only once in a specified period (10 seconds by default) after it receives a
TC-BPDU. The switch also checks to see if other TC-BPDUs arrive and performs
another removing operation in the next period if a TC-BPDU is received. Such a
mechanism prevents a switch from being busy removing address entries and ARP
entries.
stp timer-factor
Purpose
Use the stp timer-factor command to set the timeout time of a switch in terms
of the multiple of the Hello time.
For example, with the number argument set to 3, the timeout time is three times of
the Hello time.
Use the undo stp timer-factor command to restore the default.
Syntax
Parameters
number
Example
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp timer-factor 7
View
Description
System view
A switch sends protocol packets to its neighboring devices in the specified Hello time
interval to test the connectivity of links. Normally, if a switch does not receive any
protocol packets from its upstream switch in a period three times of the Hello time, it
assumes that the upstream switch is down and recalculates the spanning trees.
Spanning tree recalculation may also occur in a very stable network where certain
upstream switches are busy. In this case, you can increase the timeout time to four or
more times of the Hello time. For stable networks, a timeout time of five to seven
times of the Hello time is recommended.
Use the stp timer forward-delay command to set the Forward delay for a
switch.
Use the undo stp timer forward-delay command to restore the default.
Syntax
Parameters
centi-seconds
Example
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp timer forward-delay 2000
View
Description
System view
To prevent temporary loops while ports change their states, each port undergoes an
intermediate period when it changes from the discarding state to the forwarding
state to allow for synchronizing with the remote switches. This intermediate period is
determined by the Forward delay configured on the root bridge.
The Forward delay setting configured for a root bridge applies to all switches
operating in the spanning tree instance, including the root bridge.
As for the configuration of the three time-related parameters (that is, the Hello time,
Forward delay, and Max age parameters), you can refer to the following expressions
to prevent networks from jittering frequently.
2 * (Forward delay 1 second) >= Max age,
Max age >= 2 * (Hello time + 1 second).
It is recommended that you specify the network diameter and the Hello time
parameter by using the stp root primary or stp root secondary command
in a network with MSTP employed, after which the three optimized time-related
parameters are automatically determined.
Related Commands
stp bridge-diameter
Use the stp timer hello command to set the Hello time for a switch.
Use the undo stp timer hello command to restore the default Hello time.
Syntax
Parameters
centi-seconds
Example
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp timer hello 400
View
Description
System view
A root bridge regularly sends out configuration BPDUs to maintain the existing
spanning trees. The Hello time is used to set the sending interval. When a switch
becomes a root bridge, it regularly sends BPDUs at the interval specified by the hello
time you have configured on it. While, the other none-root-bridge switches listen to
the BPDUs; if they do not receive a BPDU in a specific period, spanning trees will be
regenerated.
As for the configuration of the three time-related parameters (that is, the Hello time,
Forward delay, and Max age parameters), the following formulas must be met to
prevent network jitter.
2 * (Forward delay 1 second) >= Max age
Max age >= 2 * (Hello time + 1 second)
It is recommended that you specify the network diameter and the Hello time by using
the stp root primary or stp root secondary command. MSTP will then
automatically calculate the optimal values of the three parameters.
Related Commands
stp bridge-diameter
Use the stp timer max-age command to set the maximum age of a switch.
Use the undo stp timer max-age command to restore the default.
Syntax
Parameters
centi-seconds
Example
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp timer max-age 1000
View
Description
System view
MSTP is capable of detecting link problems and automatically setting redundant links
to forwarding state. In a CIST, the Max age is the criterion for switches to judge
whether or not a received BPDU is timed out. And spanning trees will be regenerated
if a BPDU received by a port is timed out.
The Max age argument is meaningless to MSTIs. All switches in a CIST uses the Max
age configured for the root bridge of the CIST to judge whether a BPDU is timed out.
The settings of the three MSTP time parameters must satisfy the following expressions
to prevent frequent network jitters:
2 * (Forward delay 1 second) >= Max age
Max age >= 2 * (Hello time + 1 second)
It is recommended that you specify the network diameter and the Hello time by using
the stp root primary or stp root secondary command. MSTP will then
automatically calculate the optimal values of the three parameters.
Related Commands
stp bridge-diameter
stp transmit-limit
Purpose
Syntax
Parameters
packetnum
Example
To set the maximum number of configuration BPDUs that can be transmitted by the
GigabitEthernet1/0/1 port in each Hello time to 5, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] stp transmit-limit 5
View
Description
Related Command
776 super
super
Purpose
Use the super command to switch the current user level to the one identified by the
level argument.
Syntax
super [ level ]
Parameters
level
Example
View
Description
User view
Related Command
Users logging into a switch also fall into four levels, each of which corresponding
to one of the command levels. Users at a specific level can only use the commands
at the same level and the commands at the lower levels.
You can specify an AUX user to provide a password when he switches from a
lower user level to a higher user level and specify the password by using the
super password [ level level ] { simple | cipher } password
command. With a password configured, an AUX user remains in the original user
level if the password provided is incorrect when the AUX user attempts to switch
to a higher user level. If the password is not configured, an AUX user can switch to
a higher user level directly.
A password is necessary for a VTY user to switch to a higher user level. You can
use the super password [ level level ] { simple | cipher } password
command to set the password. With the password not configured, a VTY user fails
to switch to a higher user level and is prompted the message reading Password is
not set.
An AUX user or a VTY user can switch to a lower user level directly regardless of
the password.
super password
super 777
super password
Purpose
Use the super password command to set the password for users to switch to a
higher user level.
Use the undo super password command to cancel the configuration.
Syntax
Parameters
level
simple
cipher
password
No matter what form of the password (plain text or encrypted text) is in, the
password entered for verification must be in plain text.
Example
Set the password to switch from the current user level to user level 3 to zbr.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] super password level 3 simple zbr
View
Description
System view
To prevent unauthorized accesses, you can use this command to require users to
provide the password when they switch to a higher user level. For security purpose,
the password a user enters when switching to a higher user level is not displayed. A
user will remain at the original user level if the user has tried three times to enter the
correct password but fails to do this.
780 sysname
sysname
Purpose
Use the sysname command to set a domain name for the switch.
Use the undo sysname command to restore the default domain name.
Syntax
sysname text
undo sysname
Parameters
text
Example
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]sysname ABC
[ABC]
View
Description
System view
The CLI prompt reflects the domain name of a switch. For example, if the domain
name of a switch is "S4200G", then the prompt of user view is <S4200G>.
sysname 781
sysname
Purpose
Use the sysname command to set the system name of the Switch.
Use the undo sysname command to restore the default value of the system name.
Syntax
sysname sysname
undo sysname
Parameters
sysname
Default
Example
<S4200G> system-view
[S4200G] sysname S4200GLANSwitch
[S4200GLANSwitch]
View
Description
System view
Changing the system name of the Switch will affect the prompt of the command line
interface. For example, the system name of the Switch is 4200G, and the prompt in
user view is <S4200G>.
782 system-view
system-view
Purpose
Enter system-view to enter the system view from the user view.
Syntax
system-view
Parameters
None
Example
View
Related Commands
User view
quit
return
Use the tcp timer fin-timeout command to configure the TCP finwait timer.
Use the undo tcp timer fin-timeout command to restore the default value of the
TCP finwait timer.
Syntax
Parameters
time-value
Example
To configure the TCP finwait timer value as 800 seconds, enter the following:
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]tcp timer fin-timeout 800
View
Description
Related Commands
System view
When the TCP connection state changes from FIN_WATI_1 to FIN_WAIT_2, the
finwait timer is enabled. If the switch does not receive FIN packet before finwait timer
timeouts, the TCP connection is terminated.
tcp window
Use the tcp timer syn-timeout command to configure the TCP synwait timer.
Use the undo tcp timer syn-timeout command to restore the default value of the
timer.
Syntax
Parameters
time-value
Example
To configure the TCP synwait timer value as 80 seconds, enter the following:
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]tcp timer syn-timeout 80
View
Description
Related Commands
System view
When a SYN packet is sent, TCP starts the synwait timer. If no response packet is
received before the synwait timer times out, the TCP connection is terminated.
tcp window
tcp window
Purpose
Use the tcp window command to configure the size of the transmission and receiving
buffers of the connection-oriented socket.
Use the undo tcp window command to restore the default size of the buffer.
Syntax
Parameters
window-size
Example
To configure the size of the transmission and receiving buffers as 3 KB, enter the
following:
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]tcp window 3
View
Related Commands
System view
786 telnet
telnet
Purpose
Use the telnet command to log in to another Ethernet switch from the current
switch via Telnet for remote management.
Syntax
Parameters
hostname
ip-address
service-port
Example
Telnet to the switch with the host name of S4200G2 and IP address of 129.102.0.1
from the current switch (with the host name of S4200G1).
<S4200G1> telnet 129.102.0.1
<S4200G2>
View
User view
Description
Use the telnet command to Telnet to another switch from the current switch to
manage the former remotely. You can terminate a Telnet connection by pressing
<Ctrl+K> or <Ctrl+]>.
Related Command
terminal debugging
Purpose
Syntax
terminal debugging
undo terminal debugging
Parameters
None
Default
Example
View
Related Command
User view
debugging
terminal debugging
Purpose
Syntax
terminal debugging
undo terminal debugging
Parameters
None
Default
Example
View
Related Command
User view
debugging
terminal logging
Purpose
Syntax
terminal logging
undo terminal logging
Parameters
None
Default
By default, log terminal display is enabled for console users and disabled for terminal
users.
Example
View
User view
terminal monitor
Purpose
Use the terminal monitor command to enable the debug/log/trap terminal display
function.
Use the undo terminal monitor command to disable the function.
Syntax
terminal monitor
undo terminal monitor
Parameters
None
Default
By default, this function is enabled for the console user but disabled for terminal
users.
Example
View
Description
User view
This command works only on the current terminal. Only after the command has been
executed in user view, can the debug/log/trap information be output on the current
terminal. Disabling the function has the same effect as executing the following three
commands: undo terminal debugging, undo terminal logging and undo terminal
trapping. That is, no debug/log/trap information will be displayed on the current
terminal. If the function is enabled, you can run the terminal debugging/undo
terminal debugging, terminal logging/undo terminal logging or terminal
trapping/undo terminal trapping command to enable or disable debug/log/trap
terminal output respectively.
terminal trapping
Purpose
Use the terminal trapping command to enable terminal trap information display.
Use the undo terminal trapping command to disable trap terminal display.
Syntax
terminal trapping
undo terminal trapping
Parameters
None
Default
Example
View
User view
792 tftp
tftp
Purpose
Use the tftp command to set the TFTP data transfer mode.
Syntax
Parameters
ascii
binary
Default
Example
View
System view
Use the tftp cluster get command to download a specified file from a cluster
TFTP server.
Syntax
Parameters
source-file
destination-file
Example
Download the file named LANSwitch.app from the cluster TFTP server and save it as
vs.app.
<123_1.S4200G> tftp cluster get LANSwitch.app vs.app
View
Related Command
User view
Use the tftp put command to upload a specified file to a specified directory of a
cluster TFTP server.
Syntax
Parameters
source-file
destination-file
Example
Upload the local file named vrpcfg.txt to the cluster TFTP server and save it as
Temp.txt.
<123_1.S4200G> tftp cluster put vrpcfg.txt temp.txt
View
Related Command
User view
tftp get
Purpose
Use the tftp get command to download a file from a TFTP server to this switch.
Syntax
Parameters
tftp-server
source-file
dest-file
Example
Download the file named abc.txt from the TFTP server whose IP address is 1.1.1.1 and
save it as efg.txt.
<S4200G>tftp 1.1.1.1 get abc.txt efg.txt
File will be transferred in binary mode.
Downloading file from remote tftp server, please wait......
TFTP:
35 bytes received in 0 second(s).
File downloaded successfully.
View
Related Command
User view
tftp put
tftp put
Purpose
Use the tftp put command to upload a file from the switch to the specified directory
on the TFTP server.
Syntax
Parameters
tftp-server
source-file
dest-file
Example
Upload the file named vrpcfg.txt to the TFTP server whose IP address is 1.1.1.1 and
save it as temp.txt.
<S4200G>tftp 1.1.1.1 put vrpcfg.cfg temp.cfg
File will be transferred in binary mode.
Copying file to remote tftp server. Please wait... /
TFTP:
962 bytes sent in 0 second(s).
File uploaded successfully.
View
Related Command
User view
tftp get
tftp-server 797
tftp-server
Purpose
Use the tftp-server command to configure a TFTP server for cluster members on
the management device.
Use the undo tftp-server command to cancel the TFTP server configuration.
Syntax
tftp-server ip-address
undo tftp-server
Parameters
ip-address
Default
Only after you assign an IP address for TFTP server of the cluster, member devices can
access it through the management device.
Example
View
Description
Cluster view
You need to configure the IP address of a TFTP server first for the member devices in a
cluster to access the TFTP server through the management device.
Execute these two commands on management devices only.
tftp-server acl
Purpose
Use the tftp-server acl command to specify the ACL (Access Control List)
adopted for the connection between a TFTP client and a TFTP server.
Use the undo tftp-server acl command to cancel all ACLs adopted.
Syntax
Parameters
acl-number
Example
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] tftp-server acl 2000
The ACL number is not existent or contains no rule. Continue? [Y/N] y
[S4200G]
View
System view
time-range 799
time-range
Purpose
Syntax
Parameters
time-name
start-time
end-time
days-of-the-week
all
If the two parameters above are not configured, it means there is no restriction to
time-range.
800 time-range
Example
Define a time range that is effective from 12:00 January 1, 2000 to 12:00 January 1,
2001.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] time-range test from 12:00 1/1/2000 to 12:00 1/1/2001
View
Description
System view
The time range defined by means of the time-range command can include absolute
time sections and periodic time sections. The start-time and end-time
days-of-the-week jointly define a periodic time section, while start-time start-date and
end-time end-date jointly define an absolute time section.
If only a periodic time section is defined in a time range, the time range is active only
within the defined periodic time section.
If only an absolute time section is defined in a time, the time range is active only
within the defined absolute time section.
If both a periodic time section and an absolute time section are defined in a time
range, the time range is active only when the periodic time range and the absolute
time range are both matched. Assume that a time range defines an absolute time
section from 00:00 January 1, 2004 to 23:59 December 31, 2004, and a periodic time
section from 12:00 to 14:00 every Wednesday. This time range is active only from
12:00 to 14:00 every Wednesday in 2004.
If you include any argument with the undo time-range command, the system will
delete only the content defined by the argument from the time range.
timer 801
timer
Purpose
Use the timer command to set the interval to send handshake packets.
Use the undo timer command to restore the default interval value.
Syntax
timer interval
undo timer
Parameters
Interval
Example
<aaa_0.S4200G>system-view
System View: return to User View with Ctrl+Z.
[aaa_0.S4200G]cluster
[aaa_0.S4200G-cluster] timer 3
View
Description
Cluster view
Inside a cluster, the connections between member devices and the management
device are kept through transmitting handshake packets. Handshake packets in a
cluster enable the management device to acquire the information about member
states link states.
Execute these two commands on management devices only. All the member devices
in a cluster acquire the handshake interval setting from the management device.
802 timer
timer
Purpose
Use the timer command to set the response timeout time of RADIUS server (that is,
the timeout time of the response timeout timer of RADIUS server).
Use the undo timer command to restore the default response timeout timer of
RADIUS server.
Syntax
timer seconds
undo timer
Parameters
seconds
Example
To set the timeout time of the response timeout timer for the RADIUS scheme radius1
to 5 seconds, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] timer 5
View
Description
Related Commands
Note:
If the switch gets no response from the RADIUS server after sending out a RADIUS
request (authentication/authorization request or accounting request) and waiting
for a time, it should retransmit the packet to ensure that the user can obtain the
RADIUS service. This wait time is called response timeout time of RADIUS server;
and the timer in the switch system that is used to control this time is called the
response timeout timer of RADIUS server. You can use the timer command to set
the timeout time of this timer.
Appropriately setting the timeout time of this timer according to the network
situation can improve the performance of the system.
The timer command has the same effect with the timer
response-timeout command.
radius scheme
retry
timer quiet
Purpose
Use the timer quiet command to set the wait time for the primary server to
restore the active state.
Use the undo timer quiet command to restore the default wait time.
Syntax
Parameters
minutes
Example
To set the wait time for the primary server to restore the active state to 10 minutes,
enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] timer quiet 10
View
Related Command
display radius
timer realtime-accounting
Purpose
Syntax
Parameters
minutes
Example
To set the real-time accounting interval of the RADIUS scheme radius1 to 51 minutes.
enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] timer realtime-accounting 51
View
Description
Note:
To charge the users in real time, you should set the interval of real-time
accounting. After the setting, the switch sends the accounting information of
online users to the RADIUS server at regular intervals.
The setting of the real-time accounting interval depends to some degree on the
performance of the switch and the RADIUS server. The higher the performance of
the switch and the RADIUS server is, the shorter the interval can be. You are
recommended to set the interval as long as possible when the number of users is
relatively great (f1000). Table 113 lists the numbers of users and the
corresponding recommended intervals.
1 to 99
100 to 499
500 to 999
12
f1000
f15
Related Commands
retry realtime-accounting
radius scheme
timer response-timeout
Purpose
Use the timer response-timeout command to set the response timeout time of
RADIUS servers.
Use the undo timer command to restore the default response timeout timer of
RADIUS servers.
Syntax
Parameters
seconds
Example
To set the response timeout time in the RADIUS scheme radius1 to five seconds, enter
the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] timer response-timeout 5
View
Description
Related Commands
Note:
If the switch gets no response from the RADIUS server after sending out a RADIUS
request (authentication/authorization request or accounting request) and waiting
for a time, it should retransmit the packet to ensure that the user can obtain the
RADIUS service. This wait time is called response timeout time of RADIUS servers;
and the timer in the switch system that is used to control this time is called the
response timeout timer of RADIUS servers. You can use the timer
response-timeout command to set the timeout time of this timer.
Appropriately setting the timeout time of this timer according to the network
situation can improve the performance of the system.
This command has the same effect with the timer command.
radius scheme
retry
topology accept
Purpose
Use the topology accept command to confirm the current topology information
of the cluster and save that as a standard topology.
Use the undo topology accept command to delete the current topology
information of the cluster.
Syntax
Parameters
Example
mac-address
member-number
save-to
View
Description
Cluster view
topology restore-from
Purpose
Use the topology restore-from command to obtain and restore the standard
topology information from the local flash.
Syntax
Parameters
None
Example
View
Description
Cluster view
topology save-to
Purpose
Use the topology save-to command to save the standard topology information
into the local flash.
Syntax
Parameters
None
Example
View
Description
Cluster view
The topology includes white list and blacklist. The file is named topology.top
universally.
This command can be executed only on the management device.
810 tracemac
tracemac
Purpose
Syntax
Parameters
by-mac
mac-address
vlan-id
by-ip
ip-address
nondp
Example
View
Any view
tracert 811
tracert
Purpose
Use the tracert command to trace the gateways the test packets passes through
during its journey from the source to the destination.
tracert [[ -a source-ip] -f first-TTL ] [ -m max-TTL ] [ -p port ] [ -q
num-packet ] [ -w timeout ] string
Parameters
-a source-IP
-f
-m
-p
-q
-w
string
Default
Example
first-TTL is 1,
max-TTL is 30,
port is 33434,
nqueries is 3
Test the gateways passed by the packets to the destination host at 18.26.0.115.
812 tracert
View
Description
Any view
The tracert command is primarily used to check the network connectivity. It can
also help you locate the trouble spot of the network.
If you find that the network is in trouble by using the ping command, you can use
the tracert command to find where the trouble is in the network.
The executing procedure of the tracert command is as follows. First, the source
sends a packet with the TTL of 1, and the first hop device returns an ICMP error
message indicating that it cannot forward this packet because of TTL timeout.
Then, the source re-sends a packet with the TTL of 2, and the second hop device
also returns an ICMP TTL timeout message. This procedure continues until a
packet gets to the destination or the maximum TTL is reached. During the
procedure, the system records the source address of each ICMP TTL timeout
message in order to offer the path that the packets pass through to the destination.
The tracert command can output the IP addresses of all the gateways the
packets pass through to the destination. You will see the string "***" if a gateway
times out.
traffic-limit 813
traffic-limit
Purpose
Use the traffic-limit command to use ACL rules in traffic identifying and traffic
policing for the packet matching with the ACL rules and to set traffic policing
parameters.
Use the undo traffic-limit command to disable traffic policing.
Syntax
Parameters
inbound
acl-rule
ip-group acl-number
link-group acl-number
Issue a rule in an IP ACL and a rule in a Link ACL at ip-group acl-number rule rule link-group
the same time
acl-number rule rule
target-rate
Example
To perform traffic policing for packets matching with ACL 4000 rules. Limit the rate
within 128 kbps and drop the packets exceeding the traffic limit, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface gigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] traffic-limit inbound link-group 4000 128
View
814 traffic-limit
Description
The command is used in traffic policing for packets matching with the specified ACL
rules. It is applicable only to ACL rules with permit action.
The granularity of traffic policing is described in the following table:
Table 115 The granularity of traffic policing
The rang of total rate
Granularity (bps)
0 to 1M
1K
0 to 10M
10K
0 to 100M
100K
0 to 1G
1M
0 to 10G
10M
traffic shape
Purpose
Use the traffic-shape command to enable traffic shaping and send the packets
out at an even rate.
Use the undo traffic-shape command to disable traffic shaping.
Syntax
Parameters
Example
queue queue-id
max-rate
burst-size
To perform traffic shaping on the current port. Set the max rate to 650kbps and the
burst size to 12kbytes, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface gigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] traffic-shape 650 12
View
Description
Traffic shaping for all the traffic of a port. The function can be implemented when
queue queue-id in the traffic-shape command is not specified.
Traffic shaping for the specified output queues. The function can be implemented
when queue queue-id in the traffic-shape command is specified.
Granularity (bps)
GE ports
0 to 80M
20K
GE ports
80M to 1G
260K
10GE ports
0 to 10G
2500K
816 traffic-statistic
traffic-statistic
Purpose
Use the traffic-statistic command to use ACL rules in traffic identifying and
perform traffic statistics on the packets matching with the ACL rules.
Use the undo traffic-statistic command to disable traffic statistics.
Syntax
Parameters
inbound
acl-rule
Example
ip-group acl-number
link-group acl-number
To perform traffic statistics on packets matching with ACL 2000 rules, enter the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface gigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] traffic-statistic inbound ip-group 2000
View
System view
Description
Related Command
udp-helper enable
Purpose
Use the udp-helper enable command to enable the UDP Helper function.
Use the undo udp-helper enable command to disable the UDP Helper function.
Syntax
udp-helper enable
undo udp-helper enable
Parameters
None
Default
Example
View
System view
udp-helper port
Purpose
Use the udp-helper port command to configure the UDP port with relay function.
Use the undo udp-helper port command to remove the UDP configuration.
Syntax
Parameters
Example
port
dns
netbios-ds
netbios-ns
tacacs
tftp
time
To configure the UDP port with relay function as the UDP port corresponding to DNS,
enter the following:
<SW4200G>system-view
System View: return to User View with Ctrl+Z.
[SW4200G]udp-helper port dns
View
System view
udp-helper server
Purpose
Use the udp-helper server command to configure the relay destination server for
UDP broadcast packets.
Use the undo udp-helper server command to delete the relay destination server.
Syntax
Parameters
ip-address
Default
Example
To configure the relay destination server with IP address 192.1.1.2, enter the
following:
<SW4200G>system-view
System View: return to User View with Ctrl+Z.
[SW4200G]interface vlan-interface 1
[SW4200G-Vlan-interface1]udp-helper server 192.1.1.2
View
Related Command
820 undelete
undelete
Purpose
Syntax
undelete file-url
Parameters
file-url
Example
View
Description
User view
The file name to be recovered cannot be the same as an existing directory name. If
the destination file name is the same as an existing file name, a prompt will be
displayed asking whether to overwrite the existing file.
user 821
user
Purpose
Syntax
Parameters
username
password
Example
Log into the FTP server using the user account with the user name being
tom and the password being 111.
<S4200G> ftp 2.2.2.2
Trying ...
Press CTRL+K to abort
Connected.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(none):switch
331 Give me your password, please
Password:*****
230 Logged in successfully
[ftp] user tom 111
331 Give me your password, please
230 Logged in successfully
View
Description
After logging into an FTP server, you can switch to another user by using the user
command.
822 user-interface
user-interface
Purpose
Syntax
Parameters
type
first-number
last-number
Example
View
System view
user-name-format 823
user-name-format
Purpose
Use the user-name-format command to set the format of the user names to be sent
to RADIUS server.
Syntax
Parameters
with-domain
without-domain
Default
By default, except for the default RADIUS scheme "system", the user names sent to
RADIUS servers in any RADIUS scheme carry ISP domain names.
Example
To specify that the user names sent to a RADIUS server in RADIUS scheme radius1
does not carry ISP domain names, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
View
Description
Related Command
Note:
For a RADIUS scheme, if you have specified that no ISP domain names are carried
in the user names, you should not use this RADIUS scheme in more than one ISP
domain. Otherwise, such errors may occur: the RADIUS server regards two
different users having the same name but belonging to different ISP domains as
the same user (because the user names sent to it are the same).
radius scheme
Use the user privilege level level command to configure the command
level that a user can access from the specified user interface.
Use the undo user privilege level command to restore the default
command level.
Syntax
Parameters
level
Default
By default, a user can access all commands at Level 3 after logging in through the
AUX user interface, and all commands at Level 0 after logging in through a VTY user
interface.
Example
Configure that commands of level 0 are available to the users logging into VTY 0.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] user-interface vty0
[S4200G-ui-vty0] user privilege level 0
You can verify the above configuration by Telneting to VTY 0 and displaying the
available commands, as listed in the following.
<S4200G> ?
User view commands:
cluster
Run cluster command
language-mode Specify the language environment
ping
Ping function
quit
Exit from current command view
super
Privilege specified user priority level
telnet
Establish one TELNET connection
tracert
Trace route function
View
Description
The user can use all the available commands at this command level.
verbose 825
verbose
Purpose
Use the verbose command to enable the verbose function, which displays execution
and response information of other related commands.
Use the undo verbose command to disable verbose.
Syntax
verbose
undo verbose
Parameters
None
Default
Example
Enable verbose.
<S4200G> ftp 2.2.2.2
Trying ...
Press CTRL+K to abort
Connected.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(none):switch
331 Give me your password, please
Password:*****
230 Logged in successfully
[ftp] verbose
View
826 virtual-cable-test
virtual-cable-test
Purpose
Use the virtual-cable-test command to enable the system to test the cable
connected to a specific port and to display the results.
Syntax
virtual-cable-test
Parameters
None
Default
By default, the test of the connection cable of the Ethernet port is closed, that is, the
system does not test the cable connected to the Ethernet port.
Example
View
Description
Cable length
Pair skew
Pair swap
Pair polarity
Insertion loss
Return loss
Near-end crosstalk
virtual-cable-test 827
Note:
If the cable is in normal state, the displayed length value is the total length of the
cable.
If the cable is in any other state, the displayed length value is the length from the
port to the faulty point.
The speed and undo speed commands cannot be configured on a combo port.
828 vlan
vlan
Purpose
Syntax
vlan vlan-id
undo vlan { vlan-id1 to vlan-id2 | all }
Parameters
vlan-id
vlan-id1
to
vlan-id2
all
CAUTION: The undo vlan all command cannot be used to remove the VLANs
kept by protocols, voice VLANs, the default VLANs (VLAN 1), management VLANs,
and the remote probe VLANs.
Default
Example
View
vlan 829
Description
System view
If the VLAN identified by the vlan-id argument does not exist, this command creates
the VLAN and then enters VLAN view.
830 vlan-assignment-mode
vlan-assignment-mode
Purpose
Syntax
Parameters
integer
string
Default
By default, the VLAN assignment mode is integer. That is, the switch supports the
integer type of VLAN IDs assigned by RADIUS authentication server.
Example
View
Description
Through dynamic VLAN assignment, the Ethernet switch dynamically adds the ports
of the successfully authenticated users to different VLANs depending on the attribute
values assigned by RADIUS server, so as to control the network resources the users
can access.
In actual application, to cooperate with Guest VLAN, port control is usually set to the
port-based mode. If it is set to the MAC addressbased mode, each port can have
only one user end connected.
Currently, the switch supports the following two data types of VLAN ID assigned by
RADIUS authentication server:
Integer: If the RADIUS server assigns integer type of VLAN IDs, you can set the
VLAN assignment mode to integer on the switch (this is also the default mode on
the switch). Then, upon receiving an integer ID assigned by the RADIUS
authentication server, the switch adds the port to the VLAN whose VLAN ID is
equal to the assigned integer ID. If no such a VLAN exists, the switch first creates a
VLAN with the assigned ID, and then adds the port to the newly created VLAN.
String: If the RADIUS server assigns string type of VLAN IDs, you can set the VLAN
assignment mode to string on the switch. Then, upon receiving a string ID
assigned by the RADIUS authentication server, the switch compares the ID with
existing VLAN names on the switch. If it finds a match, it adds the port to the
corresponding VLAN. Otherwise, the VLAN assignment fails and the user cannot
pass the authentication.
vlan-assignment-mode 831
Note: In string mode, if the VLAN ID assigned by the RADIUS server is a character
string containing only digits (for example, 1024), the switch first regards it as an
integer VLAN ID: the switch transforms the string to an integer value and judges if the
value is in the valid VLAN ID range; if it is, the switch adds the authenticated port to
the VLAN with the value as the VLAN ID (VLAN 1024, for example).
Related Commands
dot1x guest-vlan
name
vlan-mapping modulo
Purpose
Use the vlan-mapping modulo command to map VLANs to specific spanning tree
instances.
Syntax
Parameters
modulo
Default
By default, all VLANs in a network are mapped to the CIST (spanning tree instance 0).
Example
To map VLANs to spanning tree instances using the modulo of 16, enter the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp region-configuration
[S4200G-mst-region] vlan-mapping modulo 16
View
Description
where (VLAN ID-1) % modulo yields the module of (VLAN ID-1) with regards to
modulo. For example, if you set the modulo argument to 16, VLAN 1 is mapped to
spanning tree instance 1, VLAN 2 is mapped to spanning tree instance 2, , VLAN 16
is mapped to spanning tree instance 16, VLAN 17 is mapped to spanning tree
instance 1, and so on.
Related Commands
active region-configuration
check region-configuration
region-name
revision-level
vlan-vpn enable
Purpose
Use the vlan-vpn enable command to enable the VLAN-VPN function for a port.
Use the undo vlan-vpn command to disable the VLAN-VPN function for a port.
Syntax
vlan-vpn enable
undo vlan-vpn
Parameters
None
Default
Example
View
Description
With the VLAN VPN function enabled, a received packet is tagged with the default
VLAN tag of the receiving port no matter whether or not the packet already carries a
VLAN tag. If the packet already carries a VLAN tag, the packet becomes a dual-tagged
packet. Otherwise, the packet becomes a packet carrying the default VLAN tag of the
port.
CAUTION: The VLAN-VPN function is unavailable if the port has any of the protocols
among GVRP, GMRP, STP, IRF, NTDP and 802.1x enabled.
CAUTION: If this port is a remote mirror reflection port, the VLAN-VPN function
cannot be enabled on the port.
vlan-vpn tpid
Purpose
Use the vlan-vpn tpid command to set a TPID value for a port. The setting takes
effect only when the VLAN-VPN or VLAN-VPN uplink function is enabled.
Use the undo vlan-vpn tpid command to restore the default TPID value.
Syntax
Parameters
value
Default
Example
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet 1/0/2
[S4200G-GigabitEthernet 1/0/2] vlan-vpn tpid 12
View
Description
Do not set the TPID value to a value that conflicts with the known protocol type
values (such as 0x0806, which is that of ARP packets). Otherwise, the packet may be
discarded.
Table 118 Common Ethernet frame protocol type values
Protocol type
Value
ARP
0x0806
IP
0x0800
MPLS
0x8847/0x8848
IPX
0x8137
IS-IS
0x8000
LACP
0x8809
802.1x
0x888E
vlan-vpn tunnel
Purpose
Use the vlan-vpn tunnel command to enable the BPDU tunnel function.
Use the undo vlan-vpn tunnel command to disable the BPDU tunnel function.
Syntax
vlan-vpn tunnel
undo vlan-vpn tunnel
Parameters
None
Default
Example
To enable the BPDU tunnel function for the switch, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] vlan-vpn tunnel
Note:
View
You must enable STP on a device before enabling the BPDU tunnel function on it.
To implement the BPDU tunnel function, the links between operator networks
must be trunk links.
As the VLAN VPN function is unavailable to the ports with 802.1x, GVRP, GMRP,
STP, or NTDP employed, the BPDU tunnel function is unavailable to these ports.
Description
System view
Syntax
Parameters
None
Example
View
Description
When sending a VLAN-VPN packet, a VLAN-VPN uplink port replaces the TPID value in
the outer VLAN tag of the packet with the customized TPID value. You can use the
vlan-vpn tpid command to set the TPID value used by the VLAN-VPN uplink port.
CAUTION: The vlan-vpn uplink enable command and the vlan-vpn enable
command are mutually exclusive. That is, if you execute the vlan-vpn
enable command on a port, you will fail to execute the vlan-vpn uplink
enable command on the same port. Similarly, if you execute the vlan-vpn
uplink enable command on a port, you will fail to execute the vlan-vpn
enable command on the same port.
voice vlan
Purpose
Use the voice vlan command to enable the voice VLAN function globally.
Use the undo voice vlan enable command to disable the voice VLAN function
globally.
Syntax
Parameters
vlan-id
Example
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] vlan 2
[S4200G-vlan2] quit
[S4200G] voice vlan 2 enable
With the voice VLAN function enabled for VLAN 2, the following message appears if
you enable the voice VLAN function for another VLAN, for example, VLAN 4.
[S4200G] voice vlan 4 enable
Can't change voice vlan configuration when other voice vlan is running
View
Description
System view
Use the voice vlan command to enable the voice VLAN function globally.
Use the undo voice vlan enable command to disable the voice VLAN function
globally.
CAUTION:
Related Command
Before enabling the voice VLAN function, make sure the VLAN for which the voice
VLAN function is to be enabled exists. Otherwise, you will fail to perform the
operation.
To remove a VLAN with the voice VLAN function enabled, you need to disable the
voice VLAN function first.
Only one VLAN can have the voice VLAN function enabled at a time.
Use the voice vlan aging command to set the aging time for a voice VLAN.
Use the undo voice vlan aging command to restore the default aging time for
a voice VLAN.
Syntax
Parameters
minutes
Example
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] voice vlan aging 100
View
Related Command
System view
Use the voice vlan enable command to enable the voice VLAN function for a
port.
Use the undo voice vlan enable command to disable the voice VLAN function
for a port.
Syntax
Parameters
None
Example
View
Description
The voice VLAN function takes effect on a port only when it is enabled in both system
view and port view. Note that the operation to enable the voice VLAN function for a
port is independent of that to enable the function globally.
Related Command
Use the voice vlan mac-address command to set a MAC address used for a
voice VLAN to identify voice devices.
Use the undo voice vlan mac-address command to remove a MAC address
used to identify voice devices.
Syntax
Parameters
Example
oui
oui-mask
string
View
Description
System view
A switch can use up to 16 MAC addresses to identify voice devices, including the four
default MAC addresses (as listed in Table 2-2). When the number of MAC addresses
reaches 16, you will fail to add new MAC addresses.s
Table 119 Default OUI address
Related Command
Number
OUI
Description
00e0-bb00-0000
3com phone
0003-6b00-0000
Cisco phone
00e0-7500-0000
Polycom phone
00d0-1e00-0000
Pingtel phone
Use the voice vlan mode auto command to configure an Ethernet port to
operate in the automatic voice VLAN mode.
Use the undo voice vlan mode auto command to configure an Ethernet port
to operate in the manual voice VLAN mode.
Syntax
Parameters
None
Default
Example
Configure Ethernet 1/0/2 port to operate in the manual voice VLAN mode.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface ethernet 1/0/2
[S4200G-Ethernet1/0/2] undo voice vlan mode auto
View
Description
Use the voice vlan mode auto command to configure an Ethernet port to
operate in the automatic voice VLAN mode.
Use the undo voice vlan mode auto command to configure an Ethernet port
to operate in the manual voice VLAN mode.
These two commands are valid only before you enable the voice VLAN function
globally.
Related Command
Use the voice vlan security enable command to enable the voice VLAN
security mode.
Use the undo voice vlan security enable command to disable the voice
VLAN security mode.
Syntax
Parameters
None
Default
Example
View
Description
System view
In the voice VLAN security mode, the ports in a voice VLAN and with voice devices
attached to can only forward voice data. Data packets with their MAC addresses not
among the OUI addresses that can be identified by the system will be dropped. This
mode has no effects on other VLANs.
These two commands are valid only before you enable the voice VLAN function
globally.
Related Command
845
Numerics
Commands by
Function
COMMANDS BY FUNCTION
802.1x
display debugging habp
display dot1x
display habp
display habp table
display habp traffic
dot1x
dot1x authentication-method
dot1x dhcp-launch
dot1x guest-vlan
dot1x max-user
dot1x port-control
dot1x port-method
dot1x quiet-period
dot1x retry
dot1x retry-version-max
dot1x timer
dot1x version-check
habp enable
habp server vlan
habp timer
reset dot1x statistics
smarton
smarton password
smarton switchid
smarton timer
157
171
182
183
184
332
334
335
336
338
340
342
344
345
346
347
349
374
375
376
595
671
672
673
674
14
15
19
17
36
38
42
89
91
102
149
169
229
230
278
280
307
330
846
key
level
local-server
messenger
name
nas-ip
primary accounting
primary authentication
radius nas-ip
radius trap
radius-scheme
reset radius statistics
reset stop-accounting-buffer
retry realtime-accounting
retry stop-accounting
scheme
secondary accounting
secondary authentication
self-service-url
server-type
state
stop-accounting-buffer enable
timer
timer quiet
timer realtime-accounting
timer response-timeout
user-name-format
vlan-assignment-mode
421
428
431
463
476
477
538
540
579
583
580
601
605
613
615
648
651
652
654
657
717, 720
722
802
803
804
806
823
830
ACL
acl
description
display acl
display packet-filter
display time-range
packet-filter
rule (Advanced ACL)
rule (Basic ACL)
rule (Layer 2 ACL)
rule comment
time-range
22
114
126
257
316
506
634
638
641
640
799
ARP
arp check enable
arp static
arp timer aging
debugging arp packet
display arp
display arp count
display arp timer aging
gratuitous-arp learning enable
reset arp
31
32
34
96
128
130
131
371
593
Auto-detect
ip route-static
retry
418
612
847
Centralized MAC
display mac-authentication
mac-authentication
mac-authentication authmode
mac-authentication authpassword
mac-authentication authusername
mac-authentication domain
mac-authentication timer
241
453
455
456
457
458
459
CLI
command-privilege level
display history-command
super
super password
Cluster
add-member
administrator-address
auto-build
black-list add-mac
black-list delete-mac
build
cluster
cluster enable
cluster switch-to
cluster switch-to-sysname
cluster-local-user
cluster-mac
cluster-mac syn-interval
cluster-snmp-agent community
cluster-snmp-agent group v3
cluster-snmp-agent mib-view included
cluster-snmp-agent usm-user v3
delete-member
display cluster
display cluster base-topology
display cluster black-list
display cluster candidates
display cluster current-topology
display cluster members
display ntdp single-device mac-address
ftp cluster
holdtime
ip-pool
logging-host
management-vlan
management-vlan synchronization enable
nm-interface vlan-interface
reboot member
snmp-host
tftp cluster get
tftp cluster put
timer
topology accept
topology restore-from
86
185
776
778
25
27
43
46
47
55
70
71
83
84
72
73
74
75
77
79
81
109
139
141
142
143
145
147
251
362
381
415
437
460
461
481
585
702
793
794
801
807
808
848
topology save-to
tracemac
809
810
152
290
306
315
603
643
716
DHCP
accounting domain
address-check
debugging dhcp-relay
dhcp relay information enable
dhcp relay information strategy
dhcp-security static
dhcp-server
dhcp-server ip
display dhcp-security
display dhcp-server
display dhcp-server intervace vlan-interface
display dhcp-snooping
164,
display dhcp-snooping trust
166,
16
26
98
115
116
117
118
119
160
161
163
165
167
DLDP
debugging DLDP
100
EAD
security-policy-server
653
Ethernet Switch
acl
authentication-mode
auto-execute command
databits
display user-interface
display users
free user-interface
free web-users
header
history-command max-size
idle-timeout
ip http acl
jumboframe enable
lock
parity
protocol inbound
screen-length
send
service-type
set authentication password
21
40
44
93
320
322
359
360
377
380
383
414
420
436
507
546
650
656
660
663
849
shell
snmp-agent community
snmp-agent group
snmp-agent usm-user
speed
stopbits
sysname
telnet
user privilege level
user-interface
668
676
678
696
703
723
780
786
824
822
48
49
51
53
59
87
105
132
356
358
433
435
470
473
474
555
591
602
619
715
820
FTP
ascii
binary
bye
cd
cdup
close
delete
dir
disconnect
display ftp-server
display ftp-user
ftp
ftp server
ftp server enable
ftp timeout
get
lcd
ls
mkdir
open
passive
put
35
45
57
60
62
69
107
122
125
176
177
361
363
364
365
370
427
444
471
504
508
553
850
pwd
quit
remotehelp
rename
rmdir
user
verbose
556
577
588
592
620
821
825
178
179
180
181
366
368
372
373
596
IGMP
display igmp-snooping configuration
display igmp-snooping group
display igmp-snooping statistics
display mac-address multicast static
gmp-snooping fast-leave
gmp-snooping max-response-time
igmp host-join vlan
igmp-snooping
igmp-snooping group-limit
igmp-snooping group-policy
igmp-snooping host-aging-time
igmp-snooping router-aging-time
mac-address multicast interface vlan
mac-address multicast vlan
service-type multicast
188
189
190
239
386
391
384
385
387
388
390
392
449
450
662
Information Center
display channel
display info-center
display logbuffer
display logbuffer summary
display trapbuffer
info-center channel name
info-center console channel
info-center enable
info-center logbuffer
info-center monitor channel
info-center snmp channel
info-center source
info-center synchronous
info-center timestamp
info-center trapbuffer
reset logbuffer
reset trapbuffer
terminal debugging
terminal logging
137
191
232
234
318
393
394
395
396
397
398
399
403
404
405
599
611
787
789
851
terminal monitor
terminal trapping
790
791
Link Aggregation
display link-aggregation interface
display link-aggregation summary
display link-aggregation verbose
lacp enable
lacp port-priority
lacp system-priority
link-aggregation group agg-id description
link-aggregation group agg-id mode
port link-aggregation group
224
226
227
423
424
425
429
430
520
Loopback Detection
display-loopback-detection
235
236, 445
238
447
452
Management VLAN
debugging dhcp client
97
description
113
display bootp client
134
display dhcp client
159
display interface VLAN-interface
196
display ip host
197
display ip interface vlan-interface
198
display ip routing-table
200
display ip routing-table acl
201
display ip routing-table ip address
204
display ip routing-table ip address1 ip address2 208
display ip routing-table ip-prefix
210
display ip routing-table statistics
216
display ip routing-table verbose
217
interface VLAN-interface
409
ip address
410
ip address bootp-alloc
411
ip address dhcp-alloc
412
ip host
413
shutdown
670
Mirroring
display mirroring-group
mirroring group
mirroring-group mirroring-port
mirroring-group reflector-port
mirroring-group remote-probe vlan
mirroring-port
monitor-port
remote-probe vlan
244
464
465
466
467
468
472
587
852
MSTP
active region-configuration
check region-configuration
display stp
display stp region-configuration
instance
region-name
reset stp
revision-level
stp
stp bpdu-protection
stp bridge-diameter
stp config-digest-snooping
stp cost
stp edged-port
stp interface
stp interface config-digest-snooping
stp interface cost
stp interface edged-port
stp interface loop protection
stp interface mcheck
stp interface no-agreement-check
stp interface point-to-point
stp interface port priority
stp interface root-protection
stp interface transmit-limit
stp loop-protection
stp max-hops
stp mcheck
stp mode
stp no-agreement-check
stp pathcost-standard
stp point-to-point
stp port priority
stp priority
stp region-configuration
stp root primary
stp root secondary
stp root-protection
stp tc-protection
stp timer forward-delay
stp timer hello
stp timer max-age
stp timer-factor
stp transmit-limit
vlan-mapping modulo
vlan-vpn tunnel
24
63
309
311
406
586
607
617
724
725
726
727
729
730
732
734
736
738
740
742
743
744
746
748
750
752
753
754
755
756
757
759
761
762
763
764
767
766
769
771
773
774
770
775
832
836
Multicast Protocol
display igmp-snooping configuration
display igmp-snooping group
display igmp-snooping statistics
igmp-snooping
igmp-snooping group-limit
igmp-snooping group-policy
igmp-snooping router-aging-time
reset igmp-snooping statistics
service-type multicast
188
189
190
385
387
388
392
597
662
853
NDP
display ndp
ndp enable
ndp timer aging
ndp timer hello
reset ndp statistics
246
478
479
480
600
Network Protocol
arp check enable
reset ip statistics
31
598
NTDP
display ntdp
display ntdp device-list
ntdp enable
ntdp explore
ntdp hop
ntdp timer
ntdp timer hop-delay
ntdp timer port-delay
249
250
482
483
484
485
486
487
NTP
debugging ntp-service
display ntp-service sessions
display ntp-service status
display ntp-service trace
ntp-service access
ntp-service authentication enable
ntp-service authentication-keyid
ntp-service broadcast-client
ntp-service broadcast-server
ntp-service in-interface disable
ntp-service max-dynamic sessions
ntp-service multicast-client
ntp-service multicast-server
ntp-service source-interface
ntp-service unicast-peer
ntp-service unicast-server
101
253
255
256
488
490
491
492
493
494
495
496
497
499
500
502
Password Control
password
509
Port
am user-bind
broadcast-suppression
copy configuration
description
display am user-bind
display brief interface
display interface
display isolate port
display lacp system-id
28
54
88
111
127
135
193
222
223
854
240
258
259
351
357
408
438
439
441
442
451
462
516
517
518
519
521
537
536
522
523
525
527
529
530
533
534
594
669
704
826
QoS
apply qos-profile
apply qos-profile interface
display protocol-priority
display qos cos-drop-precedence-map
display qos cos-dscp-map
display qos cos-local-precedence-map
display qos dscp-cos-map
display qos dscp-drop-precedence-map
display qos dscp-dscp-map
display qos dscp-local-precedence-map
display qos-interface all
display qos-interface priority-trust
display qos-interface traffic-limit
display qos-interface traffic-shape
display qos-interface traffic-statistic
display qos-profile
display queue-scheduler
packet-filter
priority
priority trust
protocol-priority protocol-type
qos cos-drop-precedence-map
qos cos-dscp-map
qos cos-local-precedence-map
qos dscp-cos-map
29
30
262
263
264
265
266
267
268
269
270
272
273
274
275
276
277
505
542
543
547
557
559
561
563
855
qos dscp-drop-precedence-map
qos dscp-dscp-map
qos dscp-local-precedence-map
qos-profile
qos-profile port-based
queue-scheduler
reset traffic-limit
reset traffic-statistic
snmp-agent usm-user
traffic shape
traffic-limit
traffic-statistic
565
567
569
571
572
573
609
610
694
815
813
816
RMON
display rmon alarm
display rmon event
display rmon eventlog
display rmon prialarm
display rmon statistics
rmon alarm
rmon event
rmon history
rmon prialarm
rmon statistics
Routing Protocol
delete static-routes all
display ip routing-table protocol
display ip routing-table radix
ip route-static
282
283
284
286
287
621
623
624
625
628
110
213
215
416, 418
SNMP
debugging snmp-agent
display snmp-agent community
display snmp-agent group
display snmp-agent mib-view
display snmp-agent statistics
display snmp-agent sys-info
display snmp-agent trap-list
display snmp-agent usm-user
enable snmp trap updown
snmp-agent
snmp-agent community
snmp-agent group
snmp-agent local-engineid
snmp-agent log
snmp-agent mib-view
snmp-agent packet max-size
snmp-agent sys-info
snmp-agent target-host
snmp-agent trap enable
snmp-agent trap life
snmp-agent trap queue-size
snmp-agent trap source
snmp-agent usm-user
103
294
295
296
298
300
301
302
352
675
677
680
682
683
684
685
686
687
689
691
692
693
698
856
SSH
bye
cd
cdup
dir
display rsa local-key-pair public
display rsa peer-public-key
display ssh server
display ssh server-info
display ssh user-information
exit
get
help
ls
mkdir
peer-public-key end
protocol inbound
public-key-code begin
public-key-code end
put
pwd
quit
remove
rename
rmdir
rsa local-key-pair create
rsa local-key-pair destroy
rsa peer-public-key
sftp
sftp server enable
sftp time-out
ssh client assign rsa-key
ssh client first-time enable
ssh server authentication-retries
ssh server timeout
ssh user assign rsa-key
ssh user authentication-type
ssh user service-type
ssh2
56
58
61
124
288
289
303
304
305
355
369
379
443, 444
469, 471
511
545
548, 549
550, 551
552
554
575, 576
589
590
618
629
631
632, 633
664
666
667
705
706
707
708
709
710
712
713
Static Route
delete static-routes all
ip route-static
110
416
System Access
free user-interface
return
service-type
359
616
658
System Maintenance
boot boot-loader
boot bootrom
clock datetime
clock summer-time
clock timezone
debugging
display boot-loader
50
52
65
66
68
95
133
857
display clock
display cpu
display device
display diagnostic-information
display fib
display icmp statistics
display ip socket
display ip statistics
display memory
display schedule reboot
display tcp statistics
display tcp status
display users
display version
language-mode
ping
quit
reboot
reset tcp statistics
schedule reboot at
schedule reboot delay
sysname
system-view
tcp timer fin-timeout
tcp timer syn-timeout
tcp window
terminal debugging
tracert
138
151
158
168
175
186
218
220
243
292
312
314
323
324
426
512
578
584
608
645
647
781
782
783
784
785
788
811
System Management
debugging
debugging ntp-service
display cpu
display rmon history
display rmon prialarm
display snmp-agent
end-station polling ip-address
execute
mac-address max-mac-count
snmp-agent usm-user
94, 95
101
292
285
286
293
353
354
448
700
TFTP
tftp get
tftp put
tftp-server
795
796
797
UDP Helper
debugging udp-helper
display udp-helper server
udp-helper enable
udp-helper port
udp-helper server
104
319
817
818
819
VLAN
description
112
858
display vlan
name
port
vlan
326
475
515
828
VLAN-VPN
display port vlan-vpn
vlan-vpn enable
vlan-vpn tpid
vlan-vpn uplink enable
261
834
835
837
Voice VLAN
display vlan
display voice vlan oui
display voice vlan status
voice vlan
voice vlan aging
voice vlan enable
voice vlan mac-address
voice vlan mode
voice vlan security enable
325
328
329
838
839
840
841
842
843
When initially accessing the command line interface, press Enter when prompted. The User View menu for the unit
displays. This is indicated by the chevron brackets around the name of the unit at the prompt, for example,
<sw4200G>.
When in the System View menu, square brackets appear around the name of the unit at the prompt, for example,
[sw4200G].
You must be in the System View menu to access the configurable CLI commands.
Some commands can be entered directly at any prompt from anywhere in the interface.
If you enter part of a command followed by a ? (with no space between), the CLI will show you all the commands
The term view may be used interchangeably with the term menu.
The undo command is placed before the command you wish to undo, for example, undo setauthentication password.
<CTRL-A> places the cursor back to the start of the command line.
Enter the first few characters of a command and press TAB to enter the full command without having to input the
entire command (where there is only one command that starts with the entered characters).
Use the Up Arrow key at the prompt to repeat the previous command string.
Use the Delete key to delete the character after the cursor; the Backspace key deletes the character before the cursor.
When entering physical port numbers, Enter the port number as x/0/z, where x is the unit number and z is the
boot-loader
bootrom
Update Bootrom
web-package
Obtaining Help
At the prompt, enter ?.
Further Information
For further information about how to use the command line interface, refer to the Command Reference Guide and
the Configuration Guide, which are both available as PDF documents on the CD that accompanied the unit.
Commands
access-limit
Use the access-limit command to set the maximum number of access users that can be contained in
current ISP domain.
ISP Domain view
accounting
Use the accounting command to configure an accounting scheme for the current ISP domain.
ISP Domain view
accounting domain
Use the accounting domain command to enable the DHCP accounting function.
DHCP Address Pool view
accounting-on enable
Use the accounting-on enable command to enable user re-authentication upon device restart function.
RADIUS Scheme view
accounting optional
acl
Use the acl command to reference ACL and implement the ACL control to the TELNET users.
User Interface view
acl
Use the acl command to define an ACL identified by a number, and enter the corresponding ACL View.
System view
active region-configuration
Use the active region-configuration command to activate the settings of an MST (multiple spanning
tree) region.
MST Region view
add-member
Use the address-check command to enable or disable DHCP relay security on a VLAN interface, so as to
start or stop the validity check on user addresses under the VLAN interface.
VLAN Interface view
administrator-address
Use the administrator-address command to store the MAC address of the management device on a
member device.
Cluster view
am user-bind
Use the am user-bind command to bind the MAC and IP addresses of a legal user to a specified port.
System view
Ethernet Port view
apply qos-profile
Use the apply qos-profile command to manually apply the QoS profile to the current port.
Ethernet Port view
apply qos-profile interface
Use the apply qos-profile interface command to manually apply a QoS profile to one or more
consecutive ports.
System view
arp check enable
Use the arp check enable command to enable the ARP entry checking function, that is, to disable a switch
from creating multicast MAC address ARP entries for MAC addresses learned.
System view
arp static
Use the arp static command to configure the static ARP mapping entries in the ARP mapping table.
System view
arp timer aging
Use the arp timer aging command to configure the aging time for dynamic ARP mapping entries.
System view
ascii
Use the ascii command to configure data transmission mode as ASCII mode.
FTP Client view
attribute
Use the attribute command to configure attributes of a user whose service type is lan-access.
Local User view
authentication
Use the authentication command to configure an authentication scheme for the current ISP domain.
ISP Domain view
authentication-mode
Use the authorization none command to allow users in the current ISP domain to use network services
without being authorized.
ISP Domain view
auto-build
Use the auto-execute command command to set the command that is executed automatically after a user
logs in.
User Interface view
binary
Use the binary command to specify that files be transferred in binary mode. That is, data is transferred in
binary streams.
FTP Client view
black-list add-mac
Use the black-list add-mac command to add a device into the blacklist.
Cluster view
black-list delete-mac
Use the black-list delete-mac command to delete a device from the blacklist.
Cluster view
boot attribute-switch
Use the boot attribute-switch command to switch between the main and backup attribute for all the files
or a specified type of files. This changes a file with the main attribute to one with the backup attribute, or
vice versa.
User view
boot boot-loader
Use the boot boot-loader command to configure an app file to be of the main attribute. The app file
specified by this command becomes the main startup file when the device starts the next time.
User view
boot boot-loader
Use the boot boot-loader command to specify the host software that will be adopted when the current
switch or a specified switch in the fabric reboots next time.
User view
boot boot-loader backup-attribute
Use the boot boot-loader backup-attribute command to configure an app file to be of the backup
attribute.
User view
boot bootrom
Use the boot web-package command to configure a Web file to be of the main or backup attribute.
User view
broadcast-suppression
Use the broadcast-suppression command to define the broadcast traffic ratio allowed on one port or each
of the ports.
System view
build
Use the build command to configure a cluster with the current switch as the management device. Argument
name specifies the name of the cluster.
Cluster view
bye
Use the bye command to terminate the connection to the remote SFTP server and return to system view.
SFTP Client view
bye
Use the bye command to terminate the control connection and data connection with the remote FTP server
and quit to user view.
FTP Client view
cd
Use the cd command to change the current path on the remote SFTP server.
SFTP Client view
cd
Use the cd command to change the work path on the remote FTP server.
FTP Client view
cdup
Use the check region-configuration command to display the configurations of the MST regions that are
not activated.
MST Region view
clock datetime
Use the clock datetime command to set the current system time and date.
User view
clock summer-time
Use the clock summer-time command to set the name, time range, and offset of the daylight saving time.
User view
clock timezone
Use the clock timezone command to set local time zone information.
User view
close
Use the close command to terminate an FTP connection without quitting FTP client view.
FTP Client view
cluster
Use the cluster enable command to enable the cluster function on a switch.
System view
cluster-local-user
Use the cluster-local-user command to configure a Web username and password for all cluster
members.
Cluster view
cluster-mac
Use the cluster-mac command to configure a multicast MAC address for cluster management. Run this
command only on the management device only.
Cluster view
cluster-mac syn-interval
Use the cluster-mac syn-interval command to set the interval for the management device to send
multicast packets. This command can be executed on the management device only.
Cluster view
cluster-snmp-agent community
Use the cluster-snmp-agent community command to configure a SNMP community for a cluster to enable
SNMP access.
Cluster view
cluster-snmp-agent group v3
Use the cluster-snmp-agent group command to configure a SNMP group for a cluster to map SNMP
users to the SNMP view.
Cluster view
cluster-snmp-agent mib-view included
Use the cluster-snmp-agent mib-view command to create or update the information about the MIB view
configured for a cluster.
Cluster view
cluster-snmp-agent usm-user v3
Use the cluster-snmp-agent usm-user v3 command to add an account to the SNMPV3 group configured
for a cluster.
Cluster view
cluster switch-to
Use the cluster switch-to command to switch between the management device and member devices
for configuration and management.
User view
cluster switch-to sysname
Use the cluster switch-to sysname command to switch between the master device and a member
device.
User view
command-privilege level
Use the command-privilege level command to set the level of the specified command in a specified view.
System view
copy
Use the copy configuration command to copy the configuration of a specific port to other ports, to ensure
consistent configuration.
System view
cut connection
Use the cut connection command to cut the connection a user or a category of users by force.
System view
data-flow-format
Use the data-flow-format command to set the units of measure for the data flow sent to the RADIUS
Server.
RADIUS Scheme view
databits
Use the databits command to set the databits for the user interface.
User Interface view
debugging
Use the debugging dhcp client command to enable debugging for the DHCP client/BOOTP client.
User view
debugging dhcp-relay
Use the debugging dldp command to enable specific debugging for DLDP on all ports with DLDP enabled.
User view
debugging ntp-service
Use the debugging ntp-service command to debug different NTP (network time protocol) services.
User view
debugging radius
Use the debugging radius command to enable the debugging for RADIUS protocol.
User view
debugging snmp-agent
debugging udp-helper
Use the delete command to delete the specified file from the server.
SFTP Client view
delete
Use the delete-member command to remove a member device from the cluster.
Cluster view
delete static-routes all
Use the delete static-routes all command to delete all the static routes.
System view
description
Use the description command to assign a description string for the VLAN.
Use the undo description command to restore the default description string.
VLAN view
description
Use the description command to assign a description string to a VLAN or a VLAN interface.
VLAN view
VLAN Interface view
description
Use the description command to define the description information of an ACL to describe the specific
purpose of the ACL.
Basic ACL view
Advanced ACL view
Layer 2 ACL view
dhcp relay information enable
Use the dhcp relay information enable command to enable option 82 supporting on a DHCP relay,
through which you can enable the DHCP relay to insert option 82 into DHCP request packets sent to a
DHCP server.
System view
dhcp relay information strategy
Use the dhcp relay information strategy command to instruct a DHCP relay to perform specified
operations to DHCP request packets that carry option 82.
System view
dhcp-security static
Use the dhcp-security static command to configure a static user address entry.
System view
dhcp-server
Use the dhcp-server command to map the current VLAN interface to a DHCP server group.
VLAN Interface view
dhcp-server ip
Use the dhcp-server ip command to configure the DHCP server IP address(es) in a specified DHCP
server group.
System view
dir
Use the dir command to display the information about the specified files or directories on a switch.
User view
dir
Use the dir command to display the files in the specified directory.
SFTP Client view
disconnect
Use the disconnect command to terminate a FTP connection without quitting FTP client view.
FTP Client view
display acl
Use the display acl command to view the detailed configuration information of an ACL, including each
rule and its number as well as the number and size in bytes of the data packets that match the statement.
Any view
display am user-bind
Use the display am command to view whether address management is enabled and to display IP address
pool configuration.
Any view
display arp
Use the display arp command to display the ARP mapping table entries by entry type, or by a specified
IP address.
Any view
display arp count
Use the display arp count command to display the number of the specified type of ARP mapping entries.
Any view
display arp timer aging
Use the display arp timer aging command to view the current setting of the dynamic ARP aging timer.
Any view
display boot-loader
Use the display boot-loader command to display the information about the app startup files of a switch,
including the current app startup file name, the main and backup app startup files to be used when the switch
starts the next time.
Any view
display boot-loader
Use the display boot-loader command to display the host software (.bin file) that will be adopted when
the switch reboots.
Any view
display bootp client
Use the display bootp client command to display BOOTP client-related information, including the MAC
address of the BOOTP client and the IP address obtained.
Any view
display brief interface
Use the display brief interface command to display the configuration information about one specific
or all ports in brief, including the port type, connection state, connection rate, duplex attribute, link type and
default VLAN ID.
Any view
display channel
Use the display channel command to display the details about the information channel.
Any view
display clock
Use the display clock command to display the current date and time of the system, so that you can adjust
them if they are wrong.
Any view
display cluster
Use the display cluster command to display the state and basic configuration information of the cluster
that contains the current switch.
Any view
display cluster base-topology
Use the display cluster topology command to display the standard topology view of the cluster.
Any view
Use the display cluster black-list command to display the current blacklist of the cluster.
Any view
display cluster candidates
Use the display cluster candidates command to display candidate devices of a cluster.
Any view
display cluster current-topology
Use the display cluster current topology command to display the current topology view or the topology
path between two points.
Any view
display cluster members
Use the display cluster members command to display the information about cluster members.
Any view
display connection
Use the display connection command to view the information for a specified connection type.
Any view
display cpu
Use the display cpu command to display CPU usage of a specified switch.
Any view
display current-configuration
Use the display current-configuration command to display the current configuration of a switch.
Any view
display debugging
Use the display debugging command to display the enabled debugging on a specified device.
Any view
display debugging habp
Use the display debugging habp command to display the state of HABP debugging.
Any view
display device
Use the display device command to display the information, such as the module type and operating
status, about each board (main board and sub-board) of a specified switch.
Any view
display dhcp client
Use the display dhcp client command to display the DHCP client-related information.
Any view
display dhcp-security
Use the display dhcp-security command to display one or all user address entries, or a specified type
of user address entries in the valid user address table of a DHCP server group.
Any view
display dhcp-server
Use the display dhcp-server command to display information about a specified DHCP server group.
Any view
display dhcp-server interface vlan-interface
Use the display dhcp-server interface vlan-interface command to display information about the
DHCP server group to which a VLAN interface is mapped.
Any view
display dhcp-snooping
Use the display dhcp-snooping command to display the user IP-MAC address mapping entries recorded
by the DHCP snooping function.
Any view
display dhcp-snooping
Use the display dhcp-snooping command to display the correspondence between user IP addresses and
MAC addresses recorded by the DHCP snooping function.
Any view
display dhcp-snooping trust
Use the display dhcp-snooping trust command to display the (enabled/disabled) state of the DHCP
snooping function and the trusted ports.
Any view
10
Use the display dhcp-snooping trust command to display the DHCP-Snooping state and information
on trusted ports.
Any view
display diagnostic-information
Use the display diagnostic-information command to display the system diagnostic information, or save
the system diagnostic information to a file (with a suffix of "diag") in the flash memory.
Any view
display domain
Use the display domain command to view the configuration information of a specified ISP domain or
display the summary information of all ISP domains.
Any view
display dot1x
Use the display dot1x command to view the relevant information of 802.1x.
Any view
display fib
Use the display fib command to view the summary of the forwarding information base.
Any view
display ftp-server
Use the display ftp-server command to display the FTP server-related settings of a switch when it
operates as an FTP server.
You can use this command to verify FTP server-related configurations.
Any view
display ftp-user
Use the display ftp-user command to display the settings of the current FTP user, including the user
name, host IP address, port number, connection idle time, and authorized directory.
Any view
display garp statistics
Use the display garp statistics command to display the GARP statistics on specified (or all) ports.
Any view
display garp timer
Use the display garp timer command to display the values of the GARP timers on specified or all ports.
Any view
display gvrp statistics
Use the display gvrp statistics command to display the GVRP statistics about specified (or all) Trunk
ports.
Any view
display gvrp status
Use the display gvrp status command to display the enable/disable status of global GVRP.
Any view
display habp
Use the display habp command to display HABP configuration and status information.
Any view
display habp table
Use the display habp table command to display the MAC address table maintained by HABP.
Any view
display habp traffic
Use the display habp traffic command to display statistics on HABP packets.
Any view
display history-command
Use the display icmp statistics command to view the statistics information about ICMP packets.
Any view
display igmp-snooping configuration
Use the display igmp-snooping configuration command to display the configuration information about
IGMP Snooping.
Any view
11
Use the display igmp-snooping group command to display information about the IP and MAC multicast
groups under one VLAN (with vlan vlan-id) or all VLANs (without vlan vlan-id).
Any view
display igmp-snooping statistics
Use the display igmp-snooping statistics command to display the message statistics about IGMP
Snooping.
Any view
display info-center
Use the display info-center command to display system log settings and memory buffer record statistics.
Any view
display interface
Use the display interface command to view the configuration information on the selected interface.
Any view
display interface VLAN-interface
Use the display interface vlan-interface command to display the information about the management
VLAN interface, including the physical and link status, the format of the sent frames, the MAC address, IP
address (and subnet mask), description string and MTU (maximum transmit unit) of the management VLAN.
Any view
display ip host
Use the display ip host command to display all host names and their corresponding IP addresses.
Any view
display ip interface vlan-interface
Use the display ip interface vlan-interface command to view information on the specified interface.
Any view
display ip routing-table
Use the display ip routing-table command to display the summary information about the routing table.
Any view
display ip routing-table acl
Use the display ip routing-table acl command to display the routes permitted by the specified basic
ACL.
Any view.
display ip routing-table ip-address
Use the display ip routing-table ip-address command to display the information about the routes
leading to the destination.
Any view
display ip routing-table ip-address1 ip-address2
Use the display ip routing-table ip-address1 ip-address2 command to display the information
about the routes with their destinations within the specified destination IP address range.
Any view
display ip routing-table ip-prefix
Use the display ip routing-table ip-prefix command to display the information about the routes
matching a specified IP prefix list.
Any view
display ip routing-table protocol
Use the display ip routing-table protocol command to display the information about specific routes.
Any view
display ip routing-table radix
Use the display ip routing-table radix command to view the route information in a hierarchical (tree)
structure.
Any view
display ip routing-table statistics
Use the display ip routing-table statistics command to display the statistics of a routing table.
Any view
display ip routing-table verbose
Use the display ip routing-table verbose command to display the detailed information about a routing
table.
Any view
12
display ip socket
Use the display ip socket command to display the information about the sockets in the current system.
Any view
display ip statistics
Use the display ip statistics command to view the statistics information about IP packets.
Any view
display isolate port
Use the display isolate port command to display the information about the Ethernet ports added to an
isolation group.
Any view
display lacp system-id
Use the display lacp system-id command to view actor system ID, including system priority and system
MAC address.
Any view
display link-aggregation interface
Use the display link-aggregation interface command to display the link aggregation details about a
specified port or port range.
Any view
Use the display link-aggregation interface command to display the link aggregation details about a
specified port or port range, including:
display link-aggregation summary
Use the display link-aggregation summary command to display summary information of all aggregation
groups, including device ID of the local end, aggregation group ID, aggregation group type, device ID of the
remote end, number of the selected ports, number of the unselected ports, load sharing type and master
port number.
Any view
display link-aggregation verbose
Use the display link-aggregation verbose command to display the details about a specified
aggregation group.
Any view
display local-server statistics
Use the display local-server statistics command to view the statistics of all local RADIUS
authentication server.
Any view
display local-user
Use the display local-user command to view information about all the local users or the specified
one(s).
Any view
display logbuffer
Use the display logbuffer command to display the status of the log buffer and the records in the log
buffer.
Any view
display logbuffer summary
Use the display logbuffer summary command to display the summary of the log buffer.
Any view
display-loopback-detection
Use the display loopback-detection command to display the loopback detection status on the port.
Any view
display mac-address
Use the display mac-address command to display MAC address table information.
Any view
display mac-address aging-time
Use the display mac-address aging-time command to display the aging time of the dynamic entry in the
MAC address table.
Any view
display mac-address multicast static
Use the display mac-address multicast static command to display the multicast MAC address entries
manually configured on the switch, with each entry containing the following information: multicast MAC
address, VLAN ID, MAC address state, port number(s), and aging time of each port.
Any view
13
Use the display mac-address security command to display the information about Security MAC address.
Any view
display mac-authentication
Use the display mac-authentication command to display global information about centralized MAC
address authentication
Any view
display memory
Use the display memory command to display the memory usage of a specified switch.
Any view
display mirroring-group
Use the display mirroring-group command to display the parameter settings of a port mirroring group.
Any view
display ndp
Use the display ndp command to display global NDP configuration information, including the interval to
send NDP packets, the holdtime of NDP information, and the information about the neighbors of all the
ports.
Any view
display ntdp
Use the display ntdp command to display the global NTDP information. The information includes the
range (in hop count) within which topology information is collected, the interval to collect topology
information (the NTDP timer), the delay time for a device to forward topology-collection requests, the delay
time for a topology-collection request to be forwarded through a port, and the time cost during the last
topology collection.
Any view
display ntdp device-list
Use the display ntdp device-list command to display the device information collected through NTDP.
Any view
display ntdp single-device mac-address
Use the display ntdp single-device mac-address h-h-h command to display the information about a
specific device in detail.
Cluster view
display ntp-service sessions
Use the display ntp-service sessions command to display the status of all the sessions maintained by
NTP (Network Time Protocol) service provided by the local equipment.
Any view
display ntp-service status
Use the command display ntp-service status to display the NTP service status.
Any view.
display ntp-service trace
Use the display ntp-service trace command to display the brief information of each NTP time server
along the time synchronization chain from the local device to the reference clock source.
Any view
display packet-filter
Use the display packet-filter command to view the application information of packet filtering, including
the ACL name, rule names, and application status.
Any view
display port
Use the display port command to display all current ports with their type indicated.
Any view
display port-security
Use the display port-security command to display the information about port security configuration
(including global configuration and all or specific port configuration).
Any view
display port vlan-vpn
Use the display port vlan-vpn command to display the information about the VLAN VPN configuration
of the current system, including current TPID value, VLAN-VPN ports, and VLAN-VPN uplink ports.
Any view
14
display protocol-priority
Use the display protocol-priority command to display the priority of protocol packets.
Any view
display qos cos-drop-precedence-map
Use the display qos cos-dscp-map command to display the "COS->DSCP" mapping relationship.
Any view
display qos cos-local-precedence-map
Use the display qos cos-local-precedence-map command to view the COS>Local-precedence map.
Any view
display qos dscp-cos-map
Use the display qos dscp-cos-map command to display the "DSCP->802.1 priority" mapping relationship.
Any view
display qos dscp-drop-precedence-map
Use the display qos dscp-cos-map command to display the "DSCP->DSCP" mapping relationship.
Any view
display qos dscp-local-precedence-map
Use the display qos-interface all command to display all the QoS settings of the port.
Any view
display qos-interface priority-trust
Use the display qos-interface priority-trust command to display the precedence mapping mode of
the switch.
Any view
display qos-interface traffic-limit
Use the display qos-interface traffic-limit command to view the traffic limit settings.
Any view
display qos-interface traffic-shape
Use the display qos-interface traffic-shape command to view the parameter configurations of traffic
shaping on the port.
Any view
display qos-interface traffic-statistic
Use the display qos-interface traffic-statistic command to view the traffic statistics.
Any view
display qos-profile
Use the display qos-profile command to view the configurations of the QoS profile.
Any view
display queue-scheduler
Use the display queue-scheduler command to view queue scheduling mode and corresponding
parameters.
Any view
display radius
Use the display radius command to view the configuration information about all RADIUS schemes or a
specified scheme.
Any view
display radius statistics
Use the display radius statistics command to view the statistics information about RADIUS packet.
Any view
15
Use the display rmon alarm command to display the configuration of a specified alarm entry or all the
alarm entries.
Any view
display rmon event
Use the display rmon event command to display the configuration of a specified event entry or all the
event entries.
Any view
display rmon eventlog
Use the display rmon eventlog command to display the log of a specified event entry or all the event
entries.
Any view
display rmon history
Use the display rmon history command to display the RMON history information about a specified port.
The information about the latest sample, including utilization, the number of errors, the total number of
packets and so on, is also displayed.
Any view
display rmon prialarm
Use the display rmon prialarm command to display the configuration of a specified extended alarm entry
or all the extended alarm entries.
Any view
display rmon statistics
Use the display rmon statistics command to display the RMON statistics of a specified port.
Any view
display rsa local-key-pair public
Use the display rsa local-key-pair public command to display the public key of the server host key
pair. If no key pair is generated, the system prompts %RSA keys not found.
Any view
display rsa peer-public-key
Use the display rsa peer-public-key command to display the client public key of the specified RSA key
pair. If no key name is specified, the command displays all public keys of the client
Any view
display saved-configuration
Use the display saved-configuration command to display the content of the main configuration file in
the flash memory of a switch.
Any view
display schedule reboot
Use the display schedule reboot command to display information about scheduled reboot.
Any view
display snmp-agent
Use the display snmp-agent command to view engine ID of the local or remote SNMP entity.
Any view
display snmp-agent community
Use the display snmp-agent community command to view the information about the currently configured
community names for SNMPv1 or SNMPv2c.
Any view
display snmp-agent group
Use the display snmp-agent group command to view group name, security model, state of various views
and storage models.
Any view
display snmp-agent mib-view
The display snmp-agent mib-view command is used to view the MIB view configuration information of
the current Ethernet switch.
Any view
display snmp-agent statistics
Use the display snmp-agent statistics command to view the statistics information about SNMP
packets.
Any view
16
Use the display snmp-agent sys-info command to view the system information of SNMP configuration.
Any view
display snmp-agent trap-list
Use the display snmp-agent trap-list command to display trap list information.
Any view
display snmp-agent usm-user
Use the display snmp-agent usm-user command to view SNMP user information.
Any view
display ssh server
Use the display ssh server command to display the status or session information about the SSH server
Any view
display ssh server-info
Use the display ssh server-info command to display the association between the server public keys
configured on the client and the servers.
Any view
display ssh user-information
Use the display ssh user-information command to display information about the current SSH users,
including user name, authentication mode, key name and authorized service types. If the username is
specified, the command displays information about the specified user.
Any view
display startup
Use the display startup command to display the startup configuration of a switch, including the name of
the current startup configuration file, the names of the main startup configuration file, and backup startup
configuration file to be used when the switch starts the next time, and so on.
Any view
display stop-accounting-buffer
Use the display stop-accounting-buffer command to view the no-response stop-accounting request
packets buffered in the device.
Any views
display stp
Use the display stp command to display the state and statistical information about one or all spanning
trees.
Any view
display stp region-configuration
Use the display stp region-configuration command to display the MST region configuration.
Any view
display tcp statistics
Use the display tcp statistics command to view the statistics information about TCP packets.
Any view
display tcp status
Use the display tcp status command to view the TCP connection state.
Any view
display this
Use the display this command to display the current configuration performed in the current view of the
system.
Any view
display time-range
Use the display time-range command to view the configuration and status of the current time range. You
will see the active or inactive state outputs respectively.
Any view
display trapbuffer
Use the display trapbuffer command to display the status of the trap buffer and the records in the trap
buffer.
Any view
display udp-helper server
Use the display udp-helper server command to view the information of destination Helper server
corresponding to the VLAN interface.
Any view
17
display user-interface
Use the display users command to display the information about user interfaces. If you do not specify the
all keyword, only the information about the current user interface is displayed.
Any view
display users
Use the display users command to display the status and configuration information about user terminal
interfaces. Use the display users all command to view the information on all user terminal interfaces.
Any view
display version
Use the display version command to view the software version, issue date and the basic hardware
configuration information.
Any view
display vlan
Use the display vlan command to display the ports operating in the manual/automatic mode in the current
voice VLAN.
Any view
display vlan
Use the display vlan command to view related information about specified VLANs or all VLANs.
Any view
display voice vlan oui
Use the display voice vlan oui command to display the currently supported OUI addresses and the
related information.
Any view
display voice vlan status
Use the display voice vlan status command to display voice VLAN-related information, including voice
VLAN operation mode, port mode (manual mode or automatic mode), and so on.
Any view
domain
Use the domain command to create an ISP domain and enter its view, or enter the view of an existing ISP
domain, or configure the default ISP domain.
System view
dot1x
Use the dot1x command to enable 802.1x on the specified port or globally, (that is on the current device).
System view
Ethernet Port view
dot1x authentication-method
Use the dot1x dhcp-launch command to specify an 802.1x-enabled switch to launch the process to
authenticate a supplicant system when the supplicant system applies for a dynamic IP address through
DHCP.
System view
dot1x guest-vlan
Use the dot1x guest-vlan command to enable the Guest VLAN function for specified ports.
System view
Ethernet Port view
dot1x max-user
Use the dot1x max-user command to set the maximum number of systems an Ethernet port can
accommodate.
System view
Ethernet Port view
dot1x port-control
Use the dot1x port-control command to specify the access control method for specified Ethernet ports.
System view
Ethernet Port view
18
dot1x port-method
Use the dot1x port-method command to specify the access control method for specified Ethernet ports.
Ethernet Port view
dot1x quiet-period
Use the dot1x retry command to specify the maximum number of times a switch can transmit the
authentication request frame to supplicant systems.
System view
dot1x retry-version-max
Use the dot1x retry-version-max command to set the maximum number of retries for a switch to send
version request packets to an online supplicant system.
System view
dot1x timer
Use the dot1x version-check command to enable 802.1x client version checking for specified Ethernet
ports.
System view
Ethernet Port view
duplex
Use the enable snmp trap updown command to enable the port to send LINK UP and LINK DOWN Trap
information.
System view
end-station polling ip-address
Use the end-station polling ip-address command to configure the IP address requiring periodic testing.
System view
execute
Use the exit command to terminate the connection to the remote SFTP server and return to system view.
This command has the same function as the bye and quit commands.
SFTP Client view
file prompt
Use the file prompt command to modify the prompt mode of file operations on the Switch.
System view
flow-control
Use the flow-control command to enable port flow control, to avoid packet loss in the event of network
congestion.
Ethernet Port view
format
Use the free user-interface command to reset a specified user interface to its default settings. The user
interface will be disconnected after the reset.
User view
free web-users
Use the free web-users command to disconnect a specified Web user or all Web users by force.
User view
ftp
Use the ftp command to establish a control connection with an FTP server and enter FTP client view.
User view
19
ftp cluster
Use the ftp cluster command to establish a control connection with a cluster FTP server. This command
also leads you to FTP client view.
User view
ftp server
Use the ftp server command to configure an FTP server on the management device for the member
devices in the cluster.
Use the undo ftp server command to remove the FTP server configured for the member devices in the
cluster.
System view
ftp server enable
Use the ftp server enable command to enable FTP server and allow FTP users to log in.
System view
ftp timeout
Use the garp timer command to set the GARP Hold, Join or Leaver timer value on the current port.
Ethernet Port view
garp timer leaveall
Use the garp timer leaveall command to set the GARP LeaveAll timer to a specified value.
System view
get
Use the get command to download a remote file and save the file to the local device.
SFTP Client view
get
Use the get command to download a remote file and save it as a local file.
FTP Client view
gratuitous-arp learning enable
Use the gratuitous-arp-learning enable command to enable the gratuitous ARP packet learning
function.
System view
gvrp
Use the gvrp command to enable GVRP globally (in system view) or on a port (in Ethernet port view).
System view
Ethernet Port view
gvrp registration
Use the gvrp registration command to configure the GVRP registration type on a port.
Ethernet Port view
habp enable
Use the habp server vlan command to configure a switch to operate as an HABP server and HABP
packets to be broadcast in specified VLAN.
System view
habp timer
Use the habp timer command to set the interval for a switch to send HABP request packets.
System view
header
Use the header command to set the banners that are displayed when a user logs into a switch. The login
banner is displayed on the terminal when the connection is established. And the session banner is displayed
on the terminal if a user successfully logs in.
System view
help
Use the help command to get the help information about the specified or all SFTP client commands.
SFTP Client view
20
history-command max-size
Use the history-command max-size command to set the size of the history command buffer.
User Interface view
holdtime
Use the idle-cut command to set the user idle-cut function in current ISP domain.
ISP Domain view
idle-timeout
Use the idle-timeout command to configure the amount of time you want to allow a user interface to
remain idle before it is disconnected.
User Interface view
igmp host-join vlan
Use the igmp host-join vlan command to configure a routing port to join to a multicast group.
Ethernet Port view
igmp-snooping
Use the igmp-snooping fast-leave command to enable IGMP fast leave processing.
Ethernet Port view
igmp-snooping group-limit
Use the igmp-snooping group-limit command to set the maximum number of multicast groups the port
can join.
Ethernet Port view
igmp-snooping group-policy
Use the igmp-snooping group-policy command to configure an IGMP Snooping filter ACL.
System view
Ethernet Port view
igmp-snooping host-aging-time
Use the igmp-snooping host-aging-time command to set the aging time of multicast member ports.
System view
igmp-snooping max-response-time
Use the igmp-snooping max-response-time command to configure the maximum query response time.
System view
igmp-snooping router-aging-time
Use the igmp-snooping router-aging-time command to configure the aging time of the router port.
System view
info-center channel name
Use the info-center channel name command to name the channel of the specified number.
System view
info-center console channel
Use the info-center console channel command to enable information output to the console through a
specified channel.
System view
info-center enable
Use the info-center logbuffer command to enable information output to the log buffer through the
specified channel (you can also set the size of the log buffer in this command).
System view
info-center monitor channel
Use the info-center monitor channel command to enable information output to terminals through a
specified channel.
System view
21
Use the info-center snmp channel command to enable information output to the SNMP through a
specified channel.
System view
info-center source
Use the info-center source command to add a record (that is, an information source) to an information
channel.
System view
info-center synchronous
Use the info-center timestamp command to set the format of time stamp included in the log/trap/debug
information or specify not to include time stamp in the information.
System view
info-center trapbuffer
Use the info-center trapbuffer command to enable information output to the trap buffer.
System view
instance
Use the instance command to map specified VLANs to a specified spanning tree instance.
MST Region view
interface
Use the command interface command to enter Ethernet port view. To configure parameters for a port, you
must enter the port view first.
System view
interface VLAN-interface
Use the interface vlan-interface command to create a management VLAN interface and enter
management VLAN interface view.
System view
ip address
Use the ip address command to assign an IP address (and mask) to a management VLAN interface.
VLAN Interface view
ip address bootp-alloc
Use the ip address bootp-alloc command to configure VLAN interface to obtain IP address using
BOOTP.
VLAN Interface view
ip address dhcp-alloc
Use the ip address dhcp-alloc command to configure VLAN interface to obtain an IP address using
DHCP.
VLAN Interface view
ip host
Use the ip host command to configure a host name and the corresponding IP address for a switch.
System view
ip http acl
Use the ip http acl command to apply an ACL to filter Web users.
System view
User Interface view
ip-pool
Use the ip-pool command to configure a private IP address range for cluster members on the switch to
be set as the management device.
Cluster view
ip route-static
22
ip route-static
Use the ip route-static command to configure a static route, whose validity depends on detecting results
as follows: valid when the detecting result is reachable or invalid when the detecting result is unreachable.
System view
jumboframe enable
Use this command to allow jumbo frames to pass through the Ethernet port.
Ethernet port view
key
Use the key command to specify a shared key for the RADIUS authentication/authorization packets or
accounting packets.
RADIUS Scheme view
lacp enable
Use the lacp enable command to enable the LACP protocol on the current port.
Ethernet Port view
lacp port-priority
Use the lacp port priority command to configure port priority value.
Ethernet Port view
lacp system-priority
Use the language-mode command to toggle between the language modes (that is, language environments)
of the command line interface (CLI) to meet your requirement.
User view
lcd
Use the lcd command to display the local work directory on the FTP client.
FTP Client view
level
Use the level command to set the priority level of the user.
Local User view
link-aggregation group description
Use the link-aggregation group description command to set a description for an aggregation group.
System view
link-aggregation group mode
Use the link-aggregation group mode command to create a manual or static aggregation group.
System view
local-server
Use the local-server command to configure the parameters of local RADIUS server.
System view
local-user
Use the local-user command to add a local user and enter local user view.
System view
local-user password-display mode
Use the local-user password-display-mode command to set the password display mode of all users.
System view
lock
Use the lock command to lock the current user interface and prevent unauthorized users from accessing it.
User view
logging-host
Use the logging-host command to configure a public logging host on the management device for member
devices.
Cluster view
loopback-detection control enable
Use the loopback-detection control enable command to enable loopback detection and control function
for Trunk ports and Hybrid ports.
Ethernet Port view
23
loopback-detection enable
Use the loopback-detection enable command to enable the loopback detection function globally or for
a specific port.
System view
Ethernet Port view
loopback-detection interval-time
Use the loopback-detection interval-time command to set the time interval for detecting the external
loopback for a port.
System view
loopback-detection per-vlan enable
Use the loopback-detection per-vlan enable command to configure the system to run loopback
detection on all VLANs for the Trunk and Hybrid ports.
Ethernet Port view
ls
Use the ls command to display the information about a specified remote file.
FTP Client view
mac-address
Use the mac-address command to add/modify the MAC address table entry.
System view
Port view
mac-address max-mac-count
Use the mac-address max-mac-count command to configure the maximum number of MAC addresses an
Ethernet port can learn.
Ethernet Port view
mac-address max-mac-count 0
Use the mac-address max-mac-count0 command to disable a switch from learning MAC address in a
VLAN.
VLAN view
mac-address multicast interface vlan
Use the mac-address multicast command to add a multicast MAC address entry.
System view
mac-address multicast vlan
Use the mac-address multicast vlan command to add a multicast MAC address entry.
Ethernet Port view
mac-address security
Use the mac-address security command to add Security MAC address manually.
Ethernet Port view
System view
mac-address timer
Use the mac-address timer command to set the aging time for dynamic MAC address entries.
System view
mac-authentication
Use the mac-authentication command to enable centralized MAC address authentication globally (current
device) or on specified ports.
System view
Ethernet Port view
mac-authentication authmode
Use the mac-authentication authmode command to set MAC address authentication mode.
System view
mac-authentication authpassword
Use the mac-authentication authpassword command to set a password for MAC address authentication
when the fixed mode is adopted.
System view
mac-authentication authusername
Use the mac-authentication authusername command to set a user name when a switch authenticates
users in fixed mode.
System view
24
mac-authentication domain
Use the mac-authentication domain command to configure an ISP domain for centralized MAC address
authentication users.
System view
mac-authentication timer
Use the mac-authentication timer command to configure the timers used in centralized MAC address
authentication.
System view
management-vlan
Use the management-vlan command to specify the management VLAN on the switch.
System view
management-vlan synchronization enable
Use the management-vlan synchronization enable command to enable the management VLANs of the
member devices of a cluster to be synchronized.
Cluster view
mdi
Use the messenger time command to enable or disable the messenger alert and configure the related
parameters.
ISP Domain view
mirroring group
Use the mirroring-group remote-probe vlan command to specify the remote-probe VLAN for a given
mirroring group.
System view
mirroring-port
Use the mkdir command to create a directory on the remote SFTP server.
SFTP Client view
mkdir
Use the mkdir command to create a directory in a specified directory of a specified storage device.
User view
mkdir
Use the mkdir command to create a directory on the remote SFTP server.
FTP Client view
monitor-port
Use the move command to move a file to a specified directory. You can also assign a new name for the file.
User view
name
Use the name command to set a name for the assigned VLAN.
VLAN view
25
name
Use the name command to set a name for the assigned VLAN.
VLAN view
nas-ip
Use the nas-ip command to set the source IP address used by the switch to send RADIUS packets.
RADIUS Scheme view
ndp enable
Use the ndp enable command in system view to enable NDP globally on the switch. When being executed
in Ethernet port view, this command enables NDP for an Ethernet port.
System view
Ethernet Port view
ndp timer aging
Use the ndp timer aging command to set how long a device will hold the NDP packets received from the
local device. After the aging timer expires, the device will discard the received NDP neighbor node
information.
System view
ndp timer hello
Use the ndp timer hello command to define how often to transmit the NDP packets.
System view
nm-interface vlan-interface
Use the nm-interface vlan-interface command to configure an NMS interface of the management
device.
Cluster view
ntdp enable
Use the ntdp enable command in system view to enable NTDP globally. When being executed in Ethernet
port view, this command enables NTDP for an Ethernet port.
System view
Ethernet Port view
ntdp explore
Use the ntdp explore command to start topology information collection manually.
User view
ntdp hop
Use the ntdp hop command to set a range (in terms of hop count) for topology information collection.
System view
ntdp timer
Use the ntdp timer command to configure the interval to collect topology information.
System view
ntdp timer hop-delay
Use the ntdp timer hop-delay command to set the delay time for a switch to forward topology-collection
request packets.
System view
ntdp timer port-delay
Use the ntdp timer port-delay command to set the delay time for a switch to forward a received
topology-collection request packet through its successive ports.
System view
Use the ntdp timer port-delay command to set the delay time for a switch to forward a received
topology-collection request packet through its successive ports. A switch forwards received topology
request packets to all its ports in turn. After forwarding a received topology-collection request packet through
one port, the switch delays for specific period before it forwards the packet through the next port.
ntp-service access
Use the ntp-service access command to set the authority to access the local equipment.
System view
ntp-service authentication enable
Use the ntp-service authentication enable command to enable the NTP-service authentication
function.
System view
ntp-service authentication-keyid
26
ntp-service broadcast-client
Use the ntp-service broadcast-client command to configure an Ethernet switch to operate in NTP
broadcast client mode.
VLAN Interface view
ntp-service broadcast-server
Use the ntp-service broadcast-server command to configure NTP broadcast server mode.
VLAN Interface view
ntp-service in-interface disable
Use the ntp-service in-interface disable command to disable an interface to receive NTP message.
VLAN Interface view
ntp-service max-dynamic sessions
Use the ntp-service max-dynamic-sessions command to set how many sessions can be created locally.
System view
ntp-service multicast-client
Use the ntp-service multicast-client command to configure an Ethernet switch to operate in NTP
multicast client mode.
VLAN Interface view
ntp-service multicast-server
Use the ntp-service multicast-server command to configure an Ethernet switch to operate in NTP
multicast server mode.
VLAN Interface view
ntp-service reliable authentication-keyid
Use the ntp-service source-interface command to designate an interface to transmit NTP message.
System view
ntp-service unicast-peer
Use the ntp-service unicast-server command to configure an Ethernet switch to operate in NTP server
mode.
System view
open
Use the open command to establish a control connection with an FTP server.
FTP Client view
packet-filter
Use the packet-filter command to define the packet filter function in the QoS profile.
QoS Profile view
packet-filter
Use the packet-filter command to apply ACL rules on the port to filter packets.
Ethernet Port view
parity
Use the parity command to set the check mode of the user interface.
User Interface view
passive
Use the passive command to set the data transmission mode to be passive mode.
FTP Client view
password
Use the password command to configure or change the system login password for a user.
Local User view
password
Use the password command to set a password for the local users.
Local User View
peer-public-key end
Use the peer-public-key end command to return to system view from public key view.
Public Key view
27
ping
Use the ping command to check the IP network connection and the reachability of the host.
Any view
port
Using the port command, you can add one port or one group of ports to a VLAN.
VLAN view
port access vlan
Use the port access vlan command to assign the access port to a specified VLAN.
Ethernet Port view
port hybrid pvid vlan
Use the port hybrid pvid vlan command to configure the default VLAN ID of the hybrid port.
Ethernet Port view
port hybrid vlan
Use the port hybrid vlan command to add the port to the specified VLAN(s). The port needs to have been
made a hybrid port before you can do this. See the related command below.
Ethernet Port view
port isolate
Use the port isolate command to add an Ethernet port to the isolation group.
Ethernet Port view
port link-aggregation group
Use the port link-aggregation group agg_id command to add an Ethernet port to a manual or static
aggregation group.
Ethernet Port view
port link-type
Use the port link-type command to configure the link type of the Ethernet port.
Ethernet Port view
port-security enable
Use the port-security intrusion-mode command to set the action mode of the Intrusion Protection
feature.
Ethernet Port view
port-security max-mac-count
Use the port-security max-mac-count command to set the maximum number of MAC addresses allowed
to access the port.
Ethernet Port view
port-security ntk-mode
Use the port-security ntk-mode command to set the packet transmission mode of the Need to Know
(NTK) feature.
Ethernet Port view
port-security OUI
Use the port-security OUI command to set an OUI value for authentication.
System view
port-security port-mode
Use the port-security port-mode command to set the security mode of the port.
Ethernet Port view
port-security timer disableport
Use the port-security timer disableport command to set the time during which the system temporarily
disables a port.
System view
port-security trap
Use the port-security trap command to enable the sending of the specified type(s) of trap messages.
System view
port trunk pvid vlan
Use the port trunk pvid vlan command to configure the default VLAN ID for a trunk port.
Ethernet Port view
28
Use the port trunk permit vlan command to add a trunk port to one VLAN, a selection of VLANs, or all
VLANs.
Ethernet Port view
primary accounting
Use the primary accounting command to set the IP address and port number for the primary accounting
server.
RADIUS Scheme view
primary authentication
Use the primary authentication command to configure the IP address and port number for the primary
RADIUS authentication/authorization server.
RADIUS Server Group view
priority
Use the priority trust command to configure the precedence mapping mode on the port of the switch.
Ethernet Port view
protocol inbound
Use the protocol inbound command to configure the protocols supported in the current user interface.
VTY User Interface view
protocol inbound
Use the protocol inbound command to specify the protocols supported by the user interface.
User Interface view
protocol-priority protocol-type
Use the protocol-priority command to set the global traffic priority that applies to a given protocol.
System view
public-key-code begin
Use the public-key-code begin command to enter public key edit view and input the client public key.
Public Key view
public-key-code begin
Use the public-key-code begin command to enter public key edit view and set server public keys.
Public Key view
public-key-code end
Use the public-key-code end command to return from public key edit view to public key view and save the
public keys you set.
Public Key Edit view
public-key-code end
Use the public-key-code end command to return from public key edit view to public key view and save the
public keys you set.
Public Key Edit view
put
Use the put command to upload a local file to the remote SFTP server.
SFTP Client view
put
Use the put command to upload a local file to the remote FTP server.
FTP Client view
pwd
Use the pwd command to display the current directory on the SFTP server.
SFTP Client view
pwd
Use the pwd command to display the current path. If the current path is not configured, an error occurs when
you execute this command.
User view
pwd
Use the pwd command to display the current directory on the remote FTP Server.
FTP Client view
29
qos cos-drop-precedence-map
Use the qos cos-dscp-map command to configure the "COS->DSCP" mapping relationship.
System view
qos cos-local-precedence-map
Use the qos dscp-cos-map command to configure the "COS->802.1p priority" mapping relationship.
System view
qos dscp-drop-precedence-map
Use the qos dscp-dscp-map command to configure the "DSCP->DSCP" mapping relationship.
System view
qos dscp-local-precedence-map
Use the qos-profile command to create a QoS profile and enter the corresponding view.
System view
qos-profile port-based
Use the qos-profile port-based command to configure the port-based application mode of QoS profiles
on ports.
Ethernet Port view
queue-scheduler
Use the queue-scheduler command to set the queue-scheduling algorithm and parameters.
System view
quit
Use the quit command to terminate the connection to the remote SSH server.
User view
quit
Use the quit command to terminate the connection to the remote SFTP server and exit to system view.
SFTP Client view
quit
Use the quit command to terminate FTP control connection and FTP data connection and quit to user view.
This command has the same effect as that of the bye command.
FTP Client view
quit
Use the quit command to return from current view to lower level view, or exit the system if current view is
user view.
Any view
radius nas-ip
Use the radius nas-ip command to set the source IP address used by the switch to send RADIUS packets.
System view
radius-scheme
Use the radius-scheme command to specify the RADIUS scheme to be used by the current ISP domain.
ISP Domain view
radius scheme
Use the radius scheme command to create a RADIUS scheme and enter its view.
System view
30
radius trap
Use the radius trap command to enable the switch to send trap messages when its RADIUS
authentication or accounting server turns down.
System view
reboot
Use the reboot member command to reboot a specified member device on the management device.
Cluster view
region-name
Use the remote-probe vlan enable command to enable the remote-probe port mirror port feature on the
VLAN of the switch.
VLAN view
remotehelp
Use the remotehelp command to display help information about the FTP protocol command.
FTP Client view
remove
Use the remove command to delete the specified file from the server.
SFTP Client view
rename
Use the rename command to change the name of the specified file on the SFTP server.
SFTP Client view
rename
Use the rename command to rename a file or a directory. If the target file name or directory name is the
same with any existing file name or directory name, you will fail to rename a file.
User view
rename
Use the reset arp command to remove information that is no longer required from the ARP mapping table.
User view
reset counters interface
Use the reset counters interface command to clear the statistics of the port, preparing for a new
statistics collection.
User view
reset dot1x statistics
Use the reset dot1x statistics command to clear the statistics of 802.1x.
User view
reset garp statistics
Use the reset garp statistics command to clear the GARP statistics (such as the information about the
packets received/sent/discarded by GVRP/GMRP) on specified (or all) ports.
User view
reset igmp-snooping statistics
Use the reset igmp-snooping statistics command to clear the IGMP Snooping statistics.
User view
reset ip statistics
Use the reset logbuffer command to clear information in the log buffer.
User view
reset ndp statistics
Use the reset ndp statistics command to reset the NDP counters to clear the NDP statistics.
User view
31
Use the reset radius statistics command to clear the statistics information about the RADIUS protocol.
User view
reset recycle-bin
Use the reset recycle-bin command to completely delete file(s) in the recycle bin in the Flash.
User view
reset saved-configuration
Use the reset saved-configuration command to delete the configuration file that is of the specified
attribute from the Flash, including the main and backup configuration files to be used when the switch starts
the next startup.
User view
reset stop-accounting-buffer
Use the reset stop-accounting-buffer command to delete the buffered no-response stop-accounting
request packets.
User view
reset stp
Use the reset stp command to clear the STP statistics of specified Ethernet ports.
User view
reset tcp statistics
Use the reset tcp statistics command to clear the TCP statistics information.
User view
reset traffic-limit
Use the reset traffic-limit command to clear the statistics of the traffic policing matching with the
specified ACL rules.
Ethernet Port view
reset traffic-statistic
Use the reset traffic-statistic command to clear the traffic statistics of the packets matching with the
specified ACL rules.
Ethernet Port view
reset trapbuffer
Use the reset trapbuffer command to clear information in the trap buffer.
User view
retry
Use the retry command to set the maximum number of transmission attempts of RADIUS requests.
Detecting Group view
retry realtime-accounting
Use the retry realtime-accounting command to set the maximum allowed number of continuous
no-response real-time accounting requests.
RADIUS Scheme view
retry stop-accounting
Use the retry stop-accounting command to set the maximum number of transmission attempts of the
stop-accounting requests buffered due to no response.
RADIUS Scheme view
return
Use the return command to return to user view from any other view.
System view or higher level views
revision-level
Use the revision-level command to set the MSTP revision level for a switch.
MST Region view
rmdir
Use the rmdir command to delete the specified directory from the remote SFTP server.
SFTP Client view
rmdir
32
rmdir
Use the rmdir command to delete the specified directory from the remote FTP server.
FTP Client view
You can only use this command to remove directories that are empty.
rmon alarm
Use the rmon alarm command to add an entry to the alarm table.
System view
rmon event
Use the rmon event command to add an entry to the event table.
System view
rmon history
Use the rmon history command to add an entry to the history control table.
Ethernet Port view
rmon prialarm
Use the rmon prialarm command to add an entry to the extended RMON alarm table.
System view
rmon statistics
Use the rmon statistics command to add an entry to the statistic table.
Ethernet Port view
rsa local-key-pair create
Use the rsa local-key-pair create command to generate RSA key pairs, whose names are in the format
of switch name plus _host, for example, S4200G_host.
System view
rsa local-key-pair destroy
Use the rsa local-key-pair destroy command to destroy all existing RSA key pairs at the server end.
System view
rsa peer-public-key
Use the rule comment command to define the comment string for an ACL rule.
Advanced ACL view / Layer 2 ACL view
rule (Layer 2 ACL)
Use the save command to save the current configuration to a configuration file in the flash memory.
Any view
schedule reboot at
Use the schedule reboot at command to schedule a reboot on the current switch and set the reboot date
and time.
User view
schedule reboot delay
Use the schedule reboot delay command to schedule a reboot on the switch, and set the reboot waiting
delay.
User view
scheme
Use the scheme command to configure the AAA scheme to used by the current ISP domain.
ISP Domain view
33
screen-length
Use the screen-length command to set the number of lines the terminal screen can contain.
User Interface view
secondary accounting
Use the secondary accounting command to set the IP address and port number of the secondary RADIUS
accounting server.
RADIUS Scheme view
secondary authentication
Use the secondary authentication command to set the IP address and port number of the secondary
RADIUS authentication/authorization server.
RADIUS Scheme view
security-policy-server
Use the security-policy-server command to set the IP address of a security policy server.
RADIUS Scheme view
self-service-url
Use the self-service-url command to either enable or disable the self-service server location function.
ISP Domain view
send
Use the send command to send messages to a specified user interface or all user interfaces.
User view
server-type
Use the server-type command to configure the RADIUS server type supported by the Switch.
RADIUS Scheme view
service-type
Use the command service-type to authorize a user access to the specified services.
Local User view
service-type
Use the service-type command to specify the login type and the corresponding available command level.
Local User view
service-type multicast
Use the service-type multicast command to set the current VLAN as a multicast VLAN.
VLAN view
set authentication password
Use the set authentication password command to set the local password.
User Interface view
sftp
Use the sftp command to establish a connection to the SFTP server and enter SFTP client view.
System view
sftp server enable
Use the sftp server enable command to enable the secure FTP (SFTP) server.
System view
sftp time-out
Use the sftp time-out command to set the timeout time for the SFTP user connection.
System view
shell
Use the shell command to make terminal services available for the user interface.
User Interface view
shutdown
Use the smarton command to enable the SmartOn function for an Ethernet port with supplicant systems
attached.
Ethernet Port view
34
smarton password
Use the smarton password command to set the password to be used by the SmartOn function.
System view
smarton switchid
Use the smarton timer command to set the supplicant timeout timer for SmartOn-enabled supplicant
systems.
System view
snmp-agent
Use the snmp-agent community command to set a community name and to enable users to access the
switch through SNMP. You can also optionally use this command to apply an ACL to filter network
management users.
System view
snmp-agent community
Use the snmp-agent community command to set the community access name and enable access to SNMP.
System view
snmp-agent group
Use the snmp-agent group command to configure a SNMP group. You can also optionally use this
command to apply an ACL to filter network management users.
System view
snmp-agent group
Use the snmp-agent group command to configure a new SNMP group, that is, to map SNMP user to SNMP
view.
snmp-agent local-engineid
Use the snmp-agent local-engineid command to set the engine ID of the local SNMP entity.
System view
snmp-agent log
Use the snmp-agent log command to enable the logging function for network management.
System view
snmp-agent mib-view
Use the snmp-agent mib-view command to create or update the view information, limiting the MIB objects
to be accessed by the NMS.
System view
snmp-agent packet max-size
Use the snmp-agent packet max-size command to set the maximum size of SNMP packet that the Agent
can send/receive.
System view
snmp-agent sys-info
Use the snmp-agent sys-info command to configure system information such as geographical location of
the device, contact information for system maintenance and version information of running SNMP.
System view
snmp-agent target-host
Use the snmp-agent target-host command to command to configure destination of SNMP Trap packets.
System view
snmp-agent trap enable
Use the snmp-agent trap enable command to enable the device to send Trap packets.
System view
snmp-agent trap life
Use the snmp-agent trap life command to set aging time for Trap packets.
System view
snmp-agent trap queue-size
Use the snmp-agent trap queue-size command to configure the information queue length of a Trap packet
sent to the destination host.
System view
35
Use the snmp-agent trap source command to configure the source address for sending Trap messages.
System view
snmp-agent usm-user
Use the snmp-agent usm-user command to add a new community name or, if you use the V3 parameter,
a new user to an SNMP group.
System view
snmp-agent usm-user
Use the snmp-agent usm-user command to add a new user to an SNMP group. You can also optionally
use this command to apply an ACL to filter network management users.
System view
snmp-agent usm-user
Use the snmp-agent usm-user command to add a new user to an SNMP group.
System view
snmp-agent usm-user
Use the snmp-agent usm-user command to add a new community name or, if you use the V3 parameter,
a new user to an SNMP group.
System view
snmp-host
Use the snmp-host command to configure an SNMP host for the member devices inside a cluster on the
management device.
Cluster view
speed
Use the speed command to set the transmission speed of the user interface.
User Interface view
speed
Use the ssh client assign rsa-key command to specify on the client the public key for the server to be
connected to guarantee the client can be connected to a reliable server.
System view
ssh client first-time enable
Use the ssh client first-time enable command to configure the client to run the initial authentication.
System view
ssh server authentication-retries
Use the ssh server authentication-retries command to set authentication retry number for SSH
connections.
System view
ssh server timeout
Use the ssh server timeout command to set authentication timeout time for SSH connections.
System view
ssh user assign rsa-key
Use the ssh user assign rsa-key command to allocate public keys to SSH users.
System view
ssh user authentication-type
Use the ssh user authentication-type command to define on the server the available authentication type
for an SSH user.
System view
ssh user service-type
Use the ssh user service-type command to specify service type for a user.
System view
ssh2
Use the ssh2 command to enable the connection between SSH client and server, define key exchange
algorithm preference, encryption algorithm preference and HMAC algorithm preference on the server and
client.
System view
36
Use the startup bootrom-access enable command to specify a switch to prompt for the customized
password before entering the BOOT menu.
User view
startup saved-configuration
Use the startup saved-configuration command to specify the main or backup configuration file for a
switch to start the next time.
User view
state
Use the state command to configure the state of the current ISP domain/current user.
ISP Domain view
Local User view
RADIUS view
state
Use the stop-accounting-buffer enable command to enable the switch to buffer the stop-accounting
requests that bring no response.
RADIUS Scheme view
stopbits
Use the stopbits command to set the stop bits of the user interface.
User Interface view
stp
Use the stp command to enable or disable MSTP globally or for a port.
System view
Ethernet Port view
stp bpdu-protection
Use the stp bpdu-protection command to enable the BPDU protection function.
System view
stp bridge-diameter
Use the stp bridge-diameter command to set the network diameter of a switched network, which is
represented in terms of the maximum number of switches between any two terminals in a switched network.
System view
stp config-digest-snooping
Use the stp config-digest-snooping command to enable the digest snooping feature.
Ethernet Port view
stp cost
Use the stp cost command to set the path cost of a port in a spanning tree instance.
Ethernet Port view
stp edged-port
Use the stp edged-port command to configure the current Ethernet port as either an edge port or a
non-edge port.
Ethernet Port view
stp interface
Use the stp interface command in system view to enable or disable MSTP for specified ports.
System view
stp interface config-digest-snooping
Use the stp interface config-digest-snooping command to enable the digest snooping feature.
System view
stp interface cost
Use the stp interface cost command to set the path cost of specified ports in a specified spanning tree
instance.
System view
stp interface edged-port
Use the stp interface edged-port command to configure the specified Ethernet ports to be either edge
ports or non-edge ports.
System view
37
Use the stp interface loop-protection command to enable the loop prevention function.
System view
stp interface mcheck
Use the stp interface mcheck command to perform the mCheck operation for specified ports.
System view
stp interface no-agreement-check
Use the stp interface no-agreement-check command to enable the rapid transition feature on a specified
port.
System view
stp interface point-to-point
Use the stp interface point-to-point command to specify whether the specified Ethernet ports are
point-to-point links.
System view
stp interface port priority
Use the stp interface port priority command to set the port priority of specified ports in a spanning
tree instance.
System view
stp interface root-protection
Use the stp interface root-protection command to enable the root protection function for specified
ports.
System view
stp interface transmit-limit
Use the stp interface transmit-limit command to set the maximum number of BPDUs that each
specified port can send within a Hello time interval.
System view
stp loop-protection
Use the stp loop-protection command to enable the loop prevention function for the current port.
Ethernet Port view
stp max-hops
Use the stp max-hops command to set the maximum hop count of the MST region to which the switch
belongs.
System view
stp mcheck
Use the stp mcheck command to perform the mCheck operation for the current port.
Ethernet Port view
System view
stp mode
Use the stp mode command to set the MSTP operation mode of the switch.
System view
stp no-agreement-check
Use the stp no-agreement-check command to enable the rapid transition feature on the current port.
Ethernet Port view
stp pathcost-standard
Use the stp pathcost-standard command to set the standard used for calculating the default path costs
of ports.
System view
stp point-to-point
Use the stp point-to-point command to specify whether the port must connect to point-to-point link.
Ethernet Port view
stp port priority
Use the stp port priority command to set the priority of the current port in a specified spanning tree
instance.
Ethernet Port view
stp priority
Use the stp priority command to set the priority of a switch in a spanning tree instance.
System view
38
stp region-configuration
Use the stp root primary command to configure the current switch to be the root bridge of a specified
spanning tree instance.
System view
stp root-protection
Use the stp root-protection command to enable the root protection function for the current port.
Ethernet Port view
stp root secondary
Use the stp root secondary command to configure the current switch as a secondary root bridge of a
specified spanning tree instance.
System view
stp tc-protection
Use the stp tc-protection command to enable or disable the TC-BPDU attack prevention function for
the switch.
System view
stp timer-factor
Use the stp timer-factor command to set the timeout time of a switch in terms of the multiple of the Hello
time.
System view
stp timer forward-delay
Use the stp timer forward-delay command to set the Forward delay for a switch.
System view
stp timer hello
Use the stp timer hello command to set the Hello time for a switch.
System view
stp timer max-age
Use the stp timer max-age command to set the maximum age of a switch.
System view
stp transmit-limit
Use the stp transmit-limit command to set the maximum number of configuration BPDUs the current
port can transmit within a Hello time.
Ethernet Port view
super
Use the super command to switch the current user level to the one identified by the level argument.
User view
super password
Use the super password command to set the password for users to switch to a higher user level.
System view
sysname
Use the sysname command to set a domain name for the switch.
System view
sysname
Use the sysname command to set the system name of the Switch.
System view
system-view
Enter system-view to enter the system view from the user view.
User view
tcp timer fin-timeout
Use the tcp timer fin-timeout command to configure the TCP finwait timer.
System view
tcp timer syn-timeout
Use the tcp timer syn-timeout command to configure the TCP synwait timer.
System view
39
tcp window
Use the tcp window command to configure the size of the transmission and receiving buffers of the
connection-oriented socket.
System view
telnet
Use the telnet command to log in to another Ethernet switch from the current switch via Telnet for remote
management.
User view
terminal debugging
Use the terminal debugging command to configure to display the debugging information on the terminal.
User view
terminal debugging
Use the terminal debugging command to configure to display the debugging information on the terminal.
User view
terminal logging
Use the terminal monitor command to enable the debug/log/trap terminal display function.
User view
terminal trapping
Use the terminal trapping command to enable terminal trap information display.
User view
tftp
Use the tftp command to set the TFTP data transfer mode.
System view
tftp cluster get
Use the tftp cluster get command to download a specified file from a cluster TFTP server.
User view
tftp cluster put
Use the tftp put command to upload a specified file to a specified directory of a cluster TFTP server.
User view
tftp get
Use the tftp get command to download a file from a TFTP server to this switch.
User view
tftp put
Use the tftp put command to upload a file from the switch to the specified directory on the TFTP server.
User view
tftp-server
Use the tftp-server command to configure a TFTP server for cluster members on the management
device.
Cluster view
tftp-server acl
Use the tftp-server acl command to specify the ACL (Access Control List) adopted for the connection
between a TFTP client and a TFTP server.
System view
time-range
Use the timer command to set the interval to send handshake packets.
Cluster view
timer
Use the timer command to set the response timeout time of RADIUS server (that is, the timeout time of the
response timeout timer of RADIUS server).
RADIUS Scheme view
timer quiet
Use the timer quiet command to set the wait time for the primary server to restore the active state.
RADIUS Scheme view
40
timer realtime-accounting
Use the timer realtime-accounting command to set the real-time accounting interval.
RADIUS Scheme view
timer response-timeout
Use the timer response-timeout command to set the response timeout time of RADIUS servers.
RADIUS Scheme view
topology accept
Use the topology accept command to confirm the current topology information of the cluster and save that
as a standard topology.
Cluster view
topology restore-from
Use the topology restore-from command to obtain and restore the standard topology information from
the local flash.
Cluster view
topology save-to
Use the topology save-to command to save the standard topology information into the local flash.
Cluster view
tracemac
Use the tracert command to trace the gateways the test packets passes through during its journey from
the source to the destination.
Any view
The tracert command is primarily used to check the network connectivity. It can also help you locate the
trouble spot of the network.
traffic-limit
Use the traffic-limit command to use ACL rules in traffic identifying and traffic policing for the packet
matching with the ACL rules and to set traffic policing parameters.
Ethernet Port view
traffic shape
Use the traffic-shape command to enable traffic shaping and send the packets out at an even rate.
Ethernet Port view
traffic-statistic
Use the traffic-statistic command to use ACL rules in traffic identifying and perform traffic statistics on
the packets matching with the ACL rules.
System view
udp-helper enable
Use the udp-helper enable command to enable the UDP Helper function.
System view
udp-helper port
Use the udp-helper port command to configure the UDP port with relay function.
System view
udp-helper server
Use the udp-helper server command to configure the relay destination server for UDP broadcast packets.
VLAN Interface view
undelete
Using user-interface command to enter one or more user interface views to perform configuration.
System view
user-name-format
Use the user-name-format command to set the format of the user names to be sent to RADIUS server.
RADIUS Scheme view
41
Use the user privilege level level command to configure the command level that a user can access
from the specified user interface.
User Interface view
verbose
Use the verbose command to enable the verbose function, which displays execution and response
information of other related commands.
FTP Client view
virtual-cable-test
Use the virtual-cable-test command to enable the system to test the cable connected to a specific port
and to display the results.
Ethernet Port view
vlan
Use the vlan-assignment-mode command to set the VLAN assignment mode on the switch.
ISP Domain view
vlan-mapping modulo
Use the vlan-mapping modulo command to map VLANs to specific spanning tree instances.
MST Region view
vlan-vpn enable
Use the vlan-vpn enable command to enable the VLAN-VPN function for a port.
Ethernet Port view
vlan-vpn tpid
Use the vlan-vpn tpid command to set a TPID value for a port. The setting takes effect only when the
VLAN-VPN or VLAN-VPN uplink function is enabled.
Ethernet Port view
vlan-vpn tunnel
Use the vlan-vpn tunnel command to enable the BPDU tunnel function.
System view
vlan-vpn uplink enable
Use the vlan-vpn uplink enable command to configure a port to be a VLAN-VPN uplink port.
Ethernet Port view
voice vlan
Use the voice vlan command to enable the voice VLAN function globally.
System view
voice vlan aging
Use the voice vlan aging command to set the aging time for a voice VLAN.
System view
voice vlan enable
Use the voice vlan enable command to enable the voice VLAN function for a port.
Ethernet Port view
voice vlan mac-address
Use the voice vlan mac-address command to set a MAC address used for a voice VLAN to identify voice
devices.
System view
voice vlan mode
Use the voice vlan mode auto command to configure an Ethernet port to operate in the automatic voice
VLAN mode.
Ethernet Port view
voice vlan security enable
Use the voice vlan security enable command to enable the voice VLAN security mode.
System view